Trusted Platform Modules Provide Security for e-Mobility

by - Martin Brunner | Principal Automotive Security at Infineon Technologies

Martin Brunner_Infineon
Martin Brunner – Principal Automotive Security at Infineon Technologies

The continued adoption of electric vehicles and the subsequent electrification of the drivetrain have huge implications on the entire industry. It is not appropriate to see electricity as simply an alternative form of fuel for vehicles; it represents an entirely new paradigm in mobility.

E-mobility, as it is referred to, encompasses fundamental changes to the design, ownership and use of vehicles. For example: while autonomy is often held up as the prime use-case for connected cars, also the infrastructure required to support e-mobility dictates that vehicles become accessible in ways never before conceived. Therefore, while the industry is still developing solutions to implement automation levels 3 through to 5, the need for fully connected vehicles has already arrived with the electric car. The most apparent reason is perhaps the necessary interconnectivity between the vehicle and the charging infrastructure now being put in place across towns and cities worldwide. Charging cars will be one of many examples in an era that sees vehicles as a service and communications hub.

Making security part of the architecture

As a society, we are comfortable with accessing services and often assured by the (perhaps perceived) levels of security provided. The same is true in industry, where the concept of Platforms as a Service (PaaS) is already becoming the norm. Here, the use of security is implicit, established by special interest groups such as the Trusted Computing Group (TCG), whose standards are often adopted by committees and organizations including the IEC and ISO. As vehicles turn into service platforms, car manufacturers must also explore the potential risks associated with increased connectivity and the solutions now available to them. The Trusted Platform Module (TPM) has emerged as the most appropriate form of delivering e-mobility in a secured way.

e-mobility Infineon
Fig. 1: Reference architecture of a connected vehicle as a communications and service platform

If e-mobility is to be successful, it needs to provide and maintain an optimal and verifiable level of security for transactions between the vehicle and the charge point. The nature of an open market means that there will be many competing suppliers of charge points, but for the consumer this must not be allowed to become a barrier to adoption. This only escalates the challenge, because this essential service now becomes a primary attack surface. The charging infrastructure must be able to support the negotiation and communication between vehicles and charge stations, supplied and maintained by various manufacturers and providers.

The vehicle as we perceive it has been a part of our lives for well over 100 years now and while its capabilities have of course changed immeasurably since the earliest examples, ultimately the ICE still operates in much the same way. The majority of developments made over the course of time have been aimed at improving fuel efficiency in what is essentially a closed system. Fuel is stored and consumed within the vehicle and the nature of liquid fuel means it has always been relatively simple to refuel.

Replacing liquid fuel with electric charge is clearly changing that. Fuel in the form of electricity is now effectively less regulated, as it is no longer necessary to obtain it from a licensed supplier. Any electric vehicle owner can typically charge their vehicle from any electrical outlet, but in terms of scale it becomes necessary to impose control with the fewest possible restrictions.

This combination of ease of access coupled with protection is very well established in the computing world and it is here the automotive industry is turning, in order to establish standards that can be applied to e-mobility. The Trusted Computing Group has driven the development and acceptance of the specification referred to as the Trusted Platform Module (TPM) to further the goal of protecting while still providing ease of access.

This specification is now being implemented using dedicated semiconductors by integrated device manufacturers, referred to as discrete TPMs to differentiate them from implementations that form part of another integrated device or are implemented purely in software; the TCG sees discrete TPMs as the most secure. If certified according to Common Criteria (ISO/IEC 15408) to its adopted standard defining TPMs (ISO/IEC 11889), devices that meet this specification are resistant to physical attacks and implement security features including authentication, encryption and cryptography that help secure connected systems using protected keys. TPM 2.0 is the latest iteration of the specification and it provides a more flexible approach to developing a solution.

Secured microcontrollers that comply with TPM 2.0 offer levels of tamper-resistance that simply aren’t included in general purpose microcontrollers, developed in accordance with the use-cases being developed for e-mobility, for example charging. One form of protection includes adding a root of trust to implement secured boot at power-up, which uses authentication to verify that the code/data stored in an external memory hasn’t been tampered with before it is loaded into the processor’s main memory. Other forms of intrusion include so-called ‘side-channel’ attacks, which exploit easily accessible information about the system to gain insights. This may include using non-invasive techniques, such as differential power analysis, which has been shown to be effective in the reconstruction of data. This is specifically important, since as there is physical access to both vehicle and charging station, physical attacks must be considered in the attacker model. As well as securing the access points in a connected vehicle, it will also be necessary to use a TPM to secure sensitive data generated by modern vehicles. This may include but is not limited to data attributed to vehicle operation and maintenance as well as data attributed to the driver or owner (containing Personally Identifiable Information (PII), accounting and billing details, etc.) whose integrity, authenticity – and in some cases also confidentiality and/or non-repudiation – needs to be protected.

The benefits of choosing a TPM based on a discrete secured microcontroller include protection against physical and logical attacks, both malicious and those that may be benign but potentially disruptive.

E-Mobility interfaces and reference architecture

The primary actors in the e-mobility charging infrastructure include the electric vehicle (EV) and the charge point, referred to as the Electric Vehicle Supply Equipment, or EVSE. Within the EV, an Electric Vehicle Communication Controller (EVCC) will negotiate with the Supply Equipment Communication Controller (SECC) over a connection compliant with the ISO/IEC 15118 specification.

e-mobility Infineon
Fig. 2: Beside the vehicle itself and the charging infrastructure, e-mobility involves further entities.

Within the EV the EVCC will control the on-board charging circuit, provide feedback to the vehicle user through an HMI, and remain in close negotiation with the vehicle’s ECU(s). On the EVSE side, the SECC will negotiate with its own electric energy meter and pass data generated by that to the paying unit, as well as have final control over the physical delivery of the electricity drawn by the EV. It will also typically feature an HMI to inform the vehicle user of each stage of the process.

