SW Updates In Automotive Industry – Part I
Despite long life-cycle of vehicles – 11 years on average in the EU – existing SW update infrastructure doesn’t really allow cost-efficient and rapid security updates. There are several SW update methods in automotive industry:
Through Service Shops
Most popular method today – vendors rely on service shops that perform SW updates. Often, they have to use auxiliary tools as pass through devices and some personal computers (laptop or tablet). There are some standards (e.g. – SAE J2534 with recent update from October 2015) that specify the roles, functions and interfaces in the pass through update chain that allows 3rd party vendors to manufacture HW and SW based tools. As for infotainment systems, SW update can be downloaded and deployed with bootable USB device directly attached to infotainment USB port. This method is used in FCA infotainment systems – e.g. – (Chrysler) Town & Country UConnect by Harman-Kardon. These methods are quite expensive, complicated and cannot be used as reliable infrastructure for regular and frequent security patches.
Over The Air (OTA)
This method is considered as most efficient SW updates delivery mechanism that allows direct updates from OEM to the vehicles without any intermediate devices or players. This method is also the most popular SW updates delivery method in IT industry. As such, it is most likely to be implemented as future main SW updates delivery technology in the automotive industry. As far as we know, currently only Tesla uses OTA update method in production scale for most of its onboard computers. Other manufacturers only use OTA to update infotainment & navigation.
SW Updates Last Mile Problem
Regardless the way SW updates are brought to the vehicle, somebody in the car should manage the whole update process – validate, authenticate, report success or failure of every update and, most importantly – it should deliver and install every single SW update to the appropriate ECU. Obviously, only a few ECUs will have an external connectivity option – usually one ECU will serve as an external communication gateway (GW) and will have direct access to OBD-II port or Internet connectivity. It means that the GW should establish communication with the required ECU, receive from it its current version, synchronize with it the update session, deliver the SW update to it and validate the update results. All of the above process has to be implemented over existing in-car communication networks and protocols, leveraging cyber security prone HW and CAN communication protocols. We call it – a SW Updates Last Mile Problem.