Automotive ECUs featured image
One of the biggest challenges faced by OEMs today is automotive cyber security with the amount of hardware and software integrated into vehicles increasing significantly over the last few decades. There can be as many as 100 ECUs embedded in modern vehicles.

Cybersecurity for Automotive ECUs – An Introduction

Need for automotive cybersecurity

One of the biggest challenges faced by OEMs today is automotive cybersecurity with the amount of hardware and software integrated into vehicles increasing significantly over the last few decades. There can be as many as 100 ECUs embedded in modern vehicles. That, along with increase in communication options, has greatly increased the number of vulnerabilities that hackers can exploit. 

The need for automotive cybersecurity eventually led the International Organisation of Standardization (ISO) along with Society of Automotive Engineers (SAE) have come up with the ISO 21434 standard ‘Road vehicles – Cybersecurity Engineering’ in 2021.

In this blog, we will explore further the major security risks in an ECU and the measures that can be taken to prevent such threats in the following sections. We will also see in detail the different security concepts that can be used to prevent such threats strictly from an implementation point of view. However, we will not be discussing the cybersecurity processes in this blog.

What are the major threats for an ECU?

Listed below are a few of the major ways in which hackers can exploit ECUs:

Compromising In-vehicle communication – Communication in modern vehicles is handled by multiple interfaces like CAN, K-Line, Ethernet, etc. Hackers exploit such networks using various intrusion methods. For example, sniffing – which includes intercepting and logging data from a network. Another way in which hackers can exploit vehicle networks is by spoofing, i.e., by pretending to be another legitimate node in the network. These kinds of attacks can be of two types: masquerade attacks, where data is inserted that corrupt the network and replay attacks, where the “pretend” node replays data which was sent by another node in a previous iteration.

Gaining unauthorized access to vehicle – Modern vehicles all have on On-Board Diagnostics (OBD) and OBD ports that can communicate with the ECUs via CAN network and get diagnostic information regarding the faults in the vehicle and performance characteristics. Hackers can gain access to these ports and inject data & malicious code into the network.

Tampering ECU firmware & rogue updates – Attackers can modify ECU memory and change the security keys which are used for software authentication. They can reflash the ECU with their custom firmware and manipulate its state and perform unintended actions. They could also introduce malware and take control of the firmware.

Preventive Measures

For protecting against the above-mentioned threats, certain cryptographic algorithms need to be implemented to encrypt the data transmitted in vehicle networks, for securing access to vehicle diagnostics, authenticating the software flashed etc. There are basically two ways of implementing these cryptographic algorithms: traditional software-based implementation & implementation with usage of additional hardware components. We will see in the upcoming sections on how the two implementations can be done in an AUTOSAR ECU.

Traditional Implementation

Fig 1: AUTOSAR Crypto Stack (Courtesy: AUTOSAR_Layered_Software_Architecture)

AUTOSAR provides the Crypto Stack for facilitating the traditional software-based implementation. Crypto Stack offers standardized access to cryptographic services like computation of hashes, asymmetrical signature verification, symmetric encryption of data etc.

The stack is divided into 3 layers – service layer, hardware abstraction layer and driver layer. The topmost layer, i.e., the service layer acts as an interface between Application & the lower layers of the stack. It is responsible for scheduling and queueing the received crypto service requests based on their priority. It forwards the requests to the lower layers for further operations.

The abstraction layer receives the crypto service requests from the service layer and forwards them to appropriate cryptographic operation in the driver layer. The lower most layer i.e., the crypto driver holds the actual cryptographic implementations and supports key configuration, key storage, etc. In traditional implementation, the driver layer is a cryptographic software library which supports various services including hash services & pseudo random number generator.

Fig 2: Data flow in AUTOSAR Crypto Stack

Let us consider a scenario where an application component inside a car must send a message to another software component but this message must be secured. In this case, the application component will pass on the message to the service layer. This service layer distributes the service request to the appropriate queue. Let’s assume that the message must be encrypted before sending to the next application component. The service layer will add the required information along with the message and will send it to the hardware abstraction layer. The hardware abstraction layer will identify to which driver it should be passed so that the required cryptographic action (viz. encryption here) can be performed. In our example, the message is encrypted using the appropriate encryption algorithm. After encryption, the message is sent back to the hardware abstraction layer which in turn sends it to the service layer from which it is sent to the required application component. 

