Professional Documents
Culture Documents
72.
also spread, such as those that obtain information center will use Hitachi’s Lumada Internet of Things
from social networking services (SNSs) and display (IoT) platform.
it on the navigation system screen. Services have also The following sections provide details of tech-
emerged that provide a limited form of remote vehicle nologies for over-the-air (OTA) software updating,
operation by issuing commands to the vehicle via a security, and in-vehicle edge computing that will be
data center. Remote door unlocking is one example. essential for building the platforms that support con-
It is likely that closer interoperation between data nected car solutions.
centers and vehicles, with various services using the
results of analysis at a data center to provide feedback 3. Controlling Software Updates
to vehicle control, will become commonplace (see left by OTA
side of Figure 1). Security will be vital to implement-
ing these feedback services, and Hitachi is working 3. 1
on the development of gateways for handling security Background and Challenges
in the vehicle. Recent years have seen a shift from hardware to soft-
It is anticipated that future links between vehicles ware as the primary means of vehicle control, with
and data centers will have a system architecture like the software on automotive electronic control units
that shown on the right of Figure 1. Hitachi is work- (ECUs) playing an increasingly important role. While
ing on the development of the underlying technolo- this central role for software in control opens up new
gies that will make these systems possible. The data opportunities for the automotive industry, including
Edge
Development of server Gateway IVI
Data Data AI
Campaign Software analytics countermeasure
center center software
management management
Upload
Vehicle
SNS: social networking service CSIRT: computer security incident response team SOC: security operation center AI: artificial intelligence OTA: over the air
TCU: telematics control unit IoT: Internet of Things IVI: in-vehicle infotainment ECU: electronic control unit ADAS: advanced driver assistance system AD: autonomous driving
the ability to provide after-sales upgrades, recalls due ECU specifications and cost factors, including safety
to software are also a major concern. The increasing requirements and memory resources
number of connected cars also brings concerns about • End-to-end security from data center to vehicle,
greater security risks such as the risk of remote attacks. with multi-layered protection for distribution of
One technology that has attracted attention as a way updates
to deal with these changing circumstances is the use • Update control techniques that can cope with
of wireless communications for controlling software update procedures that differ between vehicle mod-
updating by OTA. els and ECUs
The use of OTA updates for vehicles requires the • Support for multiple suppliers, with updates from
following features. The first one is a high level of reli- different suppliers being packaged for distribution
ability to avoid vehicle problems such as software together with the use of standardized technologies
upgrades failing or impacting on safety. The second for the interfaces between the data center and vehicle
one is to shorten update times to avoid draining the and between onboard ECUs
battery while minimizing the period of time that Hitachi has developed TCUs, gateways, ECUs, and
vehicles are unavailable. The last one is to deal with data center systems that incorporate these techniques,
diverse and complex systems made up of a large num- with the intention of supplying a one-stop OTA solu-
ber of ECUs that behave differently. tion made up of these components and systems.
3. 2 3. 3
Hitachi’s OTA Software Update Technique Future Developments
Hitachi has developed the following techniques for Software updating must be suitable not only for vehi-
utilizing OTA for automotive systems in a way that cles that are already in the marketplace; it also needs
overcomes the above problems (see Figure 2) (1), (2). to work for components that are still in the develop-
• Differential updating for shortening update times ment, manufacturing (production line), or distribution
on automotive systems with limited network band- (ports or vehicle storage yards) processes of vehicle
width and memory resources manufacturers, or in the manufacturing, distribution,
• Recovery from update problems in accordance with or storage processes of parts suppliers.
74.
FEATURED ARTICLES
Parts supplier
Design and
Manufacturing Transportation After-sales
development
(3) Used on onboard network and ECUs for inter-ECU authentication, message authentication,
(3) On-vehicle key and secure boot
Generated from base key by gateway and distributed to onboard ECUs (periodically updated)
(1) Key management solution operation center with the ability to collect and analyze
Security implementations require a way to manage logs of attacks detected by the gateway, and to offer
the encryption keys used for the mutual verification of vehicle manufacturers timely countermeasures in the
communications between the data center and vehicle following forms (see Figure 5).
and between vehicle ECUs, and also to protect the • Incident response service
communication paths. Hitachi supplies a key man- This service collects information on vulnerabilities
agement solution for the entire vehicle lifecycle from and incidents relating to products and services and
manufacturing to disposal (see Figure 4) (3). provides it to vehicle manufactures so that they can
(2) Security service solution implement practices for maintaining vehicle security
Hitachi utilizes technology developed for informa- through early identification and response to attacks.
tion technology (IT) systems to provide a security
countermeasures
Filtering for vehicles
etc. Formulate
countermeasures
In-house services
Telematics
Secure service,
Private- OTA service,
sector etc. TCU IVI
vendors
Gateway
Hitachi products
76.
FEATURED ARTICLES
Edge server (B) Rule matching (C) Modify data for transmission
(TCU/gateway)
Core operations
(statistical processing, machine learning, etc.) (A) Driving data collection
Vehicle
DB: database
• Security log analysis service collects sensor and log data from the various ECUs.
To minimize the impact of incidents and achieve However, because this gateway is an embedded system
a quick recovery, this service assists vehicle manufac- that also handles other functions, including security
turers to analyze causes and implement countermea- and routing, it suffers from a lack of central processing
sures to security attacks by collecting and analyzing unit (CPU), memory, and other resources. For this
vehicle logs. reason, Hitachi has developed in-vehicle edge com-
puting technology that can run on resource-limited
5. In-vehicle Edge Computing hardware (see Figure 6).
Technology This technology provides a way to modify rules on
onboard devices and uses a mix of script and compiled
It is anticipated that the amount of data collected code to reduce resource use by these devices. While
from each vehicle will grow considerably in the future script typically makes program changes easier because
due to functions such as the security log analysis ser- no compilation is required, it also requires more CPU
vice described above. As more cars become connected, and memory resources to execute. Compiled code, in
this increasing volume of data communications will contrast, uses fewer resources, but is more difficult
become an issue. Accordingly, Hitachi believes that to modify because of the need for compilation when
future platforms for the connected car will require making program changes. In response, Hitachi suc-
functions like the following for reducing data volumes. ceeded in achieving both ease of modification and low
• During normal driving, onboard devices only col- resource use by using the following two programming
lect a limited amount of sensor and log data at low languages.
frequency for forwarding to the data center. (1) Compiled code is used for operations such as
• When a problem occurs, or when so instructed by machine learning and statistical processing that are
the data center, onboard devices collect a large amount resource-heavy but do not require frequent modification.
of sensor and log data at high frequency for forward- (2) Script is used for operations such as comparisons
ing to the data center. or function calls that are modified frequently but do
This is the same principle as used by edge computing not use many resources.
on the IoT, minimizing the amount of data collected Changes to rules can be implemented immediately
from the vehicle while still maintaining service quality. by sending a script file containing the new rules from
Statistical processing functions that operate based the data center to the gateway and overwriting the
on these data collection rules run on the gateway that old script file.
78.