UDS SecurityAccess Demo on Infineon AURIX™ TC275 with HSM

This demonstration showcases a custom implementation of the UDS (Unified Diagnostic Services) SecurityAccess service (ISO 14229, SID 0x27) on the Infineon AURIX™ TC275 LK platform, leveraging the on-chip Hardware Security Module (HSM) for secure cryptographic operations.

Features Demonstrated

• UDS SecurityAccess Seed Request (0x27 0x01)
• True Random Seed Generation using HSM TRNG
• AES-128 Encryption using HSM Hardware Accelerator
• Secure Key Verification inside the HSM

Implementation Overview

The ECU generates a 32-byte random seed using the HSM True Random Number Generator (TRNG). The seed is returned to the tester through the UDS SecurityAccess Request Seed service.

The tester computes the security key by performing AES-128 encryption using the shared secret key. Upon receiving the key, the ECU forwards the seed to the HSM, where AES-128 encryption is executed using a protected internal key. The generated result is compared against the key received from the tester. If the values match, SecurityAccess is granted and the ECU responds with a positive response (0x67 0x02).

Security Architecture

• Hardware Security Module (HSM)
• True Random Number Generator (TRNG)
• AES-128 Hardware Encryption Engine
• Internal Protected Key Storage
• UDS SecurityAccess (ISO 14229)

Authentication Flow

1. Tester enters diagnostic session (0x10 0x02)
2. Tester requests seed (0x27 0x01)
3. ECU generates 32-byte random seed using HSM TRNG
4. Tester computes AES-based key
5. Tester sends key (0x27 0x02)
6. HSM verifies key internally
7. ECU grants SecurityAccess (0x67 0x02)

Platform

• Infineon AURIX™ TC275 LK
• TriCore™ CPU
• Integrated ARM-based HSM (Hardware Security Module)
• CAN / UDS Communication Stack