Performance Evaluation of a Hardware Security Module in Vehicles

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/304467
Download file(s):
File Description SizeFormat 
CSE 21-165 Rydberg Folkemark.pdf2.46 MBAdobe PDFView/Open
Bibliographical item details
FieldValue
Type: Examensarbete för masterexamen
Title: Performance Evaluation of a Hardware Security Module in Vehicles
Authors: Folkemark, Michel
Rydberg, Viktor
Abstract: With the rapidly increasing computerization of vehicles, cyber security has more and more become a very important aspect of modern automobiles. A vehicle consists of a large number of electronic control units (ECUs), all connected by a network. The ECUs and the communication between them need to be protected from illegal use by vehicle owners as well as cyber attacks from malicious actors. This protection is provided through the use of cryptographic techniques such as message encryption and authentication. The operations and calculations related to cryptography can be performed by the processor in the ECU itself, but that puts an additional strain on the limited computational capabilities of the ECU. A hardware security module (HSM) is a device that has hardware acceleration for cryptographic operations. Using an HSM alongside an ECU to perform cryptographic operations could thus offload the ECU, which means the computational power of the ECU can be used to perform its regular duties. In this thesis, we have evaluated the use of HSMs in a vehicle environment with regards to performance. This included comparing the performance of an HSM versus a cryptographic solution implemented purely in software, as well as investigating security and performance trade-offs of different HSM configurations. It was found that using an HSM considerably improves performance of using cryptography, both in terms of increasing the speed of cryptographic operations as well as offloading the ECU CPU. Furthermore, it was also found that adding a message authetication code (MAC) to messages in the Controller Area Network (CAN) protocol results in a relatively large amount of overhead data, which consequently contributes significantly to the bus load. This makes it an infeasible method to use in many cases. However, according to our work using CAN-FD alleviates this problem considerably.
Keywords: Performance;cybersecurity;automotive;HSM;AES;CAN
Issue Date: 2021
Publisher: Chalmers tekniska högskola / Institutionen för data och informationsteknik
URI: https://hdl.handle.net/20.500.12380/304467
Collection:Examensarbeten för masterexamen // Master Theses



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.