In addition to encryption and decryption, a secure system must be able to confirm the integrity of stored code and data assets on the device. Hash algorithms support this objective, reducing a blob of code or data of arbitrary length to a unique fixed-length digest. Without using a key, a cryptographic hash function always generates the same output digest for the same input, and has several important attributes that make it secure:

1. It is highly infeasible to deduce the original input string that was used to compute a given hash value.
2. Given an original message, it is highly infeasible to modify the message in such a way that it generates the same hash value as the original.
3. A cryptographic hash function is resistant to collisions—meaning it is highly improbable for two different inputs to generate the same output.
4. Additionally, any change to the input, even a single bit, results in a drastic change to the output. This is known as the avalanche effect.

By computing a hash digest on an authentication certificate or stored code to be booted and comparing it to a known reference, the system can confirm that the code or data has not been modified since its creation. The Secure Hash Algorithm (SHA) and Message Digest 5 (MD5) are examples of commonly used hash functions. Use of the SHA-1 and MD5 algorithms is discouraged, as successful collision attacks have been demonstrated against these functions. The SHA-2 and SHA-3 algorithms can be used instead to provide strong hash functions. The length of the hash digest is related to the cryptographic strength of the function. All things being equal, longer digests are more secure, at the expense of more computation time.

An asymmetric algorithm can be used to create a digital signature from a message, using a private key. A digital signature can be used to confirm the integrity and authenticity of a signed message. However, asymmetric algorithms are much slower than hash functions. Therefore, hashes work well when combined with asymmetric algorithms, by solving the problem of computation time across a large blob of data. Instead of signing the entire blob, a secure hash of the blob can first be computed. The resulting output hash digest is then signed using the sender’s private key. The receiver reverses this process using the sender’s public key, computes the hash of the received data blob, and authenticates it against the original hash. This process establishes both the integrity and authenticity of the data, while saving on computation time, and is commonly referred to as digital signing. These items are typically stored together with other important metadata in a digital certificate, using an industry-standard format such as X.509. This process is essential for factory provisioning and firmware updates, which are discussed in subsequent sections.

Cryptographic authentication schemes can also be used within the application itself to achieve run-time security, verifying the integrity and authenticity of data that is transmitted between devices. Using a secret key, a message authentication code, or MAC, is computed using the cryptographic algorithm, and appended to the message sent to the receiver. The receiver can then use the same key and algorithm to compute the MAC from the received message, and compare it with the one sent by the sender. If the two codes match, the message is verified to be authentic and unchanged.

The two most commonly used cryptographic authentication schemes are CMAC and HMAC. CMAC stands for Cipher-based Message Authentication Code, and is based on a symmetric algorithm such as AES. HMAC stands for Keyed-Hash Message Authentication Code, and uses a hash function such as SHA-256. An example of cryptographic message authentication can be found in modern automotive systems that employ the AUTOSAR Security On-board Communication (SecOC) architecture for data that is transmitted between electronic control units, or ECUs. SecOC uses CMAC to provide end-to-end protection for network messages transmitted over a vehicular network such as CAN, FlexRay or Ethernet. In the SecOC architecture, each message frame includes a security header and trailer, containing the MAC and other security metadata. The MAC can be used by each ECU to verify each message received, and shared keys can be managed and periodically distributed by a central host to preserve freshness. Such schemes can be used to protect against attack methodologies such as CAN injection that are often employed by car thieves.