Add Authentication Security to Automotive Endpoints Using the 1-Wire Interface

Abstract

By adding a single authentication IC, automotive designers can authenticate a component with only one signal between an electronic control unit (ECU) and endpoint component. This is particularly important as counterfeit and theft of automotive parts are increasingly a problem in automotive applications. This application note describes how to implement the DS28E40 Deep Cover 1-Wire Authenticator in a system to provide authentication for endpoints such as optical cameras, headlamps, EV Batteries, occupancy sensors, and even steering wheels, and myriad other automotive applications.

The increasing electronic content in vehicles presents new attack surfaces to hackers. Digital authentication can reduce the risk of theft and counterfeiting of genuine and approved components. In mission-critical automotive applications, such as advanced driver-assistance systems (ADAS) and electric vehicle (EV) batteries, low-quality counterfeits can introduce safety risks if their performance is degraded, compared with approved components. On the other hand, stolen components may not be calibrated to operate properly after installation in a different vehicle. By adding a single authentication IC, designers can authenticate a component with only one signal between an electronic control unit (ECU) and endpoint component, as shown in Figure 1. Endpoints that can benefit from authentication cover a broad range of applications in vehicles, such as optical cameras, headlamps, EV batteries, occupancy sensors, and even steering wheels, just to name a few.

Figure 1. ECU and Endpoint Block Diagram.

Figure 1. ECU and Endpoint Block Diagram.

Traditional approaches to component security and authentication often implement a secure microcontroller or even automotive hardware security module (HSM). While a robust solution, this is costly and involves many electrical contacts from the host controller, significant PC board area, and extensive software development and verification to prevent bugs. Instead, by adding just one compact, fixed-function IC to the endpoint, designers can secure components by running only one signal, plus ground reference, in a shielded cable between the ECU and the endpoint.

Maxim Integrated's DS28E40 DeepCover Automotive Authenticator implements the 1-Wire® protocol, which uses half-duplex communication and harvests power for the device parasitically through the communication line. This reduces the need for a dedicated power line in the cable. Harvested energy is stored in an external capacitor. Most automotive ECUs include a high-performance microcontroller, and only one open drain PIO pin with a pullup resistor is required for bi-directional communication. Security algorithm computations require up to 16mA, which is beyond the pullup's sourcing ability. If PIO1 can switch between open drain and push-pull configuration with sufficient current sourcing, then drive logic 1 during computations. Alternately, a low-impedance bypass FET can be added and controlled by PIO2 to deliver sufficient current.

The DS28E40 employs the elliptic curve digital signature algorithm (ECDSA) public key security algorithm, with library and code examples available to easily implement the security layer on the ECU host processor. Key management is simplified with this asymmetric security algorithm, allowing the host to directly read the unique public key from the DS28E40 and issue random challenge messages to it. The DS28E40 digitally signs the challenge with its internal private key that is never exposed to the outside world. If the host verifies that the signature matches the public key, then the automotive endpoint is trusted by the ECU. The DS28E40 is qualified to AEC-Q100 grade 1 (-40°C to +125°C) and is available in a 3mm × 3mm side-wettable flank TDFN package.

参考电路

C. Michael Haight, "Add Authentication Security to Automotive End Points Using a Single Pin," ElectronicDesign Magazine, April 12, 2021,