Tag Archives: Connected Car Security

How Ethernet AVB is playing a central role in automotive streaming applications


Ethernet is emerging as the network of choice for infotainment and advanced driver assistance systems, Atmel’s Tim Grai explains.


Imagine you’re driving down the highway with the music blaring, enjoying the open road. Now imagine that the sound from your rear speaker system is delayed by a split second from the front; your enjoyment of the fancy in-car infotainment system comes to a screeching halt.

Ethernet is emerging as the network of choice for infotainment and advanced driver assistance systems that include cameras, telematics, rear-seat entertainment systems and mobile phones. But standard Ethernet protocols can’t assure timely and continuous audio/video (A/V) content delivery for bandwidth intensive and latency sensitive applications without buffering, jitter, lags or other performance hits.

fig1_popup

Audio-Video Bridging (AVB) over Ethernet is a collection of extensions to the IEEE802.1 specifications that enables local Ethernet networks to stream time synchronised, loss sensitive A/V data. Within an Ethernet network, the AVB extensions help differentiate AVB traffic from the non-AVB traffic that can also flow through the network. This is done using an industry standard approach that allows for plug-and-play communication between systems from multiple vendors.

The extensions that define the AVB standard achieve this by:

  • reserving bandwidth for AVB data transfers to avoid packet loss due to network congestion from ‘talker’ to ‘listener(s)’
  • establishing queuing and forwarding rules for AVB packets that keep packets from bunching and guarantee delivery of packets with a bounded latency from talker to listener(s) via intermediate switches, if needed
  • synchronizing time to a global clock so the time bases of all network nodes are aligned precisely to a common network master clock, and
  • creating time aware packets which include a ‘presentation time’ that specifies when A/V data inside a packet has to be played.

Designers of automotive A/V systems need to understand the AVB extensions and requirements, as well as how their chosen microcontroller will support that functionality.

AVB: A basket of standards

AVB requires that three extensions be met in order to comply with IEEE802.1:

  • IEEE802.1AS – timing and synchronisation for time-sensitive applications (gPTP)
  • IEEE802.1Qat – stream reservation protocol (SRP)
  • IEEE802.1Qav – forwarding and queuing for time-sensitive streams (FQTSS).

In order to play music or video from one source, such as a car’s head unit, to multiple destinations, like backseat monitors, amplifiers and speakers, the system needs a common understanding of time in order to avoid lags or mismatch in sound or video. IEEE802.1AS-2011 specifies how to establish and maintain a single time reference – a synchronised ‘wall clock’ – for all nodes in a local network. The generalized precision time protocol (gPTP), based on IEEE1588, is used to synchronize and syntonize all network nodes to sub-microsecond accuracy. Nodes are synchronized if their clocks show the same time and are syntonised if their clocks increase at the same rate.

fig.2

This protocol selects a Grand Master Clock from which the current time is propagated to all network end-stations. In addition, the protocol specifies how to correct for clock offset and clock drifts by measuring path delays and frequency offsets. New MCUs, such as the Atmel | SMART SAMV7x (shown above), detect and capture time stamps automatically when gPTP event messages cross MII layers. They can also transport gPTP messages over raw Ethernet, IPv4 or IPv6. This hardware recognition feature helps to calculate clock offset and link delay with greater accuracy and minimal software load.

Meanwhile, SRP guarantees end-to-end bandwidth reservation for all streams to ensure packets aren’t delayed or dropped at any switch due to network congestion, which can occur with standard Ethernet. For the in-vehicle environment, SRP is typically configured in advance by the car maker, who defines data streams and bandwidth allocations.

Talkers (the source of A/V data) ‘advertise’ data streams and their characteristics. Switches process these announcements from talker and listeners to:

  • register and prune streams’ path through the network
  • reserve bandwidth and prevent over subscription of available bandwidth
  • establish forwarding rules for incoming packets
  • establish the SRP domain, and
  • merge multiple listener declarations for the same stream

The standard stipulates that AVB data can reserve only 75% of total available bandwidth, so for a 100Mbit/s link, the maximum AVB data is 75Mbit/s. The remaining bandwidth can be used for all other Ethernet protocols.

In automotive systems, the streams may be preconfigured and bandwidth can be reserved statically at system startup to reduce the time needed to bring the network into a fully operational state. This supports safety functions, such as driver alerts and the reversing camera, that must be displayed within seconds.