Hardware and Software Based Implementations

The cryptographic algorithms can be implemented with a combination of hardware and software as well. Hardware Security Module (HSM) and Secure Hardware Extensions (SHE) are examples of hardware components that can be used along with the AUTOSAR Crypto stack to facilitate cryptographic services.

Fig 3: The HSM Concept

The main advantage of using a hardware component like HSM compared to a purely software-based implementation is that it can provide a dedicated secure space for security applications like core, secure memory and hardware accelerators. The secure space can:

  • Provide security services to the application
  • Store keys and related security assets
  • Manage keys and certificates 
  • Execute cryptographic algorithms using hardware/software implementations

There are stacks provided by third party vendors like Vector, ETAS, Elektrobit etc., for hardware components like HSM which are designed in a more modular and flexible way. This makes it easier to integrate the stack with the AUTOSAR environment. HSM provides many security services like storage of security assets and cryptographic algorithms. Let us see in detail how a hardware component like HSM can be used along with AUTOSAR Crypto Stack to implement cryptographic services.

HSM firmware consists of specific modules as well as standardized AUTOSAR modules. HSM firmware consists of Crypto modules which correspond to the AUTOSAR Crypto Stack, with service layer, hardware abstraction layer and driver layer. The HSM core uses inter processor communication interface (IPC) for communicating with the Host core which runs the application components and the AUTOSAR Crypto Stack.

Now let us consider the previous scenario where an application component inside a car must send a secured message to another software component.

Fig 4: Data & service flow of Crypto operations

At the Host side, as with the traditional implementation, the application component will pass on the message to the Crypto stack. The functionality of the Crypto stack remains the same as explained in the previous traditional software-based implementation. The major difference is that the information on the cryptographic algorithms that can be performed, the keys that should be used for encryption etc., is defined by HSM settings and this information is passed to the Host with the help of a specific HSM configuration file. So, the configurations in Host Crypto stack will correspond to this information. Additionally, information on IPC settings like version and number of channels are also passed to the Host with the help of the configuration file. Also in this implementation, the Crypto driver layer just acts as an interface to HSM and provides the IPC communication.

At the HSM side, the crypto service request (viz. encryption here) received from the IPC channel is forwarded to the Crypto hardware abstraction layer. It dispatches the request to the crypto driver which performs the cryptographic algorithm for encryption. Buffers are allocated for the driver in global RAM to store all the input and output data for the requested crypto operation. The access rights for this RAM section are configurable based on the security needs. When the crypto operation is finished, the host modules are notified via interrupt/polling mechanism. The output of the cryptographic algorithm is read back by the Host Crypto driver layer via IPC and is forwarded to the higher layers.

Conclusion

ECUs in modern vehicles present a wide range of vulnerabilities that hackers can exploit, potentially resulting in harm to drivers and pedestrians. Growing standardization in ECU components and software development undertaken by groups like AUTOSAR has increased the level of protection against such threats, but still much remains to be done to completely secure them against hacking. It is high time that the vehicle manufacturers consider cybersecurity with priority and make it a critical part of the safety infrastructure.

Cybersecurity is a key focus area for Ignitarium; our capabilities include security platform bring up, security stack integration, secure boot, secure diagnostics etc.

Please look out for the next article in this blog series for understanding more about the usage of the Crypto software stack.

References

Scroll to Top

Human Pose Detection & Classification

Some Buildings in a city

Features:

  • Suitable for real time detection on edge devices
  • Detects human pose / key points and recognizes movement / behavior
  • Light weight deep learning models with good accuracy and performance

Target Markets:

  • Patient Monitoring in Hospitals
  • Surveillance
  • Sports/Exercise Pose Estimation
  • Retail Analytics

OCR / Pattern Recognition

Some Buildings in a city

Use cases :

  • Analog dial reading
  • Digital meter reading
  • Label recognition
  • Document OCR

Highlights :

  • Configurable for text or pattern recognition
  • Simultaneous Analog and Digital Dial reading
  • Lightweight implementation

Behavior Monitoring

Some Buildings in a city

Use cases :

