Search Results

The development of highly automated driving functions (AD) recently rises the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is increasing rapidly and especially in vehicles with highly automated functions, there is a high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who should no longer occupied with driving tasks.

The technology in the automotive industry is evolving rapidly in recent times. Thus, with the development of new technologies, the challenges are also ever-increasing from an Electromagnetic Interference and Susceptibility (EMI/EMC) perspective. A lot of the latest technologies in Adaptive Driver Assistance Systems (ADAS), which include Rear Drive Assist, Blind Spot Detection (BSD), Lane Change Assist (LCA) to name a few, and other features like Anti-Braking System (ABS), Emergency Brake Assist (EBD) etc. rely heavily on different types of sensors and their detection circuitry. In addition, a lot of other internal functions in the Engine Control Unit (ECU) also depend on such sensors’ functionalities. Thus, it becomes imperative to study the potential impact of higher field emissions on the immunity behaviour of the sensors.

Classic vehicle production had limitations in bringing the driving commands to the actuators for vehicle motion (engine, steering and braking). Steering columns, hydraulic tubes or steel cables needed to be placed between the driver and actuator. Change began with the introduction of e-gas systems. Mechanical cables were replaced by thin, electric signal wires. The technical solutions and legal standardizations for addressing the steering and braking systems, were not defined at this time. Today, OEMs are starting E/E-Architecture transformations for manifold reasons and now have the chance to remove the long hydraulic tubes for braking and the solid metal columns used for steering. X-by-wire is the way forward and allows for higher Autonomous Driving (AD) levels for automated driving vehicles. This offers new opportunities to design the vehicle in-cabin space. This paper will start with the introduction of x-by-wire technologies.

Software complexity of vehicles is constantly growing especially with additional autonomous driving features being introduced. This increases the risk for bugs in the system, when the car is delivered. According to a car manufacturer, more than 90% of availability problems corresponding to Electronic Control Unit (ECU) functionality are either caused by software bugs or they can be resolved by applying software updates to overcome hardware issues. The main concern are sporadic errors which are not caught during the development phase since their trigger condition is too unlikely to occur or is not covered by the tests. For such systems, there is a need of safe and secure infield diagnosis. In this paper we present a tool software architecture with remote access, which facilitates standard read/write access, an efficient channel interface for communication and file I/O, and continuous trace.

Today’s modern automobiles are aimed at giving the user an intuitive, secure, and reliable experience, serving his needs before and even after completion of his trip. The advances in automotive and consumer electronics are defining new boundaries for manufacturers to meet these demands. Digital vehicle entry systems are one of the key technology advances that enable vehicle to interact with external dynamic entities (e.g., smartphone loaded with applications). The system authenticates the user with not only an entry into his/her vehicle, but also offer a wide range of personalized comfort functions, thus enriching the user experience. These requirements lead to a dramatic increase in software complexity coupled with market competition to support the automotive industry standard AUTOSAR (AUTomotive Open System ARchitecture). To master these challenges, an early virtual validation of the digital vehicle entry functions is crucial for success now more than ever.

The current automotive electronic and electrical (EE) architecture has reached a scalability limit and in order to adapt to the new and upcoming requirements, novel automotive EE architectures are currently being investigated to support: a) an Ethernet backbone, b) consolidation of hardware capabilities leading to a centralized architecture from an existing distributed architecture, c) optimization of wiring to reduce cost, and d) adaptation of service-oriented software architectures. These requirements lead to the development of Zonal EE architectures as a possible solution that require appropriate adaptation of used security mechanisms and the corresponding utilized hardware trust anchors. 1 The current architecture approaches (ECU internal and in-vehicle networking) are being pushed to their limits, simultaneously, the current embedded security solutions also seem to reveal their limitations due to an increase in connectivity.

Nowadays automobiles are getting smart and there is a growing need for the physical behavior to become part of its software. This behavior can be described in a compact form by differential equations obtained from modeling and simulation tools. In the offline simulation domain the Functional Mockup Interface (FMI) [3], a popular standard today supported by many tools, allows to integrate a model with solver (Co-Simulation FMU) into another simulation environment. These models cannot be directly integrated into embedded automotive software due to special restrictions with respect to hard real-time constraints and MISRA compliance. Another architectural restriction is organizing software components according to the AUTOSAR standard which is typically not supported by the physical modeling tools. On the other hand AUTOSAR generating tools do not have the required advanced symbolic and numerical features to process differential equations.

