D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming...
Transcript of D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming...
![Page 1: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/1.jpg)
2017©Excelfore
eSync Architecture and Programming Model for OTA and Diagnostics
Reaching Non-Ethernet Devices Over an Ethernet Backbone
Presentedby: ShrikantAcharyaChiefTechnologyOfficer,ExcelforeCorp.
ContributingAuthors: AnoopBalakrishnan,ExcelforeCorp.RemaBalaraman,ExcelforeCorp.
![Page 2: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/2.jpg)
2017©Excelfore
Agenda
1. Considerations– ObjectivesandConstraints
2. ArchitectureReview
3. Protocols,SystemRequirements,Security
4. UseCaseExamples
![Page 3: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/3.jpg)
2017©Excelfore
eSyncSystemDesignObjectives• Reach
• FromCloudtoEndDevice– AcrossVariousAutomotiveSub-Networks
• Bi-Directional• PipelineforDataPushandDataPull
• PushOver-the-Air(OTA)UpdatestotheVehicle
• PullDiagnosticandTelematicsDatafromtheVehicle
• HighlySecure• Vehiclescannotbe“Spoofed”orCompromisedwithSpuriousUpdates
• CloudServercannotbe“Spoofed”withSpuriousVehicleData
• Scalable• ScalestoManyDevicesinOneVehicle
• ScalestoManyDifferentVehicleConfigurations
• ScalestoMillionsofVehicles
![Page 4: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/4.jpg)
2017©Excelfore
ImportantDesignConstraints
• Downtime• FullVehicleUpdateCycleMustMinimizeVehicleDowntime
• Resilience• MustbeResilientAgainstErrors/InterruptionsinOver-the-AirTransmissions
• Efficient• MustBeFlexibleforDifferentProcessingandMemoryResourcesinLegacyECUs
• Safe• FunctionalSafetyConsiderations,asDefinedinISO26262(ASILlevels)
![Page 5: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/5.jpg)
2017©Excelfore
ImportantConsiderationsonSafetyandRobustness
• ISO26262Requirements:1. Non-Critical:TheOTAUpdateSystemDoesNotReachCriticalElementsatAll
- or-2. AllCritical:TheOTAUpdateSystem,andtheEntireIn-VehicleNetwork,
OperateEntirelyasaCriticalSystem- or-
3. IsolateCritical:TheIn-VehicleNetworkandtheOTAUpdateSystemIsolateCriticalandNon-CriticalElementsoftheSeparateASILdomains• RequiresParallel,SeparateOTAPaths
• Robustness• DesignforModularComponentIntegration• KeepUpwithCurrentTechniquesbyUsingLatestStandardsonSecurityandNetworkProtocols
![Page 6: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/6.jpg)
2017©Excelfore
Agenda
1. Considerations– ObjectivesandConstraints
2. ArchitectureReview
3. Protocols,SystemRequirements,Security
4. UseCaseExamples
![Page 7: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/7.jpg)
2017©ExcelforeADASInfotainment Body/ChassisPowertrain
VehicleGateway
PowertrainController/Gateway
ADASController/Gateway
BodyController/Gateway
eSync
CAN
LIN
CAN
Ethe
rnet
TSN
Ethe
rnet
TSN
CAN
Ethe
rnet
ASILD ASILBASILD ASILB
Ethe
rnet
AVB
LVD
S
………….………….
EthernetorOBDDiagnosticPort
High-Speed Ethernet
High-Speed Ethernet
High-Speed Ethernet
RepresentativeApproachtoNext-GenVehicleNetwork CloudServer
IVIHeadUnit/Gateway
![Page 8: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/8.jpg)
2017©Excelfore
TheeSyncSystemArchitecture
Encryption&Authentication
SecurityCheckPoint
Encryption&Authentication
![Page 9: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/9.jpg)
2017©Excelfore
UpdateAgent
![Page 10: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/10.jpg)
2017©ExcelforeADASInfotainment Body/ChassisPowertrain
VehicleGateway
PowertrainController/Gateway
ADASController/Gateway
BodyController/Gateway
eSync
CAN
LIN
CAN
Ethe
rnet
TSN
Ethe
rnet
TSN
CAN
Ethe
rnet
ASILD ASILBASILD ASILB
Ethe
rnet
AVB
LVD
S
………….………….
