Link Motion: The future of driving

Latest Posts

Software Defined Car

During the past 100 years, there has been only one major technical revolution in cars: combustion engine in 1890s. In the following 10 years, we will see not just one but four major disruptions in the industry: connectivity, electrical vehicles, self-driving and car sharing. In all of these the enabling technology is software. Where cars of today are defined by engines, cars of tomorrow will be defined by software. In this post we present two aspects of software defined car and benefits software can bring to cars.

Reduced complexity

Car of today consists of over 200 different electrical control units (ECUs) controlling the separate in-car systems. During the last decade the amount of ECUs has been increasing due to new car functions and features developed for comfort and convenience of driver. OEMs are facing a challenge of managing complexity and costs of modern vehicles.

With software and more powerful computers, multiple ECUs can be integrated into one single ECU, reducing HW complexity and increasing cost-efficiency and security. Combining many ECUs into one can simplify ECU communication, helping R&D processes to focus on essentials and adopt new features faster.

Even though multiple ECUs can be combined, reasons remain to keep certain functions separated: we will always need more than one ECU. First, some functions require different types of processors, so it makes sense to group systems based on similarity. Second, integrating similar systems together allows bringing them closer to the functions they control. For instance, Smart Antenna / Connectivity Gateway ECU can be placed close to antennas to reduce high antenna cable costs.

More important than the number of ECUs is the development trend towards a truly efficient and functional system. There has been many different architecture proposals so far and the future will show which will be the dominant one.

architecture_diagram_ecu_reduce

PICTURE 1. Combining multiple ECUs into one can reduce HW complexity of a modern car.

With fewer ECUs, carmakers can streamline maintenance and repair process, allowing smoother maintenance for car owners. More systems can be updated or repaired at once, and that improves customer satisfaction and cost-efficiency. However, this will also move development focus towards software and require even higher quality standards.

New features

More intelligent ECUs and new, more developed network technologies like Automotive Ethernet enable major security improvements in ECUs (=in the whole car). The car can be remotely diagnosed with the intelligent ECUs, and development of new features becomes faster due to improved development tools.

Many new features can be brought into cars with software (and in some cases with additional hardware). This allows carmakers to differentiate their vehicles, which has been really difficult traditionally. New features may include automatic driving assistance systems (ADAS), cloud services and improving the whole user experience of a car.

At the end we would like to summarize the benefits software can bring to cars:

  1. reduced HW complexity
  2. security
  3. cost-efficiency
  4. new features
  5. better user experience
Multiple ECUs integrated into one in Motion T connected carputer

Multiple ECUs integrated into one in Motion T connected carputer

Link Motion has 10 years of experience on automotive software and integration work, and the company is about reducing complexity in car computing. Company’s first own product Motion T, a connected carputer, brings together five different ECUs: instrument cluster, infotainment display, head-up display, plus connectivity and telematics units. The goal is to implement also ADAS features to the system with BroadR-Reach Ethernet, and eventually create a self-driving platform.

Interested in hearing more?

Our Technologist Mikko Hurskainen will give more in-depth talk on software defined car at AGL All Member Meeting in Tokyo 8-10 February. Welcome to listen!

Blueprint of Self-Driving Car

10 million self-driving cars will be on the road by 2020, stated The Self-Driving Report of BI Intelligence 2016. The movement towards autonomous driving is inevitable, no matter when the self-driving cars will become a reality for larger masses. OEMs like Tesla, Mercedes and BMW have or are soon launching ADAS features that give the car some ability to drive itself while some companies like Google and Uber are already testing prototypes of complete self-driving cars on roads in US. How is ADAS leading to autonomous driving and how does the blueprint of self-driving car actually look like?

The ADAS features can be divided into five different levels depending on how much they automate driving (level 1 the lowest effect and level 5 the highest effect, see Picture 1 for ADAS Overview). The most basic features on driver assistance are reverse camera and cruise control which are already widely adopted in the market, and they just assist the driver without any self-driving functionality. Next level is the partial automation, where systems can partly control the car, e.g. lane assistance and collision avoidance, which are also widely adopted technologies.

Conditional automation means that the car can self-drive in some specific circumstances or situations, for instance park itself automatically or cruise on a highway. In this level the technologies exist and are even taken partially into use – under driver’s supervision. Couple examples of this kind of systems in the market are Tesla’s autopilot and Nissan’s Propilot.