  • Fall Detection
  • Social Distancing

Highlights :

  • Can define region of interest to monitor
  • Multi-subject monitoring
  • Multi-camera monitoring
  • Alarm triggers

Attire & PPE Detection

Some Buildings in a city

Use cases :

  • PPE Checks
  • Disallowed attire checks

Use cases :

  • Non-intrusive adherence checks
  • Customizable attire checks
  • Post-deployment trainable

 

Request for Video





    Real Time Color Detection​

    Use cases :

    • Machine vision applications such as color sorter or food defect detection

    Highlights :

    • Color detection algorithm with real time performance
    • Detects as close to human vison as possible including color shade discrimination
    • GPGPU based algorithm on NVIDIA CUDA and Snapdragon Adreno GPU
    • Extremely low latency (a few 10s of milliseconds) for detection
    • Portable onto different hardware platforms

    Missing Artifact Detection

    Use cases :

    • Detection of missing components during various stages of manufacturing of industrial parts
    • Examples include : missing nuts and bolts, missing ridges, missing grooves on plastic and metal blocks

    Highlights :

    • Custom neural network and algorithms to achieve high accuracy and inference speed
    • Single-pass detection of many categories of missing artifacts
    • In-field trainable neural networks with dynamic addition of new artifact categories
    • Implementation using low cost cameras and not expensive machine-vision cameras
    • Learning via the use of minimal training sets
    • Options to implement the neural network on GPU or CPU based systems

    Real Time Manufacturing Line Inspection

    Use cases :

    • Detection of defects on the surface of manufactured goods (metal, plastic, glass, food, etc.)
    • Can be integrated into the overall automated QA infrastructure on an assembly line.

    Highlights :

    • Custom neural network and algorithms to achieve high accuracy and inference speed
    • Use of consumer or industrial grade cameras
    • Requires only a few hundred images during the training phase
    • Supports incremental training of the neural network with data augmentation
    • Allows implementation on low cost GPU or CPU based platforms

    Ground Based Infrastructure analytics

    Some Buildings in a city

    Use cases :

    • Rail tracks (public transport, mining, etc.)
    • Highways
    • Tunnels

    Highlights :

    • Analysis of video and images from 2D & 3D RGB camera sensors
    • Multi sensor support (X-ray, thermal, radar, etc.)
    • Detection of anomalies in peripheral areas of core infrastructure (Ex: vegetation or stones near rail tracks)

    Aerial Analytics

    Use cases :

    • Rail track defect detection
    • Tower defect detection: Structural analysis of Power
      transmission towers
    • infrastructure mapping

    Highlights :

    • Defect detection from a distance
    • Non-intrusive
    • Automatic video capture with perfectly centered ROI
    • No manual intervention is required by a pilot for
      camera positioning

    SANJAY JAYAKUMAR

    Co-founder & CEO

     

    Founder and Managing director of Ignitarium, Sanjay has been responsible for defining Ignitarium’s core values, which encompass the organisation’s approach towards clients, partners, and all internal stakeholders, and in establishing an innovation and value-driven organisational culture.

     

    Prior to founding Ignitarium in 2012, Sanjay spent the initial 22 years of his career with the VLSI and Systems Business unit at Wipro Technologies. In his formative years, Sanjay worked in diverse engineering roles in Electronic hardware design, ASIC design, and custom library development. Sanjay later handled a flagship – multi-million dollar, 600-engineer strong – Semiconductor & Embedded account owning complete Delivery and Business responsibility.

     

    Sanjay graduated in Electronics and Communication Engineering from College of Engineering, Trivandrum, and has a Postgraduate degree in Microelectronics from BITS Pilani.

     

    Request Free Demo




      RAMESH EMANI Board Member

      RAMESH EMANI

      Board Member

      Ramesh was the Founder and CEO of Insta Health Solutions, a software products company focused on providing complete hospital and clinic management solutions for hospitals and clinics in India, the Middle East, Southeast Asia, and Africa. He raised Series A funds from Inventus Capital and then subsequently sold the company to Practo Technologies, India. Post-sale, he held the role of SVP and Head of the Insta BU for 4 years. He has now retired from full-time employment and is working as a consultant and board member.

