Security architecture for automotive microcontroller flash memory

May 06, 2015 // By Yash Saini , Satyam Shandilya & Arun Jain
The modern vehicular system has a large number of microcontrollers which control functions such as air bags, ABS, driver drowsiness detection (DDD), infotainment, and many more. These applications require security measures against malicious manipulation, in a context where, to facilitate run-time controllability of these systems, application code and data size has increased manifold.

This article discusses various methods for implementing security architectures which can prevent hacking of the code and data stored in on-chip flash memory of SoCs and microcontrollers.

Conventional architecture of flash controller

Flash memory in a SoC generally consists of a flash memory controller and a flash memory array module. The flash memory controller provides control functions and acts as an interface between the system bus and the flash memory array.

Figure 1 Conventional flash controller architecture

Enhanced flash architecture for security

The conventional flash memory controller can be modified in the following ways to provide security for the flash memory array.

a) Secure access through password comparison

Normal read, write/program and erase accesses can be changed to secure access by implementing a password comparison mechanism. A bus-master is allowed to access the flash array only if the input password matches with the stored password. The stored password can be kept in a One-Time- Programmable and read protected region in a Non-Volatile memory such as flash or a Read Only Memory (ROM) or fuse. Only the flash controller can access this secured memory when a password comparison is initiated by a master.

b) Partitioning flash memory array into secure and non-secure regions

A flash memory array can be partitioned into secured and non-secured regions. The secured region can be used to store critical data. Non-secured flash partitions can be mapped to the main interface. And the secured flash partitions can be mapped to the alternate interface.

The flash controller can route the trusted masters to the alternate interface, and thereby allow them to access secured region.

c) Intelligent arbiter in flash controller

Flash controllers can contain an arbitration logic whose main function is to provide arbitration among the masters when they are accessing the flash memory simultaneously. So every master must possess a unique master identification number to help the flash controller to differentiate between the masters. The Master ID