High automation means self-driving cars rolling in a limited area or circumstance, and full automation means self-driving cars that can drive anywhere like traditional cars. These technologies already exist and they are in test use but not yet in the market. In addition to the actual product development there are still many legislation issues related to self-driving cars that have to be resolved before the technologies are widely adapted.

adasPICTURE 1. ADAS Overview

The higher the level of automation, the more the computing is required. Here, we present the blueprint of self-driving in 6 components:

  1. Automotive grade HW
    The world is full of high-quality CE (consumer electronics) hardware – however it is still not secure and reliable enough to be put into a car. Automotive grade hardware is constantly reliable compared to CE hardware – which is a must for all automotive computing, not just ADAS or self-driving. The driver and passengers have to be able to trust their lives on the car, and when moving towards self-driving cars, the trust is a must. Other issue about the current automotive grade HW is the cost – the technology exists but is still very expensive. 30% of manufacturing costs of new cars already go to electronics, and when the system becomes more complex, the cost will be evermore increasing.
  2. Open Operating System
    Linux is the operating system with over 20 years of development, and it is used everywhere from cars to supercomputers, mobile devices and desktops. It is one of the most reliable, secure and worry-free operating systems available with high processing power and a lot of done verification. Solution will be augmented with other open real-time operating systems.
  3. Open source SW components such as Gstreamer
    The open source software components can be used to accelerate development of ADAS features. However, open source components often lack the level of verification required by safety standards associated with ADAS, although being well written software. Adoption of safety standards in open source software development workflows can accelerate adoption of open source software.
  4. APIs to integrate
    Hardware-wise, car computing is at least as complex entity as the car itself. Like picture 1 shows, there are various different ADAS components enabling self-driving technologies. To end up with a self-driving car platform, a lot of different features need to be integrated into one. Therefore the system needs to have APIs that enable easy and fast integration.
  5. Sensors
    Sensors are naturally a very important part of self-driving car since they give all the needed information to the system to make safe and correct decisions by itself. There are two types of sensors available: Radar based, and LiDAR based. Both are very promising technologies, and in addition there is a need for other sensors like thermal cameras, stereo cameras, ultrasound etc.
  6. Knowhow how to put complex software products together
    The value today’s carmakers bring to market is that they are able to integrate complex hardware elements together. While software is becoming an important part of connected car, it will be vital for self-driving car – here is the part where carmakers need help. Software companies have solid experience and knowledge on how to put complex SW entities together to create a system that is robust, secure and efficient. Security is a functionality that cannot be added afterwards, it needs to be thought after from day zero.

The listed things form Linux based self-driving car platform that can be used for R&D and for creating various ADAS applications. This kind of a platform can revolutionize the current systems by integrating currently discrete features into one intelligent system that can make the driving safer, and even fully automated.

Link Motion is actively developing and integrating ADAS/self-driving technologies into its Motion T carputer. We are also a member in Finland’s first pilot licensed robot car project UrbanAutoTest, led by VTT Technical Research Centre of Finland. The car is planned to enter Tampere city traffic 2017, and the goal of the project is to test the vehicles’ functionality and situational awareness with tools and methods developed earlier phases. You can watch a video of the current phase of the project (in Finnish) here.

img_20161103_101948_resized_20161103_103031209 img_20161103_102010_resized_20161103_103030741PICTURES 2-3. This robot car called “Marilyn” will enter to Tampere traffic in 2017. The car is connected by Link Motion.

ADAS as part of car computers

“The U.S. Department of Transportation’s National Highway Traffic Safety Administration and the Insurance Institute for Highway Safety announced today a historic commitment by 20 automakers representing more than 99 percent of the U.S. auto market to make automatic emergency braking a standard feature on virtually all new cars no later than NHTSA’s 2022 reporting year.” – NHTSA and IIHS 17.03.2016

Advanced Driver Assistance Systems (ADAS) are not anymore just a set of costly additional features for luxury vehicles – they will be standard security features of all new cars in following years, and will be the next evolutionary step towards automated vehicles. What impact will this change have on computing systems of a car?

The current ADAS features are usually discrete systems inside a car, having no or just a little overlap with each other. This makes a car complicated and heterogeneous system, where infotainment system and ADAS are seen as separate entities. To make the driving safer, the amount of sensors and cameras in a vehicle is increasing, and all the gathered information should be presented to the driver. This would require more HW, more SW, and maintenance of multiple separate systems employs a lot of resources.

ADAS is becoming more complex with the autonomous driving features, and the deeply embedded designs do not offer a structure nor reusability that this kind of system requires. A well-structured car computing platform allows better development and integration of ADAS, faster time-to-market as well as better user interfaces – the current discrete nature systems are currently lacking proper UIs.

The infotainment system can show more detailed information collected from ADAS features, enhancing the driving experience. For instance, adaptive cruise control system could show information about the average speed, congestion status and even saved fuel; and collision avoidance systems can show more accurate information from which angle collision is coming from, instead of just a beep. Instead of adding all those fancy features into the car separately, they could be integrated as one computing system with more robust core and rich UI.

