[Cyber Security] 10. Common Security Requirements

Common Security Requirements

Hardware security requirements

This image aimed to show visualization of common security requirements of HW

Hardware security requirements are essential to enhance the physical security of electronic devices, especially controllers. These requirements must be thoroughly considered from the design stage to protect important information inside the controller and prevent potential risks through unauthorized access. Here we take a closer look at key hardware security requirements for PCB design, limiting the ability to use external devices, and protecting communication interfaces between semiconductor components.

1. PCB design security

The security of printed circuit board (PCB) designs is critical to maintaining the physical integrity of the product. You can increase the security of your PCB in the following ways:

  • Use of BGA Type Chip: BGA (Ball Grid Array) type chips are advantageous in preventing physical tampering because the pins of the chip are hidden under the PCB.
  • Epoxy Bonding: Bonding using epoxy between the chip and the PCB prevents direct probing and makes it difficult to destroy the chip through unauthorized access.
  • Delete Silk Marks: Deletes silk marks (labeling) on ​​the PCB to hide the function or connection information of the component. This makes it difficult for potential attackers to understand the configuration of the PCB.

2. Restrictions on the ability to use external devices

To secure your controller, you must restrict access to external devices:

  • Eliminate unnecessary interfaces: Interfaces for connecting unnecessary expansion boards or other devices are removed from the PCB design to minimize the possibility of unauthorized access.

3. Protection of communication interfaces between semiconductor components

Communication between semiconductor components within a controller is essential to protect because it can transmit sensitive data:

  • Minimize the gap: Minimizes the physical gap between the main chipset and memory components such as Flash/RAM, making it difficult to eavesdrop on signals from the outside.
  • Use Multi Layer PCB: Using multi-layer PCB, place signal lines on the inner layer to prevent external interference or signal eavesdropping.
  • PCB Via Hole Placement: Via holes are placed on the bottom of the PCB to make physical access difficult.
  • Remove unused communication lines: Reduce security risks by removing all unused communication lines such as SPI, I2C, and UART.


Software security requirements

image 49

Software security requirements are essential to maintaining the cybersecurity of controllers and vehicles. These requirements ensure that the controller software is secure from external threats and ensures data integrity and privacy. Below we take a closer look at the key security requirements for controller software.

1. Cryptographic algorithm

  • Standardization of cryptographic algorithms: All cryptographic algorithms used within the controller must not be weak or non-standard. This significantly improves the security of your data.
  • Protection of encryption keys: Cryptographic keys must be safely stored in hardware-based security modules such as SHE (Secure Hardware Extension), HSM (Hardware Security Module), TPM (Trusted Platform Module), and TEE (Trusted Execution Environment). And extraction outside the controller is prohibited.
  • Use of random numbers and Nonce values: Random number-related token (Nonce) values ​​must be used only once, and random numbers (Seeds) must be generated in a way that satisfies the True Random Number Generator (TRNG).
  • Encryption Length: The length of the encryption used must be at a level that can guarantee security.

2. Personal information protection

  • Encryption of personal information: All stored personal information must be managed in an encrypted or obfuscated form, and personal information protection principles must be strictly observed.

3. Protection of important system data

  • Prevention of unauthorized alteration: The integrity of important data in the system must be guaranteed to prevent unauthorized modification.
  • Integrity of security logs: The integrity of security-related log data must also be guaranteed, and exposure of important information in system logs is prohibited.

4. Update security

  • Update Management: Downgrade of software firmware must be prevented, and security modules or security libraries must be able to be safely updated.

5. General security

  • Service Port Management: Unused service ports and I/O drivers should be removed.
  • Security of bootloader and external interface: All development convenience codes will be removed, and use of the bootloader using external communication interfaces must be prohibited.
  • Validation of external data: All data or code received through external communication interfaces must always be verified before use.


[Cyber Security] 1. ISO/SAE 21434 Basic

[Cyber Security] 2. TARA

[Cyber Security] 3. cyber security cryptography technology

[Cyber Security] 4. External, internal communication security and GATEWAY security

[Cyber Security] 5. Security Controls : Diagnostic Security Features

[Cyber Security] 6. Access Control : Diagnostic Security Features

[Cyber Security] 7. Security Updates : Diagnostic Security Features

[Cyber Security] 8. Secure Boot, Secure Debug, Secure Storage

[Cyber Security] 9. Other application security

Leave a Comment