Continental Corp
Your Really Smart Car

Vehicles are being engineered with a silicon infrastructure that does everything from control the powertrain to allowing remote connections—including the possibility of hacking.

According to Infineon (infineon.com), the average vehicle on the road today has $300 worth of chips inside it. Chips as in processors. Devices that can do a wide variety of things in toto, but which are generally fairly limited as regards what any individual chip does or can do. That is, in the case of Infineon, its semiconductor offerings run the gamut from keyless door opening to power-train control to integrated safety systems. These processors are optimized for what they are supposed to do in a vehicle.

Glen DeVos, Delphi vp of Engineering for its Electronics & Safety Div. 
(delphi.com), puts the difference between the processor that you have on your desk right now (i.e, your computer) with what is at work when you go out to drive home from work: “The primary difference is they”—the vehicular processors—“are very application specific. The computer in your office is a general-purpose computer. It can do anything. Put software on it, and do what you want. The computers in your car are designed for functions they support. So they are cost-optimized and functionally optimized for the job they support. By doing that, keep the cost at an affordable level. Go into Best Buy and buy a nice computer, you’ll pay several hundred dollars for it. But you certainly couldn’t afford that price for a door-control module or even a transmission controller. By having purpose-designed and purpose-built computers, meet cost and perform flawlessly in that environment and for that job. At the end of the day, the microprocessor is very application specific.”

In fact, go to Best Buy and that “nice computer,” while not particularly expen-sive—at least not compared to what it cost just a few years ago (thanks for Moore’s Law)—will probably set you back more than that $300 of silicon in your car. The economics of cars dictates that cost effectiveness is a requirement whether it is a hinge or an HVAC controller.

It is not that these systems are neces-sarily simple, however. For example, I randomly selected a Delphi engine control module (ECM), the MT80, from among the company’s offerings. It is described as being a “low cost controller.” It has a 32-bit, 66-MHz RISC microprocessor and up to 1.5 MB of flash memory; it is capable of making real-time adjustment to the fuel, air and spark; uses digital signal processing for knock control; and provides an array of advanced valve train functions, including Linear Exhaust Gas Recirculation, Dual Independent Cam Phasing, and Variable Geometric Intake Solenoid. It may be “low cost” but it isn’t dumb.

And speaking of smarts, consider the electronic stability control (ESC) unit. According to Andrew Whydell, senior manager, Product Planning, Global Electronics, TRW (trw.com), the ESC controller is obtaining data from sensors—yaw, roll, torque, and angle sensors, lateral accelerometers—at a rate of 10 times per second. The data are processed such that they are compared to a “model” of the vehicle. The controller, Whydell says, “Calculates how it believes the vehicle should behave.” That is, if the vehicle is going 50 mph and the driver has adjusted the steering wheel from center by 20°, then the system knows that there should be particular yaw and lateral acceleration parameters as a consequence, and if there aren’t, then the ESC controller engages the steering and the brakes.

As you can well imagine, when it comes to things like adaptive cruise control, which is on the path to autonomous driving, then you have the controller integrated with cameras, lasers, radar, and possibly other sensors. This is a hugely data-intensive application. According to Richard Soja, systems engineer, Automotive MCU Div., Freescale Semiconductor (freescale.com), “In vehicles, the most data intensive is image processing in applications such as collision avoidance. The data processing rate is in the order of 100 billion operations per second.”

Which means that there needs to be more processing power in vehicles. Which explains why a study by Strategy Analytics has it that the automotive semiconductor market was $26-billion in 2012 and will compound at an annual average rate of 7.4% by 2017.

And to provide a sense of how rapidly suppliers are responding to the new demands, consider this, from Infineon: “Until just a year or so ago, typical 32-bit automotive microcontrollers [MCUs] had a top clock speed around 200 MHz and maximum memory size of 4-6 MB. The newest generation 32-bit MCUs boast 50% greater totals. More importantly, the new generation devices are true multicore chips (the exact same central processing unit is repeated on the silicon chip several times). This allows for redundant processing (known as LockStep) and/or for higher overall performance to handle emerging types of tasks.” Like advanced driver assistance systems.

One of the more interesting aspects of automotive intelligence is the network. There are the networks inside the vehicle that connect various controllers. Robert Bosch Automotive Electronics (bosch.com) separates the car into four primary domains: Body & Cabin, Infotainment & Cockpit, Vehicle Motion & Safety, and Powertrain. These are networked by CAN bus, LIN bus, FlexRay, MOST, and even Ethernet. (Bosch knows more than a little something about networks, having developed CAN bus—controller area network—back in 1986.)

