Performance Evaluation of a Hardware Security Module in Vehicles

Examensarbete för masterexamen

Använd denna länk för att citera eller länka till detta dokument: https://hdl.handle.net/20.500.12380/304467
Ladda ner:
Fil Beskrivning StorlekFormat 
CSE 21-165 Rydberg Folkemark.pdf2.46 MBAdobe PDFVisa
Bibliografiska detaljer
FältVärde
Typ: Examensarbete för masterexamen
Titel: Performance Evaluation of a Hardware Security Module in Vehicles
Författare: Folkemark, Michel
Rydberg, Viktor
Sammanfattning: With the rapidly increasing computerization of vehicles, cyber security has more and more become a very important aspect of modern automobiles. A vehicle consists of a large number of electronic control units (ECUs), all connected by a network. The ECUs and the communication between them need to be protected from illegal use by vehicle owners as well as cyber attacks from malicious actors. This protection is provided through the use of cryptographic techniques such as message encryption and authentication. The operations and calculations related to cryptography can be performed by the processor in the ECU itself, but that puts an additional strain on the limited computational capabilities of the ECU. A hardware security module (HSM) is a device that has hardware acceleration for cryptographic operations. Using an HSM alongside an ECU to perform cryptographic operations could thus offload the ECU, which means the computational power of the ECU can be used to perform its regular duties. In this thesis, we have evaluated the use of HSMs in a vehicle environment with regards to performance. This included comparing the performance of an HSM versus a cryptographic solution implemented purely in software, as well as investigating security and performance trade-offs of different HSM configurations. It was found that using an HSM considerably improves performance of using cryptography, both in terms of increasing the speed of cryptographic operations as well as offloading the ECU CPU. Furthermore, it was also found that adding a message authetication code (MAC) to messages in the Controller Area Network (CAN) protocol results in a relatively large amount of overhead data, which consequently contributes significantly to the bus load. This makes it an infeasible method to use in many cases. However, according to our work using CAN-FD alleviates this problem considerably.
Nyckelord: Performance;cybersecurity;automotive;HSM;AES;CAN
Utgivningsdatum: 2021
Utgivare: Chalmers tekniska högskola / Institutionen för data och informationsteknik
URI: https://hdl.handle.net/20.500.12380/304467
Samling:Examensarbeten för masterexamen // Master Theses



Materialet i Chalmers öppna arkiv är upphovsrättsligt skyddat och får ej användas i kommersiellt syfte!