Hardware security for an electronic control unit
First Claim
1. A vehicle electronic control unit, comprising:
- a memory configured to store encrypted and unencrypted vehicle data;
a main processor operatively connected to the memory and configured to access unencrypted vehicle data stored in the memory, the main processor further configured to process unencrypted vehicle data to perform tasks assigned to the electronic control unit;
a security processor operatively connected to the memory and configured to access encrypted and unencrypted vehicle data stored in the memory, the security processor further configured to encrypt unencrypted vehicle data stored in the memory and store the encrypted vehicle data in the memory and to decrypt encrypted vehicle data stored in the memory and store the decrypted vehicle data in the memory as unencrypted vehicle data for accessing and processing by the main processor, the security processor executing encryption and decryption in hardware circuitry that is field programmable; and
a substrate in which is defined a bus to connect the main processor, the memory, and the security processor;
wherein the encryption of unencrypted vehicle data or decryption of encrypted vehicle data by the security processor is performed in parallel to processing by the main processor of unencrypted vehicle data to perform the tasks assigned to the electronic control unit;
wherein the security processor includes an IP core configured to produce a security counter measure at run-time to side-channel attacks against the vehicle electronic control unit, and wherein the IP core senses current drawn by the main processor and the security processor and consumes current to maintain a current on the substrate to reduce sensing operation of the security processor and the main processor.
1 Assignment
0 Petitions
Accused Products
Abstract
An electronic control unit (ECU) for vehicles is described, including memory to store encrypted data and unencrypted data; a main control unit operatively connected to memory to access unencrypted data; and a hardware encryption-decryption device operatively connected to memory to access encrypted/decrypted data for decryption using a hardware algorithm and for encryption using a hardware algorithm. Data in the memory is decrypted by the hardware encryption-decryption device using the hardware algorithm and stored in memory for use by the main control unit. Data in memory is encrypted by the hardware encryption-decryption device using the hardware algorithm for storage in memory. The main control unit and the hardware encryption-decryption device are separate integrate circuits on a same substrate or SOC and are connected by a bus and can process data in parallel. An external bus can communicate encrypted information with the ECU to allow encrypt/decrypt at run time (on-the-fly) and wire-speed.
46 Citations
25 Claims
-
1. A vehicle electronic control unit, comprising:
-
a memory configured to store encrypted and unencrypted vehicle data; a main processor operatively connected to the memory and configured to access unencrypted vehicle data stored in the memory, the main processor further configured to process unencrypted vehicle data to perform tasks assigned to the electronic control unit; a security processor operatively connected to the memory and configured to access encrypted and unencrypted vehicle data stored in the memory, the security processor further configured to encrypt unencrypted vehicle data stored in the memory and store the encrypted vehicle data in the memory and to decrypt encrypted vehicle data stored in the memory and store the decrypted vehicle data in the memory as unencrypted vehicle data for accessing and processing by the main processor, the security processor executing encryption and decryption in hardware circuitry that is field programmable; and a substrate in which is defined a bus to connect the main processor, the memory, and the security processor; wherein the encryption of unencrypted vehicle data or decryption of encrypted vehicle data by the security processor is performed in parallel to processing by the main processor of unencrypted vehicle data to perform the tasks assigned to the electronic control unit; wherein the security processor includes an IP core configured to produce a security counter measure at run-time to side-channel attacks against the vehicle electronic control unit, and wherein the IP core senses current drawn by the main processor and the security processor and consumes current to maintain a current on the substrate to reduce sensing operation of the security processor and the main processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An electronic control unit, comprising:
-
a memory configured to store encrypted data and unencrypted data; a main control unit operatively connected to the memory and configured to access unencrypted data stored in the memory, the main control unit further configured to process unencrypted data to perform tasks not related to authentication; and a hardware encryption-decryption device operatively connected to the memory and configured to access encrypted data stored in the memory for decryption using a hardware algorithm and to access unencrypted data stored in the memory for encryption using the hardware algorithm; wherein encrypted data stored in the memory is decrypted by the hardware encryption-decryption device using the hardware algorithm and stored in the memory as unencrypted data for accessing and processing by the main control unit to perform the tasks, wherein unencrypted data stored in the memory is encrypted by the hardware encryption-decryption device using the hardware algorithm and stored in the memory as encrypted data by the hardware encryption-decryption device, and wherein the main control unit and the hardware encryption-decryption device are separate integrated circuits on a single substrate with a bus connecting the memory with the main control unit and the hardware encryption-decryption device and wherein the encryption of unencrypted data or decryption of encrypted data by the hardware encryption-decryption device is performed in parallel to processing by the main control unit of unencrypted data to perform the tasks; wherein the security processor includes an IP core configured to produce a security counter measures at run-time to side-channel attacks against the main control unit, and wherein the IP core produces acoustic information to mask operation of the main control unit and the hardware encryption-decryption device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A vehicle electronic control unit, comprising:
-
a memory configured to store encrypted and unencrypted vehicle data; a main processor operatively connected to the memory and configured to access unencrypted vehicle data stored in the memory, the main processor further configured to process unencrypted vehicle data to perform tasks assigned to the electronic control unit; a security processor operatively connected to the memory and configured to access encrypted and unencrypted vehicle data stored in the memory, the security processor further configured to encrypt unencrypted vehicle data stored in the memory and store the encrypted vehicle data in the memory and to decrypt encrypted vehicle data stored in the memory and store the decrypted vehicle data in the memory as unencrypted vehicle data for accessing and processing by the main processor, the security processor executing encryption and decryption in hardware circuitry that is field programmable; and a substrate in which is defined a bus to connect the main processor, the memory, and the security processor; wherein the encryption of unencrypted vehicle data or decryption of encrypted vehicle data by the security processor is performed in parallel to processing by the main processor of unencrypted vehicle data to perform the tasks assigned to the electronic control unit; wherein the security processor includes an IP core configured to produce a security counter measure at run-time to side-channel attacks against the vehicle electronic control unit, and wherein the IP core produces current in a random pattern to mask currents to and from the main processor and the security processor. - View Dependent Claims (23)
-
-
24. A vehicle electronic control unit, comprising:
-
a memory configured to store encrypted and unencrypted vehicle data; a main processor operatively connected to the memory and configured to access unencrypted vehicle data stored in the memory, the main processor further configured to process unencrypted vehicle data to perform tasks assigned to the electronic control unit; a security processor operatively connected to the memory and configured to access encrypted and unencrypted vehicle data stored in the memory, the security processor further configured to encrypt unencrypted vehicle data stored in the memory and store the encrypted vehicle data in the memory and to decrypt encrypted vehicle data stored in the memory and store the decrypted vehicle data in the memory as unencrypted vehicle data for accessing and processing by the main processor, the security processor executing encryption and decryption in hardware circuitry that is field programmable; and a substrate in which is defined a bus to connect the main processor, the memory, and the security processor; wherein the encryption of unencrypted vehicle data or decryption of encrypted vehicle data by the security processor is performed in parallel to processing by the main processor of unencrypted vehicle data to perform the tasks assigned to the electronic control unit; wherein the security processor includes an IP core configured to produce security counter measures at run-time to side-channel attacks against the vehicle electronic control unit, and wherein the IP core outputs random electromagnetic radiation to mask operation of the main processor and the security processor. - View Dependent Claims (25)
-
Specification