Electronic control units in today’s vehicles are connected to engine control, steering, even the behaviour of the brakes. In an average vehicle several dozens of these small computers are doing their service; some top models have more than 100. “Information technology nowadays is one of the strongest drivers of innovation in the car,” says Christoph Krass. He is researcher at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT) in Darmstadt, Germany. The institute is focusing on the safety and security of embedded IT systems in vehicles. “The car, hitherto a closed system, is today target of attacks through its multiple IT interfaces that are increasingly implemented,” Krass says. The list of current examples of attacks is quite long. Hackers spied out private user data, used car dealers manipulate the odometer readings, car thieves outwit the immobiliser and open car doors and even rogue car owners activate functions they have not paid for. Very recently, a hacker duo took control of vital vehicle functions like brakes and steering; another one hacked into GMs OnStar communications system. Along with the progress of hacker’s ability to bring cars under their control grows the necessity to increase the security level for the in-car IT.
“Of course, cryptographic solutions are available”, says Krauß. “However, in many times they are not flexible enough”. Along with his team, Krauß built a solution that makes use of hardware security modules (HSMs) to ensure security at device level. In doing so, they utilised the Trusted Platform Module, a widely recognised open standard, in its latest version TPM 2.0. It has been developed by the Trusted Computing Group, an organisation bundling the standardising efforts of almost all important IT players. “Our solution is a software platform that helps developers to create secure control units based on TPM 2.0”, explains project manager Andreas Fuchs. “With this platform all necessary building blocks of automotive control units, hardware as well as software,