Search Results

Vehicle Security means protecting potential threats, unintended malfunction and illegal tuning. In addition, it has become a more important issue on an automotive system as it is directly connected to the driver and pedestrian's life. Automotive industry significantly needs to enhance security policies to prevent attacks from hackers. Nevertheless, in some systems, performance still has to be considered at first when security functions are implemented. Especially, in case of Engine Management System (EMS), fast engine synchronization for starting should be considered as the first priority. This paper is intended to show an approach to design efficient secure boot implementation for EMS. At the beginning of this paper, the concept of secure boot is explained and several use cases are introduced according to execution modes, such as the foreground and background secure boot modes. As a next step, engine starting process by EMS is explained.

The automotive industry is moving from fossil carburant to electric drive trains due to the stringent CO2 reduction policies. In this context, the electric energy storage becomes one of the key parameters of successful rolling out electrified vehicles. Typical battery management systems comprises of battery cells measurement and monitoring, balancing function, temperature monitoring, together with the State of Charge and State of Health estimations based on the given measurements. Together with the functions above, a robust internal IC communication protocol is one of the key parameters to guarantee battery performance as well as safety. This paper focuses on the automotive battery communication system. On one side, the importance of the communication system and its impact in the EDT (electric drive train) is discussed including safety aspects. Later on, the different communication methods up to date are analyzed to further understand their limitations.

Cyber security is becoming increasingly critical in the car industry. Not only the entry points to the external world in the car need to be protected against potential attack, but also the on-board communication in the car require to be protected against attackers who may try to send unauthorized CAN messages. However, the current CAN network was not designed with security in mind. As a result, the extra measures have to be taken to address the key security properties of the secure CAN communication, including data integrity, authenticity, confidentiality and freshness. While integrity and authenticity can be achieved by using a relatively straightforward algorithms such as CMAC (Cipher-based Message Authentication Code) and Confidentiality can be handled by a symmetric encryption algorithm like AES128 (128-bit Advanced Encryption Standard), it has been recognized to be more challenging to achieve the freshness of CAN message.

The market potential for products such as scooters and small motorcycles is already self-sustaining. However, other applications for small engines can be more fragmented with a wide variety of requirements for the engine control unit. Consequently, the engine control unit can be designed to accommodate more features than are necessary for a given application to cover a broader market. The flip side of this approach is to design the engine control unit for a limited application reducing the market size. Neither approach creates a cost efficient product for the producer. It either supplies the market with an electronic control unit that has features not being utilized (wasted costs) or a unit that has limited capabilities reducing the economies of scale (higher costs). When these designs are developed using discrete components these inefficiencies are exacerbated.

Currently major investments by Tier1 and vehicle manufacturers are made to implement and optimize safety critical automotive systems according to the ISO standard 26262 “Road vehicles functional safety”. The ISO 26262 standard describes methods to detect the safety critical faults of a system designed according to the rules of functional safety, but it does not describe how an actual implementation shall look like. Development of ISO 26262 standard compliant systems concentrates on optimizing and improving cost and performance in a competitive environment. More competitive and practical implementations use fewer additional hardware and software resources for safety control and error detection and have higher performance with less overhead. Microcontrollers already have implemented many safety related hardware functions, so called safety mechanisms to mitigate safety critical risks.

The Engine Control Unit (ECU) for small engines is facing challenges with regard to performance, size and cost. In many instances, the customer requirements often contradict each other. Examples include higher performance at lower cost or smaller size, both of which can cause thermal challenges. In order to meet varying performance requirements in a platform approach, the ECU must provide a wide range of functionality. Providing a solution that can meet these flexible requirements will result in an increased component count and larger ECU size. An optimized feature set in the right package can help alleviate these issues. The ECU must be impervious to a wide range of environmental conditions, such as temperature, humidity and vibration. Restricted air flow must also be considered when designing an ECU. Existing approaches often apply the use of large aluminum housings to provide a strong mechanical support with good thermal performance.