HUD013

Link Motion develops and integrates the basic ADAS capabilities like reverse camera, cruise control and visualization in its own car computer, a single-unit system which combines all the previously discrete in-car applications and services into one. The goal is to make car computing more secure, robust and cost-efficient.

Want to hear more about ADAS development? Our Technologist Mikko Hurskainen is speaking on open source ADAS implementations at Automotive Linux Summit Tokyo 13-14 July. Welcome to listen!

Can Today’s Connected Car Systems Be Secured?

Automakers and their suppliers believe it will take one to three years to secure connected-car technology, according to a new study made by IDC and Veracode.

The survey found that while the auto industry is aware of potential privacy and safety problems and is working to resolve them, it is unclear how long it will take for the industry to develop new secure solutions.

This is the clearest admission since the big auto hacks of 2015 that the automotive industry has not been able to make connected cars secure. The problem in resolving the security issues in the existing systems is that security cannot be added as an afterthought. Security has to be built into the system from the ground up. And without security you cannot have safety.

The security of connected car system lies in all elements of the system: hardware, software architecture, all applications, and connectivity features, including over-the-air updates. This is why it is impossible to add security as a single feature to an existing system.

The concern over car manufacturer’s reluctance to fix the security and safety holes in their products has prompted American Senators to propose a new bill, the Security and Privacy in Your Car act, which will require cars sold in the US to meet certain standards of protection against digital attacks and privacy. The new bill will require the National Highway Traffic Safety Administration and the Federal Trade Commission to set security and privacy standards for car manufacturers.

Link Motion’s system was designed with security throughout. The hardware and software have been designed together creating layers of defences to protect vehicles from attack. We call this system the Link Motion 3-2-1 Security Shield.

3-2-1_shield_white

Link Motion’s solution is based on industry standard hardware and standards compliant open source software.  The 3-2-1 Security Shield offers security and reliability to connected cars, both of which are required for the automotive industry to keep making cars that are safe.

Why are OTA Updates so Important for Connected Vehicles?

In the last decade, the need to deliver new features and updates throughout the lifespan of a product has become an integral part of connected devices, which in turn have become a focal point of our everyday lives. No longer do you buy a device expecting it’s software and feature offering to remain unchanged through it’s lifespan, but rather in part you actually buy devices based on what their offerings *may become*.

On the flipside, with the Internet of Things right around the corner, there is one truth that cannot be avoided anymore – there is software in everything. From our mobile phones and TVs, and all the different sub-components of our cars. However, while you can expect regular updates bringing improved performance, new features and bug fixes to your phone or TV, the majority of the vehicle industry is only taking it’s first shaky steps in that direction. And there is a lot of software and firmware in vehicles to update. In addition to the obvious parts like Infotainment systems, a modern automobile has over 50 different Microcontroller Units (MCUs), on everything from engine control to braking systems.

The forerunner in OTA updates for vehicles is of course the Tesla Model S, which with it’s Over-The-Air (OTA) 7.0 software update added a whole new set of features by adding autopilot functionalities. The new functionalities are based on the vehicle’s existing sensors and cameras, showcasing how OTA, combined with smart vehicle design, can be utilized for untapping new potential from existing hardware and providing readiness for emerging new technologies.

The critical need for OTA update development can also be seen in the number of call-backs for vehicles in the previous years, with 2014 being a record year totaling at 56 million vehicles being recalled due to warranty issues and 2015, with the Volkswagen diesel controversy. The callbacks, paid for by the manufacturer, have been assessed at cutting away approximately one fifth of OEM earnings. As many of the issues are software related, a large part of that expenditure could be saved by performing the vehicle software and firmware updates OTA, instead of at services.

Electrics and electronics have been assessed as the primary providers for automotive innovations through 2015 and beyond. This highlights the focal role of software in the future of the automotive industry, as well as emphasizing that the dual needs of constant feature updates and mitigation of expensive service trips will only grow more important in the future. However, too often software of brings with it vulnerabilities, as has already been demonstrated by showing the vulnerability of existing vehicles to hacking. With software taking an ever larger role, OTA updates for discovered vulnerabilities are a crucial for the security of the connected car.

At the end of the day, what matters most is the client. While important from a monetary perspective, the key part of OTA updates is that they will allow companies to provide better service to their customers. Issues being solved through OTA updates not only save money for the company, they reduce hassle for for the customer, and even open up a whole new method for developing direct communication channels between the companies and their customers.

