Tongxin Micro Empowers Smart Mobility with Trusted Architecture Based on Security

This article is from the Gasgoo auto community, authored by Zhang Xuetao.

With the rapid development of the Internet of Vehicles (IoV), smart cars are increasingly enhancing interactions between vehicles and their internal and external environments. This enables comprehensive connections, including vehicle-to-vehicle, vehicle-to-road, vehicle-to-cloud, and vehicle-to-human. However, these advancements bring unprecedented challenges to vehicle information and data security. Public data reveals that as of the end of August 2023, over 3,700 security vulnerabilities had been identified in smart vehicles, affecting more than 1,000 vehicle models. Alarmingly, the "popular" vulnerabilities in the industry exhibit a repetition rate of 70%.

In response to the recurring security challenges, an increasing number of government agencies and industry organizations have emphasized that "the security of smart vehicles must be built upon security chips." Requirements such as CC certification, GP SIP certification, EVITA, and GSMA standards for automotive security have established Secure Element (SE) and Hardware Security Module (HSM) as foundational components for smart vehicle security, setting a default industry standard.

On June 27, 2024, Lan Ruifen, Automotive Security Chip Product Manager at Tongxin Micro, was invited to speak at the "Third China IoV Security Conference 2024" organized by Gasgoo. In her keynote speech titled "The Application of Trusted Architecture for Automotive Security Chips in IoV," she shared comprehensive insights into the technical logic and practical cases of automotive security chip solutions. Her goal was to lower technical barriers and provide upstream and downstream partners with effective methods for utilizing security chips.

Current Status of Trusted Architecture Applications in Security Chips

In the era of software-defined vehicles, automotive application scenarios are becoming increasingly diverse. Among the complex and varied use cases, particularly in vehicle-to-external communication scenarios, security chips play a pivotal role. Their applications involve various vehicle nodes, including OBD security, T-BOX security, in-vehicle gateway security, FOTA update security, V2X connectivity security, car key security, and IVI security.

According to Lan Ruifen, the primary functions of security chips include root-of-trust key storage, communication security, encryption of sensitive data, and identity authentication. In recent years, security chips have been widely used in IoV cybersecurity. However, misconceptions have arisen during their application:

1. Users often equate security solely with MCUs, overlooking many preliminary considerations.

2. Users tend to focus only on security algorithms and physical protections, neglecting the proper methods for using security systems.

As secure chips continue to be integrated into the field of intelligent connected vehicles, new industry concerns are emerging:

How can unified management across multiple scenarios be achieved? Is it possible for a single security chip to address all vehicle-related scenarios?

To resolve these issues, it is essential to first understand the concept of a "trusted architecture for security chips" and then, based on this architecture, correctly utilize security chips to empower the safe development of smart vehicles.

What is Trusted Architecture for Security Chips?

As early as 2010, trusted architecture for security chips was applied in the financial sector, and its use later expanded to other security fields. The trusted architecture for security chips, which refers to the Java Card+GP environment, is primarily composed of the firmware of the security chip.

Working Principle: In the GP architecture, a Security Domain (SD) is defined, which can be understood as a "territory." Automotive manufacturers can store keys, applications, and other data within their "territory," with full control over all security permissions. Similarly, various application scenarios such as gas stations and food delivery software can also be included within the chip. In short, in the automotive field, different entities can be integrated into the same chip, or they can independently manage their own applications. This environment is known as the Global Platform (GP), or trusted architecture.

From a functional perspective, trusted architecture enables unified management across multiple scenarios, allowing one security chip to handle collaboration between multiple entities.

Applying Trusted Architecture to Automotive Security Chips

Why is trusted architecture the key to solving confusion in the use of automotive security chips? According to Lan Ruifen, we can look at the specific composition of a security chip:

First layer: The hardware of the security chip, which is the specialized firmware used to defend against physical attacks.

Second layer: Java and virtual machines.

Third layer: Trusted architecture, where multiple applications and entities can coexist. Currently, the GP has developed to version 2.3 and, as applications evolve, it has gradually penetrated the IoV field.

Fourth layer: Interaction between security parties. Security involves both encryption and decryption parties. The decryption party typically uses a few types of carriers, such as server TSM, which carries applets and manages data. After the peer's security chip implements "one chip, one key", the key is put into the corresponding applet to ensure data security.

