hardware security for the car with omnishield december...

www.imgtec.com

Hardware security for the car with OmniShield December 2016

© Imagination Technologies Automotive Security Webinar – December 16 2

Agenda

About Imagination Technologies

Automotive Industry Overview

Security issues as we move to autonomous driving

Consequences of attack

Introducing Omnisheild

Real time trusted operation

Conclusions


Core IP for low power, high performance SoCs

Ultra-low power; class-leading efficiency; designed for IP-based SoCs

Our technologies address what really matters to help our customers create innovations for success

PowerVR Graphics & GPU Compute

Processors

Ensigma Communications

Processors

PowerVR Vision

Processors

MIPS Processors

Fa

bric

PowerVR Video

Processors


Enabling customers to fully leverage their own IP

Domain Solutions Customer

technologies & know-how

Customizable IP platforms

Scalable IP

AR / VR Networking IoT Consumer Automotive Mobile

Ecosystems software, tools, apps, middleware, hardware


Engage: From Cores to Enhanced Driver XP How our business model works

Imagination

Supplies the cores

to…

Our Licensees

Who build and sell the

chips to ….

the OEMS/Tier 1s who

build the units that allow

Their developers and

customers

to create fantastic driver

experiences

outreach

outreach


Pace of innovation versus mobile (5/10 yrs vs 2yrs)

Increasing Government Legislation covering

emissions, safety standards, fuel consumption

Need to differentiate through electronics and

software features

Have to meet new safety standards (ISO26262)

Increasing development costs of complex systems

An industry in rapid change

Automotive industry in transition

Traditional markets being overtaken by new APAC markets and new players

Minimal Security isolating car and infrastructure from malicious attack

Car electronics architecture is not ready for the „tsunami of software that will be

hitting it in the coming years

„ „There‟s likely to be more auto-industry change in the next five years than in the last 50‟

GM CEO Mary Barra, World Economic Forum Jan 2015


Self driving vehicles

Up to 11 different Open wireless/cellular systems will be used to

connect cars internally/externally

Few car companies, today, have considered security from the

bottom up

Increasing numbers of hacks on cars taking place showing the ease

of compromising the platform

We must establish trust upon which a secure end to end car network

can be established

By 2020, more than 10 security certificates to be issued and revoked

per vehicle per day

Safety will increasingly be reliant on external information being

available within the car.

Can the new technology be trusted!


Car Security

Wired Magazine: Jeep Hack

Initially hacked through the Cars Diagnostic port as part of a

WIRED magazine article

Second trial - remotely hacked from a hotel room

Showcased vulnerability of wireless connections in the car

Multiple other examples based on attacking through the

cars cellular connection

Today it is very difficult to hack cars but…

With the increase in wireless interfaces and use of third

party devices in cars the ability to compromise increases

Moving to a centralised computing architecture and an

opening up of APIs will also cause a headache.

Must be considered from the ground up in all systems


What can you do once you have hacked a car

Two main areas

Manipulation of car systems as shown in the figure

Leading to potential accidents

Possibly car jacking

Installation of malware that steals driver data and

details and spreads

Hackers want to not just attack one car but a

whole range of car i.e. BMW 5 series or

Toyota Auris


Today‟s security solutions are inadequate

Only secures the CPU

Only one secure zone

Proprietary hardware

All secure apps in the same zone

One CPU-centric secure zone is not enough

Trusted Hypervisor

Unified Memory

Root of Trust

Communications

GPU graphics and compute

Central Processor

So

C F

ab

ric

High security:

Payment

Media

Health

Utilities – electricity, gas

High security

zone

Low or zero security:

Twitter

Facebook

Maps

Games

Low security applications


OmniShield™ redefines the future

Multi-domain: up to 255 containers

Heterogeneous: CPU GPU, RPU

Hardware separation: virtualisation

Open: prpl Security PEG

Multi-domain, heterogeneous, hardware separation

Trusted Hypervisor

Unified Memory

Root of Trust

Communications

GPU graphics and compute

Central Processor

So

C F

ab

ric

ADA S

High security:

Network Access

Premium Content

Payments

Lower security:

