Analog-Digital System Modeling for Electromagnetic Susceptibility Prediction

The thesis is focused on the noise susceptibility of communication networks. These analog-mixed signal systems operate in an electrically noisy environment, in presence of multiple equipments connected by means of long wiring. Every module communicates using a transceiver as an interface between the local digital signaling and the data transmission through the network. Hence, the performance of the IC transceiver when affected by disturbances is one of the main factors that guarantees the EM immunity of the whole equipment. The susceptibility to RF and transient disturbances is addressed at component level on a CAN transceiver as a test case, highlighting the IC features critical for noise immunity. A novel procedure is proposed for the IC modeling for mixed-signal immunity simulations of communication networks. The procedure is based on a gray-box approach, modeling IC ports with a physical circuit and the internal links with a behavioural block. The parameters are estimated from time and frequency domain measurements, allowing accurate and efficient reproduction of non-linear device switching behaviours. The effectiveness of the modeling process is verified by applying the proposed technique to a CAN transceiver, involved in a real immunity test on a data communication link. The obtained model is successfully implemented in a commercial solver to predict both the functional signals and the RF noise immunity at component level. The noise immunity at system level is then evaluated on a complete communication network, analyzing the results of several tests on a realistic CAN bus. After developing models for wires and injection probes, a noise immunity test in avionic environment is carried out in a simulation environment, observing good overall accuracy and efficiency

Estudo do impacto de transientes elétricos em protocolos de comunicação em sistemas embarcados

O aumento da complexidade e responsabilidade dos dispositivos embarcados nos veículos hoje, tem orientado os esforços no desenvolvimento de sistemas de controle para que estes sejam mais rápidos, precisos, robustos e principamente seguros. Com isso, estes dispositivos estão levando os protocolos de comunicação a um patamar inédito de exigência, tanto no quesito de capacidade como confiabilidade. Protocolos como CAN, CAN-FD e FlexRay entre outros, tem sido utilizados devido às suas características de segurança e a capacidade de atender aos requisitos temporais dos diversos circuitos embarcados. O desenvolvimento e utilização cada vez mais frequente de dispositivos focados em segurança, fazem com que a comunicação entre os diversos componentes destes dispositivos seja exigida ao máximo, levando à necessidade de respostas confiáveis ao extremo. Sistemas como freios ABS, suspensão ativa, frenagem autonoma de emergência, controle de velocidade e distância adaptativo, entre outros, que envolvem várias ECUs distribuídas ao longo do veículo, dispões de frações de segundo para a reação do sistema, entre o sinal de entrada e a atuação correspondente, demandando uma comunicação segura e tolerante à falhas. Os veículos hoje estão passando por grandes mudanças conceituais, trazendo cada vez mais elementos onde o funcionamento demanda mais energia das fontes de alimentação. Diversos sistemas existentes nos veículos geram ruídos como os Transientes Elétricos Rápidos, ou "Electric Fast Transient" (EFT), que estão presentes nas mais simples operações cotidianas do veículo, como ligar e desligar o farol, o ar condicionado, o limpador de para brisas, ou mesmo o acionamento de iluminação diurna (DRL), etc. Neste trabalho foram realizados diversos ensaios, utilizando ECUs com diferentes funções e protocolos, para identificar a susceptibilidade dos referidos sistemas e os protocolos à presença destes ruídos. Visando atender às normas IEC 62228 e a ISO26262, este trabalho demandou o projeto e construção de dois circuitos eletrônicos diferentes, um circuito observando os dados de tempos de subida e de descida (rise and fall time) dos pulsos de EFT, e outro observando a arquitetura do layout da placa de circuito impresso (PCB), as suas entradas, saídas, componentes, etc. Estes ensaios visaram identificar o quanto estes protocolos são suscetíveis à estes tipos de ruídos, utilizando métricas de análise baseadas nos tempos de latência e variação de jitter dos pacotes de comunicação.The increasing complexity and accountability of embedded devices in vehicles today has driven efforts to develop control systems to make them faster, accuratest, safest, robustest. Thus, these devices are taking communication protocols to an unprecedented level of demand, both in terms of capacity and reliability. Protocols such as CAN, CANFD and FlexRay among others have been used due to their safety characteristics and the ability to meet the time requirements of various embedded circuits. The increasing development and use of safety-focused devices, means that communication between the various components of these devices is required to the utmost, leading to the need for extremely reliable responses. Systems such as ABS brakes, active suspension, autonomous emergency braking, adaptative cruise control, among others, which involve various ECUs distributed throughout the vehicle, have milliseconds for system reaction, between input signal and concrete actuation, requiring safe and failure tolerant communication. Vehicles today are undergoing major conceptual changes, bringing more and more elements whose operation require more energy from power supplies. These systems generate noise such as "Electric Fast Transient" (EFT), which are present in the simplest daily operations of the vehicle, such as turning the headlight on, the air conditioner, the windscreen wiper, or even the daytime running light (DRL), etc. In this work several tests were carried out, using different ECUs with different functions and different protocols to identify the susceptibility of these systems and the protocols to these noises. In order to comply with IEC 62228 and ISO 26262 standards, this work required the design and construction of two different electronic circuits, one circuit observing the rise and fall time data of the EFT pulses, and the other observing the architecture of the printed circuit board (PCB) layout, its inputs and outputs, components, etc. These tests aimed to identify how susceptible these protocols are to these types of noise, using analysis metrics based on latency time and jitter variation of communication packets

