Project SISHAM Brainstorming Session
The automotive industry today, is going through a radical transformation, as vehicles evolve into hyper-connected, autonomous systems. But this connectivity also creates a vast surface area for cyberattacks. Project SISHAM aims to build a new Hardware Security Module to protect the modern automobile.
Why Automotive Security is Now a Safety Requirement
IITB Trust Lab in collaboration with IIT-KGP recently convened the inaugural brainstorming session for SISHAM — Secure Instruction Set Architecture and Hardware-Security Automotive Module, a translational project dedicated to designing a next-generation Hardware Security Module (HSM) tailored for the rigorous demands of modern cars.
The session was bolstered by the industry perspective provided by Fortytwo Labs. This partnership ensures that the project remains grounded in real-world experimentation, with plans to make physical hardware available for testing as the research progresses.
The goal of this first meeting was to hold an exploratory discussion about the problem statement, current technologies, and possible solutions and their feasibility.
For a modern vehicle, cybersecurity is no longer just about data privacy; it is a fundamental pillar of physical safety. Modern cars rely on dozens of Electronic Control Units (ECUs)—essentially specialized mini-computers—that manage everything from infotainment to critical functions like braking and steering.
Modern automobiles being connected to the internet then essentially implies that a malicious agent could hypothetically take control over many aspects of the automobile, potentially endangering the lives of many people at once.
Mapping the Threat: How Hackers Target Cars
ECUs communicate via the CAN Protocol, a high-speed internal network. Historically, the CAN Protocol was designed for efficiency rather than security, meaning it lacks built-in ways to verify who sent a message.
In the earlier days, software for an ECU was often “hard-coded” for specific hardware. If you changed the hardware, you had to rewrite the software. To fix this, the industry developed Automotive Open System Architecture (AUTOSAR), a worldwide development partnership of vehicle manufacturers, suppliers, and software companies.
This standardised software architecture creates a Runtime Environment (RTE) that acts as a middle layer. This allows software components to be independent of the underlying hardware, making it much easier to update and scale vehicle software.
The security is handled by SecOC (Secure Onboard Communication), a specific module within the AUTOSAR standard designed to protect the data sent over networks like the CAN bus. SecOC achieves this by adding a digital “signature” to messages to ensure they are authentic and haven’t been relayed by a hacker.
However, existing SecOC implementations lack protection against Side-Channel Attacks (SCA). An SCA is a sophisticated method where an attacker observes the physical characteristics of a chip—such as its power consumption or electromagnetic radiation—to “leak” secret cryptographic keys.
In a typical modern car, a Gateway ECU acts as the primary entry point, communicating with remote servers for wireless firmware updates. This connection usually uses Asymmetric Cryptography and is susceptible to identity spoofing, where a hacker can pretend to be the manufacturer, and send malicious software.
Once inside the gateway, the communication shifts to Symmetric Cryptography as the gateway talks to auxiliary ECUs throughout the car. It is at this internal level where the system is most vulnerable to Side-Channel Attacks. If an attacker can extract the keys from one auxiliary ECU, they could potentially take control of critical vehicle subsystems.
The Road Ahead
The overarching mission of SISHAM is to build a fortified HSM that supports SecOC and also makes it resilient against physical tampering. Alongside this hardware, the team aims to develop a suite of specialised testing tools to verify the security of these chips under stress.
In the future, the project will investigate the feasibility of incorporating Post-Quantum Cryptography into the HSM to ensure that vehicles remain secure even as quantum computing advances. While the immediate focus is on the price-sensitive consumer car market, applications for military vehicles could also be explored, where higher budgets allow for more robust security features.
By building on existing industry standards, SISHAM aims to deliver a translational solution that can be integrated into the next generation of global automotive manufacturing.
