Resources / Opinion / Comparing HSM and TEE Capabilities in an Automotive Context 

Comparing HSM and TEE Capabilities in an Automotive Context 

Android IVI

In an era of rapidly evolving connected devices, it’s vital that our capacity to protect device and sensitive data improves at the same rate.  

For many years we have looked to Hardware Security Modules (HSM) as a reliable source of security across industries such as automotive manufacturing. HSMs continue to have a significant place in the sector. However, over the past decade we have seen the emergence of Trusted Execution Environments (TEEs) that also aim to establish control over cryptography and limit the risk of breaches.   

As the options for protecting devices have expanded, it is often presented as an either-or choice for device makers to select their preferred option. However, Trustonic believes that there are many potential benefits from leveraging the benefits of solutions that have been in use for many years.

This includes HSMs, coupled with new technologies, such as TEEs, that can add additional layers of protection and resilience. HSMs and TEEs serve a similar purpose, but they operate in different ways to provide robust security to users of connected devices.

We’re all familiar with HSMs – especially given their long-standing status as the tried-and-tested baseline level of hardware-backed security for connected vehicles and similar devices. However, it’s worth taking a moment to reflect on how their characteristics compare to newer TEEs. 

Making this comparison quickly illustrates how TEEs can complement HSMs to take on the challenges of next-generation technologies and vehicle designs.  

How do HSMs and TEEs work? 

If you’re not familiar with the acronym, an HSM is a piece of hardware designed to securely store cryptographic keys, perform cryptographic operations and verify digital signatures for the safeguarding of sensitive data.

They typically come in dedicated standalone microprocessors but can also be part of a large processor. Many businesses and institutions use them to protect confidential information, such as financial transactions, intellectual property, and customer or employee information.  

Their sophisticated functionalities provide access control, tamper resistance, and the ability to store information separately from the main device – the Regular Execution Environment (REE). This is why HSMs remain a popular choice for those wishing to implement high levels of security.  

The TEE differs in that it creates an isolated area within a device’s Central Processing Unit, separate from its REE – all while offering the same end-to-end protection.  This allows the TEE to securely access peripherals connected to the chipset, run trusted applications and securely store and retrieve files.  

Like the HSM, TEEs are used across various industries for protecting information stored on complex devices.  

 Why do we need this level of security? 

The growth of the connected device has seen a commensurate rise in the need for heightened security. 

In the automotive world, for example, cars are now more connected than ever before. By extension, this means that their attack surfaces have greatly expanded – and their cryptographic algorithms are exposed to a wide range of attacks.  

Cars are also home to increasing volumes of data. At any given moment, gigabytes of data are being sent around connected vehicles. This creates performance challenges for cryptographic platforms which are required to decrypt, encrypt, and share forward these enormous quantities of data in a time-sensitive manner. 

These changes in vehicle architecture naturally give rise to the question of how HSMs can be bolstered by solutions capable of adapting to higher stakes and growing vulnerabilities. 

In the era of the connected vehicle, it’s vital for security solutions to frequently update their cryptographic protocols, ensuring that connected cars and similar devices are kept current and supported. 

This can be a challenge for HSMs alone, which – for all the benefits of a fixed, tamper-proof piece of hardware – aren’t necessarily built for a tech environment that demands constantly updated cryptography. 

How TEEs can complement HSMs 

It’s common to conceive an HSM as a kind of safe in which your keys are kept – and, as safes go, they are undoubtedly robust. 

However, connected devices will inevitably come into contact with more malware in general terms than their non-connected counterparts – often posing risks that fall outside the bounds of an HSM’s purview. 

Such malware doesn’t need to break into the ‘safe’ if, for example, it’s capable of appearing legitimate. This was the case in a recent cyberattack on NVIDIA, in which stolen code signing certificates granted malware a false sense of validity. 

Scenarios like this underscore the value of combining HSMs with TEEs. By ensuring that the HSM can only be used by the TEE, the latter acts as a gatekeeper for the former, encircling the HSM and hardening security for the device. 

With a TEE capable of scrutinising ostensibly trusted applications, recognising both authorisation and where it has been checked by other authorised code, connected cars gain a valuable layer of security amid a changing risk environment. 

This is a true ‘best of both worlds’ situation in which the flexibility of a TEE’s software can be constantly tweaked and updated while maintaining an HSM for the purposes of key storage. 

How Trustonic can help 

Trustonic understands the challenges associated with new levels of connectivity. Our solution is to enhance the existing security offered by HSMs with an additional layer of adaptive protection. 

Our TEE, Kinibi 510a-V007, was recently granted Common Criterial Evaluation Assurance Level (EAL) 5+. Achieved following stringent third-party assessments based on common criteria. Kinibi’s EAL5+ status cements our TEE’s standing in terms of its exceptional maturity and security alike. 

Its protections for trusted applications span a number of techniques. These include memory protection, control-flow integrity, the detection of brute-force attacks, driver privilege reduction. All this is in addition to an array of features that align with the very latest in advanced security research. 

For more information on how our TEE can support and augment the existing security offered by HSMs for industries including automotive manufacturing, contact Trustonic today