Self-driving connected cars will drive a change in the way systems are architected for safety, according to Michael Bolle, who is soon to take up the post of worldwide research director at Bosch. Delivering the mid-week keynote at the DATE conference in Dresden, Bolle said using conventional techniques, validating autonomous, passenger-carrying vehicles will take too long.
“With autonomous driving, new questions arise,” said Bolle. “We have looked at what it takes to validate autonomous driving, and the time was estimated at 100,000 years. We need breakthrough solutions from the research community.”
The lengthy process of verifying safe, autonomous systems contrasts with the pressure to reduce the time it takes to develop new vehicles. “Product life cycles will have to become much faster,” Bolle said. “The automotive industry has to become much faster.”
The requirement to cut development times in the face of the need to build increasingly complex safety cases presents a problem that the industry is likely to solve using modular design, Bolle said. “We have to find ways to become faster and more cost-effective. The idea is to go into standardisation and use standard interfaces so that we make each component safe only one time, and rely on the steps taken during the first introduction.”
Cars will also use reprogrammable techologies to allow them to be upgraded remotely without a recall to the dealership. “We want to bring new software to these systems without bringing cars out of the field,” Bolle claimed.
As well as safety, the automotive industry is faced with the problem of having vehicles hacked remotely through the wireless connections they will need to receive high-accuracy live map data and information from other cars on the road. “What we see is that the attack surface, the possibilities that a hacker has to get into our systems are increasing exponentially. The use-cases we examined in the past are not sufficient to combat this. In principle, every person on the road can try to attack a connected vehicle.”
Bolle contrasted the situation with safety, where the automotive industry has embraced the ISO26262 standard. “Unfortunately, no automotive standard for security is available today. It’s a topic that we are working on in the industry. Bosch acquired a security company, Escrypt, to have this competency within the organisation. Our approach at Bosch is to go for a layered system, starting with the ECU.
“We developed a hardware security module as an IP block. That will be given to our partners when we source an ECU. The idea is to integrate the HSM [hardware security module] into host CPUs coming from our partners. We will not use it in every ECU,” said Bolle, as the focus for the HSM will be on critical ECUs. “But semiconductor companies are working on the security issue so we will find comparable mechanisms in other CPUs.”
The HSM work started five years ago, Bolle said, and will incorporate crypto modules and its own processor to authenticate messages passed between software tasks and controllers attached to the in-car networks.
The second layer is a protection mechanism for the network, in which truncated message authentication codes will be used to check whether commands that appear at a controller’s interface came from trusted systems in the vehicle and were not injected by a hacker or a compromised system. For the third layer, gateway modules will separate different systems in the car into protected network zones. Finally, for the wireless connections to the outside world, firewalls will provide a fourth layer of protraction, Bolle explained.
The complexity of automated driving means that it is highly unlikely to appear in one stage, fully formed. “There will be a step-wise introduction. Today we have functions like adaptive cruise control and lane-keeping support that work with a limited number of sensors. The roadmap to automated driving will increase the number of sensors,” said Bolle, who claimed the next step to autonomous vehicles lies in systems that help move a car in jams and very slow traffic. “We will arrive with fully automated driving then with a highway pilot and then finally will come automated driving in urban areas.”