OTA and Remote Diagnostics - Vector · OTA and Remote Diagnostics ... Reprogramming monolithic...
-
Upload
truonglien -
Category
Documents
-
view
234 -
download
0
Transcript of OTA and Remote Diagnostics - Vector · OTA and Remote Diagnostics ... Reprogramming monolithic...
V1.0 | 2016-11-29
Vector Congress 2016, Stuttgart, 2016-11-29
OTA and Remote Diagnostics
Connectivity offers greater benefit to the Automotive Industry: Software update Remote diagnostics Data collection
There is a need for prompt delivery of OTA
We have identified the most important success factors: Security Reliability Reuse
A successful implementation requires significant know how in automotive and IT
At a glance Connectivity offers greater Benefit to the automotive industry
2/18 2/18
Classic AUTOSAR and others: Reprogramming monolithic blocks with UDS protocol.
Adaptive AUTOSAR and POSIX-like operating systems: Install and update software packages Consider dependencies between programs and shared libraries.
Updating connectivity and OTA: Maintain the communication and security relevant parts of the vehicle There is a risk for “brain dead” vehicles (no communication)
Software update adds value – and is a way to keep connectivity secure Connectivity offers greater benefit to the Automotive Industry
Classic
Adaptive
3/18 3/18
Compile and send regular vehicle health-reports Summarize present and stored failures, gas consumption, mileage, oil-level, … Useful information for the driver Useful information for the OEM: Get deep insight into fleet health status…
Get remote roadside assistance from central vehicle support centers Allows remote diagnostics when malfunction indicator illuminates:
Continue drive or keep waiting for the towing service? Some EE issues can even be solved immediately.
Make inspection and repair in car workshop more predictable and comfortable Actions, effort, time of visit can be planned beforehand based on vehicle health-report
and an enhanced remote diagnostics when required Spare parts will be ordered early and are already available when car comes in
Remote diagnostics adds disruptive elements to well-known applications Connectivity offers greater benefit to the Automotive Industry
4/18 4/18
Setup a campaign to analyze a certain phenomenon Select vehicles Define measurement configuration and trigger condition Transfer configuration from backend into vehicles of selected fleet Perform measurement, pre-evaluate and collect data Transfer data to the backend Perform data analytics Refine configuration if needed Close campaign
Data Collection provides new insights into vehicles in the field Connectivity offers greater benefit to the Automotive Industry
Backend
Internet
1
1
0
1
1 0
0
0
1
0
1 1
1
0 0
1 1
0 1
1 0 0 0
1 0 1 1 1
0 0
1 1
0 1
1 0 0 0
1 0 1 1 1
0 0
1 1
0 1
1 0 0 0
1 0 1 1 1
0 0
5/18 5/18
The starting signal has been given
First applications are already
available.
Some customers do expect such functions.
There is a need for prompt delivery of OTA There is a Need for prompt Delivery of OTA
http://de.freepik.com/fotos-vektoren-kostenlos/menschen „Menschen vektor durch Kjpargeter – Freepik.com entwickelt“
6/18 6/18
We have identified the most important success factors We have identified the most important success Factors
Security • Establish a secure channel that guarantees privacy and authentication.
Reliability • Make OTA functions robust and efficient.
Reuse • Take advantage of well-proven industry standards. Integrate into existing processes.
Benefits • Provide convenient functionality with additional value for the car owner
7/18 7/18
Security - A threat analysis on the OTA process We have identified the most important success factors
C C
Backend Diag gateway
Assets Flash data along the communication path:
> Over-the-air communication between backend and vehicle. > Storage devices. > In-vehicle communication.
Impacts:
> Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions.
Internet PDX
Gateway Body
Chassis
ADAS Infotainment
Flash
Bootloader
Threats: > Compromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services.
Security keys of the devices.
Connectivity
8/18 8/18
C C
Backend
Internet PDX
Assets Flash data along the communication path:
> Over-the-air communication between backend and vehicle. > Storage devices. > In-vehicle communication.
Impacts:
> Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions.
Threats: > Compromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services.
Security keys of the devices.
Diag gateway
Gateway Body
Chassis
ADAS Infotainment
Flash
Bootloader
Security - A threat analysis on the OTA process We have identified the most important success factors
Connectivity
Protect the data on storage devices from reading and writing by malicious attacker.
