Name: (DR6) Automotive Safety and Security Trends: Accelerating System Safety and Security Standardization
Uploaded: 2025-03-27T18:56:04.923Z
Duration: 20 min 4 s
Description: (DR6) Automotive Safety and Security Trends: Accelerating System Safety and Security Standardization

Transcript for "(DR6) Automotive Safety and Security Trends: Accelerating System Safety and Security Standardization": Hello, everyone. My name is Ron DiGiuseppe. I'm the automotive IP segment manager at Synopsys, and I'd like to discuss today some of the automotive safety and security trends in the automotive industry, but especially focusing on semiconductor SoCs. I think I'll start first with just kind of a high level overview of some of the trends, holistically in automotive industry affecting the, EE systems, electronic electrical systems in the car. One is clearly the adoption of, level two, level three ADAS moving towards, autonomous vehicles, level four, level five, self driving. I think we all realize that all these new applications, they're primarily all AI based. Right? With, object detection, with, you know, pedestrian detection, vehicle detection, even, you know, all these safety applications are are AI based, which requires a lot of processing for these applications. And along with that, we see the adoption of a new EE architecture, new zonal architecture within the car, and that's allowing, the sensor data to be transferred over a in vehicle network to a a central compute, module. And therefore, that allows those, AI based ADAS and infotainment applications to be hosted on a a central, compute platform. And that also, increases the amount of applications, increases the level of performance needed to execute those, AI based applications. And then when you throw in some of the infotainment, trends such as wide pillar to pillar displays, 46 inch, 48 inch displays, which has high definition HD, high resolution. So that also increases the compute power required for those applications processing. Also, we kinda look at, you know, some of those, digital cockpit applications such as, you know, Gen AI based digital assistance, facial recognition for the driver monitoring, and also the new, OMS occupant monitoring, true surround view, and parking assist. And, you know, there's all also either high performance or AI based applications. Also, let's, include the new focus on software defined vehicles, which there's a lot of different kind of definitions in industry. But, one thing is clear, it's a software first development approach, using electronic digital twins and virtual prototyping to run that software ahead of the hardware. That way, the software, coding can be done, ahead of time. And, also, that kind of implies, over the air software updates to, continue to improve that software running on on the various vehicle platforms. So along with, over the air software updates and the various connectivity channels in the car, such as, telematics using four g, five g, cellular, and your, Bluetooth and USB connections to your smartphones, and your Wi Fi and blue and and, also the in car vehicle network. There's a lot of channels, where data is entering and exiting the car, including Wi Fi when you do those over their software updates. And that kind of leads to, all these applications. Many of them are safety critical applications. So the standard ISO two six two six two vehicle functional safety applies. And when you're looking at all the, data channels within the car, the new ISO standard ISO two one four three four cybersecurity is a big concern of all the automotive industry, including the focus of, when you do this OTA and you're providing, you know, your credit card to buy new features, new software features, your your financial data is being transferred wirelessly from the car as well. So, cybersecurity is very critical for the automotive industry. And then so when we kinda dive a little deeper on cybersecurity, let's take a look at that new standard I mentioned, the ISO two one four three four. It's an ISO standard and it's the de facto standard in the automotive industry to implement a cybersecurity solution. But I should also highlight, it's a complimentary standard to the new, UNECE regulations, the r one one fifty five regulation, which regulates the vehicle type approval in Europe, and it's also followed by, government bodies in Korea and Japan that mandates an automotive cybersecurity system for vehicles and that regulation, UNECE r fifth one fifty five, also applies to the whole supply chain. So all the, you know, automakers, the tier one suppliers, it's automotive semiconductor suppliers, and even the automotive IP suppliers in the industry must meet the automotive cybersecurity requirements. And one of those requirements is to have an automotive cybersecurity system such as ISO two one four three four. So these are complementary, but the r one fifty five, that's a regulation, whereas, ISO two one four three four, it's it's a standard a voluntary standard, but, really, it's a de facto standard for the cybersecurity industry. And that can be seen by the fact that many of the, top leaders in the automotive supply chain are adopting ISO two one four three four automotive cybersecurity. For example, we can see just some of the adoption, in the industry from Great Wall Motors, LG Magna, Denso, Hefei, LiDAR, Forvia, and some of the, you know, leaders in the automotive sector industry, NXP and Renesas, including Harman. So so there's a lot of adoption of this automotive cybersecurity standard. And so let's kinda understand a little bit more. I mean, what is involved in that standard? We can see there's kind of three aspects. One is adoption of a cybersecurity culture. That means when you're planning your product that you include security, planning, with when you're defining the product and when you're, creating the spec and you're implementing the product. Right? You wanna have security goals in mind as part of the spec. And when you have your internal engineering design reviews, right, you gotta look at that cybersecurity, make sure you're meeting those specs. There's also a requirement that, you perform a cybersecurity risk assessment on the product. So that SRA will identify if there are any cyber security security vulnerabilities in the product, and then you're, instructed to fix those vulnerabilities. So you gotta perform that assessment for your security. And then in addition, if you do identify a possible security vulnerability, you really need to have a security incident response team, which communicates to your customers the fact that there may be a security vulnerability. And that communication engagement with their end customers needs to be ongoing, you know, throughout the product lifetime by the product. I mean, in the field, in the car. So having that structure to focus on security vulnerabilities and identifying close them is is really critical. ISO two one four three four is a standard, and there are third party auditing inspection companies like SCS two SAR and many other ones that will assess your cybersecurity, development process. And if it meets the standard, that third party certification is very helpful in, highlighting to your customers that you've gone through an audit and it's been certified and independently assessed and, audited. So, as you see, that Synopsys has performed that, third party inspection and got our certification for our ISO two one four three four development process. And so when we look at cybersecurity, we also have to think about, you know, what are the potential impacts of not having a robust cybersecurity development process and assessment of possible vulnerabilities and closing those vulnerabilities. Well, of course, you can have possible threats such as, system hijacking in a car, changing features, adding malware and spyware for your personal information that's being transferred over that OTA, tampering with safety mechanisms. So that kinda shows you that, cybersecurity and possible security, you know, attacks also could affect the safety of the car. So it's pretty much understood that security and safety are, interdependent. And so with all these possible threats, we should kinda look at, you know, what are the possible security solutions. Of course, you know, we wanna have that two one four three four cybersecurity assessment, but also you wanna implement security solutions such as authentication, identification. So when you have the, you know, data transfers, the users, have a public private, encryption so the data is secure. When do you, you know, start boot up your your your devices, start the car, you wanna have a secure boot, executing. You wanna have that secure communications with all the ECUs like an automotive, root of trust. A hardware secure module is a root of trust. All the data in the in vehicle network needs to be secure. So, automotive Ethernet using, MACsec is one implementation. When you have PCI Express, the new, inline data encryption security protocol applies. So there are multiple hardware security implementations that can be designed into the products to counter those possible threats which affect both security and, safety. And kind of, you know, emphasizing that we can see, you know, functional safety is generally considered, a possible systematic faults, especially affecting a software or the process implementation, but also any potential random hardware faults that may occur in the car. Those faults affect the safety operation of the car. Those faults can be either permanent faults such as, you know, a metal line open or a transient fault like a, you know, radiation hardware strike. But those faults certainly affect the functional safety operation of the car, and designers need to implement safety mechanisms to, identify and, recover from possible faults that may affect the safety operation of the car. But, similarly, if there's a hacking malicious attack for your cybersecurity, that could also affect the safety operation of the car. So that kinda emphasizes safety and cybersecurity are independent interdependent. Sorry. And then when we look at the implementation of both ISO two six two six two functional safety and the two one four three four cybersecurity. You kinda look at the traditional v automotive v development process with, specification architecture and design on the left hand side and verification and validation on the right hand side. Both of these standards flow nicely into the automotive development process where you for safety, you define safety goals and define safety concepts and implement those safety mechanisms that could be ECC or parity or dual core lockstep. And in parallel, you're performing the cybersecurity goals, cybersecurity specs, cybersecurity concepts, the cybersecurity hardware requirements that get designed in, and then, both the safety and the cybersecurity are verified both with, for safety. It's a fault injection and calculation at the ASO levels using an FMEDA assessment process and the cybersecurity, assessment that we're talking about. So both of those have to occur in parallel with the design of the product. And like I said, cybersecurity, is mostly a development assessment for possible vulnerabilities where functional safety requires actual design safety mechanisms like, parity and ECC and dual core locks up. So there is a little difference in how they are executed. And, so so we can see that developing products such as Synopsys IP that's developed to meet both cybersecurity and functional safety and has an automotive grade quality management system such as ISO 9,001, underlies all of our automotive grade IP. We go to, third party inspection companies for auditing and certification. And, we also keep in mind our customer's application when we develop our automotive grade products such as our automotive IP. Kinda looking at a possible SSC architecture where the application design is on the left hand side and a safety domain monitors and manages all the safety of of the product. When you're implementing these functions, you want to have IP functionality that that implements both functional safety and automotive cybersecurity such as we're showing here. And then, you know, you want to have your whole system designed with automotive grade functions such as IP that's been certified for ISO two six two six two functional safety, different ASO levels. It's been certified for automotive two one four three four cybersecurity. It has all the functionality that, our automotive customers require. So kind of as a wrap up, we should, know that Synopsys engages with many of those automotive customers in the industry, both in the automakers, the tier ones, the semiconductor suppliers, and, we've, engaged with them for many, many years. We learn and grow with our customers to make sure we meet the latest standards and requirements from all of our customers throughout the supply chain, especially those customers Synopsys supports to develop the automotive grade semiconductor SOCs where our automotive grade IP, is a mission critical component. Well, I hope this has been helpful for everyone, and I thank you very much for your time. Thank you.