Michael Karner

Moving beyond the component boundaries for efficient test and diagnosis of automotive communication architectures

Integration work at system level has been made easier with the introduction of the time-triggered concept and technologies such as FlexRay. Paradoxically, the ongoing integration efforts at component level have led to complex local interactions between the subsystems that are difficult to analyze globally. We present in this work a test environment for automotive networks that goes beyond the component boundaries and enables the concurrent analysis of the entire communication architecture. This supports the investigation of data- and fault propagation within the system as well as the analysis of the interactions between the components. Supported by an industrial use case, we discuss how this environment improves fault detection and diagnosis of the system.

Exploration of the FlexRay signal integrity using a combined prototyping and simulation approach

Ensuring a correct signal integrity within the entire FlexRay network and for all the possible environmental situations is mandatory for reliable operation of the distributed application. However, this is a goal difficult to reach due to the large number of parameters that influence the signal integrity. The use of simulation is a natural answer to efficiently support space exploration. We discuss in this work how the TEODACS test approach supports the validation process of the simulation models for FlexRay topologies and provides trustfulness for the simulation results even if hardware reference is not available. Further, we introduce a new method for the advanced analysis and evaluation of signal integrity in FlexRay networks.

A security metric for structured security analysis of cyber-physical systems supporting SAE J3061

Complexity in modern vehicles has increased dramatically during the last years due to new features and applications. Modern vehicles are connected to the Internet as well as to other vehicles in close proximity and to the environment for different novel comfort services and safety-related applications. Enabling such services and applications requires wireless interfaces to the vehicle and therefore leads to open interfaces to the outside world. Attackers can use those interfaces to impair the privacy of the vehicle owner or to take control (of parts of) the vehicle, which strongly endangers the safety of the passengers as well as other road users. To avoid such attacks and to ensure the safety of modern vehicles, sophisticated structured processes and methods are needed. In this paper we propose a security metric to analyse cyberphysical systems (CPS) in a structured way. Its application leads to a secure system configuration with comparable as well as reusable results. Additionally, the security metric can be used to support the conceptual phase for the development of CPS specified in the new SAE security standard SAE J3061. A case study has been carried out to illustrate the application of the security metric.

Holistic simulation of FlexRay networks by using run-time model switching

Automotive network technologies such as FlexRay present a cost-optimized structure in order to tailor the system to the required functionalities and to the environment. The space exploration for optimization of single components (cable, transceiver, communication controller, middleware, application) as well as the integration of these components (e.g. selection of the topology) are complex activities that can be efficiently supported by means of simulation. The main challenge while simulating communication architectures is to efficiently integrate the heterogeneous models in order to obtain accurate results for a relevant operation time of the system. In this work, a run-time model switching method is introduced for the holistic simulation of FlexRay networks. Based on a complete modeling of the main network components, the simulation performance increase is analyzed and the new test and diagnosis possibilities resulting from this holistic approach are discussed.

Generic framework enabling secure and efficient automotive wireless SW updates

Future vehicles will be wirelessly connected to nearby vehicles, to the road infrastructure and to the Internet in order to enable new comfort features, safety functions and a number of new vehicle-specific services. The latter will include a fast, secure, and reliable way to remotely diagnose and reconfigure a vehicle as well as to install new software on the electronic control units integrated in a vehicle. Such wireless software updates are beneficial for both automotive OEMs and customers, as they allow to enable new features of the vehicle remotely and to fix software bugs by installing a new software version over the air. Wireless diagnostics and software updates are required in several stages of a vehicles lifetime: from the manufacturing stage on the assembly line and the maintenance in a workshop to the remote download of up-to-date software directly by the car owner. To support this process over a whole vehicles lifetime, a generic framework is needed. In this paper we propose a generic framework enabling secure and efficient wireless automotive SW updates and hence supporting a vehicles whole lifetime. We describe the IEEE 802.11s network used as wireless medium to interconnect vehicles and diagnostic devices in a reliable, trustworthy and fast way and propose a dedicated cross-layer security concept applying strong authentication as well as encryption mechanisms.