SRP uses other signalling protocols, such as Multiple MAC Registration Protocol, Multiple VLAN Registration Protocol and Multiple Stream Registration Protocol to establish bandwidth reservations for A/V streams dynamically.

The third extension is FQTSS, which guarantees that time sensitive A/V streams arrive at their listeners within a bounded latency. It also defines procedures for priority regenerations and credit based traffic shaper algorithms to meet stream reservations for all available devices.

The AVB standard can support up to eight traffic classes, which are used to determine quality of service. Typically, nodes support at least two traffic classes – Class A, the highest priority, and Class B. Microcontroller features help manage receive and transmit data with multiple priority queues to support AVB and ‘best effort class’ non AVB data.

box

Automotive tailored requirements

Automotive use cases typically fix many parameters at the system definition phase, which means that AVB implementation can be optimised and simplified to some extent.

  • Best Master Clock algorithm (BMCA): the best clock master is fixed at the network definition phase so dynamic selection using BCMA isn’t needed.
  • SRP: all streams, their contents and their characteristics are known at system definition and no new streams are dynamically created or destroyed; the proper reservation of data is known at the system definition phase; switches, talkers and listeners can have their configurations loaded at system startup from pre-configured tables, rather than from dynamic negotiations
  • Latency; while this is not critical, delivery is. Automotive networks are very small with only a few nodes between a talker and listener. It is more important not to drop packets due to congestion.

Conclusion

The requirement to transfer high volumes of time sensitive audio and video content inside vehicles necessitates developers to understand and apply the Ethernet AVB extensions. AVB standardization results in interoperable end-devices from multiple vendors that can deliver audio and video streams to distributed equipment on the network with micro-second accuracy or better. While the standard brings complexities, new MCUs with advanced features are simplifying automotive A/V design.


This article was originally published on New Electronics on October 13, 2015 and authored by Tim Grai, Atmel’s Director of Automotive MCU Application Engineering. 

3 design hooks of Atmel MCUs for connected cars


The MPU and MCU worlds are constantly converging and colliding, and the difference between them is not a mere on-off switch — it’s more of a sliding bar. 


In February 2015, BMW reported that it patched the security flaw which could allow hackers to remotely unlock the doors of more than 2 million BMW, Mini and Rolls-Royce vehicles. Earlier, researchers at ADAC, a German motorist association, had demonstrated how they could intercept communications with BMW’s ConnectedDrive telematics service and unlock the doors.

security-needs-for-connected-car-by-atmel

BMW uses SIM card installed in the car to connect to a smartphone app over the Internet. Here, the ADAC researchers created a fake mobile network and tricked nearby cars into taking commands by reverse engineering the BMW’s telematics software.

The BMW hacking episode was a rude awakening for the connected car movement. The fact that prominent features like advanced driver assistance systems (ADAS) are all about safety and security is also a testament is that secure connectivity will be a prime consideration for the Internet of Cars.

Built-in Security

Atmel is confident that it can establish secure connections for the vehicles by merging its security expertise with performance and low-power gains of ARM Cortex-M7 microcontrollers. The San Jose, California-based chip supplier claims to have launched the industry’s first auto-qualified M7-based MCUs with Ethernet AVB and media LB peripherals. In addition, this high-end MCU series for in-vehicle infotainment offers the CAN 2.0 and CAN flexible data rate controller for higher bandwidth requirements.

Nicolas Schieli, Automotive MCU Marketing Director at Atmel, acknowledges that security is something new in the automotive environment that needs to be tackled as cars become more connected. “Anything can connect to the controller area network (CAN) data links.”

Schieli notes that the Cotex-M7 has embedded enhanced security features within its architecture and scalability. On top of that, Atmel is using its years of expertise in Trusted Platform Modules and crypto memories to securely connect cars to the Internet, not to mention the on-chip SHA and AES crypto engines in SAM E70/V70/V71 microcontrollers for encryption of data streams. “These built-in security features accelerate authentication of both firmware and applications.”

Crypto

Schieli notes that the Cotex-M7 has embedded enhanced security features within its architecture and scalability. On top of that, Atmel is using its years of expertise in Trusted Platform Modules and crypto memories to securely connect cars to the Internet, not to mention the on-chip SHA and AES crypto engines in SAM E70/V70/V71 microcontrollers for encryption of data streams. “These built-in security features accelerate authentication of both firmware and applications.”

