• Elliptic Curve Cryptography
• ECDSA
• Automotive
• WAVE Standard

Modern cars are widely equipped with digital electronic systems that are called ECUs (Electronic Control Units). In order to provide assisting and aiding services for the drivers, handle and control the vehicle functionalities and so on, such embedded systems require to communicate each other by means of in-vehicle networks, such as CAN (Controller Area Network), FlexRay, LIN (Local Interconnect Network), or MOST (Media Oriented Systems Transport). Moreover, the number of communication links on board the vehicle is expected to grow in the near future, by adopting wireless networks as the 5G or the Wi-Fi for dedicated short-range communications (DSRCs), i.e. the IEEE 802.11p. This is a fundamental step along the roadmap to the autonomous driving and it will let the automotive area to implement and provide advanced services and applications based on the Vehicle-to-Everything, V2X, communications, where X can be P, pedestrian (V2P), or I, infrastructure (V2I), or V, vehicle (V2V), or H, home (V2H), and many others. The result of this step will be the diffusion of more and more connected cars, communicating to each other and with external infrastructures, as nodes of a wide range and high density heterogeneous network. If on one hand the number of aiding services related also to the vehicles and drivers safety will increase, on the other hand also the number of attack surfaces will grow signifcantly, exposing the connected cars to the typical security threats and vulnerabilities of the IT area. As already proved by several demonstrations that can be found in literature, vehicles require specifc and dedicated cybersecurity mechanisms and this need become more stringent in order to support the next-generation applications based on V2X.
The IEEE 1609 standard, also known as WAVE (Wireless Access in Vehicular Environment) Standard, defnes the architecture, communications model, management structure, security mechanisms and physical access for V2X communications based on the IEEE 802.11p wireless link. The cybersecurity specifcations of the WAVE standard relies on cryptographic algorithms, including some Elliptic Curve Cryptography (ECC) functions as the ECDSA (Elliptic Curve Digital Signature Algorithm) and the ECIES (Elliptic Curve Integrated Encryption Standard). The work illustrated in this document focused on the implementation of an ECC hardware accelerator for the P-256 elliptic curve of the NIST (National Institute of Standard and Technology), that is the one specifed by the IEEE 1609 standard for the ECDSA algorithm.
Starting from the study of the theoretical background of the Elliptic Curve Cryptography, it followed the analysis of the main methodologies, approaches and architectures that can be found in literature, addressing the development of hardware accelerator of ECC applications.
Then an ECC module was designed for the ECDSA algorithm specifed by the IEEE 1609.2 standard, with the goal to support a data rate of at least 4000 signatures generation/verifcation per second for the ECDSA engine which the ECC module was to be integrated in: such system requirements was extracted by the analysis of the literature. Finally, the ECC hardware
accelerator was integrated in a digital ECDSA engine, including also other ECC sub-modules realized during this work, and a SHA2 IP core, developed by the team of the Department of Information Engineering of University of Pisa working on cybersecurity applications.
All the implemented modules was tested by means of the offcial NIST test vectors. The implemented system was synthesized on both a 45nm ASIC Standard-Cell technology and an FPGA Stratix IV by Intel: on Standard-Cell the ECC accelerator performs 5727 scalar multiplications per second consuming 259.63 kGE at 355 MHz and the ECDSA core performs 5679 digital signatures generation per second, costing 330.69 kGE. On FPGA platform the ECC accelerator performs 1048 scalar multiplications per second using 13762 (15%) of the available ALMs logic units and the ECDSA core performs 1039 digital signatures per second
consuming 20932 (23%) ALMs.