Applicability of IEEE 802.11s for automotive wireless software updates

Due to the rising number of electronic control units (ECU) in a vehicle and the growing complexity of the related software installed, a fast and efficient system for updating software is needed. Wireless software updates similar to firmware over the air updates for smartphones can be a suitable solution to solve this issue. In this paper we propose a wireless update system based on an IEEE 802.11s mesh network and describe related high-level requirements for such a system. Additionally the prototype of a wireless vehicle interface (WVI) is described. This interface is needed to maintain the wireless link as well as to forward the received data to the in-vehicle communication system and finally to the ECU. Existing diagnostic standards are applied to transfer and install the new software on the ECU. Furthermore, IEEE 802.11s-based network nodes and the WVI prototype are used to evaluate the applicability of IEEE 802.11s for a wireless update system used in the vehicle development phase. We performed indoor measurements as well as measurements inside two different vehicles to evaluate the influence of the shielding properties of a vehicle. The results of these measurements show that the used setup consisting of the WVI prototype and other IEEE 802.11s based nodes can be used to realize a wireless update system and is able to fulfil the defined system requirements.

Heterogeneous co-simulation platform for the efficient analysis of FlexRay-based automotive distributed embedded systems

Validation front-loading using simulation is required to save efforts and support decision making during the development process. For automotive distributed embedded systems, the fast increasing system complexity usually prevents the use of simulation encompassing the entire communication architecture. The simulation is then focused to single domain and/or components. We present in this work a heterogeneous co-simulation model of a FlexRay based system comprising simulation models from the software components down to the waveforms within the FlexRay electrical cables. This platform enables the efficient analysis of the assembled system and more especially of the interactions between the components. The description of the models is supported by three test campaigns in order to highlight the importance of holistic simulation as well as the potential of the proposed approach.

Verification and analysis of dependable automotive communication systems based on HW/SW co-simulation

The introduction of FlexRay in the automotive industry as well as the standardization efforts for the hardware and software architecture rise different challenges: How to efficiently integrate the new services in the system, how to validate the communication architecture with respect to the effects influencing the network? The research project TEODACS aims at answering these questions. We present in this document a new validation approach for the communication architecture based on the simulation of the entire FlexRay network within a co-simulation framework. This environment largely reduces the processing resources required for simulation and thus makes the analysis of such complex system possible.

SecUp: Secure and Efficient Wireless Software Updates for Vehicles

Wireless software updates for vehicles are very beneficial for both customers and manufacturers, as they enable performance improvements and error correction without the need of vehicle recalls, as well as a reduction of warranty costs and continuous system upgrades over a vehicles whole lifetime. However, adding a wireless interface to enable software updates over the air may also expose the vehicle to security threats and make it vulnerable to a variety of attacks. Hence, to protect the safety of the driver and passengers of a vehicle, a strong and comprehensive security concept is needed. In this paper, we propose SecUp: a novel security concept enabling efficient and trustworthy wireless software updates for vehicles. SecUp is based on a system-centric structured analysis enabling a secure system configuration. The concept uses, among others, symmetric and asymmetric keys securely stored on the devices in the network to prove the identity of the nodes and to ensure the integrity as well as the confidentiality of data. We evaluate the robustness of SecUp by employing an attacker-centric threat model and show that it is indeed applicable for efficient and trustworthy wireless software updates for vehicles.

Secure Wireless Automotive Software Updates Using Blockchains: A Proof of Concept

Future smart vehicles will employ automotive over-the-air updates to update the soft ware in the embedded electronic control units. The update process can affect the safety of the involved users, thus requires a comprehensive and elaborate security architecture ensuring the confidentiality and the integrity of the exchanged data, as well as protecting the privacy of the involved users. In this paper, we propose an automotive security architecture employing Blockchain to tackle the implicated security and privacy challenges. We describe our proof-of-concept implementation of a Blockchain-based software update system, use it to show the applicability of our architecture for automotive systems, and evaluate different aspects of our architecture.