Amid the evolution of intelligent vehicles, cybersecurity challenges have become a paramount concern for the automotive industry. In response, Calterah has released a comprehensive white paper—Calterah Vehicle Security Subsystem Solution for Radar. This white paper delves into the evolving trends in vehicle cybersecurity, thoroughly examines the security challenges confronted by radar systems, and presents innovative strategies for safeguarding vehicle radar security. This white paper covers various aspects, ranging from the hardware of vehicle radar chips to the software, from industry standards to practices, aiming to provide the industry with insights and practical strategies to safeguard the cybersecurity of intelligent vehicle radar systems for reference.

This article introduces the first part of the white paper Calterah Vehicle Security Subsystem Solution for Radar, including:

1. Vehicle Cybersecurity Trends
2. Cybersecurity Risks for Radar
3. Calterah Vehicle Security Subsystem Solution for Radar
4. Calterah Secure Firmware Support
5. Calterah Cybersecurity Certificate

1. Vehicle Cybersecurity Trends

The intelligence and connectivity advancements in automobiles enable cars to transform from stand-alone devices into interconnected ones, leading to a larger chance of cyber attacks with severe consequences, which threaten the safety of vehicles and occupants. As a result, ensuring cybersecurity of vehicles has become an increasingly pressing issue. It is not only a concern for the whole automotive industry, but also a risk for national security.

Table 1 Regulations and Standards Related to Automotive Cybersecurity

To cope with threats by cyber attacks, numerous regulations and standards have been introduced globally, to define, address, and standardize relevant issues. Such international regulation frameworks include UN/WP29, ISO 21434, and Trusted Information Security Assessment Exchange (TISAX), etc. And China has rolled out standards such as Access Management Guide for Intelligent Connected Vehicle Manufacturers and Products, Cybersecurity Standards for Internet of Vehicles (Intelligent Connected Vehicles), and Technical Requirements for Vehicle Cybersecurity, etc. Starting in 2017, China has been initiating these regulatory standards, and they have been or are set to be enforced as mandatory or recommended practices nationwide. Consequently, the entire industry is actively engaged in designing, developing, and implementing solutions to comply with these standards and mitigate potential cybersecurity risks.

2. Cybersecurity Risks for Radar

Radar devices, serving as vital sensors in intelligent driving systems, can significantly impact vehicle safety if their cybersecurity is compromised. Such compromises not only impact cybersecurity but also affect functional safety.

Figure 1 Radar Architecture in a Vehicle System

From a holistic perspective, the potential assets within the radar system can be classified into three categories, including communications between radar and other systems, system image files and data, and system keys.

2.1 Communications between Radar and Other Systems

The communications between radar and other systems include data message communication, diagnostic command control words, and updated packets, rendering relevant systems susceptible to the following attacks, notably:

1. Intercept messages to decipher their content such as detection lists of radar.
2. Tamper with communication data to send malicious commands for manipulating or sabotaging the systems.

Figure 2 Security Assets, Risks, and Mitigations of Automotive Radar Systems

To protect vehicles from these attacks, we require comprehensive mitigation measures, entailing both vehicle-level and component-specific countermeasures to eliminate or mitigate the risks. Such measures include secure onboard communication (SecOC), secure update, secure diagnostic, debugging interface protection, secure boot, management of underlying keys, hardware acceleration, and defense against side-channel attacks (SCAs).

2.2 System Image Files and Data

The system image files encompass system software components such as the bootloader and application image. Hackers typically employ the following tactics to attack these image files:

1. Analyze the image files to identify potential vulnerabilities within a system and then attempt to exploit these vulnerabilities.
2. With methods like system updates, refresh image packages to embed backdoors.
3. Tamper with online systems to gain unauthorized control.

Regarding the real-time data files generated during online operations, any compromise in their security may result in the following consequences:

• Hackers maliciously modify configuration files to alter the system’s behaviors.
• Hackers attack the cloud system by modifying local data files, such as log data.