From Attack to Defense: Toward Secure In-vehicle Networks

New security breaches in vehicles are emerging due to software-driven Electronic Control Units (ECUs) and wireless connectivity of modern vehicles. These trends have introduced more remote surfaces/endpoints that an adversary can exploit and, in the worst case, use to control the vehicle remotely. Researchers have demonstrated how vulnerabilities in remote endpoints can be exploited to compromise ECUs, access in-vehicle networks, and control vehicle maneuvers. To detect and prevent such vehicle cyber attacks, researchers have also developed and proposed numerous countermeasures (e.g., Intrusion Detection Systems and message authentication schemes). However, there still remain potentially critical attacks that existing defense schemes can neither detect/prevent nor consider. Moreover, existing defense schemes lack certain functionalities (e.g., identifying the message transmitter), thus not providing strong protection for safety-critical ECUs against in-vehicle network attacks. With all such unexplored and unresolved security issues, vehicles and drivers/passengers will remain insecure. This dissertation aims to fill this gap by 1) unveiling a new important and critical vulnerability applicable to several in-vehicle networks (including the Controller Area Network (CAN), the de-facto standard protocol), 2) proposing a new Intrusion Detection System (IDS) which can detect not only those attacks that have already been demonstrated or discussed in literature, but also those that are more acute and cannot be detected by state-of-the-art IDSes, 3) designing an attacker identification scheme that provides a swift pathway for forensic, isolation, security patch, etc., and 4) investigating what an adversary can achieve while the vehicle’s ignition is off. First, we unveil a new type of Denial-of-Service (DoS) attack called the bus-off attack that, ironically, exploits the error-handling scheme of in-vehicle networks. That is, their fault-confinement mechanism — which has been considered as one of their major advantages in providing fault-tolerance and robustness — is used as an attack vector. Next, we propose a new anomaly-based IDS that detects intrusions based on the extracted fingerprints of ECUs. Such a capability overcomes the deficiency of existing IDSes and thus detects a wide range of in-vehicle network attacks, including those existing schemes cannot. Then, we propose an attacker identification scheme that provides a swift pathway for forensic, isolation, and security patch. This is achieved by fingerprinting ECUs based on CAN voltage measurements. It takes advantage of the fact that voltage outputs of each ECU are slightly different from each other due to their differences in supply voltage, ground voltage, resistance values, etc. Lastly, we propose two new attack methods called the Battery-Drain and the Denial-of-Body-control attacks through which an adversary can disable parked vehicles with the ignition off. These attacks invalidate the conventional belief that vehicle cyber attacks are feasible and thus their defenses are required only when the vehicles ignition is on.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/144125/1/ktcho_1.pd

