Leading the Way to Functional Safety and Cyber Security
When it comes to automobile design, safety is always paramount. But how do researchers ensure cars are as safe as possible, despite the myriad hardware and software electronic functions that could potentially malfunction?
Ohio State’s Center for Automotive Research (CAR) is leading the way in the area known as functional safety—defined as “absence of unreasonable risk associated with each hazard event caused by the malfunction in the electric or electronic system” by the International Organization for Standardization, which set the standard for functional safety that is used by automakers worldwide.
“Say you’re performing a function such as steering,” says Giorgio Rizzoni, PhD, director of CAR. “We want the vehicle to be functionally safe in the event of a failure of some component of the steering system, so that you can still steer safely and minimize risk to the user.” Functional safety is not zero risk, he emphasizes—but the absence of unreasonable risk associated with hazard events. “We want to diagnose a problem before it happens, and we want to have a fault tolerant control strategy. In the event of a fault, we want the controller to go to a safe place,” says Rizzoni.
The automotive industry started introducing partially automated safety features like anti-lock brakes and traction control as early as the 1980s and 1990s; more recent developments include functions like electronic stability control, park assist, emergency braking, adaptive cruise control and night vision—with some of these now mandated by the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA).
With the increasing level of vehicle automation, which is dependent on electronic hardware and software, functional safety has become even more critical. While automated vehicles present many advantages, they are more vulnerable to factors such as changes in weather and also lack benefit of human drivers’ five senses and real-world experience. Further, the computer control systems that enable these functions are also subject to potential cyberattacks, requiring security measures against such cyber threats.
Ohio State’s CAR-affiliated researchers are hard at work toward solutions, partnering with major automakers and winning grants from sources like NHTSA and the U.S. Department of Energy for their functional safety work. The following profiles provide snapshots into CAR’s expertise in functional safety.
Simulating Safety in a Virtual Environment
As director of Ohio State’s Simulation Innovation and Modeling Center (SIMCenter), Shawn Midlam-Mohler, PhD, has a unique perspective on vehicle safety testing. “We evaluate the safety of the system from a design perspective,” says Midlam-Mohler. “We’re trying to understand what kind of failure modes could exist for this design, and how we can alleviate those failure modes through design changes.”
The associate professor of mechanical and aerospace engineering and CAR-affiliated faculty member and his team use industry practices to do software verification validation. “This virtual environment allows us to evaluate potentially dangerous test cases safely,” says Midlam-Mohler.
It’s a sophisticated simulation system that takes the computer that controls the vehicle, cuts the wires and extracts the controller, then hooks the wires up to another computer that emulates those signals. “The computer we’re testing doesn’t even know it’s not in a car, so we can play all kinds of neat tricks.”
Now that those techniques are fairly well understood on the powertrain side of things, Midlam-Mohler is turning his attention to automated vehicles. It’s a critical function, given the enormous amount of testing that needs to happen before an autonomous vehicle may be declared safe. “There needs to be a very strong virtual component to complement the testing you do physically. We’re talking about millions of miles of testing, and it’s not practical from an economic perspective to do all physical tests.”
Another big challenge? Creating a virtual world that puts autonomous vehicles through accurate tests. “We don’t have the right fidelity level yet,” says Midlam-Mohler. “We can’t create the physical world with 100 percent realism. That’s what my group is working on right now at SIMCenter and CAR. We’re hoping to put the tools and approaches out there so that we can have safe autonomous vehicles.”
Diagnosing Faults Early to Promote Safety
Through his decades-long career, CAR Director Giorgio Rizzoni’s research has centered on this critical question: How do you diagnose faults in automotive electronics in a systematic way, so that the engineers who design these functions can have confidence that they have considered all the possibilities that may affect the functional safety of the vehicle?
From the mid-1980s when Rizzoni first started diagnosing auto electronics to the late 1990s/early 2000s when he began diagnosis of brake- and steer-by-wire systems, to more recent work on unintended acceleration and automated vehicles—he has deep experience in the functional safety sphere. Says Rizzoni, “To achieve functional safety and security, one needs to have a systematic approach to conduct diagnostic tests in the vehicle, but also to think about how the result of diagnostic tests can be used to reconfigure the control systems to provide the intended level of safety.”