2.3 System Keys

Cryptography, as a fundamental technology for cybersecurity, hinges critically on the security of cryptographic keys. Compromises in key security can undermine the overall system security, leading to issues like tampering with image files, leak of communication messages, etc. Hence, hackers often view key abstraction as a paramount goal in system breaches. Typical attacks are as follows:

1. Abstract keys from the system, including but not limited to symmetric and asymmetric keys. These keys might be employed for encrypting system image files and communication messages. With access to these keys, hackers can conduct reverse engineering and intercept the system, thereby obtaining information that can be directly or indirectly exploited. Should there be some keys that are globally exploitable, the impact of the attack can spread across different vehicles and even various models, significantly amplifying the detriment.
2. Embed the system with fabricated keys, or modify other local keys for key tampering.
3. Exploit system vulnerabilities to indirectly invoke keys for decryption or other malicious objectives.

3. Calterah Vehicle Security Subsystem Solution for Radar

Given all the assets enumerated and risks analyzed above, we know radar devices are facing various types of risks. Therefore, ensuring the security of radar devices has become a systemic issue.

To cope with those risks, we need to construct an initial security state for a system, including a complete trusted program and its corresponding key system. The key system contains appropriate cryptographic algorithms and a reasonable key management system. Applications can build an initial security border with this key system. Over time, the system may become exposed to more risks and vulnerabilities, and due to application requirements, the system may also face various state changes such as upgrades. Given that the initial state of the system is secure and the premise that all keys remain confidential, the radar system can utilize an existing trusted program to verify and ensure that any system state changes do not result in deviations from the secure state.

A radar system includes layers of hardware, system, and application software. Hence the security of a radar system requires the coordination of multiple parts.

Figure 3 Four Layers of Automotive Radar Security System

To ensure the overall security of the radar system, Calterah offers secure SoC products with robust software capabilities, which provide comprehensive protection for assets such as firmware, data, and communication messages. The SoCs support various features, such as cryptography acceleration, key generation and management, Secure Boot, etc. providing a robust foundation for upper-level system security and secure communication. Users can leverage these system-level features to enhance functions of their systems like Secure Diagnostic, Secure Update, and SecOC, further reinforcing application-level security to achieve system-level security.

Figure 4 Calterah Comprehensive Protection for Radar Security

As illustrated in Figure 4, Calterah’s security IPs can empower radar systems by providing comprehensive protection mechanisms.

• Cryptographic Hardware Accelerators

Calterah provides a variety of symmetric, asymmetric, hash, and random number generation (RNG) algorithms tailored to diverse security scenarios, fulfilling various performance requirements.

• Debugging Interface Protection

Calterah chips support debugging interface protection, guaranteeing secure operation by preventing malicious exploitation after the standard operating procedure (SOP).

• Firmware Encryption

System firmware is encrypted to deter reverse engineering attempts aimed at detecting vulnerabilities.

• Key Generation and Management

A complete lifecycle management system for key pairs is in place, encompassing local key generation, secure key storage, access control, and key destruction, thereby assuring legitimate use of keys.

• Secure Boot

Calterah chips natively support verification during the boot process of the system image files, preventing malicious tampering or substitutions.

• SCA Protection

Calterah SoC products offer various protective measures against SCAs to prevent hackers from launching attacks through power consumption or other means.

4. Calterah Secure Firmware Support

For the applications of radar chips, Calterah has developed a suite that supports AUTOSAR Classic Platform (CP). The suite can support the complete drive for all series of Calterah chips.

This suite includes a full set of drivers, demo code for third-party software, and other related software, supporting various upper-level application scenarios, such as Secure Communication, secure diagnostic, secure update, and secure key provisioning. Moreover, the suite supports the standard AUTOSAR CP 4.4 and later versions and the configuration of the hardware security module (HSM) using the IDE of EB Tresos, helping users greatly reduce the manpower and time costs in code development.

Figure 5 Secure Firmware of Calterah Radar Chip

5. Calterah Cybersecurity Certificate

In June 2022, Calterah began to set up its automotive cybersecurity management system and initiated the certification process for compliance with ISO/SAE 21434:2021 Road Vehicles–Cybersecurity Engineering (hereinafter referred to as "ISO/SAE 21434"). One year later, Calterah attained the ISO/SAE 21434 certification issued by TÜV Rheinland, making it a pioneer amongst China’s fabless companies to have achieved this certification. This achievement signifies Calterah’s outstanding capability in cybersecurity development and management. Currently, Calterah has been actively applying the ISO/SAE 21434 standard to its cybersecurity development across various projects, providing foundational capabilities and comprehensive management support for the implementation of cybersecurity in the automotive industry.

Figure 6 Calterah Automotive Cybersecurity Management Certificate