In Connected Cars, Security is Safety

In the automotive industry safety is very important and highly regulated. But mention the word security in the industry and most people will think of physical security and not directly relate it to safety. Car design has been evolving for the last 130 years with ever more pressure on the manufacturers to add features, reduce cost and improve reliability. Microprocessors have a long history in cars first appearing in engine-control-units in the early 1980s. Shortly after microprocessor ECUs appeared the CAN bus was created to integrate and communicate between these ECUs. Since then as manufacturers have added more complex functionality they have added more discrete ECUs to cars and the CAN bus. This was considered a robust and safe way to add new features to cars.

Now we are seeing the convergence of cars and mobile computing to create connected cars and the automotive industry is beginning to realize that what was a safe design in the pre-connected world may not be so safe now in a world were cars are exposed to a large range of new security threats.

Everyone needs to understand that without security, safety can no longer be assumed.

IMG_6489_smallIn 2015 the automotive industry was forced to face the reality of the new situation. Among many others, the security researchers Charlie Miller (a security engineer at Twitter) and Chris Valasek (Director of Security Intelligence at consultancy IOActive) have shown firstly that ECUs are vulnerable to attack and that cars can be successfully attacked wirelessly. As a result of Miller and Valasek’s findings US Senators Ed Markey and Richard Blumenthal started asking questions directly of US car manufacturers and finally in Jully they proposed the Security and Privacy in Your Car Act (the SPY act) which aims to set federal standards to secure the connected car.

With the high level of integration and rich feature set in today’s cars attacks can happen through almost any wireless connection, even those seeming benign. The following wireless channels have all been shown to be vulnerable to attack:

  • Integrated wireless hotspots
  • Cellular and satellite navigation and support systems
  • Digital radio and Bluetooth hands free systems
  • Antitheft and keyless entry systems
  • Remote warm-up or start, and for electric vehicles, charge status information services

IMG_6488_small

Attacks against these services range from simply disabling entertainment features or enabling surveillance of the vehicle and its occupants to damage or theft of the vehicle, and possibly even compromising the vehicle in such a manner as to put the lives of the occupants in danger, such as disrupting the steering or brake systems.

With so many potential security vulnerabilities in modern cars giving access to a vehicle’s integrated control systems people’s safety is at risk.

Now that the automotive industry understands the security risks inherent within their design they face a conundrum. Car design can not easily be changed to remove all the new vulnerabilities without affecting the entire industry. A solution that provides security today and transitions the industry to a new architecture is needed.

Link Motion has created such a solution. With years of experience in creating secure mobile solutions, embedded systems and military hardware Link Motion has understood the coming problem for years and has been working to create a system that secures vehicles and make them safe again.

IMG_6492_small

Link Motion, unlike most automotive entertainment and information systems, was designed with security built in from the start. The Link Motion architecture has more in common with military computer systems than consumer electronics or car entertainment systems and it uses a three-ring architecture, protecting the critical components of the vehicle with the equivalent of a digital fortress with several layers of walls to protect against breaches. The main differences between consumer electronics systems and Link Motion can be broken down into three areas;

  • hardware isolation for security critical elements
  • OS-level software virtualization for separation of vulnerable infotainment functionality
  • sandboxed application execution environment for further isolation
security_layers

Security layers

A combination of hardware isolation and usage of ARM TrustZone forms the innermost layer of protection in the Link Motion architecture. These provide a secure operating environments for the most critical components in a vehicle, and allow complete control of what devices can communicate with one another, how they communicate, and that all messages are valid. This also means that systems which have no need to access hardware are unable to even detect its existence. This protection is provided at the hardware level not at the software level, providing complete protection against most modern software exploits looking to bypass the vehicle computer and control the hardware. The combination of hardware isolation and ARM Trustzone is used to protect a vehicle’s most critical safety and basic operating functions.

Whilst the hardware separation in ARM Trustzone creates one level of isolation, the second layer of protection in the Link Motion system provides additional levels of isolation through operating system -level software virtualization. The infotainment system is separated from the real time instrument cluster and other real time applications into a separate operating system. Infotainment systems provide a large surface area for attackers to exploit. By splitting the infotainment system into a separate OS, we can limit and contain the potential impacts of any attack.

The final layer of protection is provided through application isolation via sandboxing within the infotainment operating system. All third party applications running on a Link Motion system run on isolated users inside application sandboxes, to precisely restrict the privileges and access available to the application. In addition, this allows the platform to provide features such as application-specific private storage.

The trade-off for this three layer security is that it requires better hardware and more complex programming. Thankfully, this cost is more than offset by reducing the number of dedicated components in the vehicle and the complexity of managing and securing multiple systems which were never designed to be exposed to threats in a connected world.

Link Motion is based on industry standard hardware and open-source software. It offers security and reliability to connected vehicles, both of which are required for the automotive industry to keep on making safe cars.