Use secure flash storage to build a safe car system

In modern automotive embedded systems, highly secure data storage is essential, especially in the face of increasingly sophisticated cyber attacks. This article will introduce the steps for designers to use flash memory correctly. The demand for the safety and security of Electronic embedded systems has never been so strong today. As cars become more automated, we need to improve their security levels to prevent them from being compromised by hackers. The same is true for factories that use a large number of robots and Internet of Things (IoT) devices that need to process sensitive data.

For all such embedded systems, non-volatile flash memory is essential. Flash memory can be used as code storage, file system storage, or microcontroller unit (MCU) memory for running code directly. If you want to achieve system security, you must first ensure that the flash memory used by the system is safe. This article discusses the security requirements of flash memory and helps developers build safe and secure embedded systems for automotive, industrial, and communications applications.

If we look closely at the electronic systems of modern cars, we will find that flash memory is widely used in the entire car. As the complexity of the system increases, we need greater capacity for code storage and data storage. All subsystems in the car, including advanced driver assistance systems (ADAS), instrumentation systems, transmission and body systems, require embedded systems to run in real time. All these embedded systems require some type of flash memory for code storage and data storage. For example, Figure 1 shows an ADAS subsystem that uses multiple NOR flash memory devices.

  

In today’s ADAS applications, complex algorithms and artificial intelligence processes rely on codes and data stored in flash memory to run. Storage must provide fail-safe and security guarantees, because system failures or malicious attacks may cause serious personal injury or even death.

In industrial and network applications, there are also similar security and security requirements for storage solutions. In the context of increasing interconnectivity, hackers can break through any weak entity connected to the Internet, steal sensitive information, or use compromised devices as a springboard to launch attacks elsewhere in the entire network. Therefore, it is very important to build a system with security guarantee to avoid this type of attack.

For many years, flash memory manufacturers have provided pure data storage. For these applications, durability and retention are the two major indicators for measuring the quality of flash memory. Security is not a requirement for this type of flash memory device, which means that the data stored on the flash memory is either completely unprotected or protected with unauthenticated commands.

For example, some flash memory devices provide basic protection functions through normal command sets, such as providing non-volatile or volatile protection for sectors for programming or erasing operations, and password protection for programming or reading operations. Although these functions are good functions, they are not enough to resist sophisticated attacks. If hackers can access the bus interface of the flash memory device, they can easily extract or modify the data on the device.

In order to ensure safety, flash memory devices must protect stored codes and data from multiple attacks. The following summarizes several types of attacks that need to be guarded against flash storage devices. Hackers in MIM attacks often imitate the sender of the communication channel and send commands or messages to the other side to steal or modify data (Figure 2). Therefore, it is necessary to authenticate every message between the host and the flash memory device. Authentication can be achieved by using a public key on the host and flash memory to generate a message authentication code (MAC) that accompanies the actual message. The receiver can verify the MAC before taking action on the message.

  

In order to prevent the system from being permanently damaged when the key is damaged, it is usually necessary to use a temporary key. Temporary keys will become invalid after a certain period of time or a certain number of times. The purpose of this is to prevent the key from being decrypted by destructive physical analysis or other iterative attacks as much as possible. Another type of man-in-the-middle attack is to replay intercepted legal messages after a certain period of time. In order to prevent replay attacks, the host and flash memory device must use an accumulating counter to generate MAC. Because the current accumulating counter value is different from the value of the previous message.

Some hackers can use advanced technology to read all the contents of flash memory chips and make profits through illegal cloning. In order to prevent such attacks, every flash chip must have a unique device secret (UDS) that no one can read. The UDS value is unique and is a true random value in each chip. There is no connection between the UDS in one chip and the other chip.

UDS can be used to derive composite device identifier (CDI), and this identifier is the basis for generating device ID certificates defined by the Trusted Computing Group (TCG) Device Identifier Combination Engine (DICE) specification. Generally speaking, the device also generates alias private key public key pairs for all keys derived from the host on the basis of CDI. This eliminates the need to expose the private key of the device ID. With the UDS and DICE process, since UDS is physically unclonable, hackers cannot clone the device.

