We use cookies and similar technologies (also from third parties) to collect your device and browser information for a better understanding on how you use our online offerings. This enables us to optimize and personalize your experience with Infineon and to provide you with additional services and information based on your individual profile. Details are available in our privacy policy.
Privacy Policyand Imprint
View and change cookie settings
Accept
Reject
Announcements

Robots are revolutionizing our lives in many ways. Join our webinar to learn about Infineon’s broad portfolio of robot building blocks.
Click here to register.

Ask the Community

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

AURIX™ Forum Discussions

User22413
Level 1
Level 1
First reply posted Welcome!
‎Aug 03, 2021 01:58 AM
‎Aug 03, 2021 01:58 AM

How to use HSM in ASILB targeted module?

Hello,

I'm planing to develop an ISO26262-compliant module to achieve ASIL-B and also need cyber security.

I see from the AURIX safety manual (page 18, V1.5) that HSM is non-safety part.
I'm a bit puzzled about this. For example, CAN FD encrypted communication (AP32330). From Fig 11 we can see the bare data is sent to HSM to generate encrypted data, then it go to can module to send out.
I'm wondering if HSM has sorts of fault, generate an incorrect encrypted data. The data is loaded into CAN FD frame with CRC and sent out.Then the receiver could trust this data since the CRC in CAN FD protocol is correct. This could cause a safety goal violation.
Unlike CRC, I suppose e.g. AES in HSM will not generate redundant bits which can be used to check data integrity.
So it seems the HSM module should be safety related and need diagnostic during run time?
Could you tell me what is the mitigation?
0 Likes
Subscribe
2 Replies
NeMa_4793301
Level 6
Level 6
10 likes received 10 solutions authored 5 solutions authored
‎Aug 09, 2021 10:23 AM
‎Aug 09, 2021 10:23 AM

Re: How to use HSM in ASILB targeted module?

The argument is generally that if an error were to occur in the HSM, the odds of incorrectly authenticating an incoming message are very very small. Similarly, for outgoing messages, any errors would be rejected by the (remote) receiving side.
0 Likes
User22413
Level 1
Level 1
First reply posted Welcome!
In response to NeMa_4793301
‎Jan 24, 2022 06:13 PM
‎Jan 24, 2022 06:13 PM

Re: How to use HSM in ASILB targeted module?

Thanks for reply.

I think you are correct when considering authentication, e.g. by generating MAC.

But what about encryption? The oringinal data could be corrupted, if the HSM is not safety related. 

0 Likes
This widget could not be displayed.