TRNG for Automotive achieves ISO 26262 and ISO/SAE 21434 compliance

The security of a device or system depends mainly on being unable to infer or guess an alphanumeric code needed to gain access to it or its data, be that a password or an encryption key. In automotive applications, the security requirement goes one step further – an attacker may not gain access per se, but if they can compromise vehicle safety in some way, they can cause significant problems for vehicles, property, and people. A cornerstone of security implementations is truly random numbers, and Synopsys has recently certified its True Random Number Generator (TRNG) for Automotive, achieving ISO 26262 compliance and ISO/SAE 21434 compliance.

Security and safety: increasing concerns for connected vehicles

Cars and trucks are starting to look less like embedded electronics systems and more like enterprise systems as cloud connectivity and CPU and AI processing take on more significant roles. Vehicles can now speak to the cloud, other vehicles, surrounding sensors, traffic signals, parking control, and other infrastructure.

Ensuring vehicle safety now includes preventing unauthorized remote access to its mission-critical systems via wireless communication. Security architectures rely on random numbers for:

• Cryptographic keys: Modern cryptographic algorithms help increase unpredictability by using secure, hardened keys resistant to high-computational-power cracking schemes.
• Authentication: Devices must authenticate on a network before participating, using secure tokens and challenge/response codes to verify their identity.
• Nonce generation and initial values: Many algorithms require a unique, random number as a starting point or a seed value to ensure a data block’s unique processing.
• Entropy: A need for randomness supporting the development of secure and resilient communication protocols that can withstand sophisticated cyberattacks.

The National Institute of Standards and Technology (NIST) drives standardization for random number generation in the NIST SP 800 family of specifications. NIST SP 800-90A covers deterministic random bit generators, while NIST SP 800-90B defines entropy sources, and NIST SP 800-90C standardizes non-deterministic random bit generators, combining the deterministic and entropic approaches for truly random numbers.

Functional safety via ISO 26262 and automotive cybersecurity via ISO/SAE 21434 add another layer of more formal certification requirements for automotive systems. Both standards help evaluate and categorize risks of system degradation and their severity, pointing developers to areas requiring risk mitigation or elimination. Third-party compliance testing audits automotive electronics and software design processes and verifies implementations.

Extending proven Synopsys TRNG IP solutions to automotive

Synopsys has developed and fielded TRNG IP solutions for many years. The architecture combines signal conditioning with noise sources providing ongoing entropy while not depending on process-specific circuitry, helping make the IP solution easily portable across technologies.

The latest TRNG for Automotive solution provides high-quality random numbers while integrating into automotive systems focused on safety and cybersecurity. The automotive variant of the IP derives from the NIST SP 800-90C compliant TRNG Core. It incorporates additional safety mechanisms enhancing the ability to detect, recover, and report anomalies that can lead to system failures. These mechanisms include parity bus protection for interfaces, dual rail alarms monitoring two separate data paths, and parity protection on input buffers and safety registers.

Third-party compliance evaluation at SGS-TÜV has certified the TRNG for Automotive IP for ISO 26262 with ASIL D compliance for systematic faults and ASIL B compliance for random hardware faults. Compliance with SAE/ISO 21434 cybersecurity processes is also certified by SGS-TÜV for the Automotive TRNG solution.

This no-compromise approach from Synopsys allows automakers and automotive suppliers to create communication and processing schemes with secure, safe cryptographic features based on highly reliable TRNG. More details on TRNG solutions are available online from Synopsys.

Datasheet: Synopsys True Random Number Generator for NIST SP 800-90C

White Paper: Truly Random Number Generators for Truly Secure Systems