Search Results

Software complexity of vehicles is constantly growing especially with additional autonomous driving features being introduced. This increases the risk for bugs in the system, when the car is delivered. According to a car manufacturer, more than 90% of availability problems corresponding to Electronic Control Unit (ECU) functionality are either caused by software bugs or they can be resolved by applying software updates to overcome hardware issues. The main concern are sporadic errors which are not caught during the development phase since their trigger condition is too unlikely to occur or is not covered by the tests. For such systems, there is a need of safe and secure infield diagnosis. In this paper we present a tool software architecture with remote access, which facilitates standard read/write access, an efficient channel interface for communication and file I/O, and continuous trace.

The current automotive electronic and electrical (EE) architecture has reached a scalability limit and in order to adapt to the new and upcoming requirements, novel automotive EE architectures are currently being investigated to support: a) an Ethernet backbone, b) consolidation of hardware capabilities leading to a centralized architecture from an existing distributed architecture, c) optimization of wiring to reduce cost, and d) adaptation of service-oriented software architectures. These requirements lead to the development of Zonal EE architectures as a possible solution that require appropriate adaptation of used security mechanisms and the corresponding utilized hardware trust anchors. 1 The current architecture approaches (ECU internal and in-vehicle networking) are being pushed to their limits, simultaneously, the current embedded security solutions also seem to reveal their limitations due to an increase in connectivity.

The reduction of vehicle exhaust particle emissions is a success story of European legislation. Various particle number (PN) counters and calibration procedures serve as tools to enforce PN emission limits during vehicle type approval (VTA) or periodical technical inspection (PTI) of in-use vehicles. Although all devices and procedures apply to the same PN-metric, they were developed for different purposes, by different stakeholder groups and for different target costs and technical scopes. Furthermore, their calibration procedures were independently defined by different stakeholder communities. This frequently leads to comparability and interpretation issues. Systematic differences of stationary and mobile PN counters (PN-PEMS) are well-documented. New, low-cost PTI PN counters will aggravate this problem. Today, tools to directly compare different instruments are scarce.

The powertrain module is being introduced to embedded System on Chips (SoCs) designed to increase available computational power. These high-performance SoCs have the potential to enhance the computational power along with providing on-board resources to support unexpected feature growth and on-demand customer requirements. This project will investigate the radial basis function (RBF) using the Gaussian process (GP) regression algorithm, the ETAS ASCMO tool, and the hardware accelerator Advanced Modeling Unit (AMU) being introduced by Infineon AURIX 2nd Generation. ETAS ASCMO is one of the solutions for data-driven modeling and model-based calibration. It enables users to accurately model, analyze, and optimize the behavior of complex systems with few measurements and advanced algorithms. Both steady state and transient system behaviors can be captured.

Autonomous driving systems and connected mobility are the next big developments for the car manufacturers and their suppliers during the next decade. To achieve the high computing power needs and fulfill new upcoming requirements due to functional safety and security, heterogeneous processor architectures with a mixture of different core architectures and hardware accelerators are necessary. To tackle this new type of hardware complexity and nevertheless stay within monetary constraints, high performance computers, inspired by state of the art data center hardware, could be adapted in order to fulfill automotive quality requirements. The European Processor Initiative (EPI) research project tries to come along with that challenge for next generation semiconductors. To be as close as possible to series development needs for the next upcoming car generations, we present a hybrid semiconductor system-on-chip architecture for automotive.

Advanced safety features and new services in connected cars depend on the security of the underlying vehicle functions. Due to the interconnection with the outside world and as a result of being an embedded system a modern vehicle is exposed to both, malicious activities as faced by traditional IT world systems as well as physical attacks. This introduces the need for utilizing hardware-assisted security measures to prevent both kinds of attacks. In this paper we present a survey of the different classes of hardware security devices and depict their different functional range and application. We demonstrate the feasibility of our approach by conducting a case study on an exemplary implementation of a function-on-demand use case. In particular, our example outlines how to apply the different hardware security approaches in practice to address real-world security topics. We conclude with an assessment of today’s hardware security devices.

