The number one priority in vehicle security is to harden the root-of-trust; from which everything else - the hardware, firmware, OS, and application layer’s security - is derived. If the root-of-trust can be compromised, then the whole system is vulnerable. In the near future the root-of-trust will effectively be an encryption key - a digital signature for each vehicle - that will be stored in a secure memory element inside all vehicles. In this paper we will show how a mathematical, formal analysis technique can be applied to ensure that this secure storage cannot (A) be read by an unauthorized party or accidentally “leak” to the outputs or (B) be altered, overwritten, or erased by unauthorized entities. We will include a real-world case study from a consumer electronics maker that has successfully used this technology to secure their products from attacks 24/7/365.
Note that the techniques and solutions described herein are focused exclusively on digital circuitry specified in a register transfer level (RTL) language, such as Verilog or VHDL - i.e. the most fundamental level of digital design. This paper does not go into any physical design and verification issues or related “side-channel” attacks, nor do we address firmware or higher level software security best practices.