Network security trends and automotive FPGA

Recently, I co sponsored an online seminar on the theme of "network security trends and standards of automotive FPGA". If you can't participate in the online discussion, you can watch the video} video of the seminar.
This is the second safety seminar held by lattice and will be held quarterly thereafter. Experts participating in the event also included Sylvain guilley, CTO and co-founder of secure IC, a security technology company, and JP Singh, marketing manager of lattice automotive products.
Firstly, I introduce the concepts of supply chain security, network security and network protection and recovery. The problem with supply chains is that it is increasingly difficult to build trust. We all know about the zombie zero attack. Even if you think the contract manufacturers are safe, if they collude with hackers, your system may still be damaged.
Lattice's solution to supply chain security is to launch lattice supply guard ™ Service. As part of the ordering service, lattice Mach xo3d ™ And Mach ™ - NX FPGAs can be safely delivered to contract manufacturers because they are preloaded with locking procedures and encryption keys independent of the supply chain and customers. In this case, FPGA can effectively act as its own HSM. Locking the program disables all original programming ports. The only way to reprogram the device is to use the key required to lock the device for encrypted mirroring, and the key will not be disclosed in the supply chain. Then, the device realizes the ownership transfer in a protected and secure way, which greatly reduces the attack surface in the whole supply chain.
One of the keys to this function is the dual boot function of machxo3d and Mach NX FPGA, which means that when running a program, another new program can be loaded into a separate area of flash memory. The currently running program authenticates the new program. Once the new program is verified, it will be loaded into another flash section. If someone tries to launch a network attack - such as trying to restart the power supply, the device will return to the original locking procedure. Only after the device safely transfers IP ownership will the old program and its associated key be deleted.
It is possible for anyone in the supply chain (such as OEM or ODM) to repeat the same process. The only way they can load a new encrypted image is that the image must contain the corresponding encryption key required to transfer ownership to the new image. This is what we call "secure transfer of ownership". Its main feature is that no one in the supply chain can access any encrypted key or unencrypted version of customer IP.
Lattice also provides leading solutions in the field of network protection and recovery. Network security is trying to shut out malicious actors. But the problem is that if you are considered a worthy enough target, you will be attacked; This is not an impossible problem, but something that will happen sooner or later. Network protection recovery refers to the ability of the system to keep working when attacked, including the concept of platform firmware protection recovery (PFR).
According to the definition of NIST} SP 800 193 specification, platform firmware protection and recovery (PFR) involves three steps: protection, detection and recovery. Protection means to protect the firmware and key data of the platform from damage and ensure the authenticity and integrity of firmware updates. Detection includes detecting damaged platform firmware and critical data in an encrypted manner during the first power on, operation, and any system update. Recovery includes starting a trusted recovery process and restoring all damaged platform firmware and critical data to their previous state.
Machxo3d and Mach NX FPGA with lattice sent ™ A collection of solutions to meet the needs of network protection and recovery by providing secure dual boot and other functions. Once the system is started and running, machxo3d and Mach NX devices will protect themselves, detect and recover from malicious attacks, so as to ensure the reliability of network protection and recovery mechanism. In addition, the large-scale parallel processing capability of the programmable architecture enables these devices to protect, detect and recover multiple other platform firmware at the same time, so as to build trust in the system.
At the end of the speech, I shared a terrible video. You may remember an article in Wired magazine in 2015: "hackers remotely" kill "a jeep on the highway - I'm in the car". The hackers here are Charlie Miller, a security researcher at twitter, and Chris valasek, director of vehicle security research at ioactive. Although they are 10 miles away from the vehicle, they still control the vehicle's air conditioning, entertainment system, windshield washer / wiper and other equipment. Then they began to play real: cut off the transmission of the vehicle!
As a result, Jeep had to recall 1.4 million cars. After the recall, Charlie and Chris continued to study the jeep's Cyber Defense system. Just a year later, in 2016 (when they worked at Uber's advanced technology center), they showed how to launch an attack by connecting laptops to the car's can network. This new attack technique is introduced in detail in the follow-up "wired" column: "Jeep hackers once again prove that attacks against cars will be worse". The video here is the second attack, showing a classic case without network protection and recovery system.
After showing the video, JP Singh continued his speech. He talked about various trends in the current automotive field to promote the demand for network security and network protection and recovery, including automotive intelligence and interconnection. Then he introduced various media that can launch attacks on automotive systems, including unexpected means such as defrauding sensor data, which led to wrong decisions made by security systems and autonomous systems. Next, JP shows you a series of cases in which various automotive systems may be attacked, and how to successfully deal with these attacks when the system has a network protection and recovery mechanism.
Then Sylvain guilley from secu#re-ic began to speak. Secure IC is lattice's security partner, providing a variety of soft IP and hard IP encryption solutions, tools and services. Sylvain first explained the PESC method of secure IC, which aims to guide developers to identify security requirements and create Certified Solutions (PESC means protection, evaluation, service and authentication). He also briefly introduced the industry-leading protection technology of secure IC, integrated security element (ISE) and security IP (securyzr), evaluation tools for security assurance and certification preparation (laboryzr), and consulting professional services and security evaluation service (expertyzr). Secure IC currently deploys more than 1 billion IP modules every quarter, which is evident in the popularity of its products and services.
In short, the event was informative and was warmly welcomed by the audience. So if you were unable to attend the live event at that time, I strongly recommend that you watch the video of this} seminar.