Fallout could be slower adoption of autonomous vehicles as ecosystem proceeds with caution.
While carmakers continue to add increasingly sophisticated driver assist features to new models, semiconductor industry ecosystem players are ramping up their foundation knowledge of what is needed from a technology and security perspective.
Fortunately, it appears many existing semiconductor design tools will fit the bill as part of new approaches for automotive design.
Mike Stellfox, a Cadence Fellow, noted that Cadence is investing in an automotive functional safety flow that incorporates traditional tools like simulation, formal and emulation but adapts it for specific market requirements. “It requires new technology but it’s not like —at least in that particular flow — a complete revolution. At the same time, there are certain things like FMEDA [failure modes, effects, and diagnostic analysis], which definitely need more tooling and automation around them.”
FMEDA is a process the automotive industry is borrowing from aerospace and other industries. It’s not specific to anything, noted Robert Bates, chief safety officer in Mentor Graphics’ Embedded Systems Division. And, because the tooling is rather poor, it provides an opportunity for either traditional EDA players or others to come up with a good solution for it due to many shared requirements.
In addition to automotive, Stellfox has seen similar trends in the industrial arena with companies such as GE building much more sophisticated capabilities for controlling systems in mil/aero.
It really comes down to safety, and life-critical versus non-safety and non-life-critical markets, Bates asserted. “When your phone dies, you reboot your phone, you’re good. Your Amazon Echo dies, you power-cycle it, you’re good. Your car dies or your infusion pump dies, or your airplane dies — good luck.”
The elephant in the room is security, which is an even a bigger problem than safety because today even the automotive protocols don’t support the right level of security, and as such, pretty much everything needs to be redesigned, said Joerg Grosse, product manager for functional safety at OneSpin Solutions.
There are 23 hack points in the automobile today, said Vic Kulkarni, vice president and general manager Ansys. “This is the classic number that we hear from automotive and solution providers. From infotainment systems to just using an iPhone in your car — there are many hack points, including all of the antennas, which are going in around the car for lane changing. As such, they can be easily hacked.”
Kulkarni believes it’s a stack of security that’s needed right from the semiconductor IP providers, including Cadence, Mentor, Synopsys, ARM, and others.
Complicating matters is the craftiness of hackers, which is giving rise to dynamic encryption, given that the signature of an IC can be recognized through infrared imaging by a hacker very easily with near-field communications, Kulkarni said. “The car next to you can read what your IC chip signature looks like, so dynamically changing the signature for hardware, and handshakes within the hierarchy being Bluetooth, WiFi, LTE for centralized communication to the service centers, and so on will all need a tremendous ecosystem of the chip design industry, along with embedded systems companies. Further, we have to start merging discussions with the automotive OEMs, as well as Tier suppliers, and we’ve already started that work. How can we create that security check? And for the dynamic changing signature of hardware IP, how do you then continue that handshake? That’s a big challenge.”
From the hardware perspective, IP encryption is seen as a similar concern to safety for security or isolation. And being able to actually prove through formal verification, or other techniques, that the device is secure is definitely a concern within the EDA community.
At the same time, it isn’t clear what it means to be secure at this point. “We learn a lot about safety from other industries,” said Mentor’s Bates. “We’re learning a lot about security from other industries. We talk about rebooting a smartphone when something goes wrong with it. But if the security features built into a smartphone were in the car today, you wouldn’t be hearing as much about people breaking in. There’s a lot that we already know about security. The thing that’s going to be interesting is that 20-year lifetime. Take an iPhone 5 for example. It’s about two years old and it’s about at the end of its useful life. With your car, two years old is still new.”
How that looks over 20 years is another matter. And this is where over-the-air (OTA) updates will be critical. “Those are necessary, and need to be built in,” said Grosse. “You can’t design a secure system without it. You have to have those updates.”
Security and safety
This is a problem with safety issues, as well, Stellfox said. On one hand, security can impact safety in a big way if there are OTA updates. So how, then, do you re-verify the entire car?
The only thing clear at this point is that security, and the design of security features, is an unresolved issue at this point. While the need for security is being discussed to no end, the solutions have yet to materialize, all of which will need to be solved before fully autonomous cars hit the roads.
Even so, Kulkarni suggested we are too aggressive in terms of predicting the future. “It’s probably going to be augmented automation in a car, as opposed to totally autonomous cars, as the first phase. We all will learn when, unfortunately there is one accident that happens on the 101 freeway where 15 cars get into an accident because of hacking, and that will throw us back 15 years. It’s so easy to hack into those cars, as Jeep-Chrysler has shown. The more we talk to people, the more they want to take baby steps first and address immediate needs like improving sleepy driver safety in terms of lane changing, and so on. It’s almost impossible to lose with this approach. Help the driver that way and let Uber and Google try those other methods.”
Premium price for premium expertise?
Given the amount of special requirements, will this drive a higher price point for technology providers? Can automotive functional safety solutions command a premium price?
Bates said it’s like anything else. “At some point it becomes expected, and you’re seeing that. I bought a Volvo five years ago, when the whole rear camera was an add-on. Now it’s being built into economy cars.”
EDA tools may be a different story, though. “You’re bringing extra value,” said Stellfox. “We’re in the business of automation, so if we can save time and effort and help customers improve quality — definitely. It does open up new opportunities.”
Kulkarni pointed out that the expectation is value creation. But if distinct, quantifiable value can be shown, it should follow that customers will pay.
Measuring value, however, can be a moving target, especially when the biggest point of failure is the driver, Bates observed. “You’ve got this side where if we can show that it’s better than the human driver, then some of this formalism may not be buying us a whole lot. We have to come to some kind of common ground, and it may be hardware versus software, because the hardware must be rock-solid reliable. The software has to be better, but what does better mean? And if we go from ‘better,’ in a traditional quality metric standpoint, to better than a human driver or better than the last generation — maybe that’s the quality metric that ultimately we have to shoot for.”
But Stellfox questions whether similar dynamics will play out in automotive as in other areas like mobile, where systems companies — with Apple being the best example — decide to take more control of their destiny.
“This disaggregation in the automotive industry, especially with OEMs, Tier 1, Tier 2, works to a disadvantage of driving all this complexity across multiple levels of vendors and hierarchy. Will the focus on ADAS be disruptive in the automotive industry, where car companies build more of their overall electronics? If so, this does open up a lot of opportunities,” he said.
Related Articles
The Higher Cost Of Automotive
Suppliers looking to enter this market pay a premium in design time, certification and verification requirements.
The Race To Secure The Car
Connectivity and complexity are raising concerns about safety and reliability.
Grappling With Auto Security
The search is on for a way to balance connectivity, performance and security.
Great article and read. However, I found this statement interesting:
“The only thing clear at this point is that security, and the design of security features, is an unresolved issue at this point.”
There are several products already offered by Tortuga Logic that address this exact problem by enhancing existing verification platforms for security.