       

      Prior to Insta, Ramesh had a 25-year-long career at Wipro Technologies where he was the President of the $1B Telecom and Product Engineering Solutions business heading a team of 19,000 people with a truly global operations footprint. Among his other key roles at Wipro, he was a member of Wipro's Corporate Executive Council and was Chief Technology Officer.

       

      Ramesh is also an Independent Board Member of eMIDs Technologies, a $100M IT services company focused on the healthcare vertical with market presence in the US and India.

       

      Ramesh holds an M-Tech in Computer Science from IIT-Kanpur.

      ​Manoj Thandassery

      VP – Sales & Business Development

      Manoj Thandassery is responsible for the India business at Ignitarium. He has over 20 years of leadership and business experience in various industries including the IT and Product Engineering industry. He has held various responsibilities including Geo head at Sasken China, Portfolio head at Wipro USA, and India & APAC Director of Sales at Emeritus. He has led large multi-country teams of up to 350 employees. Manoj was also an entrepreneur and has successfully launched and scaled, via multiple VC-led investment rounds, an Edtech business in the K12 space that was subsequently sold to a global Edtech giant.
      An XLRI alumnus, Manoj divides his time between Pune and Bangalore.

       

      MALAVIKA GARIMELLA​

      General Manager - Marketing

      A professional with a 14-year track record in technology marketing, Malavika heads marketing in Ignitarium. Responsible for all branding, positioning and promotional initiatives in the company, she has collaborated with technical and business teams to further strengthen Ignitarium's positioning as a key E R&D services player in the ecosystem.

      Prior to Ignitarium, Malavika has worked in with multiple global tech startups and IT consulting companies as a marketing consultant. Earlier, she headed marketing for the Semiconductor & Systems BU at Wipro Technologies and worked at IBM in their application software division.

      Malavika completed her MBA in Marketing from SCMHRD, Pune, and holds a B.E. degree in Telecommunications from RVCE, Bengaluru.

       

      PRADEEP KUMAR LAKSHMANAN

      VP - Operations

      Pradeep comes with an overall experience of 26 years across IT services and Academia. In his previous role at Virtusa, he played the role of Delivery Leader for the Middle East geography. He has handled complex delivery projects including the transition of large engagements, account management, and setting up new delivery centers.

      Pradeep graduated in Industrial Engineering and Management, went on to secure an MBA from CUSAT, and cleared UGN Net in Management. He also had teaching stints at his alma mater, CUSAT, and other management institutes like DCSMAT. A certified P3O (Portfolio, Program & Project Management) from the Office of Government Commerce, UK, Pradeep has been recognized for key contributions in the Management domain, at his previous organizations, Wipro & Virtusa.

      In his role as the Head of Operations at Ignitarium, Pradeep leads and manages operational functions such as Resource Management, Procurement, Facilities, IT Infrastructure, and Program Management office.

       

      SONA MATHEW Director – Human Resources

      SONA MATHEW

      AVP – Human Resources

      Sona heads Human Resource functions - Employee Engagement, HR Operations and Learning & Development – at Ignitarium. Her expertise include deep and broad experience in strategic people initiatives, performance management, talent transformation, talent acquisition, people engagement & compliance in the Information Technology & Services industry.

       

      Prior to Ignitarium, Sona has had held diverse HR responsibilities at Litmus7, Cognizant and Wipro.

       

      Sona graduated in Commerce from St. Xaviers College and did her MBA in HR from PSG College of Technology.

       

      ASHWIN RAMACHANDRAN

      Vice President - Sales

      As VP of Sales, Ashwin is responsible for Ignitarium’s go-to-market strategy, business, client relationships, and customer success in the Americas. He brings in over a couple of decades of experience, mainly in the product engineering space with customers from a wide spectrum of industries, especially in the Hi-Tech/semiconductor and telecom verticals.

       

      Ashwin has worked with the likes of Wipro, GlobalLogic, and Mastek, wherein unconventional and creative business models were used to bring in non-linear revenue. He has strategically diversified, de-risked, and grown his portfolios during his sales career.

       

      Ashwin strongly believes in the customer-first approach and works to add value and enhance the experiences of our customers.

