Disabling the Hackers of Tomorrow with Flexible HIL Testing
01 March 2018
If you look around our world today, the growth in electromechanical systems is quite astounding. Many of the things we interact with on a daily basis are being controlled by some number of embedded control systems, and nowhere is this more evident than in the modern day automobile.
Think about all of the things a car can do today: provide a mobile platform of passenger entertainment, prevent drivers from falling asleep at the wheel, autonomously park itself, and even communicate with other cars and the surrounding infrastructure. With all of this data being processed and analyzed by the car, the number of electronic control units (ECUs) inside the vehicle has increased. In fact, in some advanced luxury vehicles, the number of ECUs can reach up to 80 or even 100.
These devices must communicate through in-vehicle networks, but traditional networks like CAN and LIN do not have enough bandwidth to keep up with the new features and capabilities in today's cars, so automotive companies are faced with a choice: either continue to add more networks and cables in the car to handle the bandwidth, or use different networks with more throughput. Adding more networks and cables poses a huge problem because more wiring equals more weight, which means worse fuel efficiency and performance.
One of the leading candidates for a potential solution is automotive Ethernet because of its significant increase in bandwidth. But using Ethernet in the car to connect control systems can create a sense of uncertainty about the overall security and safety of the vehicle. Ethernet itself is very common technology that can be easily found and used.
So this poses a common question regarding security: how easy will it be for someone to 'hack' into a car via an Ethernet port and flash an ECU to completely change the vehicle's functionality and potentially endanger passengers? Because of this uncertainty and the fact that passenger safety is absolutely imperative in the automotive industry, there is now more pressure on automotive companies to prevent these situations while also validating proper behavior.
A common practice to validate the functionality of an ECU, or system of ECUs, is hardware-in-the-loop (HIL) testing where engineers can simulate real-world conditions around electronic systems, including potential security threats. HIL testing allows engineers to test even the most extreme conditions and is an industry best practice for finding software defects.
Automotive Ethernet also poses a particularly challenging issue for HIL testing because it is currently used for multimedia and infotainment purposes in the car, but the vision is set and work is being done within IEEE to make sure it will be capable of handling complex control situations that could be safety critical.
This means that the higher-level protocol used to communicate between ECUs isn't standardized yet, resulting in different companies using different protocols, so the HIL test systems have to be adaptable. For example, one of the most common protocols used in a car today for the in-vehicle cameras is IEEE 1722, but not everyone is using it and it isn't specific for control applications. This is where we hear many of our customers asking us for flexible HIL testing platforms that will allow them to accommodate their customer requirements.
A very powerful technology that is critical in a flexible HIL test system is an open field programmable gate array (FPGA). FPGAs provide completely reconfigurable hardware that bring significant advantages such as parallel processing, ultra-fast pin-to-pin response time, and openness for complete customization. With the openness of FPGAs, users don't have to require a custom ASIC to achieve their functionality.
When it comes to being used for the particular use case of ensuring safe in-vehicle communications of networks like automotive Ethernet, FPGAs can help in the following ways:
Implement Custom/Varying Protocols – Since the upper-level protocol to be used with automotive Ethernet is not standardized yet, it is critical to be have an HIL platform that can adapt to many variants. FPGAs allow users to customize with their own protocols using the Ethernet physical layer, which can prevent hackers because the IP of how the protocol works is private. In addition, the flexibility of FPGAs allows the users to change the functionality of their test system when moving from one customer/protocol to another.
Restbus Simulation – An open FPGA combined with an Ethernet front-end gives the user ultimate flexibility in simulating the rest of the bus around the ECU and can implement common techniques like message queueing and real-time sequences.
Error Injection – Through an FPGA, the user has unlimited access to each individual bit that can be used for communication, so a common testing strategy is to simulate errors and malfunctioning devices through varied bit timing or irregular patterns.
Contact Details and Archive...