A main challenge when developing next generation architectures for automated driving ECUs is to guarantee reliable functionality. Today’s fail safe systems will not be able to handle electronic failures due to the missing “mechanical” fallback or the intervening driver. This means, fail operational based on redundancy is an essential part for improving the functional safety, especially in safety-related braking and steering systems. The 2-out-of-2 Diagnostic Fail Safe (2oo2DFS) system is a promising approach to realize redundancy with manageable costs. In this contribution, we evaluate the reliability of this concept for a symmetric and an asymmetric Electronic Power Steering (EPS) ECU. For this, we use a Markov chain model as a typical method for analyzing the reliability and Mean Time To Failure (MTTF) in majority redundancy approaches. As a basis, the failure rates of the used components and the microcontroller are considered.

The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls. This paper addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software.

Connecting mobile communication channels to vehicles’ networks is currently attracting engineers in a wide range. Herein the desire of vehicle manufacturers to remotely execute software updates over the air (SOTA) within electronic control units (ECU) is probably the field of highest attention at the moment. Today software updates are typically done at vehicle service stations and connection the vehicles electronic network via the onboard diagnosis (OBD) interface to a service computer. Herby the duration of the update is invisible to the user, as this happens during standard service appointments. With introduction of SOTA, these updates become very convenient to the customer and can lead to higher customer satisfaction levels. SOTA can be made transparent to the user however the method of implementation can affect the user experience.

A cooperation of several research partners supported by the German Federal Ministry of Research and Education proposes a new active matrix LED light source. A multi pixel flip chip LED array is directly mounted to an active driver IC. A total of 1024 pixel can be individually addressed through a serial data bus. Several of these units are integrated in a prototype headlamp to enable advanced light distribution patterns in an evaluation vehicle.

Introduction The introduction of Ethernet and Gigabit Ethernet [2] as the main invehicle network infrastructure is the technical foundation for different new functionalities such as piloted driving, minimizing the CO2- footprint and others. The high data rate of such systems influences also the used microcontrollers due the fact that a big amount of data has to be transferred, encrypted, etc. Figure 1 Motivation - Vehicles will become connected to uncontrolled networks The usage of Ethernet as the in-vehicle-network enables the possibility that future road vehicles are going to be connected with other vehicles and information systems to improve system functionality. These previously closed automotive systems will be opened up for external access (see Figure 1). This can be Car2X connectivity or connection to personal devices. Allowing vehicle systems to communicate with other systems that are not within their physical boundaries impose a previously non-existing security problem.

Vehicle manufacturers are challenged by rising costs for vehicle recalls. A major part of the costs are caused by software updates. This paper describes a feasibility study on how to implement software update over the air (SOTA) in light vehicles. The differences and special challenges in the automotive environment in comparison to the cellular industry will be explained. Three key requirements focus on the drivers’ acceptance and thus are crucial for the vehicle manufacturers: SOTA must be protected against malicious attacks. SOTA shall interfere as little as possible with the availability of a vehicle. Long update processes with long vehicle downtimes or even complete fails must be avoided. The functional safety of the vehicle during operation may not be limited in any way The study gives options how those objectives can be achieved. It considers the necessary security measures and describes the required adaptations of the board-net architectures both on software and hardware level.

The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time. The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment.

In-vehicle communication faces increasing bandwidth demands, which can no longer be met by today's MOST150, FlexRay or CAN networks. In recent years, Fast Ethernet has gained a lot of momentum in the automotive world, because it promises to bridge the bandwidth gap. A first step in this direction is the introduction of Ethernet as an On Board Diagnostic (OBD) interface for production vehicles. The next potential use cases include the use of Ethernet in Driver Assistance Systems and in the infotainment domain. However, for many of these use cases, the Fast Ethernet solution is too slow to move the huge amount of data between the Domain Controllers, ADAS Systems, Safety Computer and Chassis Controller in an adequate way. The result is the urgent need for a network technology beyond the Fast Ethernet solution. The question is: which innovation will provide enough bandwidth for domain controllers, fast flashing routines, video data, MOST-replacement and internal ECU buses?

