This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Safe and Secure Software Updates Over The Air for Electronic Brake Control Systems
ISSN: 1946-4614, e-ISSN: 1946-4622
Published September 18, 2016 by SAE International in United States
Citation: Freiwald, A. and Hwang, G., "Safe and Secure Software Updates Over The Air for Electronic Brake Control Systems," SAE Int. J. Passeng. Cars – Electron. Electr. Syst. 10(1):71-82, 2017, https://doi.org/10.4271/2016-01-1948.
Vehicle manufacturers are suffering from increasing expenses for fixing software issues. This fact is mainly driving their desire to use mobile communication channels for doing Software Updates Over The Air (SOTA).
Software updates today are typically done at vehicle service stations by connecting the vehicles’ electronic network via the On Board Diagnostic (OBD) interface to a service computer. These operations are done under the control of trained technicians.
SOTA means that the update process must get handled by the driver.
Two critical aspects need to get considered when doing SOTA at Electronic Brake Control (EBC) systems. Both will determine the acceptance of SOTA by legal authorities and by the passengers:
- The safety and security of the vehicle
- The availability of the vehicle for the passengers
The security aspect includes the necessity to protect the vehicle and the manufacturers IP from unwanted attacks.
Existing safety measures ensure safe operation of a vehicle at all times. In general and especially for EBC systems the existing safety measures need extensions for updating software in remote locations. It must be absolutely ensured, that the vehicle will not move while changing the software. In difference to software updates at service stations the SOTA concept must consider any possible level of technical knowhow of any potential driver, who might start an update. This requirement is not just critical for updating the EBC itself but also for updating other ECUs.
Vehicles cannot be driven while updating the software and thus they are not available for a certain period of time. In this paper three different approaches are discussed how to execute SOTA and what this means with respect to the duration of the update process.
The study starts with a detailed analysis of the operations and activities for updating software within a vehicle and EBC unit. It includes descriptions of data flows and examples of the influences by the various bus options of the vehicles’ networks.
Next are explained options for scalable system solutions and implementing security functions within the vehicles network with examples of its implementation by using existing electronic components.
Finally we show options for the implementation and how to reduce the downtime of the EBC system.
Several aspects of cyber security in vehicles have been studied in the past. This paper concentrates onto the specifics for EBC systems in a holistic system approach.