[Samuel WENG]
AI, Cybersecurity, and safety investigator
This is series of articles discussing EEA era how the safety and security perspective will perform.
When in one common day, Xiaoming get up early and go to company for work, who work for one OEM in China acting as EE architecture designer. Early getting up cannot heal his mood, after several days of hot debating with his safety colleagues Laura and security colleagues Tom.
They are discussing about how to build up one new development platform in EE architecture and at best way to get functional safety and cybersecurity fusion, as well low cost.
Xiaoming explain a lot that their companyare using Domain Centralized EE architecture, and have sharp budget constraint, and in some domain the ECUs perhaps will suffers from ASIL level or CAL level down. However, Laura will say how critical are those ECUs can not down and the real time operation including FTTI shall be followed, vise verse Tom will say that domain controller did not have enough cybersecurity controls since the private data are hugely collected there even though they are not safety critical.
Finally they cannot get good results and even several weeks, the projects stopped, finally they come to me and we will discussed it.
Chapter 0: Background
Worldwide, almost from 2018, we had gonethrough many innovation technologies like
- V2X
- ADS system
- Software Define Vehicle
Most of us will know the EE architecturewill have following roadmap as highlighted by BOSCH when in 2019:
Chapter 1: Overall ECU functional safety
For common ECUs when in Distributed E/E architecture era, the ECU functional safety classification can be rated as following table, which symbolize 77 ECUs ASIL level and cybersecurity assurance level:
(referto article https://mp.weixin.qq.com/s?__biz=Mzg5NTIwMTEzOA==&mid=2247484581&idx=1&sn=076b64811576eca1da8bc6f6916427e5&chksm=c012beb8f76537aeb769ae5408fadb91ac0b0d4af76b3e04936a75eebc7eb084d44c014e6b47&token=1293115818&lang=zh_CN#rd)
ID
ECU name
Domain
ASIL
CAL
01
Gateway
Car body comfort
B
4
02
Domain controller
Car body comfort
B
3
03
Intelligent power switch
Car body comfort
B
2
04
T-BOX
Car body comfort
B
3
05
Adaptive head light
Car body comfort
A
1
06
Sunroof motor control module
(anti-pinch)
Car body comfort
A
1
07
Body control Module
Car body comfort
B
3
08
Car remote control key
Car body comfort
A
2
09
Intelligent dashboard system
Car body comfort
A
2
10
Electrically controlled seat adjustment system
Car body comfort
B
2
11
Construction machinery controller
Car body comfort
N/A
N/A
12
Door control module
Car body comfort
A
2
13
Air Conditioning control unit
Car body comfort
A
1
14
LKA
Car safe
D
2
15
LCA
Car safe
D
2
16
ACC
Car safe
D
2
17
AEB
Car safe
D
3
18
LDW
Car safe
QM
2
19
FCW
Car safe
B
1
20
DMS
Car safe
B
2
21
APS
Car safe
B
2
22
Night vision
Car safe
B
1
23
Pedestrian protection system
Car safe
A
2
24
Traffic Sign Detection
Car safe
QM
2
25
Blind Spot Detection
Car safe
QM
2
26
Downhill control system
Car safe
B
1
27
APA
Car safe
B
2
28
ALKS
Car safe
D
2
29
mmRADAR
Car safe
B
2
30
LIDAR
Car safe
B
2
31
CAMERA
Car safe
B
2
32
Angle RADAR
Car safe
QM
2
33
Highway Pilot
Car safe
D
2
34
Traffic Jam Pilot
Car safe
D
2
35
Level 4 in close roads
Car safe
D
3
37
Sensor fusion
Car safe
D
2
38
Tire Pressure Monitoring System
Car safe
D
2
39
EPB
Car safe
B
2
40
ESP
Car safe
D
2
41
ABS
Car safe
D
2
42
Intelligent Air Suspension System
Car safe
B
2
43
Electronic hydraulic steering control system
Car safe
B
2
44
EPS
Car safe
D
2
45
Steering wheel Angle sensor
Car safe
C
2
46
Autonomous parking system
Car safe
C
2
47
Electronic brake assist
Hybrid power
D
2
48
VCU
Hybrid power
C
2
49
Vehicle Motor control system in new energy vehicle
Hybrid power
D
2
50
Brushless DC motor controller
Hybrid power
D
2
51
Extender control system
Hybrid power