The difference between the various communications systems is bandwidth, or throughput, which is predicated, in part, by the media used, be it wire or optical fiber. Delphi’s DeVos describes CAN (controller area network) as the “backbone of vehicle communications.” It pretty much has a connection to everything else in the system.

Other systems tend to be more specific in application. For example, MOST, which stands for Media Oriented Systems Transport, which was developed in 2001, operates at up to 150 mb/s, which is why it is generally used for things like in-car infotainment. BMW is using 100 mb/s Ethernet—yes, the same tech that you may have your office computers networked with—for its X5 camera system.

But back to the “backbone.”

The outside world has access to CAN via the OBD II connector, which has been required since 1996; this on-board diagnostics connector was mandated because it would allow the monitoring of a vehicle’s emissions (i.e., a mechanic could simply plug into the port and then get a readout of the performance of things like the engine control module).

But this access point has come to have other functions. For example, Delphi and Verizon Wireless have developed “Vehicle Diagnostics by Delphi,” a device that is plugged into the OBD II port, and then provides a range of functionality, from remote door unlock to, yes, vehicle diagnostics. This runs over the Verizon network, which explains the telco’s involvement.

Similarly, Sprint (sprint.com) is offering a device that’s also plugged into the OBD-II port. It is called “Integrated Insurance Solutions.” It provides a variety of functions including, as its name implies, data to a driver’s insurance carrier about such things as the distance a vehicle is being driven so that usage-based insurance coverage can be calculated. What’s more, Sprint has developed a function for the unit that blocks the driver’s cell phone from sending or receiving texts once a car starts moving. (Sprint also provides Sprint Velocity, which is the underlying tech for Chrysler Uconnect Access.)

One of the original telematics systems installed in vehicles, OnStar (onstar.com), which launched in model year 2007 Cadillacs, is integrated into a vehicle’s electrical architecture, which explains why it can do things like unlock doors through a smart phone-based app. And, yes, because of its integration into the electrical architecture, OnStar, through “Vehicle Slowdown” and “Remote Ignition Block,” can be used in cooperation with law enforcement officials to slow a car to a stop (this is actually rather more complicated than simply pushing a button and having a car’s engine shut off; there is a whole protocol that must be followed because otherwise there could be a series of unintended consequences) or preventing the vehicle in question from being started. And like the mechanic or technician plugging into an OBD-II port (which OnStar doesn’t do, by the way), the telematics service can perform vehicle diagnostics, as it queries several thousand diagnostic codes to assess the status of vehicle systems.

One thing that has been getting an increasing amount of attention of late—particularly after this past August, when the Def Con 20 conference was held in Las Vegas and two white-hat hackers (i.e., good guys), Charlie Miller and Chris Valasek, presented a paper, “Adventures in Automotive Networks and Control Units.” Although the title is somewhat whimsical, the paper details how they hacked into two vehicles—2010 model Ford Escape and Toyota Prius—by getting to the vehicles’ CAN bus via the OBD-II ports.

Less widely reported was another paper presented in August 2011 at the USENIX Security Symposium by a group of researchers from the University of California, San Diego, and the University of Washington*, “Comprehensive Experi-mental Analyses of Automotive Attack Surfaces.” In this study, the researchers looked, in part, at the various means by which a car’s electronics network can be accessed. In some instances, it is the same way that you can put a virus into your computer: many cars now have a USB port to plug in a thumb drive on which there’s music; there can also be more to it than entertainment. The researchers also determined that short- and long-range transmitters (think of the keyfobs that allow you to unlock doors as short-range; think of the communication via cellular networks as long) can be used to access controllers.

DeVos acknowledges that hacking is a real concern. He notes that there are three areas that are being considered:

1. Someone taking over control of what a vehicle is doing. “As we move toward autonomous systems, someone could take over the car and drive it,” he says.

2. Data theft. As more people avail themselves of in-vehicle Internet connectivity and so conduct ecommerce from the comfort of their 10-way-power adjustable seat, they could have their information scooped up by someone unscrupulous.

3. Vehicle theft. “As cars get more con-nected and there are more points of entry into the networks, there is a concern for vehicle theft,” DeVos says. That is, if you can do remote unlocking and starting, there is the potential that an unauthor-ized someone could do the same.

“In all cases,” DeVos says, “this points to the fact that as you architect the software for the vehicle, security has to be a part of it.” They are, he says, doing such things as creating firewalls between the interfaces of the various domains (e.g., powertrain, chassis, safety) through encryption and message verification techniques.

One thing is certain: Whether it is for information and entertainment or optimizing vehicle performance for safety and efficiency, the amount of processing power in a vehicle, silicon and the networks, is going to grow inexorably.

 

_____________________________________________________________

*Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage, University of California, San Diego; Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno, University of Washington.