ESCRYPT Integration of hardware security modules

Security solutions in software are often not sufficient to achieve the desired level of ECU security. Hardware security modules (HSM) increase the resistance of embedded systems to more complex attacks and offer greater protection for key material and against software manipulation.

However, the process of integrating hardware security modules is highly complex and requires the creation of a second, independent software environment in the control unit. Special requirements relating to security apply here that are not congruent with the generally known demands of functional safety on software development.

Resorting to specific security expertise ensures that using an HSM does not negate the attainable gain in security. Using a turnkey software solution with well-defined interfaces makes the development complexity manageable by encapsulating the security functions, leaving the application developer free to concentrate on the main objective – ensuring ECU functionality.

Comprehensive consulting, robust implementation, and the right products

ETAS has extensive experience in the implementation and integration of hardware security modules through many industrial and research projects. Our security experts provide advice on choosing and integrating the hardware security modules into existing infrastructure and applications. In doing so, they place particular emphasis on customers’ individual system and process requirements.

ETAS’ solution for the plug and play integration of hardware security modules is based on a comprehensive product portfolio: ESCRYPT CycurHSM as a universal software stack for all implementations of an automotive HSM currently available on the market meets the demands for flexible HSM firmware. ESCRYPT CycurHSM abstracts all different hardware implementations at the same time and makes them available for the relevant application under a single interface.

Powerful and future-ready HSM firmware architecture and the many modules already available offer ample possibilities for using the HSM. These range from straightforward cryptographic operations, the emulation of SHE/SHE+ features, and secure ECU booting, to complex certificate management or software manipulation detection that runs in the background. These features can be used separately or together.

ESCRYPT CycurHSM allows you to seamlessly integrate the HSM into the AUTOSAR environment of the control unit. Alternatively, the cryptographic service application interface (CSAI) permits low-level access for legacy (non-AUTOSAR) control units and applications. ESCRYPT CycurHSM can also serve to integrate existing SHE modules into the AUTOSAR basic software and make its functionality available over standardized interfaces.