Passive listening is another known attack method. By eavesdropping on the bus, an attacker can collect sensitive information or confidential information from the data transmitted through the bus. To protect important data, users can choose to encrypt the data before sending the data to the flash memory device via the bus and storing the data. When the host retrieves data from the device, the data should also be encrypted, so that potential hackers will never be able to take advantage of it.

Some people may say that the encryption method does not require a secure flash storage solution, because the host can directly encrypt data and store it in the flash memory. Only the host can decrypt the data. However, this also has certain disadvantages. One of them is that the host cannot easily discard the encryption key. For example, suppose you use KeyA to encrypt data and store it in flash memory. Later, when the user discovers that KeyA has been compromised, he needs to use a different key on the system, namely KeyB.

At this time, the host is in a dilemma: it cannot directly abandon KeyA, because it needs to keep the key in order to decrypt the data read from the device. However, if KeyA is compromised, users may not want to keep it forever. If you want to use a new data encryption key, users have to take more complicated measures. Erase the original encrypted data on the flash memory first, and then use the newly encrypted data to program the flash memory. This kind of operation is not easy on site, and there are certain risks.

On the other hand, if a secured flash memory can provide encryption and decryption functions, it can safely store plaintext data in its secured storage and perform encryption processing before sending the data back to the host. If the current encryption key is compromised, the host can simply exchange a new key with the device. The data in storage is kept intact and secured, which is a much simpler method than storing encrypted data.

In modern multi-core embedded systems, multiple MCUs or hardware security modules (HSM) may be able to access the same flash storage. It is necessary for flash memory devices to provide a flexible memory architecture that can be partitioned and configured to manage different areas through different cores. These different areas can provide different levels of security, or cancel security when they are not needed at all.

By understanding the eMMC standard and UFS standard, we can clearly see the trend of supporting multiple security areas. The current eMMC standard specifies the Replay Protected Memory Block (RPMB). The latest UFS (v3.0) standard can provide intelligent support for four RPMB partitions, which are managed by four different keys. Such flexibility of memory architecture is more suitable in a multi-core SoC environment. Many embedded systems store startup code in flash memory. Part of this is because of the need for fast startup, for example, the automotive subsystem needs to process CAN messages within 100ms of power-on reset (POR). The system not only needs to start safely (that is, to verify the startup code), but it also needs to start quickly. This poses a higher challenge to embedded designers.

Under normal circumstances, when running the store and download (SnD) mode, the host reads the boot loader from the flash memory and maps it to the RAM for execution. However, if you want to start safely, you need to check and authenticate the entire bootloader code to ensure its credibility. This process requires time spent on the MCU. Secure flash storage can provide boot-loading certification, greatly reducing startup time.

A secure flash memory device can use an internal secure hash function to check the bootloader and provide the host with a hash value for verification. If the hash value does not change, it means that the bootloader has not been tampered with and can be safely used for startup. For modern embedded applications, field upgrade is a must-have feature. By remotely upgrading the firmware or software of the system, manufacturers can quickly solve problems, provide new features, and improve user experience. However, remote upgrades can also pose a security threat to the system. No one wants hackers to use existing update channels to run malicious firmware or software on the system.

In addition to relying on the security provided by the CPU, the security engine inside the flash memory device can also greatly improve the security level of the FOTA process (Figure 3). After adopting such a security engine, the flash memory device that provides boot code storage can not only use the host beside the flash memory device to authenticate the firmware provider, but also can be authenticated on the remote cloud. In this way, end-to-end channel security can be established for firmware updates or software updates in flash memory.

  

Embedded systems used in modern automobiles, industries, and communications require highly secure data storage. The challenge for embedded system designers is how to build a secure system that can withstand cyber attacks. Flash memory with integrated security features, such as Cypress’s Semper Flash, improves the security of the overall system by preventing various attacks against embedded systems.