EthernetorOBDDiagnosticPort
High-Speed Ethernet
High-Speed Ethernet
High-Speed Ethernet
RepresentativeApproachtoNext-GenVehicleNetwork(SingleClient,MultipleAgents)
CloudServer
IVIHeadUnit/Gateway
eSyncClient
Agent
AgentsAgents
Agents Agents
Agent Agent Agent
![Page 11: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/11.jpg)
2017©Excelfore
OperationalModesofOTACloudtoDMClient
DMClienttoMessageServer
MessageServertoUpdateAgentStatusAgenttoUpdateAgent
UpdateAgentRe-flashofECU
RunDiagnosticScripts
ECUUpdateAgenttoMessageServer
StatusAgenttoDMClient
DMClienttoCloud
DataPush
DataPull
![Page 12: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/12.jpg)
2017©Excelfore
Agenda
1. Considerations– ObjectivesandConstraints
2. ArchitectureReview
3. Protocols,SystemRequirements,Security
4. UseCaseExamples
![Page 13: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/13.jpg)
2017©Excelfore
UDSServerCommandSequences
UDSSessionsLayer1. SettheUDSserverintoprogram
mode2. Resettonewmode3. RequestSeed*4. SendKey*5. TransferData†(multipledata
transfers)6. EraseMemory†7. VerifyMemory8. SettoNormalMode9. ResettoNormalMode10. EndofProcedure
UDSApplicationLayer1. TransferData2. ReadDataID(evenreadingDTC
codes)3. WriteDataID4. UploadData5. Erase6. Verify
*MaynotbeavailableonallECUs†SequencemaydifferbetweenUDSservers
![Page 14: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/14.jpg)
2017©Excelfore
EthernetBasedECUs
• NewerECUsMayhaveEthernetInterface
• SecurityProtocolscanbeEmbeddedintoECUs
• EndtoEndAuthenticationcanGototheECUsDirectly• PayloadcanRemainEncrypted
• SimplifiestheSecurityArchitectureandLayoutofDevices• ClearSegmentationofFunctionalDomains(usingPortsandVLAN)
• NoChangetoUDSClient/UDSServerHandshake• SameasCAN-basedECUTransactions
![Page 15: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/15.jpg)
2017©Excelfore
SecurityConsiderations
• DMClientActsasGateKeeperforAuthentication• PreferredLocation:InTCU• CanbeinGatewaySwitch– allExternalConnectionareAuthenticated
• DMClientinaHeadUnit (InfotainmentGateway)PresentsaSecurityRisk
• ForECUslocatedonFlexRay,CAN,LIN– UpdateAgentsCanResideinGateways• EachECUAuthenticateswithitsUpdateAgent
• NewerECUsonIPNetworkscanHostUpdateAgentwithintheirCodeSpace• IsolateLegacyECUsfromDirectConnectiontoOBDPort• UseECUArbitrationtoAuthenticateLegacyECUConnections
• DMClientandeachECUhavetheirownUniqueDigitalCertificates• EstablishBi-DirectionalAuthentication• DifficultforAttackersto‘Spoof'orImpersonateAnyElement,DifficulttoGainAccesstotheSystem
• Removes“maninthemiddle”Attacks
• ImpactonCostandPerformance
![Page 16: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/16.jpg)
2017©Excelfore
SystemResourceRequirementsforeSyncClient
• OperatingSystemwithSecureNon-VolatileFileSystem
• EnoughFileSystemMemoryfortheLargestExpectedCombinationofSoftwareUpdateImages,PlusApproximately10%
• EnoughNon-VolatileFileSystemMemorytoBufferDiagnosticandTelematicsData
• ToPreventLossofDatawhenConnectionisInterrupted
• Lessthan500KBforeSyncClientCode
• Typical:about500KBforRAM
• AdditionalRAMMaybeNeededforManyUpdate/DiagnosticAgentsintheSystem
![Page 17: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/17.jpg)
2017©Excelfore
Agenda
1. Considerations– ObjectivesandConstraints
2. ArchitectureReview
3. Protocols,SystemRequirements,Security
4. UseCaseExamples
![Page 18: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/18.jpg)
2017©Excelfore
DemonstratedUseCaseEnvironments
eSyncClient:
• OperatingSystems:Linux,QNX,IntegrityandAndroid
• OtherOSandFileSystemsarePossible
• Processors:IntelApolloLake;NXPi.MX6;QualcommSnapdragon820;RenesasR-Car3
eSyncAgent:AllOSsandProcessorsUsedfortheeSyncClient,Plus:
• OperatingSystems:AUTOSAR,Erika,FreeRTOS
• ProcessorsandControllers:NXPMPC5777/5648;CortexR4/CortexM
• Bus/Networks:Ethernet(Broad-RReach,AVB/TSN),CAN,LIN,FlexRay,USB
![Page 19: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/19.jpg)
2017©Excelfore
UseCase1:BasicVehicleSystem
eSyncClient
Agent
Agent
Agent
Agent
Agent
![Page 20: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/20.jpg)
2017©Excelfore
UseCase2:VehicleInterconnectUsingEthernetforNewVehiclePlatforms
eSyncClient
Agent
Agent
AgentAgent
Agent
Agent Agent
![Page 21: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/21.jpg)
2017©Excelfore
UseCase3:Multi-DomaineSyncOTASystemWithSecureGatewayforCriticalDomain
eSyncClient1
Agent
Agent
Agent
eSyncClient2
SecureDomain
![Page 22: D1-08 ACHARYA eSync Arch and Programming …...2017 ©Excelfore eSync Architecture and Programming Model for OTA and Diagnostics Reaching Non-Ethernet Devices Over an Ethernet Backbone](https://reader033.fdocuments.in/reader033/viewer/2022050607/5fae4832a11f5e03de05bc50/html5/thumbnails/22.jpg)
2017©Excelfore
SummaryofeSyncSystem
• Bi-DirectionalandTransactionBasedInformationTransfer• ModularDesignwithUpdateAgentsforAllElectronicDevices(ECUs,Sensors,etc.)• IntheDeviceforIPAddressableEthernetDevices• IntheIPAddressablePortoftheGatewaySwitchforCAN,LINDevices• EnsuresSystemReachesAllElectronicDevices
• LayeredAuthenticationandEncryptionBetweenAllModules• RobustSecurityagainstHackers
• AnyNumberofUpdateAgents,UpdateAnyNumberofECUsinParallel• MinimizesVehicleDowntimeduringUpdates
• ModularDesignforOptimalUseofLimitedCPUandMemoryResources