Strengthening Post-Quantum Security for Automotive Systems

The long lifecycle of automotive products demands that not only current but also future threats are considered during the design of automotive security. Therefore, the foreseeable breakthrough of quantum computers represents a risk for the automotive industry and the integration of Post-Quantum Cryptography (PQC) gets necessary. Lattice-based PQC is an attractive alternative for securing automotive systems. It usually employs Error-Correcting Codes (ECC) to increase the security level and to decrease the failure rate. However, ECCs are vulnerable to timing attacks. To this end, we present in this work three contributions. First, we present an implementation of PQC tailor-made for a microcontroller used in automotive systems. Second, we integrate a more powerful ECC into ThreeBears, which is an efficient Post-Quantum scheme, in order to improve its security level and to decrease the failure rate. Finally, we implement a protected ECC implementation able to resist timing attacks. Results show that the integration of PQC in automotive environments is feasible and that optimization techniques can lead to a 55.98% performance improvement. Moreover, our ECC exploration achieves a failure rate decrease from 2−135 to 2−153. Alternatively, an increase of the security level from 2141 to 2144 can be achieved. Furthermore, the timing-protected ECC presents in total only a minor performance overhead.