This paper explains why software for efficient model-based development is needed to improve the efficiency of automakers and suppliers when implementing solutions with next generation automotive embedded systems. The resulting synergies are an important contribution for the automotive industry to develop safer, smarter, and more eco-friendly cars. To achieve this, it requires implementations of algorithms for machine learning, deep learning and model predictive control within embedded environments. The algorithms’ performance requirements often exceed the capabilities of traditional embedded systems with a homogeneous multicore architecture and, therefore, additional computing resources are introduced. The resulting embedded systems with heterogeneous computing architectures enable a next level of safe and secure real-time performance for innovative use cases in automotive applications such as domain controllers, e-mobility, and advanced driver assistance systems (ADAS).

Recently, vehicle networks have increased complexity due to the demand for autonomous driving or connected devices. This increasing complexity requires high bandwidth. As a result, vehicle manufacturers have begun using Ethernet-based communication for high-speed links. In order to deal with the heterogeneity of such networks where legacy automotive buses have to coexist with high-speed Ethernet links vehicle manufacturers introduced a vehicle gateway system. The system uses Ethernet as a backbone between domain controllers and CAN buses for communication between internal controllers. As a central point in the vehicle, the gateway is constantly exchanging vehicle data in a heterogeneous communication environment between the existing CAN and Ethernet networks. In an in-vehicle network context where the communications are strictly time-constrained, it is necessary to measure the delay for such routing task.

The powertrain module is being introduced to embedded System on Chips (SoCs) designed to increase available computational power. These high-performance SoCs have the potential to enhance the computational power along with providing on-board resources to support unexpected feature growth and on-demand customer requirements. This project will investigate the radial basis function (RBF) using the Gaussian process (GP) regression algorithm, the ETAS ASCMO tool, and the hardware accelerator Advanced Modeling Unit (AMU) being introduced by Infineon AURIX 2nd Generation. ETAS ASCMO is one of the solutions for data-driven modeling and model-based calibration. It enables users to accurately model, analyze, and optimize the behavior of complex systems with few measurements and advanced algorithms. Both steady state and transient system behaviors can be captured.

For highly automated driving, commercial vehicles require an Electric/Electronic (E/E) architecture, which - in addition to sensor fusion - ensures safety-critical processes such as steering and braking at all times. Among other things, a redundant 24 V supply with corresponding disconnection is required. The battery switch is a key component. Commercial, construction, and agricultural vehicles (CAV) need to operate at the highest possible availability and the lowest possible cost of ownership. This is why automated and autonomous driving has the potential to revolutionize the CAV sector. Driverless machines can be operated around the clock and almost non-stop. Platooning allows automated, interconnected trucks to drive in a convoy and very close to each other. Platooning saves fuel.

Autonomous driving systems and connected mobility are the next big developments for the car manufacturers and their suppliers during the next decade. To achieve the high computing power needs and fulfill new upcoming requirements due to functional safety and security, heterogeneous processor architectures with a mixture of different core architectures and hardware accelerators are necessary. To tackle this new type of hardware complexity and nevertheless stay within monetary constraints, high performance computers, inspired by state of the art data center hardware, could be adapted in order to fulfill automotive quality requirements. The European Processor Initiative (EPI) research project tries to come along with that challenge for next generation semiconductors. To be as close as possible to series development needs for the next upcoming car generations, we present a hybrid semiconductor system-on-chip architecture for automotive.

Advanced safety features and new services in connected cars depend on the security of the underlying vehicle functions. Due to the interconnection with the outside world and as a result of being an embedded system a modern vehicle is exposed to both, malicious activities as faced by traditional IT world systems as well as physical attacks. This introduces the need for utilizing hardware-assisted security measures to prevent both kinds of attacks. In this paper we present a survey of the different classes of hardware security devices and depict their different functional range and application. We demonstrate the feasibility of our approach by conducting a case study on an exemplary implementation of a function-on-demand use case. In particular, our example outlines how to apply the different hardware security approaches in practice to address real-world security topics. We conclude with an assessment of today’s hardware security devices.