In his U.S. Department of Energy-funded research on preventing unintended acceleration in electrified powertrains, for example, Rizzoni and his team of graduate students conducted testing to detect faults in electronics systems that could potentially cause vehicles to accelerate on their own. From faulty commands from the accelerator pedal to the computer that opens the throttle, to transmission malfunctions that could cause a vehicle to reverse while stopped at a light, to faulty behavior of the electric drive system, “You can imagine the number of things that could go wrong,” notes Rizzoni.
To diagnose the potential problems, data collected in testing is fed through computer models of the system. “If my models predict something that is different from what is actually happening, this is the starting point for us; it raises a red flag,” says Rizzoni. “The important thing is diagnosis: determining what fault has taken place, and how you can correct it and fix it to operate safely in spite of the presence of that fault.”
Next up for Rizzoni? Diagnosing faults in vehicles that have a substantial degree of autonomy, such as shuttles that will operate autonomously. “Before we put on any passengers, can we do diagnostics to make sure everything related to the brakes, chassis, steering and handling can help us guarantee the vehicle is safe to operate? That’s what we’re working on now.”
New Lab Fends Off Cyber Attacks
CAR’s vehicle cyber security lab, run by Research Scientist Qadeer Ahmed, PhD, is the latest addition to CAR’s capabilities in this area, and already it’s gaining traction. That’s because the lab is working to address critical cyber threats to vehicle safety that are not yet well understood, such as how cyberattacks can affect powertrains’ safety, fuel economy and more.
The lab was created following a trip to the SAE Cyber Auto Challenge this past July. A group of three students applied and were accepted to participate in the challenge after meeting the pre-requisites, which included simulations of hacking events such as turning on vehicles’ lights and windshield wipers without the drivers’ permission. “The purpose of the challenge was to generate interest among the new generation of students,” says Ahmed. “When the students came back, we decided we needed to create a lab that would build on our existing tools and knowledge to have a very focused effort to find solutions.”
Now, Ahmed and an interdisciplinary team including one PhD student, one master’s student and six undergraduates are working on threat assessment and risk analysis—creating software and simulation tools to understand the threats posed and the risks associated with those threats. For example, says Ahmed, when an electric vehicle is charging there are potential safety issues. If a hacker were to alter the upper limit of the battery’s maximum permitted voltage, the battery could easily catch fire.
Autonomous vehicles are especially vulnerable to cyber threats. Hackers could change the vehicles’ controls that maintain safe distances during lane changes, obstacle avoidance or parallel parking—potentially leading to major safety hazards. The challenges with fleet vehicles, which share tremendous amounts of information through the cloud, are also very serious. With billions of dollars of freight on the line, as well as safety of drivers and those they share the roads with, there is a huge need for CAR’s lab to lead the way to functional safety.
“There are a lot of challenges in these areas, and at this point industry is looking at how to validate the cyber secured solutions,” says Ahmed. “At CAR we have great strength in cyber security and understand from the diagnostics point of view what can happen. There is a lot of opportunity for Ohio State to make a difference in this area.”
Thinking like a Hacker to Prevent Cyber Threats
Zhiqiang Lin, PhD, is not a hacker, but he has to think like one. The associate professor of computer science and engineering and CAR-affiliated faculty member is looking at computer security in vehicles—specifically how hackers can gain control of your vehicles by analyzing the software running in our cars and phones—and that requires him to think like one of the bad guys.
“We’re looking at this from a hacker’s point of view,” says Lin, who came to Ohio State last year from the University of Texas at Dallas. “We are academic hackers and we look for weaknesses in the vehicles and then fix them before being exploited.”
Along with a computer science and engineering PhD student, and undergraduate and external collaborators, Lin is working with software that impacts functional safety including apps from mobile phones. “Our objective right now is developing automatic tools to analyze the software that communicates with the vehicles, and understand how attackers or hackers could compromise the software to further damage the vehicles,” says Lin, whose research is funded by the National Science Foundation and U.S. Department of Defense. Currently his work focuses on the apps and software running in human-driven vehicles, but he hopes to one day have the bandwidth to work on safety in autonomous vehicles as well.
It’s a never-ending battle—but one he doesn’t tire of. “It’s always an arms race between hackers and defenders. My objective is always about going ahead of the hackers, uncovering the weaknesses of computer systems and proposing defenses. It’s our lifelong journey and we’re constantly evolving,” says Lin. “I keep telling my students, ‘One hundred years from now we’ll still be talking about cyber security.’ While each specific attack might be different, they have the same nature—exploiting the vulnerabilities in the computer systems as well as human beings. When vehicles are all connected, it is a huge challenge for security.”
Written by Alice Duncanson, Gifted Communications