A framework that makes it easy to integrate Automotive HSMs. Quantum-resistant cryptography now available for Automotive HSMs
EDMONDS, Wash., June 5, 2024 /PRNewswire-PRWeb/ — wolfSSL INC. (Headquarters: Edmonds, Washington, USA), a vendor specialized in cryptography and network security, announces its new product wolfHSM. Automotive HSMs (Hardware Security Modules) dramatically improve the security of cryptographic keys and cryptographic processing by isolating signature verification and cryptographic execution, which are the core of security, into physically independent processors. Automotive HSM’s are mandatory or strongly recommended for ECU’s that require robust security. With this in mind, wolfSSL has ported our popular, well tested, and industry leading cryptographic library to run in popular Automotive HSMs like Aurix Tricore TC3XX.
“Automotive Tier 1’s and OEM’s are tired of inflexible, slow moving, and costly HSM software vendors. We’re the new alternative for better price, performance, speed of execution, and cryptographic knowhow in this market segment.” said Todd Ouska, CTO of wolfSSL Inc.
wolfHSM provides a portable and open-source abstraction to hardware cryptography, non-volatile memory, and isolated secure processing that maximizes security and performance for ECUs. By integrating the wolfCrypt software crypto engine on hardware HSM’s like Infineon Aurix Tricore TC3XX, Chinese mandated government algorithms like SM2, SM3, SM4 are available. Additionally, Post Quantum Cryptography algos like Kyber, LMS, XMSS and others are easily made available to automotive users to meet customer requirements. At the same time, when hardware cryptographic processing is available on the HSM, we leverage it to enhance performance.
One of the prime consumers for wolfHSM is wolfBoot, which is a mature and portable secure bootloader solution designed for bare-metal bootloaders and equipped with failsafe NVM controls. It offers comprehensive firmware authentication and update mechanisms, leveraging a minimalistic design and a tiny HAL API, which makes it fully independent from any operating system or bare-metal application. wolfBoot manages the flash interface and pre-boot environment, accurately measures and authenticates applications, and utilizes low-level hardware cryptography as needed. wolfBoot can use the wolfHSM client to support HSM-assisted application core secure boot, Additionally, wolfBoot can run on the HSM core to ensure the HSM server is intact, offering a secondary layer protection. This setup ensures a secure boot sequence, aligning well with the booting processes of HSM cores that rely on NVM support.
All of the other wolfSSL products that consume cryptography can now also consume HSMs via wolfHSM, including our flagship TLS 1.3 implementation, wolfSSH, and curl.
Extensibility of cryptographic algorithms:
When it comes to security, it is necessary to keep in mind that the technology on the attacker side is constantly evolving, so the technology on the defense must also evolve. With wolfHSM, you are not limited to fixed functions provided by hardware, but can enhance and expand cryptographic algorithms and functions using software while maintaining high security at the hardware level.
For example, as post quantum cryptography becomes necessary in more requirements, wolfHSM allows you to seamlessly add it within the HSM without changing the hardware.
Migration from conventional technology:
wolfHSM provides an interface (API) that unifies traditional software-based cryptographic processing and HSM processing, allowing smooth implementation of HSM without major changes to existing system structure.
Consistency with security functions:
In addition to being used as a standalone HSM, wolfHSM offers integration with security protocols such as wolfSSL, wolfSSH, and wolfBoot for secure firmware updates.
Integration with Autosar:
wolfHSM exposes the wolfCrypt API, which comes complete with an Autosar shim layer for compatibility.
The currently supported HSMs are as follows:
Infineon Aurix TC3xx
ST SPC58NN
Infineon Aurix TC4x (Coming soon)
Infineon Traveo T2G (Coming soon)
Renesas RH850 (Coming soon)
Renesas RL78 (Coming soon)
wolfSSL Inc., will be exhibiting at the AutoTech Detroit, which will be held at The Suburban Collection Showplace in Novi, MI June 5-6, 2024. In addition to wolfHSM, we will explain the latest network security including post-quantum cryptography and FIPS 140-3. For those who wish to use the TLS 1.3 library wolfSSL, we will also guide you through the preparations to start using it at the venue.
Date: Wednesday, June 5th, 2024 – Thursday, June 6th
Venue: Suburban Collection Showplace
wolfSSL booth number: 730
About wolfSSL
wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features, and standards compliance. With its SSL/TLS products and crypto library, wolfSSL is supporting high security designs in automotive, avionics and other industries. In avionics, wolfSSL has support for complete RTCA DO-178C level A certification. In automotive, it supports MISRA-C capabilities. For government consumers, wolfSSL has a strong history in FIPS 140-2/3, with upcoming Common Criteria support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, is backed by the robust wolfCrypt cryptography library, and much more. Our products are open source, giving customers the freedom to look under the hood. wolfSSL has a mean time to release a fix for vulnerabilities of less than 36 hours, offers commercial support up to 24/7, and has the best tested cryptography and the largest team of software engineers dedicated to crypto in the market today.
Media Contact
Christin Casperson, wolfSSL, 1 206 459 7061, [email protected], https://www.wolfssl.com/
View original content to download multimedia:https://www.prweb.com/releases/wolfssl-inc-announces-wolfhsm-for-automotive-hsms-hardware-security-modules-302163846.html
SOURCE wolfSSL