       

      AZIF SALY Director – Sales

      AZIF SALY

      Vice President – Sales & Business Development

      Azif is responsible for go-to-market strategy, business development and sales at Ignitarium. Azif has over 14 years of cross-functional experience in the semiconductor product & service spaces and has held senior positions in global client management, strategic account management and business development. An IIM-K alumnus, he has been associated with Wipro, Nokia and Sankalp in the past.

       

      Azif handled key accounts and sales process initiatives at Sankalp Semiconductors. Azif has pursued entrepreneurial interests in the past and was associated with multiple start-ups in various executive roles. His start-up was successful in raising seed funds from Nokia, India. During his tenure at Nokia, he played a key role in driving product evangelism and customer success functions for the multimedia division.

       

      At Wipro, he was involved in customer engagement with global customers in APAC and US.

       

      RAJU KUNNATH Vice President – Enterprise & Mobility

      RAJU KUNNATH

      Distinguished Engineer – Digital

      At Ignitarium, Raju's charter is to architect world class Digital solutions at the confluence of Edge, Cloud and Analytics. Raju has over 25 years of experience in the field of Telecom, Mobility and Cloud. Prior to Ignitarium, he worked at Nokia India Pvt. Ltd. and Sasken Communication Technologies in various leadership positions and was responsible for the delivery of various developer platforms and products.

       

      Raju graduated in Electronics Engineering from Model Engineering College, Cochin and has an Executive Post Graduate Program (EPGP) in Strategy and Finance from IIM Kozhikode.

       

      PRADEEP SUKUMARAN Vice President – Business Strategy & Marketing

      PRADEEP SUKUMARAN

      Vice President - Software Engineering

      Pradeep heads the Software Engineering division, with a charter to build and grow a world-beating delivery team. He is responsible for all the software functions, which includes embedded & automotive software, multimedia, and AI & Digital services

      At Ignitarium, he was previously part of the sales and marketing team with a special focus on generating a sales pipeline for Vision Intelligence products and services, working with worldwide field sales & partner ecosystems in the U.S  Europe, and APAC.

      Prior to joining Ignitarium in 2017, Pradeep was Senior Solutions Architect at Open-Silicon, an ASIC design house. At Open-Silicon, where he spent a good five years, Pradeep was responsible for Front-end, FPGA, and embedded SW business development, marketing & technical sales and also drove the IoT R&D roadmap. Pradeep started his professional career in 2000 at Sasken, where he worked for 11 years, primarily as an embedded multimedia expert, and then went on to lead the Multimedia software IP team.

      Pradeep is a graduate in Electronics & Communication from RVCE, Bangalore.

       

      SUJEET SREENIVASAN Vice President – Embedded

      SUJEET SREENIVASAN

      Vice President – Automotive Technology

       

      Sujeet is responsible for driving innovation in Automotive software, identifying Automotive technology trends and advancements, evaluating their potential impact, and development of solutions to meet the needs of our Automotive customers.

      At Ignitarium, he was previously responsible for the growth and P&L of the Embedded Business unit focusing on Multimedia, Automotive, and Platform software.

      Prior to joining Ignitarium in 2016, Sujeet has had a career spanning more than 16 years at Wipro. During this stint, he has played diverse roles from Solution Architect to Presales Lead covering various domains. His technical expertise lies in the areas of Telecom, Embedded Systems, Wireless, Networking, SoC modeling, and Automotive. He has been honored as a Distinguished Member of the Technical Staff at Wipro and has multiple patents granted in the areas of Networking and IoT Security.

      Sujeet holds a degree in Computer Science from Government Engineering College, Thrissur.

       

      RAJIN RAVIMONY Distinguished Engineer

      RAJIN RAVIMONY

      Distinguished Engineer

       

      At Ignitarium, Rajin plays the role of Distinguished Engineer for complex SoCs and systems. He's an expert in ARM-based designs having architected more than a dozen SoCs and played hands-on design roles in several tens more. His core areas of specialization include security and functional safety architecture (IEC61508 and ISO26262) of automotive systems, RTL implementation of math intensive signal processing blocks as well as design of video processing and related multimedia blocks.

       

      Prior to Ignitarium, Rajin worked at Wipro Technologies for 14 years where he held roles of architect and consultant for several VLSI designs in the automotive and consumer domains.

