Evaluation of lightweight TPMs for automotive software updates over the air
Paper presented at 4th escar USA, The World's Leading Automotive Cyber Security Conference, Detroit, MI, June 1-2, 2016
Given the growing importance of Information Technology in todays vehicles with their ever increasing connectivity and its safety relevance, it is obvious that security technologies need to be employed and improved. Besides secure coding efforts, many of the attack classes and scenarios demand the embodiment of Hardware Security Modules such as the Trusted Computing Groups Trusted Platform Module. This paper discusses the use cases and benefits of TPM usage in automotive ECUs. We further show and evaluate how the Automotive Thin Profile released by the Trusted Computing Group can be used to secure Software Over- The-Air updates. We show in detail, how this use case can be addressed by a combination of different levels of TPM implementations namely full TPMs and Automotive Thin TPMs. In order to give an estimation of the necessary implementation cost, the first ever measurements of required code and RAM sizes for different TPMs and an overview of TPM implementations are provided.