Security is a Driving Force for Connected Vehicles
As vehicles become more connected, both with in-car networks and with communications to the cloud and services, providers are making automotive embedded systems secure and interoperable.
The amount of electronics in a vehicle has been increasing for decades, but the rate of new integration has accelerated enormously and the rate is set to increase further. The electronic content in vehicles has grown from integrating switches for electric windows and comfort settings, such as seat positions, to incorporating intelligent in-vehicle networks for ADAS (Advance Driver Assistance Systems). The average vehicle in 2014 had four ultrasonic sensors, a forward-facing, 1.2M pixel camera, forward-facing radar, a back-up camera and a 1Mbit/s CAN (Controlled Area Network), a vehicle bus standard for in-vehicle communication.
In 10 years’ time, however, ARM has conservatively estimated that there will be a 10 to 100 fold increase in in-vehicle data.
|Figure 1. Assisted and later, autonomous driving system will account for more electronics in a vehicle than are used in engine control systems, such as throttle control, battery management and anti-lock braking. (Picture credit : ARM)|
Additional sensors and cameras and increased CAN data rates will deliver a safer vehicle, with ADAS features, such as sensor and vision systems. Richard York, Vice President, Embedded at ARM, identifies the shift in the role of electronics from assisted driving to autonomous vehicles. The industry is moving on from structural safety, for example with crumple zones to make a vehicle safe in a crash, observes York, to the vehicle avoiding accidents and reducing the impact of accidents in the first place. ”This is a major change, all defined by electronics,” he says. ADAS uses sensors, position systems and radar to detect if a driver is drowsy, or drifts into another lane, or if a cyclist appears in a blind spot. “The electronics makes decisions about what to do. Future cars will be driven by vision systems, processing systems that make the car safer, and ultimately, enabling the car to drive itself,” predicts York.
|Figure 2. ARM estimates that the amount of data to be processed in a vehicle will increase substantially as the connected car encompasses more sophisticated vision systems and access services and applications.|
The increase in data means the car of 2024 will have 12 ultrasonic sensors, separate forward and 360° cameras with 4K resolution and 8.8M pixel capacity, forward and short range (side view) radar, driver and passenger monitoring systems and CAN FD, operating at 10Mbit/s and Ethernet bus, operating at 1Gbit/s. CAN FD (Flexible Data rate) has a message length of 64-byte, compared to 8-byte for CAN, to increase bandwidth use and efficiency of the CAN protocol. (See Figure 2)
In January, ARM introduced a functional safety package into its ARM Cortex-R5 processor. According to York, the preparation and work involved was used in April’s announcement that the company was adding functional safety to its Cortex-A53, Cortex-A57 and its latest Cortex-A72 applications processors.
The work carried out to add functional safety to the Corex-R5, was not only lengthy, but it highlighted a gap in the market, says York. Such documentation as is now available in these application processors can contribute to safety levels. Engineers can demonstrate that a part is designed to the latest standard (for example ISO 26262 ‘Road Vehicles – Functional Safety’, and IEC 61508 ‘Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems’). The support also provides documentation on how to use the processor, as well as documentation for error management and detection. The documentation package also shows how a processor can be designed into a system.
Historically, York points out, these are steps that the engineer would have to demonstrate, but now ARM can provide some of what is needed to go through the safety process. Documentation can be presented to the end customer to make the safety case, reducing development cost and time to market.
At the same time as more electronic components are being integrated into vehicles, automotive software and system are becoming the focus of attention to ensure that automotive systems are secure and tamper-proof. To maintain vehicle and occupant safety, developers are using partitioning to consolidate multiple vehicle controls onto a single hardware platform.
SECURITY AT EMBEDDED WORLD
At Embedded World 2015, Lynx Software Technologies announced that its LynxOS 7.0 RTOS and its LynxSecure separation kernel hypervisor are moving to ARM-based processors. Initially, the RTOS was being migrated to the ARM Cortex-A series of processor cores. The kernel is being migrated to Cortex-A family members with hardware virtualization support.
Particularly in automotive systems, time-critical determinism is required to trigger time processes in a system to virtualize an OS to run different safety levels. The LynxOS has access control and local trusted paths to design security into a connected, embedded device within a vehicle. When added at the start of the design process, not an after-thought, the IoT edge and gateway devices in the vehicle are deemed ‘secure by design’.
Speaking at Embedded World, Lee Cresswell, Sales Director, EMEA, Lynx Software Technologies, spoke about security being “an add-on, an after-thought. But now, the embedded community can build security from the get-go”. The company’s support for the ARM architecture allows users to bring legacy systems over to a more secure world, said Cresswell.
The need for security in the emerging market of in-vehicle networks cannot be underestimated. Cresswell said: “A secure platform foundation is an essential element of the industrial IoT to ensure that the critical infrastructure of the future is adequately protected. Security is paramount for the next generation of connected embedded systems.”
|Figure 3. The LynxSecure separation kernel hypervisor is supervisory software that creates an abstraction layer between hardware and OS and uses hardware virtualization in the latest ARM cores.|
The LynxSecure separation kernel hypervisor isolates and separates memory CPUs and devices. Virtualization technology sits above the separate kernel and uses hardware virtualization features found in many of the latest ARM cores. The company claims that it can provide performance very close to the native speeds for guest OS running in the isolated domains. Importantly, for embedded automotive systems, LynxSecure can securely separate different networks, for example Information Technology (IT) and Operations Technology (OT) networks commonly found in IoT gateways. It can partition areas to isolate critical information from threats or attacks.
Another software company, Wind River has also addressed how developers can create automotive-grade, safety-ready systems. It is testing and has proof of concept of an Automotive Profile to its VxWorks RTOS. “The Automotive Profile provides automotive-grade foundation for safety-ready systems based on AutoSAR integration for ADA and autonomous driving,” explains Franz Walkembach, Global Product Line Manager Automotive Solutions, Wind River. It comprises the Vx RTOS, with a safety profile sub area, and AutoSAR to help engine control units (ECUs) understand each other. This is the first phase, explains Walkembach. “For IoT, we need to broaden our thinking,” he explains, to look at safety and security outside of the car.” This means car-to-car communication and also car-to-X, where different devices are connected to the car and OS. Walkembach clarifies: “For example, communicating to a toll station on a highway, or to communicate weather conditions to alert drivers about icy roads ahead. These applications, need outside communications”.
The Automotive Profile will be released in Q3. Further additions will be added each quarter, confirms Walkembach.
Caroline Hayes has been a journalist, covering the electronics sector for over 20 years. She has worked on many titles, most recently the pan-European magazine, EPN. Now a freelance journalist, she contributes news, features, interviews and profiles for electronics journals in Europe and the US.