A Proposed Communication Architecture for Secure

13 downloads 0 Views 488KB Size Report
automotive applications has begun in 1993 with a document [1] published by the Society of ... [2], was exploded by Utayba M and Al-Holou N in [4] where they developed an ... plans to expand yet its membership roster in the future to additional automotive ... and communicating with a central calculator via a real time network ...

A Proposed Communication Architecture for Secure Data Transmission in New Generation Electric Vehicles Houda Jaouani, Rim Bouhouch, Amel Ben Ncira Salem Hasnaoui Sys’Com Laboratory National Engineering School of Tunis Tunis, Tunisia [email protected], [email protected], [email protected], [email protected]

Abstract— In the last few years, electronic control systems in modern vehicles made great strides and they become so efficient, but also so complex. Specific requirements on each part of new vehicles have led to the development of different automotive networks. Thus, today’s cars communication system is usually based on various technologies. In such architecture, many ECU’s might be connected to several buses and the rising number of subsystems increases the overall complexity and affect analyzability, scalability and maintainability. On the other hand, the bandwidth requirements of control applications in future Electric Connected Vehicles cannot be met by CAN or FlexRay networks. Ethernet presents a relevant alternative possessing the potential to meet future bandwidth requirements and a great competitiveness from a cost perspective. In this paper, we will propose a new generation vehicle communication benchmark and a vision to adopt Ethernet topology in automotive domain. Keywords-; Car Benchmark, Future generation vehicle, Automotive applications, Ethernet&IP

Khaled Jelassi Electrical Systems Laboratory National Engineering School of Tunis Tunis, Tunisia [email protected]

as automotive applications. In fact, thanks to its important features making it able to address interoperability, new technologies, tools and stringent requirements for today’s and tomorrow’s vehicles, it could offer an alternative for in vehicle network infrastructure and provide a relevant solution for automotive safety critical applications, when supporting a network protocol (IP) that prevents direct communication across different serial data systems and provides highperformance bandwidth of 100 Mbps. Moreover, the adoption of this technology in this relatively new market space reduce connectivity costs and cabling weight and enables then introducing advanced features into the automotive domain such as analyzability, scalability and maintainability without need for expensive or complexity and cumbersome shielded cabling. Therefore this technology would be a welcome addition if designed for the rigorous environment and when supported by a robust supplier infrastructure.

I. INTRODUCTION Market demands and regulations are leading the automotive industry to face increasing design and business challenges due to the fast adoption rates of sophisticated infotainment, advanced safety features, semi-autonomous driving/control, and remote diagnostics. Specifically, requirements for efficient, fast, and reliable communications among modules within a vehicle and between vehicles in a fleet are testing the limits of current network protocols.

However, today's topologies are typically based on various technologies such as CAN, FlexRay, MOST and Ethernet. In these architectures, some ECU's could be connected to more than one communication system (e.g. CAN and FlexRay or different CAN domains). This rising number of subsystems increases the overall complexity tremendously. Hence, traditional Ethernet as a "puristic" logically flat network is not a realistic topology for heterogeneous automotive networks. Therefore, several researches are actually aiming to find optimum package of solutions to conform this technology to the automotive environment.

Existing networking technologies for intra-vehicle communication (e.g., CAN, FlexRay), and RADAR/LIDAR, camera-based, inter-vehicle sensing may not be able to tackle all the challenges on bandwidth, cost, and reliability. Hence, new protocols for intra-vehicle, vehicle-to-vehicle, and vehicleto-infrastructure communications must be defined and developed to facilitate the adoption of new features for enhanced safety, driver comfort, and commercial use cases.

This paper is recognized in 6 sections. After the introduction and in a second section, we present some previous works dealing with the same issues. The third section is dedicated to an introduction to Embedded Systems world and the Model Based Design methodology. In section four, we give the vehicle prototype adopted in this work and we present in the following section a response time computing method.