Analysis and Design of High Speed Serial Interfaces for Automotive Applications

The demand for an enriched end-user experience and increased performance in next generation electronic applications is never ending, and it is a common trend for a wide spectrum of applications owing to different markets, like computing, mobile communication and automotive. For this reason High Speed Serial Interface have become widespread components for nowadays electronics with a constant demand for power reduction and data rate increase. In the frame of gigabit serial systems, the work discussed in this thesis develops in two directions: on one hand, the aim is to support the continuous data rate increase with the development of novel link modeling approaches that will be employed for system level evaluation and as support in the design and characterization phases. On the other hand, the design considerations and challenges in the implementation of the transmitter, one of the most delicate blocks for the signal integrity performance of the link, are central. The first part of the activity regarding link performance predictions lead to the development of an enhanced statistical simulation approach, capable to account for the transmitter waveform shape in the ISI analysis, a characteristic that is missed by the available state-ofthe- art simulation approaches. The proposed approach has been extensively tested by comparison with traditional simulation approaches (Spice-like simulators) and validated against experimental characterization of a test system, with satisfactory results. The second part of the activity consists in the design of a high speed transmitter in a deeply scaled CMOS technology, spanning from the concept of the circuit, its implementation and characterization. Targets of the design are to achieve a data rate of 5 Gb/s with a minimum voltage swing of 800 mV, thus doubling the data rate of the current transmitter implementation, and reduce the power dissipation adopting a voltage mode architecture. The experimental characterization of the fabricated lot draws a twofold picture, with some of the performance figures showing a very good qualitative and quantitative agreement with pre-silicon simulations, and others revealing a poor performance level, especially for the eye diagram. Investigation of the root causes by the analysis of the physical silicon design, of the bonding scheme of the prototypes and of the pre-silicon simulations is reported. Guidelines for the redesign of the circuit are also given.Nel panorama delle applicazioni elettroniche il miglioramento delle performance di un prodotto da una generazione alla successiva ha lo scopo di offrire all\u2019utilizzatore finale nuove funzioni e migliorare quelle esistenti. Negli ultimi anni grazie al costante avanzamento della tecnologia integrata, si \ue8 assistito ad un enorme sviluppo della capacit\ue0 computazionale dei dispositivi in tutti i segmenti di mercato, quali ad esempio l\u2019information technology, la comunicazione mobile e l\u2019automotive. La conseguente necessit\ue0 di mettere in comunicazione dispostivi diversi all\u2019interno della stessa applicazione e di traferire grosse quantit\ue0 di dati ha provocato una capillare diffusione delle interfacce seriali ad alta velocit\ue0, o High Speed Serial Interfaces (HSSIs). La necessit\ue0 di ridurre il consumo di potenza e aumentare il bit rate per questo tipo di applicazioni \ue8 diventata dunque un ambito di ricerca di estremo interesse. Il lavoro discusso in questa tesi si colloca nell\u2019ambito della trasmissione di dati seriali a bit rate superiori ad 1Gb/s e si sviluppa in due direzioni: da un lato, a sostegno del continuo aumento del bit rate nelle nuove generazioni di interfacce, \ue8 stato affrontato lo sviluppo di nuovi approcci di modellazione del sistema, che possano essere impiegati nella valutazione delle prestazioni dell\u2019interfaccia e a supporto delle fasi di progettazione e di caratterizzazione. Dall\u2019altro lato, si \ue8 focalizzata l\u2019attenzione sulle sfide e sulle problematiche inerenti il progetto di uno dei blocchi pi\uf9 delicati per le prestazioni del sistema, il trasmettitore. La prima parte della tesi ha come oggetto lo sviluppo di un approccio di simulazione statistico innovativo, in grado di includere nell\u2019analisi degli effetti dell\u2019interferenza di intersimbolo anche la forma d\u2019onda prodotta all\u2019uscita del trasmettitore, una caratteristica che non \ue8 presente in altri approcci di simulazione proposti in letteratura. La tecnica proposta \ue8 ampiamente testata mediante il confronto con approcci di simulazione tradizionali (di tipo Spice) e mediante il confronto con la caratterizzazione sperimentale di un sistema di test, con risultati pienamente soddisfacenti. La seconda parte dell\u2019attivit\ue0 riguarda il progetto di un trasmettitore integrato high speed in tecnologia CMOS a 40nm e si estende dallo studio di fattibilit\ue0 del circuito fino alla sua realizzazione e caratterizzazione. Gli obiettivi riguardano il raggiungimento di un bit rate pari a 5 Gb/s, raddoppiando cos\uec il bit rate dell\u2019attuale implementazione, e di una tensione differenziale di uscita minima di 800mV (picco-picco) riducendo allo stesso tempo la potenza dissipata mediante l\u2019adozione di una architettura Voltage Mode. I risultati sperimentali ottenuti dal primo lotto fabbricato non delineano un quadro univoco: alcune performance mostrano un ottimo accordo qualitativo e quantitativo con le simulazioni pre-fabbricazione, mentre prestazioni non soddisfacenti sono state ottenute in particolare per il diagramma ad occhio. Grazie all\u2019analisi del layout del prototipo, del bonding tra silicio e package e delle simulazioni pre-fabbricazione \ue8 stato possibile risalire ai fattori responsabili del degrado delle prestazioni rispetto alla previsioni pre-fabbricazione, permettendo inoltre di delineare le linee guida da seguire nella futura progettazione di un nuovo prototipo

