Volkswagen Deploys Infineon TPM 2.0 For Vehicle Communication Security

January 26, 2019 by Scott McMahan

Volkswagen is one of the first car makers to deploy the OPTIGA™ Trusted Platform Module (TPM) 2.0 from Infineon Technologies AG as a security solution for a connected car. Infineon designed the chip to protect the vehicle's communication with the outside world. For example, when car-sharing users or third-party services like parcel delivery into a car's trunk require access. Furthermore, the TPM can accommodate secure software updates over the air from the car maker.

Infineon notes that TPMs have proven themselves in the computer industry for many years, and they now are increasingly being used in connected devices in the Internet of Things. Infineon says that by using it, car manufacturers can incorporate sensitive security keys for assigning access rights, authentication and data encryption in the car in a protected way. The TPM can also be updated so that the level of security can be kept up to date throughout the vehicle's service life.

The company claims it is the first semiconductor manufacturer to offer an automotive-qualified TPM for the connected car. The chip reportedly meets international security standards and is certified by independent authorities.

Like a doorkeeper, the TPM specifically protects the vehicle's external interfaces, for example in the infotainment system or the telematics unit. It checks the identities of digital data senders and recipients such as the manufacturer's backend server. It encrypts and decrypts the data and helps ensure that only data the driver or car maker wants makes it into the car.

According to the company, the cryptographic keys needed for these security functions are stored within the TPM as in a safe. Infineon notes that it imports the initial keys in a specially certified security environment. Since all other keys can be generated, used, and stored within the TPM itself, the company points out that they never have to leave the TPM and are protected against being spied on via the network.

The TPM is also hardened against physical attacks. Even if someone removes the chip from the vehicle, the keys are said to be well protected from being read.

The OPTIGA TPM 2.0 is also designed to support the long product life cycles of cars. Its firmware, including cryptographic mechanisms ("crypto-agility"), can be updated remotely making sure that its security technology is always state-of-the-art.

Martin Brunner, expert for automotive security at Infineon, commented, "Backed by Infineon's many years of expertise in the automotive and security areas, we have optimized the OPTIGA TPM for automotive applications. It is easy to integrate and substantially increases cybersecurity - from production to recycling of connected cars."

The new OPTIGA TPM 2.0 SLI 9670 from Infineon is a plug & play solution for automotive applications. It is particularly suited for use in a central gateway, the telematics unit, or the vehicle's infotainment system.

The SLI 9670 consists of an attack-resistant security chip and high-performance firmware that Infineon developed in accordance with the latest security standard. The firmware enables immediate use of security features, including encryption, decryption, signing, and verification. The TPM can be integrated quickly and easily in the system with the aid of the open source software stack (TSS stack) for the host processor, which Infineon also provides. It has an SPI interface, an extended temperature range from -40°C to 105°C, and the advanced encryption algorithms RSA-2048, ECC-256 and SHA-256.

The new TPM complies with the internationally recognized Trusted Computing Group TPM 2.0 standard, is certified for security according to Common Criteria and is qualified according to the automotive standard AEC-Q100. It is now available and produced in security-certified manufacturing facilities of Infineon Germany and the Philippines.