       

      Rajin holds an MS in Micro-electronics from BITS Pilani.

       

      SIBY ABRAHAM Executive Vice President, Strategy

      SIBY ABRAHAM

      Executive Vice President, Strategy

       

      As EVP, of Strategy at Ignitarium, Siby anchors multiple functions spanning investor community relations, business growth, technology initiatives as well and operational excellence.

       

      Siby has over 31 years of experience in the semiconductor industry. In his last role at Wipro Technologies, he headed the Semiconductor Industry Practice Group where he was responsible for business growth and engineering delivery for all of Wipro’s semiconductor customers. Prior to that, he held a vast array of crucial roles at Wipro including Chief Technologist & Vice President, CTO Office, Global Delivery Head for Product Engineering Services, Business Head of Semiconductor & Consumer Electronics, and Head of Unified Competency Framework. He was instrumental in growing Wipro’s semiconductor business to over $100 million within 5 years and turning around its Consumer Electronics business in less than 2 years. In addition, he was the Engineering Manager for Enthink Inc., a semiconductor IP-focused subsidiary of Wipro. Prior to that, Siby was the Technical Lead for several of the most prestigious system engineering projects executed by Wipro R&D.

       

      Siby has held a host of deeply impactful positions, which included representing Wipro in various World Economic Forum working groups on Industrial IOT and as a member of IEEE’s IOT Steering Committee.

       

      He completed his MTech. in Electrical Engineering (Information and Control) from IIT, Kanpur and his BTech. from NIT, Calicut

       

      SUJEETH JOSEPH Chief Product Officer

      SUJEETH JOSEPH

      Chief Technology Officer

       

      As CTO, Sujeeth is responsible for defining the technology roadmap, driving IP & solution development, and transitioning these technology components into practically deployable product engineering use cases.

       

      With a career spanning over 30+ years, Sujeeth Joseph is a semiconductor industry veteran in the SoC, System and Product architecture space. At SanDisk India, he was Director of Architecture for the USD $2B Removable Products Group. Simultaneously, he also headed the SanDisk India Patenting function, the Retail Competitive Analysis Group and drove academic research programs with premier Indian academic Institutes. Prior to SanDisk, he was Chief Architect of the Semiconductor & Systems BU (SnS) of Wipro Technologies. Over a 19-year career at Wipro, he has played hands-on and leadership roles across all phases of the ASIC and System design flow.

       

      He graduated in Electronics Engineering from Bombay University in 1991.

       

      SUJITH MATHEW IYPE Co-founder & CTO

      SUJITH MATHEW IYPE

      Co-founder & COO

       

      As Ignitarium's Co-founder and COO, Sujith is responsible for driving the operational efficiency and streamlining process across the organization. He is also responsible for the growth and P&L of the Semiconductor Business Unit.

       

      Apart from establishing a compelling story in VLSI, Sujith was responsible for Ignitarium's foray into nascent technology areas like AI, ML, Computer Vision, and IoT, nurturing them in our R&D Lab - "The Crucible".

       

      Prior to founding Ignitarium, Sujith played the role of a VLSI architect at Wipro Technologies for 13 years. In true hands-on mode, he has built ASICs and FPGAs for the Multimedia, Telecommunication, and Healthcare domains and has provided technical leadership for many flagship projects executed by Wipro.

       

      Sujith graduated from NIT - Calicut in the year 2000 in Electronics and Communications Engineering and thereafter he has successfully completed a one-year executive program in Business Management from IIM Calcutta.

       

      RAMESH SHANMUGHAM Co-founder & COO

      RAMESH SHANMUGHAM

      Co-founder & CRO

      As Co-founder and Chief Revenue Officer of Ignitarium, Ramesh has been responsible for global business and marketing as well as building trusted customer relationships upholding the company's core values.

      Ramesh has over 25 years of experience in the Semiconductor Industry covering all aspects of IC design. Prior to Ignitarium, Ramesh was a key member of the senior management team of the semiconductor division at Wipro Technologies. Ramesh has played key roles in Semiconductor Delivery and Pre-sales at a global level.

      Ramesh graduated in Electronics Engineering from Model Engineering College, Cochin, and has a Postgraduate degree in Microelectronics from BITS Pilani.