Being a panelist at the recent EETimes Autonomous Tech Forum was a privilege. The panel titled “How to Make AVs Trustworthy and Safe From Cybersecurity Threats” touched on the three critical themes of system-level approaches to AV security, hardware-based security as a foundation, and the criticality of security in supply chains.

First, Securing AVs requires considering the entire system, including hardware, software, and interactions. As a result, security must be built in from the ground up, not added as an afterthought. Attackers will exploit the weakest links, so every component matters. Second, the foundation of such a holistic approach is strong hardware security, as software security measures can never fix fundamental weaknesses in the underlying hardware. We discussed techniques like physical unclonable functions (PUFs), secure enclaves, and hardware root of trust. The third but certainly not least theme was supply chains. Given the complexity of the supply chain required for building AVs, securing the integrity and provenance of hardware components and software is critical. Therefore, critical challenges the industry must address head-on include traceability, trust verification, software bills of materials (SBOMs), and countering threats like counterfeiting and malicious insertions.

We discussed a lot in this 45-minute panel! Moderated by EETimes’ Anne-Françoise Pelé, besides yours truly representing Arteris, the panel featured Mikael Barbero, head of security at the Eclipse Foundation, Jamie Broome, VP of Automotive and Products at CoDasip and Pim Tuyls, CEO and CoFounder of Intrinsic ID.

The Top Five Takeaways

So, we had a good mix of hardware, software, and security representation.

To me, the top five issues the industry needs to address to secure autonomous vehicles are

• Adoption of holistic system-level approaches
• Establishment of solid hardware security as a foundation
• Employment of secure software development practices
• Management of supply chain security risks
• Cooperation of the industry to implement multi-layered security

Holistic System-Level Approaches

Consider the complexity of autonomous vehicles with 1000s of components, including hardware, software, and in-vehicle networks. Security cannot be an afterthought. Ensuring the security of AVs requires a comprehensive, system-level approach, and cross-functional development teams must consider security at the earliest stages of design. A “Secure by Design” approach must encompass secure hardware design, secure software development practices, network security measures, and rigorous testing and validation processes. This way, design teams gain a deeper understanding of attack surfaces and can implement a multi-layered defense to prevent, detect, and respond to cyber threats.

Foundational Hardware Security

During the panel, we all agreed that establishing a solid hardware root of trust is crucial for AV security. For instance, physically unclonable functions (PUFs) are a promising technology for creating a secure foundation at the hardware level. They leverage the inherent variations in the manufacturing process to generate a unique “fingerprint” for each semiconductor chip and create secure cryptographic keys tied to its physical properties. This approach makes them extremely difficult to clone or tamper with. As a result, by integrating PUFs into the hardware design, development teams can ensure that each chip has a unique and secure identity applicable to authentication, encryption, and other security functions. Taking it to the next step, this hardware root of trust can become the basis for secure key storage, firmware updates, and communication between vehicle components. Other hardware security features such as secure boot, hardware-based encryption, and tamper detection mechanisms can further strengthen the hardware root of trust.

Secure Software Development Practices

Compartmentalization that divides software into isolated components or modules with well-defined interfaces and permissions is a critical practice. This approach limits the interactions between software components. It restricts access to sensitive data and functions, and as a result, it can help prevent the spread of attacks and limit the damage caused by any single vulnerability.

In the context of computing interactions with memory, the panel discussed ARM’s Memory Tagging Extension (MTE), which can enhance software security by detecting and preventing common memory corruption vulnerabilities.

Focused on processor IP for computing itself, Jamie brought up customization of processors with security features. Various approaches can provide additional layers of defense against software exploits and we touched on Cambridge’s CHERI, Arm’s Pointer Authentication Codes (PACs), and RISC-V’s Physical Memory Protection (PMP).

Another critical aspect of secure software development in AVs is ensuring the integrity and authenticity of over-the-air (OTA) software updates. To address those, the panel touched on implementing robust authentication mechanisms, such as digital signatures and secure boot to prevent attackers from injecting malicious code into the vehicle’s software.

Supply Chain Security

A critical practice for managing the risks associated with open-source components and third-party code is using software bills of materials (SBOMs). They provide a comprehensive inventory of all software components used in a vehicle, including open-source libraries and dependencies. This way, developers can track and manage the provenance of software components, identify known vulnerabilities, and respond quickly to newly discovered threats. Another vital supply chain security measure is code signing. It ensures that software components are authentic and have not been tampered with. Developers can prevent the introduction of malicious code and protect against supply chain attacks by cryptographically signing code and verifying signatures during the build and deployment process.

Tracking the provenance of binaries and verifying the integrity of software artifacts throughout the development and distribution pipeline is also critical. In addition, authenticating hardware components, such as sensors, ECUs, and communication modules, can help prevent counterfeiting and ensure that only genuine, trusted components are used. Finally, Implementing robust authentication mechanisms and secure communication protocols between hardware components can further reduce the risk of supply chain attacks.

Industry Collaboration

The challenges posed by cyber threats are complex and constantly evolving, and no single organization can address them alone. AV manufacturers, suppliers, researchers, and policymakers must work together to share knowledge, develop best practices, and implement robust and multi-layered security measures. This collaboration can take many forms, such as participating in industry working groups, contributing to open-source security projects, and engaging in public-private partnerships to advance AV security research and development. By pooling resources and expertise, the industry can significantly improve AV security and resilience. Collaboration also helps ensure the prioritization of security throughout the supply chain, from chip manufacturers to software providers to vehicle integrators.

Furthermore, the industry must take decisive action to implement strong security measures, making hacking AVs extremely difficult and economically unfeasible for attackers. This action goes beyond technology and involves establishing clear security standards and regulations, and holding industry participants accountable for meeting those standards. The technologies and best practices for securing AVs exist today, but they must be widely adopted and consistently implemented across the industry.

Where Does Arteris Fit In?

Arteris’ network-on-chip (NoC) technology for automotive SoCs is critical to the overall AV system security puzzle. At the NoC/interconnect level, Arteris can implement security features like firewalls and encryption to protect data in transit between different SoC components, allowing only authenticated/authorized access to sensitive data.

Arteris works closely with the rest of the ecosystem, including semiconductor IP providers, chipmakers, and software developers, to ensure a holistic security approach. For example, Arteris is part of the discussions on how NoCs can securely interface with processors that implement technologies like Arm’s TrustZone or RISC-V’s CHERI extensions.

Arteris’ NoC technology already provides debug and trace capabilities for SoC integration and software development while ensuring debug interfaces cannot be exploited as attack vectors in production systems.

Outlook

As the saying goes – there is no security without safety and no safety without security. It takes the proverbial village to make chips and systems secure. As a critical component of the automotive development ecosystem, Arteris has already achieved ISO26262 certification for various technologies, including its Ncore cache-coherent interconnect, and is actively maintaining this status for its products.

This EETimes panel was a great example of how the industry can get together to address security concerns. For us at Arteris, being part of that ecosystem is a privilege. You can still see the full discussion at the EETimes Autonomous Tech Forum website.