He explained how the access to the Flash, SRAM, core registers and internal peripherals is blocked to enable security. It’s done either through the SW-DP/JTAG-DP interface or the Fast Flash Programming Interface. The automotive-qualified SAM V70 and V71 microcontrollers support Ethernet AVB and Media LB standards, and they are targeted for in-vehicle infotainment connectivity, audio amplifiers, telematics and head control units companion devices.

Software Support

The second major advantage that Atmel boasts in the connected car environment is software expertise and an ecosystem to support infotainment applications. For instance, a complete automotive Ethernet Audio Video Bridging (AVB) stack is being ported to the SAM V71 microcontrollers.

Software support is a key leverage in highly fragmented markets like automotive electronics. Atmel’s software package encompasses peripheral drivers, open-source middleware and real-time operating system (RTOS) features. The middleware features include USB class drivers, Ethernet stacks, storage file systems and JPEG encoder and decoder.

Next, the company offers support for several RTOS platforms like RTX, embOS, Thread-X, FreeRTOS and NuttX. Atmel also facilitates the software porting of any proprietary or commercial RTOS and middleware. Moreover, the MCU supplier from San Jose features support for specific automotive software such as AUTOSAR and Ethernet AVB stacks.

Atmel supports IDEs such as IAR or ARM MDK and Atmel Studio and it provides a full-featured board that covers all MCU series, including E70, V70 and V71 devices. And, a single board can cover all Atmel microcontrollers. Moreover, the MCU supplier provides Board Support Package for Xplained evaluation kit and easy porting to customer boards through board definition file (board.h).

Beyond that, Atmel is packing more functionality and software features into its M7 microcontrollers. Take SAM V71 devices, for example, which have three software-selectable low-power modes: sleep, wait and backup. In sleep mode, the processor is stopped while all other functions can be kept running. While in wait mode, all clocks and functions are stopped but some peripherals can be configured to wake up the system based on predefined conditions. In backup mode, RTT, RTC and wake-up logic are running. Furthermore, the microcontroller can meet the most stringent key-off requirements while retaining 1Kbyte of SRAM and wake-up on CAN.

Transition from MPU to MCU

Cortex-M7 is pushing the microcontroller performance in the realm of microprocessors. MPUs, which boast memory management unit and can run operating systems like Linux, eventually lead to higher memory costs. “Automakers and systems integrators are increasingly challenged in getting performance point breakthrough because they are running out of Flash capacity,” explained Schieli.

On the other hand, automotive OEMs are trying to squeeze costs in order to bring the connected car riches to non-luxury vehicles, and here M7 microcontrollers can help bring down costs and improve the simplification of car connectivity.

The M7 microcontrollers enable automotive embedded systems without the requirement of a Linux head and can target applications with high performance while running RTOS or bare metal implementation. In other words, M7 opens up avenues for automotive OEMs if they want to make a transition from MPU to MCU for cost benefits.

However, the MPU and MCU worlds are constantly converging and colliding, and the difference between them is not a mere on-off switch. It’s more of a sliding bar. Atmel, having worked on both sides of the fence, can help hardware developers to manage that sliding bar well. “Atmel is using M7 architecture to help bridge the gap between microprocessors and high-end MCUs,” Schieli concludes.


Majeed Ahmad is the author of books Smartphone: Mobile Revolution at the Crossroads of Communications, Computing and Consumer Electronics and The Next Web of 50 Billion Devices: Mobile Internet’s Past, Present and Future.

The 10 challenges of securing IoT communications


From the very beginning of developing an IoT product, IoT security must be a forethought.


One of the hottest topics at last week’s IoT StreamConf was security. In other words, how are we going to secure communication for billions of connected devices? How can we ensure that attackers can’t take control of our devices, steal information, disrupt services, or take down entire networks of expensive, imperative devices?

With IoT is still in its early stages, security is not fully understood and well-defined when compared to other industries, like the financial and e-commerce sectors. From the very beginning of developing an IoT product, whether it’s small-scale like a wearable device, to massive-scale IoT deployments, like an oil field sensor network or global delivery operation, IoT security must be a forethought.

10-challenges-securing-IoT-PubNub-Atmel

In this talk, Rohini Pandhi, Product Manager at PubNub, walks through the ten challenges of securing Internet of Things communication. Rohini discusses flexible and secure messaging design patterns for IoT communication, and how they can be implemented and scaled. There are a number of security considerations, but after watching this talk, you should have a good idea of how you can secure your IoT deployment.

