EEA Safety and Security Perspective 01
[Samuel WENG]
AI, Cybersecurity, and safety investigator
This is series of articles discussing EEA era how the safety and security perspective will perform.
When in one common day, Xiaoming get up early and go to company for work, who work for one OEM in China acting as EE architecture designer. Early getting up cannot heal his mood, after several days of hot debating with his safety colleagues Laura and security colleagues Tom.
They are discussing about how to build up one new development platform in EE architecture and at best way to get functional safety and cybersecurity fusion, as well low cost.
Xiaoming explain a lot that their companyare using Domain Centralized EE architecture, and have sharp budget constraint, and in some domain the ECUs perhaps will suffers from ASIL level or CAL level down. However, Laura will say how critical are those ECUs can not down and the real time operation including FTTI shall be followed, vise verse Tom will say that domain controller did not have enough cybersecurity controls since the private data are hugely collected there even though they are not safety critical.
Finally they cannot get good results and even several weeks, the projects stopped, finally they come to me and we will discussed it.
Chapter 0: Background
Worldwide, almost from 2018, we had gonethrough many innovation technologies like
- V2X
- ADS system
- Software Define Vehicle
Most of us will know the EE architecturewill have following roadmap as highlighted by BOSCH when in 2019:
Chapter 1: Overall ECU functional safety
For common ECUs when in Distributed E/E architecture era, the ECU functional safety classification can be rated as following table, which symbolize 77 ECUs ASIL level and cybersecurity assurance level:
(referto article https://mp.weixin.qq.com/s?__biz=Mzg5NTIwMTEzOA==&mid=2247484581&idx=1&sn=076b64811576eca1da8bc6f6916427e5&chksm=c012beb8f76537aeb769ae5408fadb91ac0b0d4af76b3e04936a75eebc7eb084d44c014e6b47&token=1293115818&lang=zh_CN#rd)
ID | ECU name | Domain | ASIL | CAL |
01 | Gateway | Car body comfort | B | 4 |
02 | Domain controller | Car body comfort | B | 3 |
03 | Intelligent power switch | Car body comfort | B | 2 |
04 | T-BOX | Car body comfort | B | 3 |
05 | Adaptive head light | Car body comfort | A | 1 |
06 | Sunroof motor control module (anti-pinch) | Car body comfort | A | 1 |
07 | Body control Module | Car body comfort | B | 3 |
08 | Car remote control key | Car body comfort | A | 2 |
09 | Intelligent dashboard system | Car body comfort | A | 2 |
10 | Electrically controlled seat adjustment system | Car body comfort | B | 2 |
11 | Construction machinery controller | Car body comfort | N/A | N/A |
12 | Door control module | Car body comfort | A | 2 |
13 | Air Conditioning control unit | Car body comfort | A | 1 |
14 | LKA | Car safe | D | 2 |
15 | LCA | Car safe | D | 2 |
16 | ACC | Car safe | D | 2 |
17 | AEB | Car safe | D | 3 |
18 | LDW | Car safe | QM | 2 |
19 | FCW | Car safe | B | 1 |
20 | DMS | Car safe | B | 2 |
21 | APS | Car safe | B | 2 |
22 | Night vision | Car safe | B | 1 |
23 | Pedestrian protection system | Car safe | A | 2 |
24 | Traffic Sign Detection | Car safe | QM | 2 |
25 | Blind Spot Detection | Car safe | QM | 2 |
26 | Downhill control system | Car safe | B | 1 |
27 | APA | Car safe | B | 2 |
28 | ALKS | Car safe | D | 2 |
29 | mmRADAR | Car safe | B | 2 |
30 | LIDAR | Car safe | B | 2 |
31 | CAMERA | Car safe | B | 2 |
32 | Angle RADAR | Car safe | QM | 2 |
33 | Highway Pilot | Car safe | D | 2 |
34 | Traffic Jam Pilot | Car safe | D | 2 |
35 | Level 4 in close roads | Car safe | D | 3 |
37 | Sensor fusion | Car safe | D | 2 |
38 | Tire Pressure Monitoring System | Car safe | D | 2 |
39 | EPB | Car safe | B | 2 |
40 | ESP | Car safe | D | 2 |
41 | ABS | Car safe | D | 2 |
42 | Intelligent Air Suspension System | Car safe | B | 2 |
43 | Electronic hydraulic steering control system | Car safe | B | 2 |
44 | EPS | Car safe | D | 2 |
45 | Steering wheel Angle sensor | Car safe | C | 2 |
46 | Autonomous parking system | Car safe | C | 2 |
47 | Electronic brake assist | Hybrid power | D | 2 |
48 | VCU | Hybrid power | C | 2 |
49 | Vehicle Motor control system in new energy vehicle | Hybrid power | D | 2 |
