Service-oriented architectures pitch for over-the-air (OTA) security
The security risks of centralized automotive architectures and over-the-air updates are clear.
Meanwhile, vehicle functions are increasingly defined by software, making them more hackable. The evolution of automotive electrical engineering toward service-oriented architectures changes the paradigm for the security of OTA updates, as well as security in general. Says Luca De Ambroggi, chief analyst with Ward’s Intelligence: “From the automotive and engineering perspectives, hardware security that you can implement in silicon is known to be the safest. With software, you can update something and use the same path to hack it. The perception is that it’s less safe. Nonetheless, the car is going to be controlled by software for cost and security reasons.”
Consumer experience: a megatrend
Consumer demand is a major influence on the move toward software-defined vehicles. Consumers expect the digital experience in the car to rival that of their phones, says Robert Redfield, director of business development for Green Hills Software. Add to that the amount of software needed for ADAS and semi-autonomous driving, and, “OEMs realized the existing electrical engineering foundation couldn’t scale”.
Whether it’s adding new functionality to ADAS or infotainment, or patching vulnerabilities, OTA updates are a valuable solution. Service-oriented architectures (SOAs) make handling vehicle software more efficient and economical, and they can improve the security of OTA updates.
SOAs simplify software development, De Ambroggi says, because software is broken up into small, self-contained modules that can be updated individually, whether that’s an upgrade in functionality or eliminating a vulnerability. Updates can also be more frequent. When a change is made, he adds: “You don’t have to requalify the entire 400 million lines of code in the vehicle. You just certify the submodule that’s responsible for this area of the function.”
New architectures, new security
One of the advantages of siloed ECUs was security – an exploit of one ECU couldn’t reach others. “As you connect those ECUs, you run the risk of, if one gets infected, others can be, too,” says Redfield. “You have to think very carefully about how to separate cyber-security risks coming from outside car to life critical functions in car.”
To read the complete article, visit TU-Automotive.