…right people – right place – right time!

Why embedded system complexity is challenging safety and security in the automotive industry.


27thJuly - Valencia.


Increasing complexity in Automotive to environment ecosystem

Once technological and regulatory issues have been resolved, up to 15 percent of new cars sold in 2030 could be fully autonomous, according to McKinsey. Advanced driver-assistance systems (ADAS) will play a crucial role in preparing regulators, consumers, and corporations for the medium-term reality of cars taking over control from drivers.

ADAS systems are getting more and more complex and include a growing number of different interacting elements. All these elements need to deliver fail-operational & real-time, safety-critical performance in order to gain acceptance from the public. And as vehicles become increasingly autonomous, the amount of sensor data that needs to be processed increases significantly.

Connectivity becomes an important factor for autonomous vehicles, it means that embedded systems are increasingly able to exchange data with their environment and this will have multiple implications. First, cybersecurity will become mandatory for the automotive industry, second, the availability of remote access and updating means that the underlying software that enables these services needs to able to deal with any system configuration available in the field. These requirements may lead to an increased level of embedded system complexity.

A typical car has about 100 control units, thousands of software components, and tens of thousands of signals exchanged between subsystems. All of these need to be designed, developed, integrated, tested, and validated to work individually as well as in conjunction with each other. As a result the worry of security and safety becomes an important issue.


Safety and Security are business drivers in the Automotive industry

Andreas Kuehlmann, CEO of Tortuga Logic has recently stated, “The primary drivers in the Automotive Industry are things like safety. And when we talk about compliance in regulated industries, security is always a foundational piece that is required for any one of these primary business objectives. The big wake-up call was the Jeep Cherokee incident, when Charlie Miller and Chris Valasek demonstrated you can run the vehicle into a ditch. They may not have been the first to hack into a car, but they were the first to make a movie out of it.”

Cybersecurity changes that equation. “If a particular model of a car is vulnerable, all cars on the road are vulnerable, meaning you can hack all cars at the same time.”

“As we talk about cars being connected for over-the-air (OTA) updates, vehicle-to-vehicle communication, vehicle-to-infrastructure (V2I) communication, all of this dramatically increases the importance of cybersecurity,” Kuehlmann adds.  

“Without precautions, without building security into the product — and not only into the product, but into the entire infrastructure — we’ll have massive problems. 


Building levels of security into the design

Manufacturers are currently working with the concept of “defence in depth.” It involves a range of technologies that can be implemented at different levels of the design to build rings of defence, using relatively simple concepts to introduce many levels of protection for a device, as well as providing a significant defence against malicious attacks. 

The use of embedded analytics technology is increasingly relied upon as an on-chip analytics engine, part of a device safety used to monitor critical activities within a vehicle. If any of these operations appear to be abnormal, or are not regular operations, they are monitored and flagged by the embedded analytics monitoring technology. For example the vehicles infotainment system sends communications data to critical vehicle functions, such as brakes and steering. In normal operations this would never happen, so it can be classed as an illegal operation, and thus can be detected and blocked. The question now is how much of the processing to detect and block is done by zonal controllers and how much is done through a sensor fusion system.

The chips, wherever they are doing the processing, are having to become more complex. Including more types of processing elements, including accelerators that can speed up object detection and classification which are part of the ADAS system.


Automotive processing architectures are in flux

The processing architectures that deal with exchanges of data are continuing to be developed in order to counter security breaches. Initially it was algorithms and AI or machine learning on visual inputs. Then, LIDAR and radar data was added to that in a sensor fusion function. That has then been overlaid with mapping. This means even more hardware architectures are driven by the needs of the software. While a lot of progress is being made, the market is still in a transition phase with many carmakers rolling out the next generation of advanced architectures, like zonal architectures, around 2024. This means a lot of the platforms currently on the road are not yet advanced to a point where they can enable the seamless Over the Air (OTA) that autonomous vehicles will require. 

Car makers are falling into different groups for both centralised sensor fusion and zonal processing architectures and are contending with growing security concerns. The thing is there is no consistent approach to security. New different threats are constantly popping up and automotive architectures have been in flux. Security means something different for each company, and everyone has their own idea how to realise a super secure system that goes along with safety because there is no security without safety, or vice versa.

The more connectivity provided to the outside, the more options attackers have to the system. If there is vehicle-to-vehicle communications or vehicle-to-infrastructure communications, or if there is cloud access, all could lead to a path to the system. If it is a very configurable, highly-connected system, there is potential to break into the system.

Centralized processing environments make software security updates easier, but it also means that a hardware attack could allow access to a majority of the control systems. And zonal environments need to contend with securing the hardware and software of each specific zonal gateway. The risk of compromise is lowered, but the system security needs to be more widespread across the entire vehicle. Zonal architectures, also address the wiring problem by keeping gateways for each vehicle zone close to the ECUs and sensors they control, while the gateways communicate with one another via a backbone network,

The goal from a security standpoint is to wrap everything in layers of security, rather than just focusing on a subsystem, allowing some flexibility in how to defeat an attack.

What carmakers do agree on, however, is the need to build in security as part of the architecture, rather than trying to layer it on top of an existing design.


The need for high skills in the development team

It is often believed that complexity is an over-specification based on the false belief that all current and potential requirements need to be met or that an embedded system needs to reflect all environmental complexity and security.

The lack of sufficiently experienced talent and domain expertise within the team is frequently the cause. Having experts on the teams specifically for architecture and toolchain development is critical because they can draw on their experience to determine how to resolve trade-off decisions.

To ensure the highest quality experts form part of the team require specialists who can seek the best sources of talent from an ever dwindling pool of supply. Companies such CIS have over 20 years’ experience working with the Automotive and other embedded engineering markets to find the right precision matched skills for complex projects. Make sure your next project is covered, contact CIS on info@cis-ee.com or call us on +34 963 943 500.