(Scroll below video for a table of contents of when individual concepts are talked about in the video).

Video Table of Contents

  1. Defining the Internet of Things (10:27)
  2. Unprotected devices will be attacked (13:15)
  3. Encryption (15:46)
  4. Single security model for all communications (17:56)
  5. Access control (20:13)
  6. Tracking device metadata (21:14)
  7. Provisioning in the field (22:38)
  8. Firmware updates in the field (24:07)
  9. Compliance with regulations (25:15)
  10. Reinventing the wheel (26:17)

More Resources on Securing IoT Communication

Below are a couple great pieces on IoT security, and some code tutorials for IoT developers:

Report: Automakers are leaving vehicles vulnerable to hackers


Nearly all new cars on the market include wireless technology that make drivers vulnerable to hacking or an invasion of privacy, new report says.


As we make our way down the road to a more connected future, automakers are continuing to embed a wide-range of wireless technologies into the cars of tomorrow. And sure, these smarter vehicles usher in a whole new era of improved safety, better performance and smartphone integration right into your dashboard; however, according to a new report released by Senator Edward Markey (D-Mass.), they may be failing to protect those features against the possibility that hackers could take control of vehicles or steal personal data.

Car Header

“The proliferation of these technologies raises concerns about the ability of hackers to gain access and control to the essential functions and features of those cars and for others to utilize information on drivers’ habits for commercial purposes without the drivers’ knowledge or consent,” Sen. Markey writes.

The senator’s office sent out a questionnaire to 20 automakers more than 14 months ago to compile the report, examining them on their cars’ and trucks’ security and privacy measures. Out of the batch, 16 responded. The results revealed that nearly all modern vehicles have some sort of wireless connection that could potentially be hacked to remotely access their critical systems. In fact, most automobile manufacturers were unaware of or unable to report on past hacking incidents. Only two of the companies were able to describe any capabilities in place to diagnose and thwart malicious hackers in real-time, while another pair confirmed they could also remotely slow down or stop a vehicle under the control of a cyber criminal.

Car Art 2

Companies’ efforts to safeguard connections are “inconsistent and haphazard” across the industry, the study says. And in addition to security weaknesses, Markey’s survey found that many carmakers aside from the mere threat of a hacker gaining control of a steering wheel or gas pedal, manufacturers are constantly gathering information about their drivers. What’s more, the politician pointed out that a majority collect and wirelessly transmit driving history to data centers, yet most do not describe effective means to secure the data itself.

“These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information,” the published document emphasizes.

At the same time, just about all new cars on the market today are equipped with at least some wireless entry points to computers, such as tire pressure monitoring systems, Bluetooth, keyless entry, remote start, navigation, Wi-Fi, cellular/telematics, radio, and anti-theft systems.

“Auto engineers incorporate security solutions into vehicles from the very first stages of design and production—and security testing never stops,” Sen. Markey explains. “The industry is in the early stages of establishing a voluntary automobile industry sector information sharing and analysis center—or other comparable program—for collecting and sharing information about existing or potential cyber-related threats.  But even as we explore ways to advance this type of industrywide effort, our members already are each taking on their own aggressive efforts to ensure that we are advancing safety.”

Car Art

The findings were released after a recent 60 Minutes segment detailing how DARPA was able to hack General Motors’ OnStar system to remote control a Chevrolet Impala, including its brake and acceleration systems. The study follows in the footsteps of other publications as well, which showcase various ways that attackers have exploited luxury cars’ in-vehicle systems and used that flaw to send a command to its electronic control unit. (For those wondering as to what exactly hackers can do to your vehicle, head over to this piece from ABC News.)

“We now need a rating system for security, for safety, for that vehicle from it being hacked by an outsider that could cause an accident, cause real danger to a family,” Sen. Markey concluded.

With up to a hundred million lines of code, at least 30 MCU-controlled devices — and some with as many as 100 — the vehicle is the ideal application to bring smart, connected devices in the era of the Internet of Things. It’s clearer than ever before that automotive technology is quickly becoming an integral part of the digital lifestyle as consumers want to bring their mobile devices seamlessly into their mobiles; however, it’s never been more paramount to ensure that hardware-based security solutions are in place to keep drivers protected behind the wheel and cars safeguarded under the hood.

Interested in reading more? You can find the entire report here.