Ethernet technology is widely used in our daily lives, but it presents also a great potential for utilization in other fields such



A. Vehicle Benchmark Development Studies Modeling and performance evaluation works for automotive applications has begun in 1993 with a document [1] published by the Society of Automotive Engineers (SAE). The document that describes the signaling requirements for a prototype electric car with point-to-point communication network, has been used as basis for building an intra-vehicle communication benchmark [2][3]. In the resulting model, signals were not designed for any specific protocol; rather, they represent the data that needs to be exchanged between the different benchmark modules. Furthermore, the SAE has not specified a signal average period for sporadic tasks. This problem has been solved after that by Kopetz [3] who decided to respect the condition that the latency of periodic signals should be less than or equal to their period and then modeled sporadic tasks as periodic tasks with a period of 20 ms. Kopetz’s messages were especially designed to best serve the TTP protocol. However, Tindell and Burns organized their messages to best fit the CAN protocol and decided to adopt a more relaxed assumption for sporadic tasks considering a latency of 20 ms and a period of 50 ms. Their resulting message structure containing 17 periodic messages [2], was exploded by Utayba M and Al-Holou N in [4] where they developed an extended benchmark based on the SAE Benchmark and taking into account some modern sub-systems that have been adopted recently in the automotive industry. Utayba. M and Al-Holou. N used the Controller Area Network (CAN) protocol to validate its adequacy for representing the modern intra-vehicle network requirements. Since then, electronics and embedded applications have been constantly more and more present in vehicles. Therefore, it was very important to expand old works in order to move closer to modern vehicle model. In this context, we have proposed in a previous work [5] an advanced model based on the SAE Benchmark and its extension by Utayba and AlHolou. In this work, we applied a timing analysis on an extended vehicle model presenting a total of 15 modules connected by the FlexRay network, to further prove that all tasks are schedulable and deadlines are insured. As consumer demand for in-vehicle connectivity continues to grow, automotive manufacturers are under constant pressure to deliver competitive, innovative features while minimizing cost. That leaded to a higher demand for high speed communication protocols. Ethernet standards is nowadays presenting a relevant alternative to fit all this requirements since it would allow car manufacturers to enhance features and increase customer satisfaction and quality by reducing costs and increasing bandwidth through cost-effective components and fewer cables. B. Automotive Ethernet technology emergence The OPEN (One-Pair Ether-Net)) Alliance SIG (Special Interest Group) was founded in November 2011 by BMW, Bosch, Broadcom, Continental, Freescale, Harman, Hyundai, Jaguar Land Rover, NXP and Renesas. The alliance counts now 140 members of manufacturers, OEMs (Original

equipment manufacturers) and automotive electronics, and plans to expand yet its membership roster in the future to additional automotive suppliers and manufacturers |[6]. This non-profit, open industry alliance is built to encourage wide scale adoption of Ethernet-based networks as a standard in automotive applications. Founding members focused initially on establishing interoperability requirements, third party testing, certification procedures, and higher data rate specification requirements. Then, in order to meet automotive application needs, the OPEN Alliance SIG has adopted a solution enabling to move towards more regular Ethernet based topologies that avoid ad-hoc connections such as the Broadcom BroadR-Reach. The automotive-qualified new technology engineered to meet the stringent in-vehicle requirements of the automotive industry, was optimized to allow multiple in-car applications (such as infotainment, automated driver assistance and on board-diagnostics) to simultaneously access information over an unshielded single twisted pair cable delivering highperformance bandwidth of 100Mbps. According to Broadcom Corporation, this technology allows automotive manufacturers to eliminate cumbersome and shielded cabling reducing then connectivity costs up to 80 percent and cabling weight as much as 30 percent. In June 2012, at the University of New Hampshire InterOperability Laboratory (UNH-IOL), semiconductor companies completed the first round of conformance testing, demonstrating adherence to the BroadR-Reach standard. In fact, the UNH-IOL has been conducting Ethernet testing for nearly 25 years and remains at the forefront of evolving Ethernet technologies for the automotive industry and beyond. By operating one of the world’s most comprehensive Ethernet test beds, the UNH-IOL is the de facto standard for knowledge and experience in Ethernet testing. As a provider of broad-based testing and standards conformance services for the networking industry and aside from conformance testing, the UNH-IOL is actively developing interoperability specifications and defining future testing procedures insuring higher data rate specification requirements for the BroadR-Reach standard, in-conjunction with the OPEN Alliance. In this context, the lab, announced on August 2012 the launch of the first Automotive Ethernet Consortium, paving the way for semiconductor companies to address stringent requirements of the automotive industry for next generation invehicle networking. The OPEN Alliance SIG endorses then the UNH-IOL as the first laboratory to test BroadR-Reach®. This migration from multiple closed applications to a single open, scalable Ethernet-based network within the automobile also allows manufacturers to incorporate more electronic systems and devices, creating a superior connected experience behind the wheel. For consumers, this means availability of new, innovative features for safety (i.e. 360-degree surround view parking assistance, rear-view cameras and collision avoidance systems and eventually automated driving); comfort and infotainment (access to social media applications via dashboard); as well as improved fuel efficiency and performance, and greater affordability.