50 | Brushless DC motor controller | Hybrid power | D | 2 |
51 | Extender control system | Hybrid power | B or C | 2 |
52 | OBC-DCDC for electric vehicle | Hybrid power | B | 2 |
53 | Integrated power control unit for electric vehicle | Hybrid power | C | 2 |
54 | Remote Monitoring and Data Service System for electric vehicle | Hybrid power | B | 3 |
55 | BMS | Hybrid power | D | 2 |
56 | Engine Management System | Hybrid power | D | 3 |
57 | Electronic clutch | Powertrain | B | 2 |
58 | Electric pump | Powertrain | A | 1 |
59 | Engine control unit | Powertrain | D | 3 |
60 | Diesel engine reprocessing control system | Powertrain | C | 2 |
61 | High pressure common rail system control unit of diesel engine | Powertrain | N/A | N/A |
62 | AMT (Automatic Mechanical Transmission control unit) | Powertrain | C | 3 |
63 | TCM (Transmission system) | Powertrain | C | 3 |
64 | CAN FD | Common Service | depends on detail service or functionality | 2 |
65 | CAN HS | Common Service | depends on detail service or functionality | 2 |
66 | LIN | Common Service | depends on detail service or functionality | 2 |
67 | ETHERNET | Common Service | depends on detail service or functionality | 3 |
68 | FLEXRAY | Common Service | depends on detail service or functionality | 2 |
69 | MOST | Common Service | depends on detail service or functionality | 2 |
70 | 12V POWER SUPPLY | Common Service | D | 2 |
71 | High dimension map | Car safe | D | 4 |
72 | Bluetooth | Common Service | QM | 2 |
73 | WIFI | Common Service | QM | 2 |
74 | Cellular communication | Common Service | QM | 4 |
75 | V2X | Common Service | B | 4 |
76 | OTA Server | Backend | SIL4 | 4 |
77 | PKI allocation | Backend | SIL4 | 4 |
EE architecture can be rated as, and ASIL level classification rated as following:
Adding up the ASIL level, it will be
If considering the CAL level, it will be
Usually we will list out the state of arttechnical mechanisms using in ECUs:
Normally there will be mechanisms adopting for different levels of methodology:
Classification | Safety mechanisms | Cybersecurity control |
ASILD | For communication in Ethernet: end to end communication protection Alive counter, time out warning, CRC(32) Hamming distance >=4 CAN: E2E, CRC 16bit Hamming distance >=4 Hamming weight >=4
E-GAS architecture or redundant processors + actuators | |
ASILC | For communication in Ethernet: end to end communication protection Alive counter, time out warning, CRC(16) Hamming distance >=4 CAN: E2E, CRC 16bit Hamming distance >=4 Hamming weight >=3
E-GAS architecture or redundant processors | |
ASILB | For communication in Ethernet: end to end communication protection Alive counter, time out warning, CRC(8) Hamming distance >=3 CAN: E2E, CRC 8bit Hamming distance >=3 Hamming weight >=2
Single core with sufficient safety mechanisms | |
ASILA | For communication in Ethernet: end to end communication protection Alive counter, time out warning, CRC(4) Hamming distance >=2 CAN: E2E, CRC 4bit Hamming distance >=2 Hamming weight >=2
Single core with sufficient safety mechanisms | |
CAL4 | Firewall mandatory for external attack surface IDPS proposed When in OTA, PKCS or PUF requested, back up memory mandatory and regression mechanisms can be completely accepted
Symmetric encryption not OK RSA >=2048 ECC>=256 Pentest and TARA shall perform longer than half year Using development cost can up to 3 times of asset value Secure boot, secure storage, secure driving, secure separation etc | |
CAL3 | Firewall mandatory for external attack surface IDPS proposed When in OTA, PKCS or PUF requested, back up memory mandatory and regression mechanisms can be completely accepted
Symmetric encryption not OK RSA >=2048 ECC>=256 Pentest and TARA shall perform longer than 4month Using development cost can up to 2 times of asset value | |
CAL2 | When in OTA, PKCS or PUF requested
Symmetric encryption AES 256 Pentest and TARA shall perform longer than 3month Using development cost can up to 1.5 times of asset value | |
CAL1 | When in OTA, PKCS or PUF requested
Symmetric encryption AES 256 OR 128 Pentest and TARA shall perform longer than 2month Using development cost can up to 1 times of asset value |
We will stop here and then to see more in the next article.
- 用户评论
