Sebastian Steinhorst

Security challenges in automotive hardware/software architecture design

This paper is an introduction to security challenges for the design of automotive hardware/software architectures. State-of-the-art automotive architectures are highly heterogeneous and complex systems that rely on distributed functions based on electronics and software. As cars are getting more connected with their environment, the vulnerability to attacks is rapidly growing. Examples for such wireless communication are keyless entry systems, WiFi, or Bluetooth. Despite this increasing vulnerability, the design of automotive architectures is still mainly driven by safety and cost issues rather than security. In this paper, we present potential threats and vulnerabilities, and outline upcoming security challenges in automotive architectures. In particular, we discuss the challenges arising in electric vehicles, like the vulnerability to attacks involving tampering with the battery safety. Finally, we discuss future automotive architectures based on Ethernet/IP and how formal verification methods might be used to increase their security.

Model checking of analog systems using an analog specification language

In this contribution an advanced methodology for model checking of analog systems is introduced. A new analog specification language (ASL)for efficient property specifications is defined and model checking algorithms for implementing this language are presented. This allows verification of complex static and dynamic circuit properties like oscillation and startup time that have not yet been formally verifiable with previous approaches. The new verification methodology is applied to example circuits and experimental results are discussed and compared to conventional circuit simulation.

Lightweight authentication for secure automotive networks

We propose a framework to bridge the gap between secure authentication in automotive networks and on the internet. Our proposed framework allows runtime key exchanges with minimal overhead for resource-constrained in-vehicle networks. It combines symmetric and asymmetric cryptography to establish secure communication and enable secure updates of keys and software throughout the lifetime of the vehicle. For this purpose, we tailor authentication protocols for devices and authorization protocols for streams to the automotive domain. As a result, our framework natively supports multicast and broadcast communication. We show that our lightweight framework is able to initiate secure message streams fast enough to meet the real-time requirements of automotive networks.

System architecture and software design for electric vehicles

This paper gives an overview of the system architecture and software design challenges for Electric Vehicles (EVs). First, we introduce the EV-specific components and their control, considering the battery, electric motor, and electric powertrain. Moreover, technologies that will help to advance safety and energy efficiency of EVs such as drive-by-wire and information systems are discussed. Regarding the system architecture, we present challenges in the domain of communication and computation platforms. A paradigm shift towards time-triggered in-vehicle communication systems becomes inevitable for the sake of determinism, making the introduction of new bus systems and protocols necessary. At the same time, novel computational devices promise high processing power at low cost which will make a reduction in the number of Electronic Control Units (ECUs) possible. As a result, the software design has to be performed in a holistic manner, considering the controlled component while transparently abstracting the underlying hardware architecture. For this purpose, we show how middleware and verification techniques can help to reduce the design and test complexity. At the same time, with the growing connectivity of EVs, security has to become a major design objective, considering possible threats and a security-aware design as discussed in this paper.

Security analysis of automotive architectures using probabilistic model checking

This paper proposes a novel approach to security analysis of automotive architectures at the system-level. With an increasing amount of software and connectedness of cars, security challenges are emerging in the automotive domain. Our proposed approach enables assessment of the security of architecture variants and can be used by decision makers in the design process. First, the automotive Electronic Control Units (ECUs) and networks are modelled at the system-level using parameters per component, including an exploitability score and patching rates that are derived from an automated or manual assessment. For any specific architecture variant, a Continuous-Time Markov Chain (CTMC) model is determined and analyzed in terms of confidentiality, integrity and availability, using probabilistic model checking. The introduced case study demonstrates the applicability of our approach, enabling, for instance, the exploration of parameters like patch rate targets for ECU manufacturers.

Dimensioning and configuration of EES systems for electric vehicles with boundary-conditioned adaptive scalarization

Electric vehicles (EVs) are widely considered as a solution for efficient, sustainable and intelligent transportation. An electrical energy storage (EES) system is the most important component in an EV in terms of performances and cost. This work proposes an approach for optimal dimensioning and configuration of EES systems in EVs. It is challenging to find optimal design points in the parameter space, which expands exponentially with the number of battery types available and the number of cells that can be implemented for each type. A multi-objective optimization problem is formulated with the driving range, rated power output, installation space and cost as design targets. We report a novel boundary-conditioned adaptive scalarization technique to solve both convex and concave problems. It provides a Pareto surface of evenly distributed Pareto points, presents the group of Pareto points according to different specific requirements from automotive manufacturers and also takes the fact in EES system design into account that the importance of an objective could be nonlinear to its value. Numerical and practical experiments prove that our proposed approach is effective for industry use and produces optimal solutions.

Formal approaches to analog circuit verification

For a speed-up of analog design cycles to keep up with the continuously decreasing time to market, iterative design refinement and redesigns are more than ever regarded as showstoppers. To deal with this issue, referred to as design and verification gap, the development of a continuous and consistent verification is mandatory. In digital design, formal verification methods are considered as a key technology for efficient design flows. However, industrial availability of formal methods for analog circuit verification is still negligible despite a growing need. In recent years, research institutions have made considerable advances in the area of formal verification of analog circuits. This paper presents a selection of four recent approaches in analog verification that cover a broad scope of verification philosophies.

Smart Cells for Embedded Battery Management

This paper introduces a novel approach to battery management. In contrast to state-of-the-art solutions where a central Battery Management System (BMS) exists, we propose an Embedded Battery Management (EBM) that entirely decentralizes the monitoring and control of the battery pack. For this purpose, each cell of the pack is equipped with a Cell Management Unit (CMU) that monitors and controls local parameters of the respective cell, using its computational and communication resources. This combination of a battery cell and CMU forms the smart cell. Consequently, system-level functions are performed in a distributed fashion by the network of smart cells, applying concepts of self-organization to enable plug-and-play integration. This decentralized distributed architecture might offer significant advantages over centralized BMSs, resulting in higher modularity, easier integration and shorter time to market for battery packs. A development platform has been set up to design and analyze circuits, protocols and algorithms for EBM enabled by smart cells.

Modular system-level architecture for concurrent cell balancing

This paper proposes a novel modular architecture for Electrical Energy Storages (EESs), consisting of multiple series-connected cells. In contrast to state-of-the-art architectures, the presented approach significantly improves the energy utilization, safety, and availability of EESs. For this purpose, each cell is equipped with a circuit that enables an individual control within a homogeneous architecture. One major advantage of our approach is a direct and concurrent charge transfer between each cell of the EES using inductors. To enable a system-level modeling and performance analysis of the architecture, a detailed investigation of the components and their interaction with the Pulse Width Modulation (PWM) control was performed at transistor-level. At system-level, we propose a control algorithm for the charge transfer that aims at minimizing the energy loss and balancing time. The results give evidence of the significant advantages of our architecture over existing passive and active balancing methods in terms of energy efficiency and charge equalization time.

Advanced methods for equivalence checking of analog circuits with strong nonlinearities

In this contribution two extensions for an analog equivalence checking method are proposed, enabling the checking of strongly nonlinear circuits with floating nodes such as digital library cells. Therefore, a structural recognition and mapping of eigenvalues, representing the dynamics, to circuit elements via circuit variables is presented. Additionally, the introduction of reachability analysis is significantly restricting the investigated state space to the relevant parts, avoiding false negatives. The newly introduced methods are compared to existing ones by application to industrial examples.