At the interface of each of these discrete functions, it will be essential to provide security through state of the art cryptography to safeguard the user’s data and the infrastructure’s integrity.

Security implications

There are numerous examples of how modern vehicles are being compromised through new communication channels. Even technology provided by Third Parties intended to secure these valuable assets has shown to be susceptible to cyberattacks, allowing criminals to remotely take control of a vehicle, by disabling it even while the owner is driving the car. The potential attack surfaces increase significantly when considering the e-mobility reference architecture and its various stakeholders, interfaces and communication paths, as outlined above.

When other forms of seemingly unrelated forms of communication are included, such as a Bluetooth connection to the driver’s smart phone, or WiFi for the other occupants, it becomes clear that the potential security risks and attack points need to be routed through a central security ECU, equipped with hardware-assisted security, such as a TPM.
The process of charging an electric vehicle using a publicly accessible charging point perfectly encapsulates the total threat associated with a connected society. The technical requirements of such as system are already numerous, involving high power, highly efficient semiconductors and passive components designed to handle hundreds of volts. In this respect, it will reshape the way vehicles are designed, but coupled with this are the requirements to be able to identify, authenticate and safeguard the information that will necessarily be passed between the vehicle and the infrastructure in order to facilitate public charging points.

The cryptography involved will need to protect not only the charging infrastructure but also the vehicles using it. At a system level, a charging station is an access port to the network, which could potentially allow access between any devices connected to the same network. In this respect the electric grid can be seen as the largest of all networks, access to which is not controlled by physical access. If it were a data center it would be protected from malicious intent by placing it within a secured building, surrounded by a security fence and surveillance system, along with human guards. When considered in this respect, it becomes clear that the requirement for highly secured systems within each vehicle accessing the grid is paramount.

e-mobility Infineon
Fig. 3: When charging an electric vehicle the charging station becomes a hub to the energy grid.

As part of the ISO 15118 international standard comes the concept of Plug & Charge. Intended to be robust enough to withstand the immediate and future needs of e-mobility, it can be expressed as enabling a secured and convenient way of charging an electric vehicle, covering both wired and wireless charging technologies based on AC and DC subsystems.
At its core, Plug & Charge is intended to ensure confidentiality, data integrity and authenticity, and it achieves this through the algorithms defined by ISO 15118 for symmetric and asymmetric cryptography.

Symmetric cryptography describes the process of using a single key for both the encryption and decryption of information and it is one of the oldest known forms of cryptography. Any system that implements symmetric cryptography dictates that the sender and receiver must both agree on the single key used on both sides of the secured channel. This is used to achieve the confidential exchange of data in a Plug & Charge system.

Conversely, asymmetric cryptography uses two different keys; one for encryption and another for decryption, and this technique is used to provide data integrity and authentication within Plug & Charge. Asymmetric cryptography uses what is normally termed a Public key for encryption and a Private key for decryption. There is no intrinsic difference between the two keys, the term Public is applied because it is not critical that the key is kept secret. If the Public key is discovered it can be used to encrypt a message but it cannot be used to recover, or decrypt, the same message. In this respect only the Private key must be kept secret. Implemented as a tamper resistant, secured and certified microcontroller using advanced hardware security technology a TPM is able to securely store Private keys and it also includes a true random number generator in order to generate such cryptographic keys.

It is the nature of properly implemented asymmetric cryptography that a Private key cannot be derived from a Public key or the data it encrypts, and only the Private key associated to a certain Public key can be used to decrypt a message. In general, when implementing secured communications, plain text will be encrypted using a Public key and decrypted by a Private key, while this procedure is inverted for the process of authentication using a digital signature. That is, only the Private key can be used for creating the signature while the associated Public key is used to verify the signature.
In a Plug & Charge application, asymmetric cryptography would be used to establish a secured connection, authenticated using digital signatures and allowing a common key to be agreed. At that point, symmetric cryptography can be used for all other message exchanges during the charging session. This is because the computational effort required for asymmetric cryptography, which involves Elliptic Curve Diffie-Hellman algorithms, is high relative to symmetric cryptography, so the use of both forms of encryption provides the appropriate levels of security without becoming a processing burden.

The entire process is governed by the use of digital certificates, as outlined in ISO 15118 and based on a Public Key Infrastructure (PKI). This describes the way in which digital certificates are created, stored, distributed and eventually revoked by what is termed Certificate Authorities, or CAs.

The digital certificates used in Plug & Charge are used in the authentication and authorization of the agents involved with the electric vehicle charging infrastructure, comprising the Charge Point Operator, the Certificate Provisioning Service (CPS), the Mobility Operator (MO) and the Car Manufacturer, or OEM.

In order to protect the authenticity of these entities involved in the EV charging infrastructure, the integrity of the thereby exchanged data and the confidentiality of sensitive information a tamper resistant, secured and certified microcontroller, such as one certified to TPM 2.0, is an essential building block to provide the security features needed to protect EV charging use cases and thus enable trusted e-mobility. The OPTIGA TPM SLI 9670 is Infineon Technologies’ AEC Q100 qualified Trusted Platform Module, based on a tamper resistant, secured and certified microcontroller. As a turnkey solution it is supplied with firmware compliant with TCG specifications and is designed for use in telematics control units, connected gateways and any ECU that requires strong security.

As EVs and the infrastructure needed to support e-mobility continue to develop it is clear that the Trusted Platform Module will become an essential technology in its delivery. Through the use of TPMs both consumers and manufacturers can anticipate a safe and secure experience, as we as a society make the evolutionary step towards full electric and fully autonomous mobility.