In this paper, we propose a hardware and a software design method considering functional safety for an electro-mechanical brake (EMB) control system which is used as a brake actuator in a brake-by-wire (BBW) system. A BBW system is usually composed of electro-mechanical calipers, a pedal simulator, and a control system. This simple by-wire structure eliminates the majority of bulky hydraulic brake devices such as boosters and master cylinders. The other benefit of a BBW system is its direct and independent response; this leads to enhanced controllability, thus resulting in not only improved basic braking performance but also considerably easier cooperative regenerative braking in hybrid, fuel-cell, and electric cars. The importance of a functional safety based approach to EMB electronic control unit (ECU) design has been emphasized because of its safety critical functions, which are executed with the aid of many electric actuators, sensors, and application software.

The migration of many vehicle security features from mechanical solutions (lock and key) to electronic-based systems (transponder and RF transceiver) has led to the need for purely electrically operated locking mechanisms. One such example is a steering column lock, which locks and unlocks the steering wheel movement via a reversible electric motor. The safety case for this system (in respect to ISO26262) is highly complex, as there is no single safe state of the steering column lock hardware because there is a wider system-level interlock required. The employed control platform uses ASIL D capable multicore microcontroller hardware, together with the first implementation of AutoSAR® version 4.0 operating system to demonstrate a real-world usage of the newly specified encapsulation and monitoring mechanisms using the multicore extensions of AutoSAR and those of PharOS.

The aim of this paper is to compile the state of the art of engine control and develop scenarios for improvements in a number of applications of engine control where the pace of technology change is at its most marked. The first application is control of downsized engines with enhancement of combustion using direct injection, variable valve actuation and turbo charging. The second application is electrification of the powertrain with its impact on engine control. Various architectures are explored such as micro, mild, full hybrid and range extenders. The third application is exhaust gas after-treatment, with a focus on the trade-off between engine and after-treatment control. The fourth application is implementation of powertrain control systems, hardware, software, methods, and tools. The paper summarizes several examples where the performance depends on the availability of control systems for automotive applications.

As the automotive industry quickly moves towards hybridized and electrified vehicles, the optimal integration of power electronics in these vehicles will have a significant impact not only on the cost, performance, reliability, and durability; but ultimately on customer acceptance and market success of these technologies. If properly executed with the right cost, performance, reliability and durability, then both the industry and the consumer will benefit. It is because of these interdependencies that the pace and scale of success, will hinge on effective collaboration. This collaboration will be built around the convergence of automotive and industrial technology. Where real time embedded controls mixes with high power and voltage levels. The industry has already seen several successful collaborations adapting power electronics to the automotive space in target vehicles.

It is the beginning of a new age: multicore technology from the PC desktop market is now also hitting the automotive domain after several years of maturation. New microcontrollers with two or more main processing cores have been announced to provide the next step change in available computing power while keeping costs and power consumption at a reasonable level. These new multicore devices should not be confused with the specialized safety microcontrollers using two redundant cores to detect possible hardware failures which are already available. Nor should they be confused with the heterogeneous multicore solutions employing an additional support core to offload a single main processing core from real-time tasks (e.g. handling peripherals).

FlexRay1 is a high speed, time triggered and fault tolerant communication protocol, which was specified to meet the requirements of safety-critical automotive applications. The achieved maturity of FlexRay encourages the implementation on silicon. The CIC-3102 device is a standalone controller provided by Infineon Technologies. It runs the wide spread E-Ray3 IP from Bosch. A complete communication node for FlexRay requires additional devices for the physical layer and the application part. The CIC-310 can communicate with a host controller via three different interfaces micro link interface MLI, serial synchronous interface SSC, external bus XMU. Its physical layer interface corresponds to the FlexRay specification. The CIC-310 provides features like intelligent move engines to maximize the achievable data rate as well as to minimize the workload of the host. Therefore, the CIC-310 allows a very flexible and efficient way to build and operate FlexRay nodes.

Prototyping of a complete powertrain controller is not generally permissible due to the large number of subsystems involved and the resources required in making the design a reality. The availability of a complete control system reference design at an early stage in the lifecycle can greatly enhance the quality of the system definition and allows early ideas to be prototyped in the application environment. This paper describes the implementation of such a reference design for a gasoline engine and gearbox management control system, integrated into robust housing which can be used for development in a prototype vehicle. The paper also outlines the powertrain subsystems involved, discusses how the system partitioning is achieved, shows the implementation of the partitioning into the physical hardware, and concludes with presenting the system benefits which can be realized.