In recent years, we see more and more ECUs integrating a huge number of application software components. This process mostly results from the increasing amount of so called in-house software in various fields like electric-drive, chassis and driver assistance systems. The software development for these systems is partially moved from the supplier to the car manufacturers. Another important trend is the introduction of new network architectures intending to meet the growing communication requirements. For such ECUs the software integration scenarios become more complicated, as more quality of service requirements with regards to timing, safety and security need to be considered [2]. Multi-core microcontrollers offer even more potential variants for integration scenarios. Understanding the interaction between the different software components, not only from a functional, but also from a timing view, is a key success factor for modern electronic systems [6,7,8,9].

End of Line tests are brief set of tests intended to evaluate ECU's in order to ensure correct functioning of its intended functionality. As these tests are executed on the production line, available time to perform these tests is limited. On one hand, faster production demands require these tests and its framework to be designed in a time optimized manner. On the other hand, increase in ECU functionality translates to an increase in test's functional coverage, requiring more time. Therefore the time taken to execute the tests reaches a critical point in overall ECU production. Availability of multicore microcontrollers with increase in clock speed can increase the performance of end of line tests, but design challenges e.g. synchronization do not guarantee a linear performance increase. Therefore, design of test execution framework is absolutely critical to increase performance of test execution.

The market potential for products such as scooters and small motorcycles is already self-sustaining. However, other applications for small engines can be more fragmented with a wide variety of requirements for the engine control unit. Consequently, the engine control unit can be designed to accommodate more features than are necessary for a given application to cover a broader market. The flip side of this approach is to design the engine control unit for a limited application reducing the market size. Neither approach creates a cost efficient product for the producer. It either supplies the market with an electronic control unit that has features not being utilized (wasted costs) or a unit that has limited capabilities reducing the economies of scale (higher costs). When these designs are developed using discrete components these inefficiencies are exacerbated.

Integration scenarios for ECU software become more complicated, as more constraints with regards to timing, safety and security need to be considered. Multi-core microcontrollers offer even more hardware potential for integration scenarios. To tackle the complexity, more and more model based approaches are used. Understanding the interaction between the different software components, not only from a functional but also from a timing view, is a key success factor for high integration scenarios. In particular for multi-core systems, an amazing amount of timing data can be generated. Usually a multi-core system handles more software functionality than a single-core system. Furthermore, there may be timing interference on the multicore systems, due to the shared usage of buses, memory banks or other hardware resources.

In modern vehicles, the number of small electrical drive systems is still increasing continuously for blowers, fans and pumps as well as for window lifts, sunroofs and doors. Requirements and operating conditions for such systems varies, hence there are many different solutions available for controlling such motors. In most applications, simple, low-cost DC motors are used. For higher requirements regarding operating time and in stop-start capable systems, the focus turns to highly efficient and durable brushless DC motors with electronic commutation. This paper compares various electronic control concepts from a semiconductor vendor point of view. These concepts include discrete control using relays or MOSFETs. Furthermore integrated motor drivers are discussed, including system-on-chip solutions for specific applications, e.g. specific ICs for window lift motors with LIN interface.

The amount of electronics in vehicles is increasing, so is the amount of power electronics circuits, like inverters for electric motor drives or dc/dc converters. The muscles of these circuits are power transistors like MOSFETs and IGBTs - in each circuit are several of them. While MOSFETs and IGBTs have advanced over the years in terms of their performance, their wide product spectrum and feature spectrum as well as cost, they are still not unbreakable, but semiconductors which are more sensitive to electrical or thermal overstress than, a relay for instance. Especially electrical overstress, like overvoltage or over current, may damage a power transistor within a short time frame. Hence, electrical overstress must be avoided when designing the power electronics circuit. However, even a power transistor in a carefully designed power electronics circuit, may still be exposed to over current, short circuit, over voltage, over temperature and so forth.