Bench Talk

New Tech Tuesdays

Join Mouser's Technical Content team for a weekly look at all things interesting, new, and noteworthy for design engineers.

Automotive engineering has long prioritized safety. But as advanced driver-assistance systems (ADAS) and autonomous technology become more integrated into modern vehicles, the definition of safety is expanding to include cybersecurity. These new features depend on centralized domain controllers to process data for braking, steering, perception, collision avoidance, and other autonomous-style functions, along with connectivity, energy management, and powertrain controls.^[1] Since so many of the critical decisions are focused in one place—the powerful compute nodes—the controllers’ level of protection is now synonymous with that security.

Earlier approaches to security were centered around software-only defenses like network filtering or software-managed encryption. Now, modern domain controllers are integrating hardware-based protection, such as cryptographic engines, hardware security modules, and secure key storage that make up the system’s root of trust. These components can verify whether the code running on the controller is authentic, protecting communication channels like vehicle-to-everything (V2X) and ensuring over-the-air (OTA) updates are coming from trusted sources. A consensus in the industry is that safety and security cannot be separated anymore.^[2] Without a trusted hardware foundation, none of the critical automotive functions can be protected reliably.

This week’s New Tech Tuesdays explores the link between automotive safety and robust hardware-based security, including key technologies that help protect critical automotive functions from cyber threats.

Centralized Controllers Require Security at the Chip Level

Automotive platforms have typically relied on many small electronic control units (ECUs) to handle individual functions like airbags or door locks. Today, vehicle manufacturers are shifting toward centralized domain controllers where a few high-performance controllers act as consolidated compute hubs to handle sensing and control the responsibilities that used to be spread across separate modules. While more efficient for vehicles, a single hub now leaves the vehicle susceptible to compromise in safety-related decisions. Any unauthorized access could change how the vehicle reads data or responds to road conditions. Cyberattacks don’t have to target multiple ECUs because they can access a pathway to the whole system in one place.

Protecting these hubs requires more than software checks and standard network filtering. A domain controller must be able to prove that its firmware has not been changed, that its boot sequence hasn’t been tampered with, and that the messages it’s exchanging across the network come from trusted sources. This can’t be achieved without relying on hardware mechanisms that build trust into the chips themselves.

For example, a hardware root of trust gives the controller a protected starting point when it powers up, allowing it to verify that the firmware and boot sequence haven’t been altered before running any safety-related functions. Hardware security modules (HSMs) isolate private keys and security services from the application cores so that even if a task or service is compromised, the attack cannot modify firmware images or inject unauthorized commands onto the vehicle network.

This protection becomes important as domain controllers start managing V2X traffic and OTA updates. If the hardware can’t verify where the messages or updates are coming from, a fake packet or unauthorized update could change how the vehicle interprets the environment or its control logic response.

The Newest Products for Your Newest Designs^®

Engineers working on secure domain controllers need hardware that reflects the security features expected in automotive microcontrollers (MCUs). The STMicroelectronics AEK-MCU-C4MLIT3 kit allows teams to study how these security features operate inside an automotive MCU (Figure 1). It is built around an SPC58EC 32-bit Power Architecture MCU that runs at 180MHz and includes embedded flash and automotive safety features. The device also includes an HSM that manages key storage and cryptographic operations in isolated hardware.

Figure 1: STMicroelectronics AEK-MCU-C4MLIT3 MCU evaluation kit block diagram. (Source: Mouser Electronics)

The MCU’s crypto hardware verifies messages and protects firmware without affecting control timing. To test these security features, the AEK-MCU-C4MLIT3 kit offers a practical platform for exploring how hardware-based security supports cybersecurity and functional safety goals.

Tuesday’s Takeaway

As ADAS and autonomous features become more prominent and affect modern vehicles’ electronics, domain controllers are increasingly responsible for the performance load and security. Protecting the software that drives braking, steering, and perception requires hardware-based trust anchors, fast cryptographic support, and security mechanisms that work within functional safety constraints.

Sources

[1] https://www.mobileye.com/blog/the-shift-towards-centralized-intelligence/
[2] https://www.iso.org/standard/70918.html