Bitwise was contracted by one of the UK’s largest Automotive OEMs to investigate next generation IP/Ethernet backbone automotive control systems, specifically in the ‘Service Orientated’ or ‘Micro Service’ Architecture area.
The OEM selected Bitwise because of its’ multi domain experience and proven development capabilities. Specific areas of Bitwise expertise included:
- secure communications protocol design
- high performance real time software
- automated software creation
- systems and software safety
- rapid hardware prototyping; microprocessor selection
- toolchain creation.
The project delivered a number of high performance proof of concept systems, each of which demonstrated different aspects of the technologies developed. A prototype toolchain was also supplied to enable the Client to onwardly develop and learn from this work.
The overall objective was to show how new technology could be used to achieve significant cost reductions without compromising system performance. Highly resilient system level cyber security was an overriding requirement for the designs proposed and prototypes developed.
Analysis and Design
The automotive domain requires cost sensitive solutions which implement high performance, real time, control systems. Client specific challenges included:
- achieve full control system capability in the order of 100ms after application of power
- short control loop lengths for distributed network centric, control functions (ITRO 2ms closed loop distributed over multiple network nodes)
- high accuracy temporal synchronisation (<5us) over the whole control system
- very low control system jitter (<<200us)
- use of auto-coded control system models, e.g. generated from Matlab/Simulink.
The Client required that all network communications was to be based on the Internet Protocol (IP) standard running over Automotive Ethernet. Connectionless UDP/IP was selected rather than the connection orientated TCP/IP as the failure detection strategies used within TCP are too complex and slow in this environment to detect control system communications failures. Bitwise performed an analysis of a number of emerging automotive standards and discovered that no standard implementation existed that was both simple, secure and highly efficient.
A proprietary communications protocol was, therefore, developed which is similar to parts of the AutoSAR standard SOME/IP but which is more ideally suited to the software
layering approach required for systems which will ultimately be safety critical and highly cyber secure. Protection measures added include Anti-Insertion, Deletion, Repetition, Re-Sequencing, Masquerading and Delay. These protection mechanisms form part of the proposed protocol and the protection they offer is transparent to the control system itself. Bitwise has used similar protection mechanisms in projects in other high safety and security domains. The system security model assumed that all communication channels were insecure.
Service discovery both on-board (dynamic) and off-board (static) were investigated and prototyped. For cyber security and system start-up performance reasons dynamic service discovery was not favoured.
The scale and volume of sensor data, actuator data and control system models on a modern vehicle, and their complex inter relationships, posed a significant challenge in itself. Whilst tooling already existed to try to mitigate this issue in the automotive industry it was largely ECU centric and in the Client’s experience ineffective at creating robust ECU software and importantly its integration at the vehicle system level. Therefore, Bitwise concluded that automated tooling was largely required to deal with the matter.
Bitwise performed a microprocessor selection process, selected a suitable RTOS, created a Board Support Package and established a development toolchain which could be provided to the Client. Bitwise also procured development hardware and designed project specific electronics to allow the control of real automotive hardware. Ultimately Bitwise delivered a toolkit to the Client to allow onward development and use of the work performed.
Bitwise developed concepts, prototypes and the tooling which allowed fully automated coding of the entire vehicle control system to be performed. This included the creation of all the required middleware required to encode, decode and distribute the inter model service traffic. This software was then deployed onto a set of multi-purpose ECUs each capable of running many parts of the vehicle control system.
This tooling was then used to take real examples of high speed control system models from current production vehicles and deploy them onto a distributed set of ECU nodes with the intent to demonstrate a dramatic reduction in the number of ECUs on the vehicle. In this case, the project only deployed five ECUs, comprising four zonal corner ECUs and one central compute platform.
This system was then functionally and performance tested using the Client’s existing hardware integration test environment. These tests were successful and showed identical functional behaviour with detailed CPU analysis and timing results exhibiting expected utilisation on each ECU node and for the system as a whole.
During the course of this project there was significant interaction with many different teams within the Client organisation and all aspects of technical management were undertaken by a Bitwise senior consultant who, subsequently, led a Bitwise presentation of the project to the wider Client community.
The project was managed by a Bitwise Project Manager who was directly responsible for managing the budgets, issues, risks and deliverables.