Braking systems require a high system safety level: New safety concepts need to be implemented by reducing the system complexity. Microcontrollers with special safety functions are available with implemented features, self detecting and compensating different types of faults. Today usually two microcontrollers are used to check each other. Power devices provide microcontroller supplies and drive motors and valves; internally the functions are supervised to avoid incorrect system behaviour due to wrong voltages, currents, missing loads or other malfunctions. Bus interfaces, signal conditioning and interfaces for high voltage signals are integrated into the power system ICs. Latest BIPOLAR-CMOS-DMOS power technologies enable the power semiconductors to integrate logic functions.

Trends in today's and future embedded powertrain systems show a strongly growing demand of communication between the functional units inside a car. A cost optimized system partitioning leads to several independent building blocks that have to be interconnected. Depending on the task of each building block, different classes of data exchange can be distinguished, differing in the required bandwidth, the tolerated latency and speed for real time critical tasks. In order to minimize the communication effort concerning time, chip size and overall costs, different communication requirements have been analyzed. The results lead to improvements of standard serial interfaces by application-oriented features.

Electronic throttle systems are becoming more and more important in today's motor vehicles. These systems consist of: a throttle valve with an electrical actuator and a transmission a position feedback an electronic acceleration pedal an electronic control unit (ECU) a semiconductor h-bridge for driving the motor. The electronic acceleration pedal gives a set point to the ECU. A control signal is generated and moves the motor of the throttle valve with a semiconductor h-bridge to the requested position. The voltage drop of a potentiometer is used here as control feedback signal. The potentiometer in the throttle valve is moved very often and has a rough environment like high temperature and vibrations. Therefore this system has a lot of problems with mechanical attrition and reliability during the whole system lifetime. The accuracy of the position control decreases over time.

Modern semiconductor devices enable highly efficient conversion of electrical power. Together with the microcontroller, they are the key elements for generation of the alternating currents from the car's DC supply that are necessary to drive high-performance units such as starter-alternators. These allow the combustion engine to crank up in several 100 ms and deliver up to 15 kW of electrical power. Smart driver ICs such as the TLE6280 enable the fast development of the interface between the microcontroller and the power switches. Currents of some 100A can be handled with the new OptiMOS FETs. Their rugged and ultra-low ohmic technology and their innovative packaging concepts, such as Power Modules and Power-Bonded MOSFETs, allow the building of compact and efficient control units.

Today's body and convenience applications in general directly control actuators and sensors from a single central electronic control unit (ECU). Future systems will be made of subsystem-clusters communicating via a local Class/A communication bus. This enables modular system design to reduce system complexity. For these types of new distributed applications the LIN bus is currently the most promising communication protocol. To allow a seamless migration from existing centralized to these next generation clustered system developers require software and hardware products for a homogenous and transparent LIN bus communication.

Today's requirements for engine management controllers are increasing in various aspects. Stronger emission standards and diagnosis requirements demand more complex control algorithms, faster system response times, better usage of sensor information throughout the system and higher accuracy of actuator stimuli. Despite that, new solutions are needed to answer the requirement for higher cost effectiveness, flexibility and reusability. The trade-off between cost and functionality is constantly being reviewed when choosing the right microcontroller to operate with an ECU. Integration of more complex and flexible functionality into the microcontroller helps to reduce the need for custom ASICs and thus reduce the overall system cost. In order to reduce the demands on CPU throughput within the microcontroller, manufacturers have introduced smart peripherals that off-load some of the work of the CPU into the peripherals.

Recent trends in field bus applications, especially in the automotive section, show a very high demand for data exchange between decentralised, intelligent functional units and modules. These functional units can be grouped together to power train applications or body/convenience applications. In many cases, the coupling of local modules is done with one or more independent bus systems. The actual design and the partitioning of the modules strongly depend on application-specific requirements, such as the total amount of data to be transferred or the maximum of the tolerated latency in data delivery. A very powerful and fast field bus is the CAN bus (Controller Area Network), which supports transfers with data rates up to 1 Mbits/s. Due to the higher transmission speed and the standardized functionality, CAN is a very interesting alternative to and improvement on bus systems based on other protocols.