Click the blue text aboveTanshi Laboratory
Get more information on automotive cybersecurity

In automotive cybersecurity, many encryption and signature verification algorithms are often used. Today, we will discuss the principles of encryption algorithms and their implementations, which can help in understanding encryption algorithms and ensuring the correctness of their implementation.
01
Application Scenarios of Encryption Algorithms and Signature Verification in Automotive Cybersecurity
1. Secure Boot
Ensuring the authenticity of the boot program, encryption algorithms are applied: The boot program of a vehicle (such as the Bootloader) is usually protected using encryption algorithms. A hash algorithm (such as SHA-256) can be used to compute a hash of the boot program, generating a fixed-length hash value. This hash value acts like a “fingerprint” of the boot program; any slight change in the content of the boot program will result in a completely different hash value. The hash value is then stored along with the boot program and encrypted using an encryption algorithm to prevent tampering.
Signature verification application: When the vehicle starts, the hardware first loads the boot program. During the loading process, the hash value of the boot program is decrypted, and the hash value of the boot program is recalculated and compared. Additionally, the signature of the hash value is verified to ensure its authenticity and integrity. This method prevents attackers from replacing or tampering with the boot program, ensuring that the vehicle starts from a trusted boot program.
2. Software Updates
Encryption algorithm application: Automotive manufacturers push software update packages to vehicles over the network. To prevent the update package from being tampered with or stolen during transmission, encryption algorithms are used to encrypt the update package. For example, the SHA-256 algorithm can be used to compute a hash of the update package, generating a unique hash value, which is sent along with the update package to the vehicle. Upon receiving the update package, the vehicle recalculates the hash value of the update package and compares it with the received hash value to ensure the integrity of the update package.
Signature verification application: When the vehicle receives a software update, it needs to verify the legitimacy of the update package’s source. Automotive manufacturers digitally sign the update package when releasing it, and the vehicle verifies the signature to confirm whether the update package was issued by a legitimate manufacturer, thus preventing malicious software from masquerading as an update package installed in the vehicle.
02
Working Principle of AES-CBC
1. Encryption Process
First, the plaintext is divided into fixed-length blocks, typically 128 bits in AES. For the first plaintext block, it is XORed with a randomly generated Initialization Vector (IV), and the result is encrypted using the AES key to obtain the first ciphertext block. Each subsequent plaintext block is XORed with the previous ciphertext block before being encrypted with the AES key, and so on. Thus, the generation of each ciphertext block depends not only on the current plaintext block and key but also on the previous ciphertext block, forming a chain structure, which is the origin of the CBC mode name.
2. Decryption Process
In contrast to the encryption process, the ciphertext block is first decrypted using the AES key, and then the decrypted result is XORed with the previous ciphertext block (for the first ciphertext block, it is XORed with the IV) to obtain the plaintext block. This process is repeated for each ciphertext block to ultimately restore the original plaintext.
3. Implementation Process

4. Implementation Results

03
Explanation and Implementation of AES-CMAC
AES-CMAC is an authenticated encryption mode based on the Advanced Encryption Standard (AES), which stands for Cipher-based Message Authentication Code.
1. Working Principle Process

2. Implementation Process


3. Implementation Results

Source:
https://blog.csdn.net/xiaoxinxinxinxin/article/details/147264716
end

Recommended Premium Events


AutoSec Series Salon



Professional Community

Some experts in the group come from:
New Force Car Companies:
Tesla, Hozon New Energy – Nezha, Li Auto, Zeekr, Xiaomi, Binnli Automotive, Jiyue, Leap Motor, Avita, Zhiji Automotive, Xiaopeng, Lantu Automotive, NIO, Geely Automotive, Seres…
Foreign Traditional Mainstream Car Companies:
Volkswagen China, Volkswagen Cool Wing, Audi, BMW, Ford, Daimler-Benz, General Motors, Porsche, Volvo, Hyundai, Nissan, Jaguar Land Rover, Scania…
Domestic Traditional Mainstream Car Companies:
Geely Automotive, SAIC Passenger Cars, Great Wall Motors, SAIC Volkswagen, Changan Automobile, Beijing Automotive, Dongfeng Motor, GAC, BYD, FAW Group, FAW Liberation, Dongfeng Commercial, SAIC Commercial…
Global Leading Tier 1 Suppliers:
Bosch, Continental Group, United Automotive Electronics, Aptiv, ZF, KOSTAL, Schaeffler, Honeywell, DJI, Hitachi, Harman, Huawei, Baidu, Lenovo, MediaTek, Preh, Desay SV, Honeycomb Steering, Junlian Zhixing, Wuhan Guangting, Xingji Meizu, CRRC Group, Wintech, Weichai Group, Horizon, Unisoc, ByteDance…
Tier 2 Suppliers (over 500):
Upstream, ETAS, Synopsys, NXP, TUV, Shanghai Software Center, Deloitte, Qihoo 360, Weichen Xinan, Yunchi Future, Xinda Jiexin, Xinchangcheng, Zelu Security, Niuchuang Xinan, Fudan Microelectronics, Tianrongxin, Qihoo 360, China Automotive Center, China Automotive Research, Shanghai Automotive Inspection, Ruann Technology, Zhejiang University…
Personnel Proportion

Company Type Proportion

Articles
Don’t miss out, this could be the largest exclusive community in the automotive cybersecurity industry!
Lawyer’s statement regarding the alleged imitation of the AutoSec conference brand
This article will help you understand the in-vehicle network communication security architecture of intelligent vehicles
Cybersecurity: TARA methods, tools, and cases
Key analysis of automotive data security compliance
Analysis of automotive chip information security regarding secure boot
Exploration of automotive in-vehicle communication security solutions in domain centralized architecture
System security architecture of vehicle network security architecture
Privacy protection issues in the Internet of Vehicles
Research on cybersecurity technology for intelligent connected vehicles
AUTOSAR information security framework and key technology analysis
What information security mechanisms does AUTOSAR have?
Underlying mechanisms of information security
Automotive cybersecurity
Usage of AUTOSAR hardware security module HSM
First release! Lei Jun from Xiaomi suggested at the two sessions regarding automotive data security: Suggestions for building a complete automotive data security management system