Infotainment

Navigation

Web

Games

Low security applications


Imagination OmniShield Enabling next-generation SoC security

Multi-domain separation-based architecture

Beyond binary: each secure/non-secure app/OS

can operate independently

Scalable to address heterogeneous architectures

OmniShield-ready hardware and software IP

Designed to provide the industry‟s most scalable,

secure solutions for protection of next-generation SoCs

Ensures security & reliability

Eases development/deployment of apps and services

Changing use models in connected vehicles require a new

security approach to protect OEM products and services


T3

T2

T1

T0 Single Core

Quad Thread

Time(t)

OS

RTOS

RTOS

OS

t0 t5

Concurrent

Multi-Threading

OS OS RTOS RTOS

H/W

Th

read

100%

CPU

Concurrency

Real-time trusted operation in virtual environment Intersection of Isolation and Concurrency

Single Core Single Thread

H/W VZ

Hypervisor

OS OS

RTOS

RTOS

Time(t)

OS OS RTOS RTOS OS RTOS

t0 t1 t2 t3 t4 t5

Context Switch

Virtualization

CPU

100%

Gu

est

Ro

ot

Hypervisor

Hypervisor switches context

enforcing CoS, QoS and

isolation.

Response time adequate for

many applications.

H/W Multi-Threading enable

concurrent operation of

Applications.

Context switch at rate of

CPU clock

Isolation


Isolation Concurrency

Real-time trusted operation in virtual environment

T3

T2

T1

T0 Single Core

Single Thread H/W VZ

Hypervisor

OS OS

RTOS

RTOS

Single Core Quad Thread

Time(t) Time(t)


OS

RTOS

RTOS

OS

t0 t1 t2 t3 t4 t5

t0 t5

Context Switch Concurrent

Multi-Threading Virtualization

CPU

100%

Gu

est

OS OS RTOS RTOS

Ro

ot H

/W T

hre

ad

100%

CPU

Hypervisor Time(t)

OS

RTOS

RTOS

OS

t0

100%

CPU

Gu

est

Ro

ot

OS

RTOS

RTOS

OS

t3 t7

T3

T2

T1

T0 Single Core

Quad Thread

Virtualized Multi-Threading

OS

OS

RTOS RTOS

Hypervisor

Concurrent Multi-domain Execution Environment

Zero overhead & real-time


Real-time trusted operation in virtual environment

T3

T2

T1

T0 Single Core

Single Thread H/W VZ

Hypervisor

OS OS

RTOS

RTOS

Single Core Quad Thread

Time(t) Time(t)


OS

RTOS

RTOS

OS

t0 t1 t2 t3 t4 t5

t0 t5

Context Switch Concurrent

Multi-Threading Virtualization

CPU

100%

Gu

est

OS OS RTOS RTOS

Ro

ot H

/W T

hre

ad

100%

CPU

Hypervisor

OS

OS

RTOS

OS

t0

100%

CPU

Gu

est

Ro

ot

OS

OS

RTOS

OS

t3 t7

T3

T2

T1

T0 Single Core

Quad Thread

OS

OS

RTOS OS

Hypervisor

Automotive System Use case

Cluster Secure RTOS High Priority 60 FPS

ADAS Linux Variable Priority GPU Compute

Navigation Linux Lower Priority / Framerate

Infotainment Linux/Android Medium Priority / Framerate

OS OS

RTOS

OS

Time(t)

RTOS


Open security for today‟s platforms

Ensuring developers can create truly portable

yet secure applications and platforms

prplSecurity™

Developed by active community of industry leaders

Multi-domain – limited only by hardware capabilities

Heterogeneous – works with CPUs, GPUs, RPUs,

SoC fabrics and more

Hardware-enforced using virtualisation in any processor

Open APIs and HALs enabling operation on any SoC

Guidelines, reference documentation and much more

prpl Foundation Security PEG leading cross-industry initiative


Summary

One “Trusted Secure” zone is no longer enough!

OmniShield‟s security approach is uniquely scalable

Number of Secure Domains limited only by hardware

Excellent performance at the right cost and power

Highly efficient multi-threaded RISC architecture gives more DMIPS / Millimetre of silicon

30% - 50% more efficiency. Up to 600% more efficient than single-threaded

Highly deterministic operation

“Clean RISC” architecture and Shadow registers give precise interrupt cycle count

Also vastly reduces the interrupt latency

Extremely high security - Highly resistant to hacking and robust operation

Hardware virtulization + Hypervisor achieve excellent security and application partioning

Enables low latency and concurrent secure boot

OmniShield™: the new force in SoC and system security from Imagination

www.imgtec.com

hardware security for the car with omnishield december...

Documents