B or C
2
52
OBC-DCDC for electric vehicle
Hybrid power
B
2
53
Integrated power control unit for electric vehicle
Hybrid power
C
2
54
Remote Monitoring and Data Service System for electric vehicle
Hybrid power
B
3
55
BMS
Hybrid power
D
2
56
Engine Management System
Hybrid power
D
3
57
Electronic clutch
Powertrain
B
2
58
Electric pump
Powertrain
A
1
59
Engine control unit
Powertrain
D
3
60
Diesel engine reprocessing control system
Powertrain
C
2
61
High pressure common rail system control unit of diesel engine
Powertrain
N/A
N/A
62
AMT
(Automatic Mechanical Transmission control unit)
Powertrain
C
3
63
TCM
(Transmission system)
Powertrain
C
3
64
CAN FD
Common Service
depends on detail service or functionality
2
65
CAN HS
Common Service
depends on detail service or functionality
2
66
LIN
Common Service
depends on detail service or functionality
2
67
ETHERNET
Common Service
depends on detail service or functionality
3
68
FLEXRAY
Common Service
depends on detail service or functionality
2
69
MOST
Common Service
depends on detail service or functionality
2
70
12V POWER SUPPLY
Common Service
D
2
71
High dimension map
Car safe
D
4
72
Bluetooth
Common Service
QM
2
73
WIFI
Common Service
QM
2
74
Cellular communication
Common Service
QM
4
75
V2X
Common Service
B
4
76
OTA Server
Backend
SIL4
4
77
PKI allocation
Backend
SIL4
4
EE architecture can be rated as, and ASIL level classification rated as following:
Adding up the ASIL level, it will be
If considering the CAL level, it will be
Usually we will list out the state of arttechnical mechanisms using in ECUs:
Normally there will be mechanisms adopting for different levels of methodology:
Classification
Safety mechanisms
Cybersecurity control
ASILD
For communication in Ethernet: end to end communication protection
Alive counter, time out warning, CRC(32)
Hamming distance >=4
CAN: E2E, CRC 16bit
Hamming distance >=4
Hamming weight >=4
E-GAS architecture or redundant processors + actuators
ASILC
For communication in Ethernet: end to end communication protection
Alive counter, time out warning, CRC(16)
Hamming distance >=4
CAN: E2E, CRC 16bit
Hamming distance >=4
Hamming weight >=3
E-GAS architecture or redundant processors
ASILB
For communication in Ethernet: end to end communication protection
Alive counter, time out warning, CRC(8)
Hamming distance >=3
CAN: E2E, CRC 8bit
Hamming distance >=3
Hamming weight >=2
Single core with sufficient safety mechanisms
ASILA
For communication in Ethernet: end to end communication protection
Alive counter, time out warning, CRC(4)
Hamming distance >=2
CAN: E2E, CRC 4bit
Hamming distance >=2
Hamming weight >=2
Single core with sufficient safety mechanisms
CAL4
Firewall mandatory for external attack surface
IDPS proposed
When in OTA, PKCS or PUF requested, back up memory mandatory and regression mechanisms can be completely accepted
Symmetric encryption not OK
RSA >=2048
ECC>=256
Pentest and TARA shall perform longer than half year
Using development cost can up to 3 times of asset value
Secure boot, secure storage, secure driving, secure separation etc
CAL3
Firewall mandatory for external attack surface
IDPS proposed
When in OTA, PKCS or PUF requested, back up memory mandatory and regression mechanisms can be completely accepted
Symmetric encryption not OK
RSA >=2048
ECC>=256
Pentest and TARA shall perform longer than 4month
Using development cost can up to 2 times of asset value
CAL2
When in OTA, PKCS or PUF requested
Symmetric encryption
AES 256
Pentest and TARA shall perform longer than 3month
Using development cost can up to 1.5 times of asset value
CAL1
When in OTA, PKCS or PUF requested
Symmetric encryption
AES 256 OR 128
Pentest and TARA shall perform longer than 2month
Using development cost can up to 1 times of asset value
We will stop here and then to see more in the next article.
