noun_Email_707352 noun_917542_cc noun_Globe_1168332 Map point Play Untitled Retweet

Automotive software updates fly over-the-air for next-gen vehicles

Enhancing drivers’ digital car experience with over-the-air (OTA) updates for firmware, new features and software

Vadym Matuzenko

Head of Automotive & Smart Devices Ukraine Delivery Unit

The challenge

A German manufacturer of commercial electric cars wanted to ensure that critical automotive software updates are delivered in a timely and secure manner by using over-the-air (OTA) repeats.

It is extremely important that critical updates are delivered promptly, even when Wi-Fi is not available. As a large fleet of vehicles is often located in urban areas, a solution was needed to avoid overloading cellular networks.

The solution

TietoEVRY’s automotive team developed a concept of over-the-air (OTA) solution, which allows distributing software updates over a wireless network without the need for physical access to a vehicle. A manufacturer can remotely deliver firmware updates, patches, software and data updates to a vehicle removing the need for a driver to contact a dealer or a repair shop.

Automotive software R&D services Download the detailed case description: OTA Software Update Solution Concept for Next-Gen Vehicles

About the customer

A German automotive manufacturer of commercial electric cars manages a large fleet of vehicles often located in urban areas. For great driver experience and safety, automotive software update installation should not fail under any conditions, as there is no personnel to fix it.

The solution enables managing automotive software of a large fleet of cars remotely by using Wi-Fi, LTE, or 3G.

Cost-effective software maintenance

The solution enables managing automotive software of a large fleet of cars remotely by using Wi-Fi, LTE, or 3G.

The developed algorithm guarantees authenticity, integrity and confidentiality to secure communication between vehicles and cloud.

Improved vehicle security

The developed algorithm guarantees authenticity, integrity and confidentiality to secure communication between vehicles and cloud.

Remote software and data updates make it easy for drivers who do not need to contact a dealer or a repair shop.

Drivers’ satisfaction and brand loyalty

Remote software and data updates make it easy for drivers who do not need to contact a dealer or a repair shop.

Developing a proven solution to ensure reliable OTA updates 

A solution responding to the needs below:

  • Software update delivery guarantee. Even when Wi-Fi is not available, critical updates still must be delivered via an LTE or 3G network as soon as possible. The solution should avoid overloading cellular networks, especially when vehicles are often clustered in urban centers.
  • Software Update installation reliability and rollback. Installation must not fail under any conditions, as there is no personnel to fix it. Thus, engineers of OTA Update follow the highest standard of update reliability by verifying sustainability at every step. If a software update is interrupted due to any external factors, a system is designed to roll back to the previous state from the backup.
  • An over-the-air update must be secure. The goal is to eliminate any issues related to ensuring safe vehicle-to-cloud communications. The team had to figure out how to enable an intact exchange of firmware, software and their metadata between OEM, Tier 1 and the Security Gateway ECU. Moreover, there were also other concerns regarding update package authenticity and integrity (data modification or data forging), authentication and confidentiality.
  • Fleet management. Also, the updates must be applied timely to a large fleet of vehicles. Special campaigns were designed to monitor and control the status of software update distribution among vehicles in respect to model, market and other criteria.

OTA update flow

  • Generating and storing software versions in the cloud-based Software Repository.
  • Uploading OTA required software into the local vehicle storage.
  • Installing new software and/or updating ECUs.

Security approach

  • All vehicle-to-cloud communications are secured by TLS mutual authentication based on certificates.
  • The authenticity and integrity of the software is ensured by HMAC, CMAC or Digital Signature of the OEM and other stakeholders. For example, according to Digital Signature Standard (DSS), any update must be digitally signed with a valid certificate and checked by a distributor at all stages.
  • The confidentiality is protected by the encryption of software update and data based on the asymmetric algorithm before their transmission to or from the cloud

To ensure firmware installation regardless of disruptive factors, the software must be fully downloaded, the vehicle must be parked and the engine turned off. A Special Diagnosis manager is introduced as an extension to verify that the newly updated software operates as expected. It can also initiate the rollback procedure to the previous software version.

Technologies

  • In-vehicle IPC: CommonAPI
  • Vehicle-to-Cloud IPC: GRPC
  • Cloud: Azure
  • HMI: Qt5
  • Over-The-Air: Wi-Fi, LTE, 3G
  • Diagnostic Log and Trace: DLT component (AUTOSAR compliant)
  • OS: Linux
  • Arch: ARMv8
  • Hardware: Renesas R-Car H3 (Raspberry Pi for test purposes)

Download the detailed case description: OTA Software Update Solution
Concept for Next-Gen Vehicles

You might also be interested in reading:
Blog: How will car software be maintained successfully for 20 years?

 

Share on Facebook Tweet Share on LinkedIn