Sunny Giken In Vehicle Communication Security Module CioRy Security Option

Manufacturer: Sunny Giken Inc.
Model : In-vehicle communication security module

Features

The CioRy Security Option is an AUTOSAR SecOC-compliant module that adds MAC and Freshness Value to CAN / CAN FD messages for secure authentication.
It works with the CioRy Communication Middle Package, and even complex settings are easy to configure using the CioRy Configurator.
CioRy is trusted in 40+ ECU projects across 27 companies, including major automakers and suppliers.

1. Message authentication using SecOC

Message authentication ensures that communication data hasn’t been tampered with or spoofed.
It works by adding a Message Authentication Code (MAC) and a Freshness Value (FV) to outgoing data. The receiver verifies these to confirm authenticity and prevent replay attacks.
Both sender and receiver generate the MAC using a shared key, ensuring data integrity. The CioRy Security Option uses MAC and FV in compliance with AUTOSAR SecOC standards.

2. Use of HSM function equipped with in-vehicle microcomputer

The CioRy Security Option enables secure communication using cryptographic functions provided by the vehicle’s HSM (Hardware Security Module). It also offers an interface for applications to control and access the HSM.
Applications can use the following functions using HSM:
・Encryption/decryption
・Random number generation
・Key management

*ICU-M Firmware for RH850 is provided by Renesas Electronics Corporation.

3. Easy configuration settings

The CioRy Security Option lets you configure security settings and generate source code using the CioRy Configurator.
By adding the security plugin to the CAN/CAN FD configurator, both communication and security settings can be handled in one tool.
Secure frames are easily defined by specifying data IDs in the CAN transmit/receive setting table (.xlsx) loaded into the configurator.

4. Compact program size

The CioRy Security Option complies with AUTOSAR Classic Platform security features and is optimized for use with 16-bit microcontrollers.
Even when combined with the CAN FD package, the total ROM size stays under 40KB, ensuring compact size and efficient performance.

Csm (Crypt Service Manager) is an AUTOSAR module that offers cryptographic services. It is placed in the Service Layer of the AUTOSAR architecture. It allows applications to access various cryptographic functions.
For Renesas RH850/F1KM-S2 and S4, HSM control is handled through ICU-M Firmware. The ICU-M module performs the encryption processes.
The following encryption services are supported:
・AES encryption and decryption in CBC mode
・AES encryption and decryption in ECB mode
・CMAC generation
・CMAC verification
・Random number generation
Key elements can be rewritten by sending a request to ICU-M Firmware. To rewrite a non-volatile key, inputs M1 to M3 are used.
These inputs follow the SHE (Secure Hardware Extension) standard. When using a RAM key, it is replaced with the specified RAM key. The cryptographic service then executes with the new key.
For Renesas RL78/F24, HSM control is done through the Security Driver. CioRy Csm functions are reduced in size for this microcontroller.
The module is optimized to fit RL78/F24 hardware limitations. These changes help to reduce processing load on the microcontroller.

SecOC (Secure Onboard Communication) is an AUTOSAR module. It adds authentication at the message level. It works as an add-on to the COM stack in the communication middleware. It ensures message authenticity by attaching and verifying authenticators.
Main Features:
・Generates an authenticator when sending.
・Uses the authentication data ID, message content, and freshness value.
・Attaches the authenticator to the message.
・Verifies the authenticator when receiving.
・Extracts and checks the authenticator from the incoming message.

The Freshness Value Manager (FVM) creates the Freshness Value (FV). FV is a counter used to prevent replay attacks. It works together with the SecOC module.
In CioRy FVM, FV is generated with a 64-bit length. This follows the JASPAR profile. A 4-bit FV is attached to the message.

Module	function	For RH850/F1KM-S2,S4	For RL78/F24
CioRy Csm	CMAC generation	correspondence	Calling the security API directly
	CMAC Verification	correspondence	Calling the security API directly
	Random Number Generation	correspondence	Calling the security API directly
	AES(CBC) encryption/decryption	correspondence	Calling the security API directly
	AES(ECB) encryption/decryption	correspondence	Calling the security API directly
	Rewriting the non-volatile key	correspondence	correspondence
	RAM key rewrite	correspondence	Not supported
	Key Settings	correspondence	correspondence
	Key State Management	correspondence	Not supported
	Get key element	correspondence	Not supported
	Key Copy	correspondence	Not supported
	Copy key element	correspondence	Not supported
	Get key element ID	correspondence	Not supported
CioRy SecOC	Authenticator Generation	correspondence	correspondence
CioRy SecOC	Authenticator Validation	correspondence	correspondence
CioRy FVM	FV generation	correspondence	correspondence
Security Driver (※1)	Driver Type	Renesas Electronics ICU-M Firmware (*2)	Renesas Electronics Security Driver (*2)
	Supported HSMs	ICU-M (EVITA Medium)	AESEA (EVITA Light)
	Initializing shared memory in global RAM	correspondence	Not applicable
	Initializing the Security Driver	correspondence	correspondence
	Requesting key registration service and obtaining results	correspondence	correspondence

*1: Use of the Security Driver requires an NDA between the user and Renesas Electronics.
*2: Provided by Renesas Electronics.