In the same context, several Ethernet & IP @ Automotive Technology Days were organized. The first was hosted by BMW AG and the second was hosted by Continental AG. Topics covered at these technology days include IEEE802.3bp; IEEE802.1 AVB, TSN; AUTOSAR, GENIVI; Automotive Applications; OPEN Alliance BroadR-Reach; Wake Up Concepts; EMC; Connectors; Cables; ISO26262; etc. These events were open to anyone interested in the next generation automotive communication technology. On January 2013, the Institute of Electrical and Electronic Engineers (IEEE) announced the formation of an IEEE 802.3™ Ethernet Standard study group to explore the requirements for network latency and real-time control in industries such as industrial automation and automotive, and to look at additional opportunities to expand the overall Ethernet market and their associated technology requirements [7]. Finally, a last Ethernet & IP @ Automotive Technology Day was organized by the IEEE Standards Association (IEEESA) on June 2013 and focused on addressing automotive industry needs by continuing, restructuring and expanding previous efforts in this field. III. EMBEDDED SYSTEMS AND MODEL BASED DESIGN As embedded systems are obtaining an increasingly complex architecture marked by the presence of several Electronic Control Units ensuring each one a single function and communicating with a central calculator via a real time network, traditional methods for design and control systems implementation are becoming irrelevant for modern embedded devices. In fact, old methods allow the designer to detect the design errors only after the prototyping and integration phases, what causes the delay of the software validation. Then, these traditional methods take more time for the embedded software and material development. In the last few years, the embedded system design knew a remarkable evolution and changes concerning especially the methodology. The first objective of these changes is to reduce the time to market of the product after its design. In this context, we find a new approach adopted by the companies allowing the reduction of the development time which is the Model Based Design (MBD). This approach became a development standard in several fields such as automotive field and aeronautic. It is based on the Matlab and Simulink for the design. Indeed, it allows the design of flexible models then to generate an optimized code which will be charged in the target. Thus, the Model Based Design has emerged as a way to address the difficulties related to the design of control systems. In fact, the use of a model library allows dividing the challenges and optimizing the resulting code which saves enormous time of system design since a large part of the work has been reduced by the design of the library. The Model Based design can be summarized in the following steps: 

The model of the entire system is made from blocks and parameters to describe the implementation details.

The design options of the system and the model's performance can be evaluated from the simulation.

The resulting model is optimized in order to meet the specifications.

The application is automatically created for testing in real time.

