OTA and Remote Diagnostics Vector ongress 26, Stuttgart, 26--29 V. 26--29
onnectivity offers greater Benefit to the automotive industry At a glance onnectivity offers greater benefit to the Automotive Industry: Software update Remote diagnostics Data collection There is a need for prompt delivery of OTA We have identified the most important success factors: Security Reliability Reuse A successful implementation requires significant know how in automotive and IT 2/8
onnectivity offers greater benefit to the Automotive Industry Software update adds value and is a way to keep connectivity secure lassic AUTOSAR and others: Reprogramming monolithic blocks with UDS protocol. Adaptive AUTOSAR and POSIX-like operating systems: Install and update software packages onsider dependencies between programs and shared libraries. Updating connectivity and OTA: Maintain the communication and security relevant parts of the vehicle There is a risk for brain dead vehicles (no communication) lassic Adaptive 3/8
onnectivity offers greater benefit to the Automotive Industry Remote diagnostics adds disruptive elements to well-known applications ompile and send regular vehicle health-reports Summarize present and stored failures, gas consumption, mileage, oil-level, Useful information for the driver Useful information for the OEM: Get deep insight into fleet health status Get remote roadside assistance from central vehicle support centers Allows remote diagnostics when malfunction indicator illuminates: ontinue drive or keep waiting for the towing service? Some EE issues can even be solved immediately. Make inspection and repair in car workshop more predictable and comfortable Actions, effort, time of visit can be planned beforehand based on vehicle health-report and an enhanced remote diagnostics when required Spare parts will be ordered early and are already available when car comes in 4/8
onnectivity offers greater benefit to the Automotive Industry Data ollection provides new insights into vehicles in the field Setup a campaign to analyze a certain phenomenon Select vehicles Define measurement configuration and trigger condition Transfer configuration from backend into vehicles of selected fleet Perform measurement, pre-evaluate and collect data Transfer data to the backend Perform data analytics Refine configuration if needed lose campaign Internet Backend 5/8
There is a Need for prompt Delivery of OTA There is a need for prompt delivery of OTA The starting signal has been given First applications are already available. Some customers do expect such functions. http://de.freepik.com/fotos-vektoren-kostenlos/menschen Menschen vektor durch Kjpargeter Freepik.com entwickelt 6/8
We have identified the most important success Factors We have identified the most important success factors Security Establish a secure channel that guarantees privacy and authentication. Reliability Make OTA functions robust and efficient. Reuse Take advantage of well-proven industry standards. Integrate into existing processes. Benefits Provide convenient functionality with additional value for the car owner 7/8
We have identified the most important success factors Security - A threat analysis on the OTA process PDX Backend Internet onnectivity Diag gateway Assets Flash data along the communication path: > Over-the-air communication between backend and vehicle. > Storage devices. > In-vehicle communication. Body hassis Gateway Security keys of the devices. Threats: > ompromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services. Impacts: > Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions. Flash Bootloader ADAS Infotainment 8/8
We have identified the most important success factors Security - A threat analysis on the OTA process PDX Backend Internet onnectivity Diag gateway Assets Flash data along the communication path: > Over-the-air communication Protect between the backend data on and storage vehicle. devices from > Storage devices. reading and writing by malicious attacker. > In-vehicle communication. Body hassis Gateway Security keys of the devices. Threats: > ompromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services. Impacts: > Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions. Flash Bootloader ADAS Infotainment 9/8
We have identified the most important success factors Security - A threat analysis on the OTA process PDX Backend Internet onnectivity Diag gateway Assets Flash data along the communication Separating path: the connectivity module in the > Over-the-air communication architecture between backend provides and vehicle. less attack surface. > Storage devices. Even if hacked, there is no direct access to > In-vehicle communication. vehicle buses. Body hassis Gateway Security keys of the devices. Threats: > ompromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services. Impacts: > Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions. Flash Bootloader ADAS Infotainment /8
We have identified the most important success factors Security - A threat analysis on the OTA process PDX Backend Internet onnectivity Diag gateway Assets Flash data along the communication Over-the-air path: communication uses PKI and > Over-the-air communication certificate between backend handling. vehicle. > Storage devices. The connectivity device handles and stores > In-vehicle communication. the key material. Body hassis Gateway Security keys of the devices. Threats: > ompromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services. Impacts: > Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions. Flash Bootloader ADAS Infotainment /8
We have identified the most important success factors Security - A threat analysis on the OTA process PDX Backend Internet onnectivity Diag gateway Assets Flash data along the communication path: End-to-end protection with digital signatures. > Over-the-air communication between backend and vehicle. > Storage devices. Additionally, data can be encrypted and decrypted inside the bootloader. > In-vehicle communication. Body hassis Gateway Security keys of the devices. Threats: > ompromising keys. > Data access or manipulation. > Man-in-the-middle. > Denial of services. Impacts: > Financial loss. > Manufacturer reputation. > System malfunction. > Safety functions. Flash Bootloader ADAS Infotainment 2/8
We have identified the most important success factors Reliability - Software update with redundant data storage Keep current and new version in the EU: onnectivity EU Software download is performed into the secondary memory section. Application V. Application V2. In case of a failure, all EUs will keep on executing the current version. Data V2. Diag gateway Ready for execution UDS- Flash Bootloader Programming Keep current and new version at central location: onnectivity EU In case of a failure, the update can be rolled back. Data V. Diag gateway Application V2. Programming Data V2. UDS- Flash Bootloader 3/8
We have identified the most important success factors Reuse: Take advantage of existing protocols - what do we need? There are many existing protocols. The best choice depends on the use case: Synchronous or asynchronous, client/server or peer-to-peer, streaming or event triggered. Which one is the best for given use-cases in the automotive industry? Data collection Software Update Remote Diagnostics App A App B App DoIP SOME/IP OMA-DM SOAP HTTP(S) MQTT BEEP SMTP (S)FTP UDS OBD UDP TP/TLS SOAP {REST} 4/8
We have identified the most important success factors Reuse: Onboard - Offboard Responsibilities Abstraction Layer Backend proprietary Tester Application MVI-Server JOBs ODX*/ PDX* 2 Where to cut between vehicle and backend on communication or on a more abstract level? Keep and manage data containers required for interpretation in the backend or the car? Or break down containers? Vehicle D-PDU-API 3 Autosar * Typically proprietary binary runtime format on the abstraction layer of the standard. 5/8
A successful implementation requires significant know how in automotive and IT A successful implementation requires significant know how in automotive and IT A sustainable solution integrates in-vehicle and backend/server software seamlessly. 6/8
onnectivity offers greater Benefit to the automotive industry Summary onnectivity offers greater benefit to the Automotive Industry: Software update Remote diagnostics Data collection There is a need for prompt delivery of OTA We have identified the most important success factors: Security Reliability Reuse A successful implementation requires significant know how in automotive and IT Vector is familiar with Automotive and IT. 7/8
For more information about Vector and our products please visit www.vector.com Author: Volker Ebner, Armin Happel, hristoph Rätz Vector Germany 26. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V. 26--29