Performance Evaluation of a Hardware Security Module in Vehicles
Typ
Examensarbete för masterexamen
Program
Publicerad
2021
Författare
Folkemark, Michel
Rydberg, Viktor
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
With the rapidly increasing computerization of vehicles, cyber security has more and
more become a very important aspect of modern automobiles. A vehicle consists of
a large number of electronic control units (ECUs), all connected by a network. The
ECUs and the communication between them need to be protected from illegal use
by vehicle owners as well as cyber attacks from malicious actors. This protection is
provided through the use of cryptographic techniques such as message encryption
and authentication. The operations and calculations related to cryptography can
be performed by the processor in the ECU itself, but that puts an additional strain
on the limited computational capabilities of the ECU. A hardware security module
(HSM) is a device that has hardware acceleration for cryptographic operations.
Using an HSM alongside an ECU to perform cryptographic operations could thus
offload the ECU, which means the computational power of the ECU can be used to
perform its regular duties.
In this thesis, we have evaluated the use of HSMs in a vehicle environment with
regards to performance. This included comparing the performance of an HSM versus
a cryptographic solution implemented purely in software, as well as investigating
security and performance trade-offs of different HSM configurations. It was found
that using an HSM considerably improves performance of using cryptography, both
in terms of increasing the speed of cryptographic operations as well as offloading
the ECU CPU. Furthermore, it was also found that adding a message authetication
code (MAC) to messages in the Controller Area Network (CAN) protocol results in
a relatively large amount of overhead data, which consequently contributes significantly
to the bus load. This makes it an infeasible method to use in many cases.
However, according to our work using CAN-FD alleviates this problem considerably.
Beskrivning
Ämne/nyckelord
Performance , cybersecurity , automotive , HSM , AES , CAN