LDRA
Over the last decade, the world has been moving to adapt green technologies to reduce greenhouse gas emissions and limit climate change. Increasingly, standards and regulations across industries are being re-envisioned with environmental sustainability goals. One of the primary sources of emissions has been automobiles with internal combustion engines that generate energy using fossil fuels. Given the approximately 1.2 billion vehicles on the road worldwide, the need for cleaner energy technology in the automotive domain is imperative, leading to active research and development of electric vehicles. However, in addition to making vehicles more sustainable, there is a need to make them safer and more secure as well.
A quick look at the components of an electric vehicle will explain why it is critical for engineers to focus on developing a safe and secure EV.
- Battery: These devices store electricity to be used by the electric motor. In an electric drive vehicle, an auxiliary battery provides electricity to power vehicle accessories.
- Battery Management System (BMS): The BMS is an electronic circuit system whose purpose is to monitor the status of the battery, maintain its health, and safeguard against damage. The BMS is also used in recharging the batteries.
- Electronic Control Unit (ECU): Previously, vehicles employed a decentralized approach where various subsystems were brought together. As such, each sensor used in the vehicle was controlled by an individual ECU. Modern vehicles are moving towards a centralized electronic design (i.e., a single circuit board). With this approach, all the sensors are connected to a single ECU.
- Sensors: These devices detect changes in the vehicle’s environment and send this information to other devices. Automotive sensors track vehicle status such as throttle position, GPS, speed, battery life, RPM, and many other parameters.
- Vehicle Tracking System (VTS): The VTS is mounted on the vehicle and tracks the vehicle's location in real-time. The data is often passed to software that provides a comprehensive picture of vehicle location for an entire fleet.
- Motors: Using power from the traction battery pack, the motor drives the vehicle's wheels. Some vehicles use motor generators that perform both the drive and regeneration functions.
- EV Infrastructure: The EV infrastructure supplies electrical energy to battery-operated vehicles for charging and recharging. The power is measured in KW. These systems are also known as Electric Vehicle Supply Equipment (EVSE).
Credit: LDRA
Electric vehicle safety and security needs
Electric vehicles have frequently been in news headlines because of cars catching fire originating from batteries. These batteries operate in high voltage capacities, reach up to 600 volts, and require special insulations and unique safety considerations. OEMs must take special safety precautions with electronic components and batteries to address high temperatures, overcharging, short circuits, overheating, and other extreme environmental conditions.
Systems Consolidation: No system within an EV works in isolation. A variety of ECUs are interconnected to each other across various in-vehicle buses and networks. Moreover, these ECUs are built upon multiple MCUs/processors, each running independent and complex software that must constantly interact with the other systems. More focused fundamental research is working on integrating multiple ECUs to be driven by a single system on chip (SoC). This might result in the risk of critical portions of the system being compromised, making the system less secure overall.
More Complex Software: The increased complexity of software arises from the variety of independent components, their interfaces, and the great many usage scenarios they must address. Some of these components are reused from open and/or publicly sourced freeware. As the code is readily accessible by hackers, this makes it easier to manipulate and/or reverse engineer code. Cars also provide connectivity and pair with smartphones and storage devices that may be loaded with malware.
Connected Car and Telematics: Electric vehicles are exposed to a whole new dimension of vulnerability when they access and utilize cloud technologies. Automakers strive to differentiate vehicles through advanced features like remote unlocking, remote diagnostics, breakdown assistance, theft recovery, automatic accident detection and response, and advanced navigation features such as real-time traffic updates with just a cellular/satellite connection. In the case of a cloud or its channel security breach, vehicle security has the potential to be compromised. For example, many aftermarket remote diagnostic services are far from fool proof. Thus, vehicles are getting infected by malware or accessing malicious servers, thus putting the vehicle at risk.
Firmware Over The Air (FOTA): FOTA enables vehicle manufacturers to update systems in the field. The convenience of FOTA is a popular feature with customers. However, FOTA also increases the vehicle attack surface for hackers.
A different vulnerability potential arises due to the need for systems to communicate across domains. For example, central locking generally belongs to a benign domain. However, in an emergency such as after an accident, it becomes imperative that doors are unlocked. Thus, even though central locking is benign, it communicates with a more critical domain. If such scenario communications between virtual machines are implemented, their very nature demands that their implementation be secure.
With these high-risk software components identified, attention can be focused on the code associated with them. To be effective, a system must not only have secure code but actively contribute to the effectiveness of the underlying architecture by acknowledging and reinforcing its weak points.
Adherence to safety & security standards
Standards have been the pillar in creating safe and secure systems. There are numerous efforts to ensure that safety requirements are met, including global standards like IEC 61508 and ISO 26262. Such standards are formulated by stakeholders, and thus involve the entire ecosystem. Further regulations like Euro NCAP, US NCAP, China, and Bharat NCAP etc. are helping to streamline new car assessments by providing universally correlated rating systems.
Other software architecture frameworks like AUTOSAR are developed by Auto OEMs and stakeholders like suppliers and tool developers for interoperability of electrical and electronics systems across ECUs and applications. While this makes life easier for developers, a common API also makes life easier for attackers and increases the risk of a security threat. There are specific software coding guidelines like MISRA and CERT guidelines used by OEMs to ensure the vehicle is safe and secure. Adherence to international safety and security standards enable manufacturers to cater to their domestic markets and global markets through exports.
Software testing using tools
An electric vehicle is a complex harmony of software and hardware. The importance and complexity of software establishes the need to ensure that software is designed and developed the right way. Ensuring enough tests are made at each stage of the life cycle can only result in a safer and more secure system. As manual testing is resource intensive, software testing using automated toolchains is preferred as it simplifies testing while accelerating design and development. At the same time, these tools ensure safety and security with greater reliability than manual approaches can. Use of qualified tools is imperative in achieving automated testing toolchains.
Software quality tools such as those that LDRA offer automate code analysis for safety-critical and security-critical applications; support the entire design process, from requirements to deployment, and help to eliminate or reduce more labor-intensive and error-prone elements.
Conclusion
For developers of automotive systems, the move towards more rigorous process standards raises concerns around increased development time and cost. Adherence to international standards will enable manufacturers to build world-class products to cater to their domestic markets while also being able to meet new global demand and need. A substantial increase in the lines of codes in today's vehicle combined with the cybersecurity concerns associated with connectivity and the risk of injury or death caused by software errors have raised the stakes for developers. Even without a catastrophic event, no developer or manufacturer wants to be associated with an expensive vehicle recall due to a software error.
Use of qualified automated testing tools can only enable the entire electric vehicle ecosystem to speed development of systems while improving overall safety and security. As qualified tools with TUV and SGS SAAR certifications, LDRA provides a complete software verification and validation solution to develop safety- and security-related automotive software.