EEA Safety and Security Perspective 02

[Samuel WENG]
AI, Cybersecurity, RAMS investigator
Note: first part in article
https://mp.weixin.qq.com/s?__biz=Mzg5NTIwMTEzOA==&mid=2247484777&idx=1&sn=08aa58f147f681ea566d2dcfd21f0351&chksm=c012bf74f7653662134357799a1232cbe4267db61eb9e6d3c2ebc70a60ab48c4729eda0ff0c2&token=876780445&lang=zh_CN#rd
拿细耳人不倒翁,公众号:智能网联安全EEA Safety and Security Perspective 01
This article further to discuss about mainly OTA.
Chapter-2: Domain controller based EE architecture ECU functional safety and cybersecurity
For domain controller based EE architectureor domain fusion based EE architecture, we can easily abstract out following system features:
-OTA, both from offboard and onboard side to discuss it and meanings
Note: very important tunnels or how to describe them the challenges
-Easily boot
Note: boot chain
-More intelligent Cockpit
-L4 based ADS Controller, V2X based, and Artificial Intelligent Chip
Note: for this we will directly discuss them in each sub-chapter for how to designand allocate.
-Intelligent Chassis and important Chassis functionalities
-Powertrain in VCU, Battery, ECM, Gearbox related etc
So, for this series of article, we will first to discuss each technical aspect, and then finalize on the final considerations for each sub-safety or sub-cybersecurity considerations.
2-1: OTA Discussion
For OTA introduction, we have to introduce the following basic vehicle-external topology first:
Here, VHL_x and VHL_y represents typical vehicle in the road no matter when in urban or in country side. They are typical V2X communications within them.
And Roadside station Urban means when in urban area, in the typical roadside, there will be roadside unit typically for transferring vehicle information towards city traffic status in real time. Here roadside station can be roughly divided into application unit and communication control unit.
And there will be TCP/IP protocol putting into force within Roadside Station unit and traffic sign. Here in TCP/IP it is only transport/network layer had been identified, other application layer protocol can be modified.
Shanghai City traffic status in real time represents government real time traffic monitoring system. Such system will improve roadside vehicle behavior and traffic overall status, in accordance with traffic sign signal changing.
For Shanghai Traffic center, there will be one test management center which receives signals flows from Vehicle side and roadside stations and then manage all of the road side traffic, whose sig nal managed and transmitted by TCP/IP protocol. More identified electronic traffic signs or warning symbols can be produced from traffic center.
For above:
1. There will be V2X communication between VHL_x and VHL_y (5G, LTE-V2X, or DRSC based V2X protocol)
2. IEEE 802.11b/g will be adopted asprotocol between VHL_x and VHL_y towards Roadside station, no matter it is urban or in motorway.
3. For shanghai traffic center and communication with VHL side, there are two types of communication:
- Mobile Telephone
- IEEE 802.11p, or LTE or 5G
And within each vehicle internal topology, there will be following:
1. Telematics ECU will be communication control unit of vehicle to communication externally. Inside telematics ECU, the smart antenna realizes the functions of body control, remote control, remote diagnosis, and OTA through vehicle Ethernet, BT, BLE, Wi-Fi, 3G/4G. In the AUTOSAR OTA Demo system, the smart antenna is responsible for authentication and communication with the OTA cloud; it is responsible for downloading, verifying, and backing up all controller upgrade files; it is responsible for the detection of all controller upgrade conditions and the execution of upgrade strategies; it is responsible for the analysis of controller upgrade files.
2. Firewall will implement network security isolation and prohibit unauthorized access; vehicle firewall policy management and dynamic updates; provide security protection mechanisms for inter-domain data interaction; boundary intrusion prevention detection and other functions.
3. The HMI interface in the cockpit domain controller is used for the human-machine interaction of the entire system upgrade process, that is, upgrade control operation and upgrade status information display. The upgrade application in the cockpit domain controller cooperates with the CM (communication management), DM (diagnosis management) and UCM (update configuration management) modules in the AUTOSAR adaptive platform architecture to complete the management and control of the upgrade ofeach module in the system.
4. ADAS domain controller is continuously upgraded through OTA to optimize the performance of pedestrians/vehicles that are not within the scope of laws and regulations, the perception and recognition of new commercial vehicle models and new traffic signs, optimization of functional control logic, and the addition of new autonomous driving features.
5. The gateway is responsible for combining the cockpit domain controller, ADAS domain controller, and vehicle firewall into a local area network that combines Ethernet to ensure safe and reliable data communication between modules, and performs protocol conversion between Ethernet data and CAN messages. Connect the car firewall and ADAS camera.
6. The gateway and firewall can be combined and the communication between gateway and each domain controller are Ethernet, and such communication or virtually way can be IP-based or MAC-based shall be formulated as rule sets in gateway and firewall.
Overall system OTA logic and sequence asfollowing:
Or, more in impressive way, the OTA processcan be as following:
Today we stop here and then to see further in the later series articles.
Thanks!
[Reference]
EVITAD1.2.5.1
https://www.eet-china.com/mp/a69486.html
(0)

相关推荐