By Lee Harrison – Automotive Test Solutions Manager, Siemens EDA
The topic of safety and security for automotive ICs and systems was heavily debated in the recent 2021 ISQED Symposium panel session focused on autonomous vehicles. All participants declared that level 5 (full driving autonomy) autonomous vehicles were inevitable and not fiction. It was also agreed that safety and security were two critical aspects of making level 5 autonomy a reality. Technology that enables the collection of valuable data from vehicles is key to driving this technological shift, as this data essentially closes the loop between the development of these vehicles and their behavior in-life. Only with this closed loop can we refine, train and enhance the autonomous experiences making sure it is continuously safe and secure.
One technology that’s absolutely essential is the ability to communicate with a vehicle over-the-air. Here’s some background on secure over-the-air updates and how Siemens makes it happen.
Why Over–the–air updates?
Modern vehicles are increasingly connected devices with growing volumes of electronic systems. This systemic complexity means that even an average vehicle design will include over 150 electronic control units (ECUs), which control not just infotainment and communications, but powertrain, safety and driving systems. All these systems depend on an increasing volume and complexity of electronics hardware and software. This means around 200 million lines of code. Once you establish a connection with the electronics in a vehicle, that vehicle becomes a target to security threats.
Defense in Depth
This brings us onto the issue of ‘Defense in Depth’ – a strategy of delivering secure control systems by viewing threats and security solutions as multidimensional.
Anyone that tells you they have a total solution to all potential threats to automotive systems is underestimating their complexity. Also, it’s one thing to defend today’s threats, but who knows what is round the corner? We need to deploy as many threat prevention, detection and response measures as we can today, to do our absolute utmost to protect ourselves from the unknown threats of tomorrow.
Tessent Embedded Analytics semiconductor intellectual property (SIP) allows designers to incorporate intelligent self-analytic capabilities in the systems-on-chip (SoCs) at the heart of today’s automotive electronics. A typical system and how the Tessent Embedded Analytics SIP is configured within the SoC, with both passive monitors and reactive Sentry components, is shown below.
Secure access in implementing OTA
A root of trust (RoT) and other security mechanisms inside the chip help ensure that chips are not compromised in manufacturing, in the supply chain, or during field use. In an OTA update, a hardware-embedded root of trust can only allow authorized software to be ported to the automotive system.
OEMs must implement the highest security standards for OTA, as defined by several standards like UNECE defined R156 (Software Update Processes and Management System) and ISO24089 (in development). An SoC with embedded analytics can confirm compliance at the bit level, for safety, security and for suitability to the hardware configuration in use. Traceability is fundamental here: tracking the build of any software through to its implementation with full software authentication and encryption to ensure payload is delivered appropriately.
Architecting SoCs to integrate IP for sensors, security, and chip identifiers and inserting such IP along with DFT IP as part of the design flows, allows SoC suppliers to establish a foundation of hardware enablement for trusted and secure Silicon Lifecycle Management.
Once these advanced security and monitoring technologies are in place, we can also collect extremely valuable data from SoC through their lifecycle that can improve the design, manufacturing, and in-life performance of the devices.
Read more about technology for over-the-air updates in the Siemens paper ‘Monitor and Control Automotive Devices with Over-the-Air Updates’ here: