Saturday, September 24, 2016

On clusters and infotainment



Romain Saha
Business Development
BlackBerry


I think I have IAD or internet addiction disorder. I don’t argue with people anymore. I just google until I get the answer. I can’t remember anything. Why should I? It’s all out there on the internet. I barely watch TV anymore. I’d rather just learn something using the internet. 

OK – this probably isn’t textbook IAD. Maybe it’s just the new reality. Pretty much everything anyone could possibly want to know is out there somewhere on the internet. Sometimes it’s easy to find. Sometimes it’s hard. But it almost always is out there if you look hard enough. 

You would think that in this brave new world that there’s no opportunity for confusion anymore. I thought so until I started trying to figure out how one could build a safety certified digital instrument cluster and a full-blown infotainment system using a single high powered embedded processor. I see a lot of silicon road maps in my role and those indicate that a lot of horsepower is coming online. So much horsepower that it’s starting to look like using separate processors to run disparate systems in a car doesn’t make sense anymore.

You’d think that combining a cluster and infotainment system on one SoC would be a no-brainer. Dual (or more) display support is getting pretty common and even today’s SoCs have the compute cycles, so why isn’t everybody already doing this?  It seems pretty easy until you consider that the cluster is a safety critical system. It’s not even the whole cluster, mind you. It’s just what they call telltales. Telltales are those icons that light up in your car to tell you you’re in drive and not reverse, that your traction control is offline, or that your engine is about to blow up. Small things maybe, but very useful information indeed. So, that means you have to address safety concerns for the cluster.

Why not just apply safety criteria to the whole system including the head unit then and be done with it? That is one approach certainly, but the problem is that an infotainment system is pretty much impossible to safety certify. Maybe impossible is too strong. You could probably do it, but why would you? It would probably cost way more than any savings resulting from collapsing two systems onto a single chip.  Plus it would take forever.

If that’s not the answer, then what is? Finding a way to isolate cluster safety criteria from the infotainment system can do job, as long as you can ensure complete isolation. This isn’t a new concept but still pretty rare in embedded.   This is called a hypervisor, and if it is done right, it does the trick. Well, almost. Not every hypervisor can do it right. In order to ensure isolation for this use case you need a type-1 hypervisor. Type-2 hypervisors don’t cut it.  

This is where the internet starts to fail me.  I see hypervisors described as type-1 but then see things about proprietary drivers. I see people say virtualization, but when you dig a bit deeper it’s hard to say whether it’s virtualization or para-virtualization. Type-1, type-2, para, hybrid… I’m at the point where I don’t really know what I see. 

It would be so much easier if people answered simple questions with simple answers.

  • Can you share graphics and still achieve true safety isolation? 
  •  Is the hypervisor built in a way that you can reasonably safety certify your system.
  •  Is it real-time? 
  • How much overhead does it add to the overall system? 
  • What happens if a guest OS goes rogue? 
Maybe you could ask your hypervisor supplier how they address this kind of stuff. If you get an answer that makes sense, do the world a favor and spread the word.

The second thing you need is a foundation on which to build a safety certified system. QNX, as an example, has certified both its OS and tool chain to ISO 26262 ASIL D. You can find this certification on the internet. It’s here view certification. If you take the time to read it, it says we did the tools and the OS. The production OS used in millions of systems shipping worldwide.
  
Here’s where the internet fails me again. I have looked and looked and looked for another embedded OS company with anywhere near the same level of certification. It has to be out there. I see all kinds of anecdotal “marketing" evidence but I can’t find a certificate. The closest I have come so far is a certificate for an OS, without the tools, that was issued in 2007 for Common Criteria EAL 6+ on an old single-core PowerPC processor. I must be missing something.  Can you buy a PowerPC processor anymore? I guess you should ask to see certificates to be sure you know what you’re getting.

I’m having a hard time coming to grips with the internet letting me down. I’m certain I just don’t know where to look, so if anyone has the answers I’m looking for, I’d love to hear about it. Better yet, post it somewhere on the internet that’s easy to find.

The next thing I’m going to try to find is someone with a safety certified hypervisor because you’ll need one of those too…

Thursday, September 1, 2016

Cryptography is the New Seatbelt

Bill Boldt
Business Development Manager: Security
BlackBerry


The evolution of the car into an electronic platform started with cockpit electronics and branched into safety and locomotion, giving rise to Electronic Control Units (ECUs). ECUs are little computers that intelligently control physical things like mirrors, lights, seats, AC, and other things in the body or cockpit; and made for better control of brakes, engine systems, airbags, and other things that make the car stop and go, steer, and become safer. Cars today can have well over 100 ECUs. And that can be challenge to make truly secure.

Fortunately, that is changing. Multi-core processor technologies are being harnessed to consolidate ECUs into a platform populated by powerful domain-controllers. A major benefit of domain controllers is that they lend themselves to being secured by modern cryptography because they can run algorithms faster and store crypto keys more securely. Also, fewer controllers means fewer points for attack. In a connected autonomous car safety comes from security, and security comes from cryptography. Because attacks can come from anywhere, at any time, and on any system, automotive security must be multi-layered, meaning everything has to have some sort of cryptography to protect from attackers. Security awareness should start right at the beginning of design with disciplines such as penetration testing of the software and security audits to find vulnerabilities. And, these should be applied inside and outside of the car.

Once you have a good start you need to ensure a good ending, which means security updates, and that typically means over the air. In between the beginning and the end there should be secure manufacturing and secure distribution of crypto keys and certificates. BlackBerry can help with all of that with security design and testing, QNX's microkernel based RTOS, and Certicom's technology for securing the supply chain and managing security certificates to gain BlackBerry level security, without your having to become a crypto expert.

By now you can see that by providing the first line of defense for personal safety, cryptography is becoming like the new seatbelt.

SECURING AUTOMOTIVE 
When it comes to embedding security into the autonomous connected car of the future, it has to start with securing the supply chain. Security in and around a car has many requirements:

  • Security assets (i.e. crypto keys, serial numbers, etc.) must be installed into the devices at manufacturing time

• Devices must be distributed to and be installed into vehicles in globally located factories

• Devices must be warehoused worldwide for subsequent repairs

• Secure devices must be updateable at dealers and repair shops

• Aftermarket suppliers must be able to sell and update secure devices

These requirements present a logistical tangle. Making a device such as a networked ECU on a CAN bus secure means that it will become one of a kind. This is the entire objective of
personalization. However, by definition that device cannot be used anywhere else. It becomes a unique stock keeping unit (SKU), which is averse to the purpose of flexible, just in time manufacturing flows. Security versus flexibility is a serious trade off that must be managed carefully. High profile automotive hacks have shown the world that automotive security is necessary, but it is difficult to apply especially because it makes manufacturing more difficult and costly. Because security must be injected in the factory and beyond, a secure manufacturing system must have global reach, be manageable on a distributed basis, be updatable by various entities, and remain secure for years. Secure manufacturing, including injection and updating of security assets, will touch factories, warehouses, distributors, dealers, repair shops, and aftermarket parts stores. In addition, security updates will often be over the air.
 

To maintain the maximum amount of flexibility, personalization and updating should be moved as close as possible to the very last minute. Each car maker will be faced with the same situation and will have to design and manage secure device manufacturing systems and  security certificate management systems, that are global and long term in nature.

Fortunately, the tools to do that are available from Certicom; namely, the Managed PKI system and Asset Management System. The way in which these systems get deployed will have to be designed to the specific logistical and security needs of the manufacturer. Therefore, the overall manufacturing blueprint must be designed with best practices in mind, right from the start, and BlackBerry Professional Services and help with that. Also,
in-car and around the car security systems can be developed using Certicom’s cryptographic libraries and architectural consulting services.

Blackberry brings it all together to make the software defined car more secure, and that means safer.


Tuesday, August 23, 2016

QNX's Fabulous Concept Cars


Thomas Bloor
Business Development Manager
BlackBerry

If you’ve been to CES chances are you’ve seen one of our concept cars, even if you’ve not been to our booth, we take these to our industry partners. Now as we start gearing up for next year’s CES there are some great innovations in the pipeline. (I’ve seen them, but I’m not telling.) So as I can’t spill the beans on what's coming, but let’s take a look at some of my favorite QNX Concept Cars from years past.


The Porsche 911 Carrera (CES 2012)
Admittedly I have a soft spot for performance cars, but the Porsche deserves headline billing in the roster as a CNet "Best of CES" winner. With revolutionary (for 2012), cloud-based voice recognition you could control the navigation system using natural language.   And, text-to-speech meant that you could listen to incoming BBMs, emails and text messages. Rounding out the roster of features that would still be considered ahead of the curve for a production car today, this model featured one-touch Bluetooth pairing.  Simply touching your phone to an NFC reader in the center console automatically paired the phone and car. 



The Bentley Continental GT (CES 2013)
In an outburst of Canadian quirkiness, we decided that when better to do a photoshoot of a Bentley Convertible than in the middle of the Canadian winter? Of course despite the -20C (-4F) weather we’d have to have the top down!

The cold and the snow do not detract from the revolutionary center stack with DLP® display from Texas Instruments. This immense (for 2013) featured an organically curved surface and TI’s optical touch input technology, which allowed physical control knobs to be mounted directly on the screen resulting in an ideal balance in physical and touchscreen controls



Taking natural language voice recognition a step further we worked with AT&T’s WatsonSM . Say "Hello Bentley," and the car's voice recognition system immediately starts interacting with you, in a distinctly British accent, old chap.


If that weren’t enough, the cluster displays the back-up camera and user configurable high resolution instrumentation. We also took the mobile office to new heights with smartphone integration with streaming music, email notification, news feeds, and other real-time information. Put the Bentley into park and you could fire up video conferencing with realistic telepresence.  

Separate cameras for the driver and passenger provide independent video streams, while high-definition voice technology from QNX offers expanded bandwidth for greater realism, while stereo telepresence makes the remote caller sound as if they’re sitting right next to you.


Mercedes CLA 45 AMG (CES 2014)
Have you looked inside a Mercedes S class recently? The horizontally orientated center stack display extends across the dash. Coincidentally our 2014 Mercedes concept had a 21-inch-wide center display extending towards the passenger enabling a seamless interaction with the vehicle.
 
Behind the scenes the Cluster was integrated with the center stack running both driver information and IVI functions. With seamless controllability across the touch screen, physical buttons and the jog wheel controls multi-modal input was highlighted across all available functionality. 

Not content with that, we foreshadowed greater integration of ADAS functionality warnings to the driver through both the cluster and verbally through text to speech if the local speed limits were exceeded.

Jeep Wrangler and Toyota Highlander
Now it’s not all high end luxury cars, which is just as well because they never let me drive any of them. Our Jeep Wrangler and Toyota Highlanders serve as our QNX reference vehicles showcasing what the QNX CAR application platform can do, straight out of the box. Additionally, the Toyota features our advances in in-car communication and acoustics platforms enabling an enhanced user experience for drivers and passengers.

These cars are not just  "show floor wonders" because our automotive knowledge enables us to build demonstrators for the real world, which can be driven, and the technology can be experienced first-hand. Concept clusters and displays abound, but real vehicle bus integration means these cars are drivable with real instrumentation and connectivity.


While I can’t reveal what new exciting technologies we are planning for CES 2017 (believe me, you’ll want to come and take a look), I can say that our reference vehicles are currently on tour so keep an eye open for them on the roads near you.




Thursday, August 18, 2016

Security Matters for the Software-Defined Car


Bill Boldt
Business Development Manger: Security
BlackBerry

  
Certicom, the crypto expert in the BlackBerry Technology Solutions family is positioned to lead the way to a secure software-defined future for the automotive industry –because when it comes to the security, real-world experience matters.
 

Certicom is a recognized leader in public key infrastructure (PKI) security design,innovation, and delivery. PKI is a foundational technology that has become the cornerstone of real world security across the internet, mobile, medical, financial, government,military, consumer, automotive, industrial, IoT, and just about every application that communicates information electronically. 

Public Key Cryptography uses public-private cryptographic key pairs to sign digital certificates and provide the essential elements of security, which are confidentiality, data integrity, authentication, and non-repudiation. PKI establishes the infrastructure that defines how digital certificates are created, distributed, stored, and revoked.



Public Key Cryptography Matters

It is not at all an overstatement to characterize Public Key Cryptography as having established the main way that security is provided throughout today’s (and tomorrow’s) connected world. In fact, anyone who has ever logged on to a secure web site such as e-commerce or e-banking has used Public Key crypto, most likely without even knowing it. it is already built into personal computers and smart phones, and it won’t be long before it is built into every embedded application as well. And, that is a very important notion to grasp.



Proven PKI solutions from world leading software and security infrastructure suppliers like Certicom increase device (e.g. semiconductor chip and board) security, fight counterfeiting and cloning of products and firmware, promote product and personal identity authentication, secure asset management in supply chains, and improve the security of numerous other applications, including the emerging Internet of things (“IoT”).

    
Public Key crypto's tremendous growth is being increasingly driven by two powerful forces: 1) the widespread adoption of autonomous communicating devices, and 2) the realization that such devices absolutely must be authenticated.

Supply Chain Security Matters
The long pole in the tent for  security in the software-defined car is in fact securing the supply chain. 

Security assets (such as crypto keys, unique serial numbers, etc.) must be installed into the devices at manufacturing time.  Devices must be distributed to and installed into vehicles in globally located factories. Devices must be warehoused worldwide for subsequent repairs.  Secure devices must be updateable at the dealers and repair shops.  Aftermarket suppliers must be able to sell and update secure devices. These requirements present a logistical tangle. Making a device such as an ECU or secure processor secure means that it will be unique. 


However, by definition that device cannot be used anywhere else.  It becomes a unique stock keeping unit (SKU), which is averse to the purpose of flexible, just in time manufacturing flows.  Security versus flexibility is a serious trade off that must be managed carefully. To maintain the maximum amount of flexibility, personalization and updating should be moved as close as possible to the very last minute.   That means it must happen not only in the factory, but in the field and via updates.  Each car maker faces the same issues, and will have to design and manage a secure device manufacturing system, security certificate management system, and a secure updating system – all of which must be global and long term in nature.
  

These are the type of things that Blackberry can provide  based upon decades of experience in securing mobile infrastructure and devices, to a level that no other company has done.



Experience Matters

Security is as elemental to an electronic system as DNA is to an organism—and security is BlackBerry’s DNA.


For the connected autonomous car of the future-- security has to be inside and outside the car, in the supply chain,  and updateable.  BlackBerry has the state of the art experience to to those things due to proven experience in making products secure, in high volumes, and in the supply chain.