In the era of smart cars, with the in-vehicle infotainment network, vehicle-vehicle communication (V2V) and vehicle-to-vehicle communication (V2I) have become mainstream, more and more ECUs are deployed in the car. The ECU functions on the car are more and more realized. The amount of code increases, potential code vulnerabilities become more and more prominent; ECUs interact through CAN protocol, and CAN arbitration mechanism, passive address domain and non-authentication domain bring great security risks; and the finiteness of ECU resources leads to It is difficult to design an effective security solution. As the security of the car's Ethernet layer becomes stronger, car gateways and ECUs will become important targets for new attacks such as APT attacks and supply chain attacks.
In the field of automotive information security, software update over-the-air (OTA), advanced driver assistance systems (ADAS) and other highly interconnected, highly automated vehicle features and resulting in-vehicle communications require high-security ECU hardware and software security solutions to Prevent unauthorized intrusion or malicious intrusion and manipulation of the vehicle.
Baidu Apollo Automotive Information Security Lab aims to provide intelligent car information security protection capabilities, joint research institutions, universities, car companies, chip partners to conduct in-depth technical research, escort car information security. Laboratory car information security liberation program Mainly include: network service security, in-vehicle network security, system software and connection security, CAN security. Currently there are vehicle intrusion detection and defense systems, car firewalls, security upgrade kits, security gateways, auto-driving black boxes and other products, and Accelerate the deployment of products and solutions in vehicles, enhance connectivity, automate vehicle safety, and provide added value to customers.
NXP's in-vehicle information security solution is a four-layer security system with secure access interfaces, secure in-vehicle gateways, secure in-vehicle networks and secure computing, preventing unauthorized access and attack detection, blocking the scope of attacks and fixing them. Sense. In the current situation of automotive intelligent networking, ECU faces more stringent information security requirements. NXP's comprehensive system has a deep security protection system to provide full lifecycle security services, adapt to the network-based ecosystem, and The envisaged application scenario for system risk analysis.
In this ECU security solution, NXP provides CSE & HSM underlying API interface and physical layer communication information security protection. Baidu Apollo Information Lab provides ECU security SDK software stack and ECU security attack detection protection based on hardware security features. Mechanism. Provides hardware chip-level secure boot, security upgrade, communication security, access authentication, intrusion detection and defense system, blocking hacker intrusion into CAN bus by integrating security functions in relevant ECUs, such as brakes, ADAS, and door control units. And ECU, to protect the car network security.
Through the two teams of Baidu and NXP, we provide a chip-level ECU information security solution that integrates software and hardware, and deepen the chip layer to ensure the safety of the car. The solution has the following characteristics: 1) High performance: After adding safety functions on the ECU , does not affect its performance, can provide microsecond communication encryption response; 2) easy integration: deployed in the gateway or related ECU; no need to change the circuit, no need to change the original software architecture; 3) multiple scenarios: provide ECU soft / hard more Safety call, ECU grading safety self-test, full-link ECU safety interaction, lightweight ECU key distribution, multiple business-related ECU synchronization security update firmware and other scenarios.