The growing demand for connectivity within cars exposes more and more critical embedded systems to security risks.
Car manufacturers and service providers are finding innovative ways to personalize our rides, or make in-vehicle purchases more convenient (some even automated – like toll booth fees). While these services bring a lot of value, they also demand that more private, personal data is stored inside connected cars. That means your car, if hacked, could essentially be a runaway credit card on wheels. Not to mention that embedded systems control the actual behavior of the car as well, and any compromise of these systems could lead to damage or harm.
A poll by American Insurance Group revealed that 75% of respondents expressed concern that autonomous cars, and even cars with autonomous features, could be hacked. Alongside these fears is the growing demand for connectivity within cars – even into deeply embedded automotive systems. As more critical systems become exposed to this connectivity, the security risks magnify. This means securing smart cars has now crossed far beyond securing just the physical networks on cars.
Whenever private, potentially sensitive data is handled, security measures must be in place to protect it from malicious attacks. So it makes sense that the software and hardware handling the storage of this information should have features that allow only authorized access to that data.
How is data inside cars handled and stored?
Storage management software – in particular, file systems – handles the data that goes to various storage devices inside connected cars. Just like what happens in your computer, file systems organize data into files, making it easy for applications to find stored data. But they also play an important role in storage read and write performance, flash endurance, data and storage interoperability, data integrity – and to some degree – data security. For a file system, security means ensuring that the data it handles is not misused and/or altered by unwanted parties. One security measure that can be implemented at the file-system level is encryption.
What is file system encryption?
Encryption is commonly used to prevent unintended access to information. Generally speaking, encryption works by encoding information in a way that only authorized parties with the right “key” can gain access to it. The file system can implement encryption in different ways, each having some effect on CPU performance and processing speed. During the encryption process, factors that play a role in CPU usage and efficiency are 1) the cryptographic algorithm, and 2) the encryption implementation itself.
- Cryptographic algorithms can be categorized into symmetric or asymmetric. Symmetric algorithms, as opposed to asymmetric ones, use the same secret key for both encryption and decryption. Symmetric algorithms have the primary advantage of efficiency and fast execution speed.
- Encryption implementations include stream and block ciphers. Stream ciphers work on encrypting small bits of data at a time, so they are generally faster than block ciphers, which encrypt large chunks of data.
How do file systems handle encryption?
Encryption can be run through software, hardware, or a combination of both. In any case, some sort of software execution is needed. A file system can perform software-based encryption on files or directories. As an example, Reliance Velocity, encrypts file data, file names, and symbolic links (a type of file that contains references to other files or directories). We chose the AES-256 encryption algorithm for Reliance Velocity, or Advanced Encryption Standard (AES) with a 256-bit key. This option has several advantages:
- AES in general is one of the most accepted encryption standards, meaning it is a fitting choice for use in automotive software.
- AES is a symmetric cryptographic algorithm, so that generally entails less CPU to execute.
- The mathematical strength of a 256-bit key makes it virtually impossible to hack by attacking the algorithm itself. This means it’s a great choice for very sensitive files stored in today’s smart cars.
However, there is a potential cost for using such a strong encryption method. The AES algorithm is very fast and efficient, despite its status as a block cipher. But choosing such a strong cipher key (256-bit) requires more computational power. This could potentially drag down the CPU running the encryption algorithm.
How can hardware-accelerated encryption increase performance?
In cases where performance is a concern, or when a customer would have a specific requirement, the hardware can instead be used to accelerate the cryptographic algorithms. Benchmarks show that hardware-based encryption acceleration could be anywhere from a couple to several orders of magnitude faster than a purely software-based equivalent. Not to mention, research indicates that hardware-accelerated encryption makes it even more improbable an attacker can access the data.
That’s where Arm fits nicely into the picture. When our customers use processors with Armv8 architecture, we can configure our file system to use the Armv8 Cryptography Extensions. The Cryptography Extensions are special CPU instructions that give the software a sizable performance boost from the hardware to execute the process. In this way, the file system can keep the required level of read-write performance and provide rock-solid security measures to protect the data saved to the storage.
Although we’re unable to disclose any specific information about customer benchmarks, this is something we’re testing in our own R&D lab. However, some informal results online suggest that the Armv8 Cryptography Extensions do make an impact. One developer reports a speed boost of nearly 18 times with the hardware extensions enabled. When performance and safety are both critical requirements – which is increasingly the case in automotive applications – using hardware-based encryption acceleration may be worth the effort in implementation.
As we reach new levels of autonomy, the amount of data being generated, stored, and transmitted over wireless connections will only increase. At the same time, more critical systems within the car are becoming connected with each other and the outside world, bringing new challenges on how we keep data protected and vehicles secure. Tuxera’s file system encryption technology provides an effective solution to these security challenges, helping to enable the next generation of autonomous vehicles. Tuxera Reliance Velocity file system features encryption at multiple levels – learn more about our state-of-the-art file system here.
* This post is also available at Arm’s blog.