Within this framework our work is integrated in this new approach of the embedded development. It aims to provide a relatively realistic model for the different modules of the vehicle prototype and to generate later the C code relative to these modules, then to modify this code by integrating the µC/OS-II kernel and finally downloading this code on an Ethernet network of LPC cards. In the present work we will focus our studies on the two first steps to present a model of a vehicle prototype and then evaluate its performances applying a particular scheduling algorithm and its simulation using Matlab. IV. THE VEHICLE PROTOTYPE In this part, we will propose a vehicle model based on the SAE benchmark and its extensions by Utayba and Al-Holou as well as our previous work. In fact, in this paper, we aim to present our latest effort in order to develop a vehicle prototype able to represent modern connected cars complexity and to serve as a test platform to validate our studies in many fields including innovation in intra and inter vehicle communication systems, Real Time Operating Systems integration in embedded word, task management and scheduling algorithms, Data Distribution Service integration in the automotive domain and Quality of Service insurance… Therefore we will start by introducing the SAE and the PSA Benchmark as basis for our study, then we will present our contribution and the resulting Benchmark and we will apply the Rate Monotonic scheduling algorithm to make sure that all the system tasks are schedulable and that all deadlines are met. A. The SAE Benchmark Evolution The reference prototype consists of six modules in a vehicle network Class C: The controller of the vehicle (VC), the motor controller / inverter (I/MC) Transmission (Trans), Battery (Battery), the Brakes (Brakes), and the interface Driver control [1]. These modules exchange a total of 53 sporadic and periodic signals. Although the original Benchmark was designed without considering any communication system, derived works have targeted special network protocols. While Tindell and Burns [2] designed their messages to meet the Controller Area Network protocol requirements, Kopetz [3] organized his messages to better fit the Time Triggered Protocol (TTP). In a subsequent work [4], the author translated the names of the modules SAE into their equivalents in today's terminology. The Driver and the Battery modules are combined in the Body Control Module (BCM), which usually acts as a bridge between the low data rate and very high data rate network in the vehicle. Similarly, the Vehicle Controller and the Inverter / Motor controller were combined into a single node called the Engine Control Module (ECM), while the Transmission Controller was denoted as the transmission control module

(TCM). The Brake Controller was divided into Hydraulic Brake Control Unit (HBCU) and an Electronic Brake Control Unit (EBCM). The rest of the modules representing the Front/Rear Left/Right wheel Module (FLWM, FRWM, RLWM and RRWM) were kept unchanged in the terminology.

Consequently, the resulting Model contains 24 Modules connected by the Ethernet protocol as shown in Fig 2. The vehicle modules are assimilated to network nodes responsible for exchanging messages and signals through the Ethernet network.

In this work, new control systems were also studied and integrated to the prototype such as the suspension system insured by the Active Suspension Unit (ASU), the power assist steering module denoted Active Frame Steering (AFS), the anti-lock braking system called Electronic Brake Control Module (EBCM), the Traction Control Unit (TCU), the Electronic Stability Control/Program and Roll Over Mitigation (ESP/ROM) and finally the Adaptive Cruise Control (ACC).

These messages are created thanks to a number of tasks processing within each node and scheduled by an embedded Real-Time Operating System μCOSIII (see Fig 3). In fact, the main goal of the proposed architecture is to insure better performance of the vehicular network and to guarantee the arrival of the right data on the right time by meeting the tasks deadline. This goal might be reached using a relevant scheduling algorithm and integrating a publish/subscribe middleware as the Data Distribution Service (DDS) studied in previous works [10]. In this scheme, these nodes play the role of Publishers and Subscribers, and the different tasks are assimilated to DataReader and DataWriter in the middleware architecture. Real Time Application (Vehicle Model) Publish-Subscribe Middleware (DDS)

Figure 1. The extended SAE Benchmark model

B. The developed new Benchmark Due to the growing complexity of today’s vehicles and the associated communication load in the network, the old SAE and PSA Benchmarks are no longer suitable for evaluating intra-vehicle communication systems. Many options have been added to actual vehicle systems in order to improve safety, reliability, cost, and luxury. Hence, there is a need to develop a new model that reflects the communication characteristics of new generation connected vehicles Since the PSA does not provide enough information about their models, exchanged messages and generating nodes, we decided to build our new model on the SAE Benchmark and add a number of options and nodes considering the PSA models to enrich the resulting prototype. In fact, we decided in the present work to consider the model in Fig 1 and integrate, as shown in Fig 2, nine new modules representing the Automatic Refrigeration System (ARS), the Control Panel and Multifunction Screen module (CP/MFS), the Radio, the Compact Disc Changer (CDch), the Locking/Unlocking System (LUS), the Navigation System (Navig), the Visibility Control Unit (VCU), the Signaling System Control Unit (SSCU) and the lighting System Control Unit (LSCU).

