Success Stories

Tier-1 automotive supplier

secure ECU communication with trusted applications

Software Engineering
Cybersecurity
For a leading Tier-1 supplier aiming to secure UART communication, Diconium developed a robust solution that protects critical in-vehicle communication between the SoC and I/O Controller. Leveraging the Kinibi Trusted Execution Environment (TEE), we created a custom Trusted Application that implements a secure handshake protocol that ensures only authorised hardware can interact with sensitive vehicle functions, eliminating the risk of unauthorized access.

Our story

01

Task

The customer was involved in the development of next-generation ECUs for a premium OEM that had strict automotive cybersecurity requirements. 

The goal was to ensure that only authorized, OEM-approved hardware could issue commands to perform vehicle functions without relying on a Hardware Security Module. Additionally, the solution required integration with existing production hardware while aligning with platform constraints. 

02

Challenge

The challenge was to deliver a solution that provided secure credential storage and isolated cryptographic processing. 

Moreover, the situation was complex, as the customer’s original security vendor withdrew support, leaving them without a mechanism to validate hardware authenticity. This exposed their UART (an inherently vulnerable interface) to spoofing, replay attacks, and physical tampering. 

03

Solution

To fulfill these requirements our specialised team for Trusted Application (TA) development at Diconium Germany created a custom solution built on Kinibi TEE. 

It used a three-step handshake protocol (Request - Response - Confirmation) that established a secure session between the SoC and IOC. The session was provisioned with pre-shared keys burned in during manufacturing and secured by the TA. All cryptographic operations and validations were executed inside the TEE, isolated from the normal OS environment. 

Post-handshake, the session keys were generated, and commands were transmitted, including random numbers and counters to prevent spoofing or replay attacks. Furthermore, the communication was denied unless the connected hardware could demonstrate possession of the shared key, thereby verifying it as OEM-approved. 

04

Successes

Our solution enabled the client to pivot away from the older HSM-based solution by leveraging the security capabilities of the SoC. The result was a production-grade security solution that met the stringent standards for automotive compliance. Under simulated attack conditions during pentesting, it successfully defended against unauthorised command injection attempts and the customer was able to launch a secure product. 

abstract glassy elements connecion 2

Tier-1 automotive supplier

Industry: Automotive

Business Area: B2B 

Technologies: Kinibi TEE, OP-TEE + QEMU for testing, C, C++ and GlobalPlatform APIs

abstract data cubes abstract glassy elements connecion 2

READY TO UPDATE YOUR BUSINESS?

Let's talk!

Jürgen Wohler

expert business development manager

J%C3%BCrgen+Wohler

More success stories

Learn how we have empowered our customers and get to know our solutions

Trusted+Application+for+Secure+OTP+Memory+Access

Trusted Application for Secure OTP Memory Access

For a leading automotive software company developing modern driving technologies, Diconium designed and implemented a Trusted Application that enabled controlled access to One-Time Programmable (OTP).

Read our story
Secure+Trusted+App+Development+for+Infotainment+ECUs

Secure Trusted App Development for Infotainment ECUs

For a leading global automotive supplier, Diconium Germany developed a Trusted Application to enable controlled decryption of update containers within the Trusted Execution Environment (TEE).

Read our story
MuleSoft-Powered+Integration%3A+seamless+connectivity

MuleSoft-Powered Integration: seamless connectivity

A major American automotive brand partnered with Diconium to create a future-proof integration backbone with MuleSoft. By seamlessly connecting modern cloud applications with legacy systems, we unified critical processes across finance, procurement, CRM, and contract management.

Read our story
Increased+Business+value+through+app+optimization

Increased Business value through app optimization

For a leading automotive manufacturer, Diconium developed innovative end-to-end solutions to increase the business value of a subscription-based service.

Read our story
Automotive+infotainment+with+trusted+applications

Automotive infotainment with trusted applications

For a leading automotive software division, Diconium cybersecurity team designed and implemented a secure IDS logging solution to protect sensitive data within their in-vehicle infotainment (IVI) environment.

Read our story
PKI+solution+for+ECU+security

PKI solution for ECU security

For a leading automotive OEM, Diconium developed a secure and scalable PKI-as-a-service solution that helped them manage access to restricted features in Electronic Control Units (ECUs).

Read our story