From Defense Aviation to Automotive Defense by DesignOctober 5, 2020
Managing Director US
As the automotive industry is transitioning from a simple mode of transportation to a software-defined vehicle, the required rate of change in core technology is increasing rapidly. The ability to send and receive encrypted messages across the vehicle data bus to update ECUs securely with speed and accuracy is essential.
Challenges for Ground Vehicle Engineers
With cars positioned to offer increasing levels of autonomy and connectivity, automotive manufacturers see the quality and security of vehicle software and electronics as key requirements to guarantee safety.
Connected cars of today rely on wireless and cellular communication interfaces, which exposes them to underlying security risks.
No longer do hackers need physical connection to the vehicle, they can access vehicle systems through internet/wireless connections over cellular networks, as was the case for FCA Jeep, Tesla Model S, GM ON-Star APP by researchers (White-Hat Hackers).
Automotive manufacturers rely heavily upon multiple third party vendors to supply the systems, software, and hardware components for their vehicles. Auto manufacturers try to impose rigorous cybersecurity requirements on their Tier 1 and Tier 2 suppliers, but they still run the risk of introducing security vulnerabilities via these components.
Managing a supply chain for a vehicle that holds hundreds of hardware and software components poses many additional challenges both technical and financial.
This is requiring the industry to rethink today’s approaches to vehicle software, electrical and electronic (E/E) architecture and automotive cybersecurity.
Our Roots in Aviation Technology
Inspiration Outside the Automotive Industry – similar challenges were solved 15 years ago for fighter jets.
GuardKnox is at the cutting edge of innovation in the automotive industry as it leverages its deep roots in defense aviation from the Israeli Air Force and brings this technological approach to the automotive industry providing secure, service-oriented, and consolidated high-performance computing solutions
Here are 4 areas where ground vehicle technology can leverage the experience that the military aviation technology teams gained in the past 15 years:
- Hardware reduction - high-performance multi-role modular computers that can be used to run multiple, mixed criticality applications
- Wiring reduction - high-speed communication backbone
- Increased functionality - modular software as a service (SaaS) and Automotive SOA
- Communication Lockdown™ - patented vehicle hacking protection
Introduction to Automotive Zonal Architecture
To support the wants and expectations of the customer, additional ECUs will be required. However, the current E/E Automotive Architecture has reached its scalability limit and no longer can additional ECUs be commissioned and integrated for a new function or service without bumping up against increasing technical and monetary obstacles.
The Automotive Zonal Architecture introduces two new device classes, the Vehicle Server and the Zonal Gateway, that reduce the number of physical ECUs and enable the use of Ethernet and a variety of flexible or hybrid topologies.
The Vehicle Server optimizes the computational resources by consolidating the number of physical ECUs, reducing H/W components and Wiring which results in less weight and overall cost reduction.
The Zonal Gateway acts as a local connectivity hub relaying data through a single high-speed Ethernet link to the backbone.
Functional Scalability increases with the use of the high-speed Ethernet communication network which can provide network modularity and the interchangeability of hardware and software components. This alone eliminates inefficiencies in the automotive supply chain and offers an endless number of possible network configurations.
The Automotive Zonal Architecture empowers the engineer to be innovative in designing and developing new ways to meet customer demands/expectations, as well as industry trends.
The Ethernet Backbone: The Nervous System
Though there are some technical challenges in moving from 1 Mbps (CAN) to a 1000 Mbps (Ethernet) line, Ethernet frees the E/E Architecture from existing limitations, opens up new opportunities and reduces complexity.
There are 3 distinct leading network configurations that can be used alone or in combination:
- Ring Topology: Dual Redundancy, Fail-Operational
Downside - maximizes hops (latency)
- Tree Topology: Striking a Balance Between Consolidation and Hops
Downside - single link between servers (risk)
- Star Topology: Maximum Consolidation With Minimum Hops
Downside - single point of failure (one server)
- Hybrid Topology: Mix-and-Match
Use case and constraint specific optimization
Automotive SOA (Service-Oriented Software Architecture)
Scaling up is a major challenge for vehicle electronics and network design. Automotive SOA (Service Oriented Architecture) allows common system functions to be formed into discrete, reusable services or standalone code compartments.
Any ECU, Domain Controller or Gateway becomes a platform or repository on which Tier 1 vendors and OEMs develop their services using standardized protocols that facilitate communications and enable easy data transfer, irrespective of the underlying hardware, topology and protocols that are used to create the services.
SOA as a Service will drastically reduce the software modular cost, eliminate the need to test the entire system, and allow for rapid updates and quick feature introduction into the field. This streamlined behind the scenes updates/upgrades is similar to mobile phones (iphonize).
An additional advantage of SOA for automotive is that it allows for built-in security (such as seamless encryption) & application containment so that applications can be monitored and prohibited from destabilizing other components of the system.
The SOA Platform provides a real-time safe and secure environment for the operation of multiple services within a client-server framework.
It also includes a special partition that implements the functionality of the GuardKnox Communication Lockdown™ mechanism that acts as a safeguard securing the entire vehicle computer network.
The Safest Automotive Security Method
Unique feature of the GuardKnox Automotive SOA Stack is its patented Communication Lockdown™ approach for providing holistic automotive cybersecurity. Using the vehicle’s communications matrix and OEM’s specifications of the vehicle, GuardKnox builds a state machine that is used to inspect activity on three layers (Routing, Content and Context) to ensure that if the external vehicle network is compromised by a message from the vehicle’s external connectivity, the internal vehicle network remains fully protected from the propagation of malicious activity.
Approving or discarding messages
- Routing Layer: Verifies the message has arrived from a legal source
- Content Layer: Verifies that the content of the message down to the bit level, is legal
- Context Layer: Verifies that the specific message is legitimate in the specific functional state of the vehicle (state machine)
Power of the Engineering Team
GuardKnox is the first Cybertech Tier supplier of secure, high-performance computing platforms for the software-defined and service-oriented vehicle. The company’s pioneering approach to automotive innovation is inspired by technology from the missile defense systems and aviation industry. The leadership team at GuardKnox have vast knowledge and experience in both Military and high-tech industry fields, with multiple degrees in the Electrical/Electronic/Software Engineering and Computer Sciences. The experience of the GuardKnox team in developing and testing cybersecurity for military systems places them in a unique position to now apply these solutions to address similar challenges for ground vehicles.
Learn more about Communications Lockdown™ - download white paper.