Real-Time Operating System (µCOSIII) Real Time Network Protocol (Ethernet) Figure 3. The studied Architecture



A. Response Time Approximation In a general communication process, response time can be divided in four pieces, as shown in Fig.4; frame generation delay, data queuing delay, transmission delay and reception delay [11]. The generation delay is started when the transmitting node received the request of sending from a frame till the data is written into the buffer and ready for being sent. Queuing delay is started when generation delay ended till the frame acquires the occupation of the bus and begins to be sent. Transmission delay is the time during which the frame is being transmitted on the bus. Reception delay is started when the frame gets off the bus and goes into the receiving node till the frame accomplishes its task. Generation delay


Queuing delay

Transmission delay

Figure 2. The developed new Benchmark


Reception delay

Figure 4. Communication Model between DataReader and DataWriter

Note that the generation delay and reception delay are not related to the network characteristics but related to the processors performance in each node. Therefore, these two parts of delay should not be taken into account. In Ethernet protocol, the average response time Rm of a given frame (message) is the sum of queuing delay average (tm) and transmission delay average (Cm):

R m  tm  Cm

 Ri   T  CJ  J


Since in automotive Ethernet protocol version, a Time Triggered Ethernet (TTE) or a Flexible Time Triggered Ethernet (FTTE) access technology is always adopted, messages are usually transmitted at fixed time points without any queuing delays; the response time can be approximated by Cm.

R m  Cm

Cm   PRE  SOF  DA  SA

* bit


The Preamble (PRE) consists of 7 bytes and the Start-offrame delimiter (SOF) length is 1 byte. DA is the Destination address which consists of 6 bytes and identifies which station(s) should receive the frame. The Source addresses (SA) consists of 6 bytes identifying the sending station. The Length/Type counts 2 bytes and indicates either the number of client data bytes that are contained in the data field of the frame, or the frame type ID if the frame is assembled using an optional format. The Data field is a sequence of n bytes of any value, where n is less than or equal to 1500. The Frame Check Sequence (FCS) consists of 4 bytes and contains a 32-bit cyclic redundancy check (CRC) value (see Fig 5). Finally,  bit refers to the one bit transmission delay which is equal to (0.01µs) in the case of a bit rate of 100MBps.

Ri  Ci 

 Ri   C j jhp ( i )  T j 

Interrupts (one per sporadic task release)

Real-time clock overheads


In this case the Response time formula becomes as follows:

Ri  CS 1  Ci  Bi 

 Ri  1 2  (CS  CS  C j ) T jhp ( i )  j 


Where the new terms CS 1 and CS 2 are the cost of switching to the task, and the cost of switching away from it. And the term Bi is the cost of the task worst case blocking time. Since Ri appears in both two parts of the equation, we have to solve by forming a recurrence relationship: So, the response time could then be computed by the following algorithm.

for i in 1..N loop calculate Ci n := 0 loop

B. Wors Case Response Time Computing In the adopted architecture, each task is assigned a fixed priority during the whole creating, processing and sending processes. Therefore, a Fixed Priority Scheduling (FPS) algorithm would be a relevant choice in this case. In this scheme, the runnable tasks are executed in the order determined by their priority, knowing that in real-time systems, the “priority” of a task is derived from its temporal requirements, not its importance to the correct functioning of the system or its integrity. The response time is given then by the equation below [12]:


Where hp(i) is the set of tasks with priority higher than task “i”. Since we are conceiving a model for a safety critical real time application, the temporal overheads of implementation and RTOS delays must be taken into account such as:  Context switches (one per job)

Worst Case Response Time Computing Algorithm

Figure 5. The Basic IEEE 802.3 MAC Data Frame Format


Where the ceiling function   gives the smallest integer greater than the fractional number on which it acts.


Transmission delay Cm refers to the time interval between being on the bus and completion of sending process. It depends on the frame itself as well as bus parameters.