9/18 9/18
C C
Backend
Internet PDX
Security keys of the devices.
Assets Flash data along the communication path:
> Over-the-air communication between backend and vehicle. > Storage devices. > In-vehicle communication.
Impacts:
> Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions.
Flash
Bootloader
Threats: > Compromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services.
Diag gateway
Gateway Body
Chassis
ADAS Infotainment
Security - A threat analysis on the OTA process We have identified the most important success factors
Separating the connectivity module in the architecture provides less attack surface. Even if hacked, there is no direct access to vehicle buses.
Connectivity
10/18 10/18
Security - A threat analysis on the OTA process We have identified the most important success factors
Diag gateway
Assets Flash data along the communication path:
> Over-the-air communication between backend and vehicle. > Storage devices. > In-vehicle communication.
Impacts:
> Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions.
PDX
Gateway Body
Chassis
ADAS Infotainment
Flash
Bootloader
Threats: > Compromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services.
Security keys of the devices.
C C
Over-the-air communication uses PKI and certificate handling. The connectivity device handles and stores the key material.
Internet
Backend Connectivity
11/18 11/18
C C
Backend Diag gateway
Internet Connectivity
Assets Flash data along the communication path:
> Over-the-air communication between backend and vehicle. > Storage devices. > In-vehicle communication.
Impacts:
> Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions.
Threats: > Compromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services.
Security keys of the devices.
Security - A threat analysis on the OTA process We have identified the most important success factors
PDX
Gateway Body
Chassis
ADAS Infotainment
Flash
Bootloader
End-to-end protection with digital signatures. Additionally, data can be encrypted and
decrypted inside the bootloader.
12/18 12/18
Reliability - Software update with redundant data storage We have identified the most important success factors
Keep current and new version in the ECU: Software download is performed into
the secondary memory section.
In case of a failure, all ECUs will keep on executing the current version.
Keep current and new version at central location:
In case of a failure, the update can be rolled back.
ECU
UDS- Flash
Bootloader
Application V1.0
Application V2.0
Programming Ready for execution
Connectivity
DataV2.0
Diag gateway
Connectivity ECU
DataV1.0
DataV2.0
UDS- Flash
Bootloader
Application V2.0
Programming Diag gateway
13/18 13/18
There are many existing “protocols”.
The best choice depends on the use case: Synchronous or asynchronous, client/server or peer-to-peer, streaming or event triggered.
Which one is the best for given use-cases in the automotive industry?
Reuse: Take advantage of existing protocols - what do we need? We have identified the most important success factors
TCP/TLS UDP
SOME/IP … HTTP(S) M
QTT
BEE
P
SM
TP
(S)F
TP
…
Data
collection
Software
Update
Remote
Diagnostics Ap
p A
Ap
p B
Ap
p C
OMA-DM SOAP
DoIP
{REST}
SOAP
OBD UDS
14/18 14/18
Where to cut between vehicle and backend – on communication or on a more abstract level?
Keep and manage data containers required for interpretation in the backend or the car? Or break down containers…?
Reuse: Onboard - Offboard Responsibilities We have identified the most important success factors
D-PDU-API
MVCI-Server
Autosar
proprietary Tester
Application
ODX*/ PDX*
Abstraction Layer Bac
kend
Ve
hicl
e
JOBs
* Typically proprietary binary runtime format on the abstraction layer of the standard.
1
2
3
15/18 15/18
A successful implementation requires significant know how in automotive and IT A successful implementation requires significant know how in automotive and IT
A sustainable solution integrates in-vehicle and backend/server software seamlessly. 16/18 16/18
Connectivity offers greater benefit to the Automotive Industry: Software update Remote diagnostics Data collection
There is a need for prompt delivery of OTA
We have identified the most important success factors: Security Reliability Reuse
A successful implementation requires significant know how in automotive and IT
Vector is familiar with Automotive and IT.
Summary Connectivity offers greater Benefit to the automotive industry
17/18 17/18
© 2016. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2016-11-29
For more information about Vector and our products please visit www.vector.com
Author: Volker Ebner, Armin Happel, Christoph Rätz Vector Germany