Additionally, there is a new concept in this system—the "secure channel"—which has not yet been explored in the IoV domain. A secure channel involves two entities, with a known fixed key, generating stage-specific keys through random numbers. These keys are then used for mutual authentication and process key confirmation, and are employed to protect subsequent command interactions, verify integrity, or encrypt keys.

Thus, trusted architecture for security chips guarantees security at the underlying layer of the ecosystem. Its value is reflected in four aspects:

1. Ensuring process security: Regardless of the software running on the upper layer, the underlying chip's keys will not be exposed.

2. Supporting multi-application interoperability: Multiple entities can cooperate on the platform, from automotive manufacturers to various applications, including WPC certification, in-vehicle anti-counterfeiting, and in-vehicle payments. When an application is no longer needed, it can be easily uninstalled or decoupled, allowing for seamless multi-application coexistence.

3. International security verification: The system has been verified by international security institutions, making it a trusted system for users.

4. Ease of expansion: With the increasing complexity and diverse requirements of smart vehicle applications, this system supports easy integration and use of applications, enabling on-demand access and seamless removal when not in use.

As a leading security chip design company, Tongxin Micro has leveraged its extensive practical experience in trusted architecture to develop a series of automotive security chip solutions for the smart connected vehicle sector.

Tongxin Micro's Automotive Security Chip Application Practices

Among the applications, the digital key solution stands out as a typical use case for Tongxin Micro's series of automotive security chip solutions.

Currently, China's domestic digital key standards include CCC, ICCE, ICCOA, and other protocols, in addition to international digital key standards. Each standard needs to be integrated into the vehicle side. According to Lan Ruifen, with the support of trusted architecture for security chips, users can create a separate applet for each standard, making the operation more convenient and enhancing overall security.

Leveraging over 23 years of expertise in security chips and near-field communication (NFC), Tongxin Micro has developed a wide range of products, including the vehicle-side SE T97-315E, KeyFob SE T95-141A, NFC key card T92-116F, and NFC Reader THN31A. These products offer an overall digital key solution that ensures the security of digital keys from vehicle to cloud and cloud to endpoint.

Furthermore, Tongxin Micro's T9 series automotive security chip adopts its self-developed security firmware, providing safe key/root-of-trust storage, secure communication, data encryption protection, and identity authentication services. In addition to digital key, infotainment system, and cloud authentication scenarios, this chip is widely used in fields such as China VI-compliant T-BOX data encryption, passenger vehicle T-BOX, OBD identity authentication, and data encryption. Its product performance is exceptional, demonstrating four key advantages:

1. High security: Certified with international CC EAL6+ and Chinese Cryptography Level II certifications, supporting both international and Chinese cryptographic algorithms and relevant specifications, true random number generators, and infotainment connectivity security based on the GP standard.

2. High reliability: AEC-Q100 certified, with full-process closed-loop automotive-grade control and low PPM quality management.

3. Low power consumption: Using an efficient and simplified self-developed operating system, a wide working voltage range of 1.8V–5V, and low power mode when not communicating; meeting the low power requirements of IoT and IoV.

4. One-stop solution: Offering a complete solution including chips, firmware, and SDKs, with flexible, custom security services.

Additionally, unlike traditional IC production processes, which typically end once the IC is manufactured, Tongxin Micro's automotive security chip deployment involves more stages. The chips are shipped with relevant components from the factory, providing secure, trusted personalized loading services. This ensures a secure environment for key storage or chip authentication. The entire deployment process covers all stages, from the factory to the cloud and loading, with a comprehensive approach that considers the overall situation one step ahead of the client.

In summary, the trusted architecture built by Tongxin Micro for security chips provides end-to-end security support for digital keys, ensuring the integrity and validity of data transmission, while significantly reducing the adaptation and development cycle for automotive manufacturers. It supports various digital key formats, catering to different use scenarios and consumer groups. It has already been adopted by several leading Tier-1 suppliers and most domestic OEMs, achieving large-scale stable shipments.

With the vision of "improving lives with the power of technology," Tongxin Micro is committed to collaborating with its partners to develop high-security, high-reliability automotive security chip solutions. The company continues to expand its product portfolio, including automotive control chips, power devices, power management chips, driver chips, and intelligent sensors. It has formed a business layout centered on cybersecurity and functional safety while gradually covering supporting products to comprehensively contribute to the secure implementation of smart vehicle scenarios.

At the "Third China IoV Security Conference 2024," Tongxin Micro showcased its innovative achievements in automotive security chips, captivating numerous industry professionals who came to exchange ideas.