A main challenge when developing next generation architectures for automated driving ECUs is to guarantee reliable functionality. Today’s fail safe systems will not be able to handle electronic failures due to the missing “mechanical” fallback or the intervening driver. This means, fail operational based on redundancy is an essential part for improving the functional safety, especially in safety-related braking and steering systems. The 2-out-of-2 Diagnostic Fail Safe (2oo2DFS) system is a promising approach to realize redundancy with manageable costs. In this contribution, we evaluate the reliability of this concept for a symmetric and an asymmetric Electronic Power Steering (EPS) ECU. For this, we use a Markov chain model as a typical method for analyzing the reliability and Mean Time To Failure (MTTF) in majority redundancy approaches. As a basis, the failure rates of the used components and the microcontroller are considered.

Functional safe systems fulfilling the ISO 26262 standard are getting more important for automotive applications where additional redundant and diverse functionality is needed for higher rated ASIL levels. This can result in a very complex and expensive system setup. Here we present a sensor product developed according ISO 26262. This sensor product comprises a two channel redundant and also diverse implemented magnetic field sensor concept with linear digital outputs on one monolithically integrated silicon substrate. This sensor is used for ASIL D applications like power-steering torque measurement, where the torque is transferred into a magnetic field signal in a certain magnetic setup, but can also be used in other demanding sensor applications concerning safety. This proposed and also implemented solution is beneficial because of implementation on a single chip in one single chip-package but anyway fulfilling ASIL D requirements on system level.

Driven by the growing internet and remote connectivity of automobiles, combined with the emerging trend to automated driving, the importance of security for automotive systems is massively increasing. Although cyber security is a common part of daily routines in the traditional IT domain, necessary security mechanisms are not yet widely applied in the vehicles. At first glance, this may not appear to be a problem as there are lots of solutions from other domains, which potentially could be re-used. But substantial differences compared to an automotive environment have to be taken into account, drastically reducing the possibilities for simple reuse. Our contribution is to address automotive electronics engineers who are confronted with security requirements. Therefore, it will firstly provide some basic knowledge about IT security and subsequently present a selection of automotive specific security use cases.

The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls. This paper addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software.

Connecting mobile communication channels to vehicles’ networks is currently attracting engineers in a wide range. Herein the desire of vehicle manufacturers to remotely execute software updates over the air (SOTA) within electronic control units (ECU) is probably the field of highest attention at the moment. Today software updates are typically done at vehicle service stations and connection the vehicles electronic network via the onboard diagnosis (OBD) interface to a service computer. Herby the duration of the update is invisible to the user, as this happens during standard service appointments. With introduction of SOTA, these updates become very convenient to the customer and can lead to higher customer satisfaction levels. SOTA can be made transparent to the user however the method of implementation can affect the user experience.

Functional safe products conforming to the ISO 26262 standard are getting more important for automotive applications wherein electronic takes more and more response for safety relevant operations. Consequently safety mechanisms are needed and implemented in order to reach defined functional safety targets. To prove their effectiveness diagnostic coverage provides a measurable quantity. A straight forward safety mechanism for sensor systems can be established by redundant signal paths measuring the same physical quantity and subsequently performing an independent output difference-check that decides if the data can be transmitted or an error message shall be sent. This paper focuses on the diagnostic coverage figure calculation of such data correlation-checks for linear sensors which are also shown in ISO 26262 part5:2011 ANNEX D2.10.2.

The way to autonomous driving is closely connected to the capability of verifying and validating Advanced Driver Assistance Systems (ADAS), as it is one of the main challenges to achieve secure, reliable and thereby socially accepted self-driving cars. Hardware-in-the-Loop (HiL) based testing methods offer the great advantage of validating components and systems in an early stage of the development cycle, and they are established in automotive industry. When validating ADAS using HiL test benches, engineers face different barriers and conceptual difficulties: How to pipe simulated signals into multiple sensors including radar, ultrasonic, video, or lidar? How to combine classical physical simulations, e.g. vehicle dynamics, with sophisticated three-dimensional, GPU-based environmental simulations? In this article, we present current approaches of how to master these challenges and provide guidance by showing the advantages and drawbacks of each approach.