 Length / Type  Data  FCS

Ri  Ci  Ii

Where “I” is caused by the interference from higher priority tasks and consists in a sum of the number of each higher priority task releases during Ri. In other word, the number of times where each higher priority task can execute during Ri. The interference caused by a task ’j’ is given by:

calculate new if

n 1 i



win 1

n i


Ri  win

exit value found end if if

win1  Ti


exit value not found end if n := n + 1 end loop end loop



The embedded systems design and development is increasingly difficult due to the complex operation of this systems. So as an alternative for the traditional method of development, the Model Based Design is presented as a very useful and fast development methodology. In fact, the MBD facilitates the designer task: it leads to a better optimization of the code and avoid design phase resumption. This work has to be accomplished by the finalization of the communication model associated to the proposed vehicle prototype and the application of different scheduling policies on the resulting system. Another work axis deals with preparing the simulink blocks associated to different modules and the generation of the corresponding code using Matlab Embedded Code. ACKNOWLEDGMENT The researchers presented in this paper would not have been possible without the support of my professors and colleagues. We wish to express our gratitude to the Sys’Com laboratory ENIT members as well as the LSE Laboratory ENIT members for their help and assistance. REFERENCES [1] [2]


SAE Technical Report J2056/1, “Class C Application Requirement Considerations”, June 1993. Tindel, K., Burns, A., “Guaranteeing Message Latencies On Control Area Network (CAN)”, Real-Time Systems Research Group, Department of Computer Science, University of York, England, 1994. [Online] available: http://citeseerx.ist.psu.edu/viewdoc/download?doi= =rep1&type=pdf Kopetz, H., “A solution to an automotive Control System Benchmark”, Real-Time Systems Symposium, 7-9 Dec. 1994, pp. 154-158. [9]

Riidiger, R., “Evaluating the temporal behavior of CAN based systems by means of a cost functional”, Proceedings of the 5th international CAN Conference ’98 (icc’98), san Jose, CA, USA, 3-5 November 1998, pp. 10.09-10.26 [4] M. Utayba, N. Al-Holou, “Development of An Automotive Communication Benchmark”, Canadian Journal on Electrical and Electronics Engineering, Vol. 1, No. 5, August 2010. [5] H. Jaouani, R. Bouhouch, W. Najjar, S. Hasnaoui, “Hybrid Task and Message Scheduling in Hard Real Time Distributed Systems over FlexRay Bus”, International Conference on Communications and Information Technology ICCIT, Hammamat Tunisia, Jun 2012. [6] Durham, N.H., “Rev up Evolution of Connected Car”, Laboratory Opens Industry’s First Automotive Ethernet Consortium, OPEN Alliance and UNH-IOL, August 20, 2012. [7] PISCATAWAY, N.J., “Report of IEEE 802.3™ study groupto explore distinguished minimum latencytraffic in a converged traffic environment”, January 2013, USA . [8] Riidiger, R., “Evaluating the temporal behavior of CAN based systems by means of a cost functional”, Proceedings of the 5th international CAN Conference ’98 (icc’98), san Jose, CA, USA, 3-5 November 1998, pp. 10.09-10.26 [9] Castelpietra, P.; Song, Y.-Q; Simonot-Lion, F.; Cayrol, O.; “Performance evaluation of a multiple networked in-vehicle embedded architecture”, Factory Communication Systems, 2000, IEEE International workshop. pp. 187-194. [10] R. Bouhouch, H. Jaouani, W. Najjar, S. Hasnaoui, “ DDS QoS Approximation on FlexRay Network Using the Full Scheduling Model”, IEEE Journal on Selected Areas in Communications - 2012 Special Issue on Emerging Technologies in Communications - Area 3: Vehicular Networks and Telematics Applications, unpublished. [11] T. Guangyn, B. Peng, C. Quanshi, Response Time Analysis of FlexRay Communication in Fuel Cell Hybrid Vehicle, Vehicle Power and Propulsion Conference VPPC’08. IEEE, 2008, pp. 1-4 [12] A. Burns, A. Wellings, “Scheduling Real-Time Systems”, Chapter 11, Real-Time Systems and Programming Languages,The university of York, Department of Computer Science

Suggest Documents