Elektromagnetische Verträglichkeit emv : Internationale Fachmesse und Kongress für Elektromagnetische Verträglichkeit : Düsseldorf, 11.-13.03.2014

Proceedings der EMV 2014

Proceedings EMV Kongress 2022 : Internationale Fachmesse und Kongress für Elektromagnetische Verträglichkeit

Proceedings der EMV 202

スイッチング電源のEMIに起因するCAN通信エラーの低減手法

東京都立大

Functional diversity with asymmetrically located comparison and its use for steering angle acquisition

Elektronik und Dutzende elektronische Steuereinheiten (ECUs) dominieren mittlerweile das Automobil und alle seine Funktionen. Ein Lenkwinkelsensormodul stellt beispielsweise verschiedensten Fahrzeugfunktionen die aktuelle Fahrtrichtung bereit. Fehlerbedingte Ausgabe falscher Winkel führt in einer verknüpften Assistenzfunktion mit eigenständiger Beeinflussung der Quer- und Längsdynamik des Fahrzeugs zu einem unvertretbaren Gefahrenrisiko. Zur Risikominderung werden sich bei Versagen gefährlich auswirkende Funktionalitäten gemäß der Norm ISO 26262 entwickelt. Dazu werden in dieser Norm unter anderem ein geeignetes Sicherheitskonzept und seine Anwendung gefordert. Um die höchste normgemäße Sicherheitsintegritätsstufe ASIL D zu erreichen, ist das altbewährte Sicherheitskonzept EGAS in aller Regel zu schwach, weil es nur ein nichtredundantes Rechnersystem (MC) vorsieht. Unter der Bedingung, ebenfalls mit einem einzigen MC auszukommen, wird zur Lösung dieses Problems ein neuartiges Sicherheitskonzept entwickelt. Es sieht vor, von MC berechnete Ausgangsgrößen funktionell diversitär auf redundante Sensorgrößen umzurechnen. Die im zweiten Sensorbaustein integrierte und damit asymmetrisch angeordnete Vergleichseinrichtung (AAV) stellt unabhängig von MC und für jeden einzelnen von MC erarbeiteten Funktions- und Ausgabewert die Integrität sowohl der Daten als auch der Rechner- und Sensorhardware sicher. Weiterhin vereinfacht dieser Aufbau den Verifikationsaufwand entscheidend, weil weder Sensoren noch umfangreiche MC-Software, sondern allein die Funktion der weit weniger komplexen AAV verifiziert werden muss. Die Beschränkung auf neben MC nur zwei weitere integrierte Schaltungen (ICs) stellt ebenfalls eine für die funktionale Sicherheit vorteilhafte Vereinfachung dar, denn zwei gleiche, jedoch funktionell diversitär erfassende Sensor-ICs verringern die Komplexität des neuen Konzepts auf das Notwendigste. Im Gegensatz zum EGAS-Konzept ist allmähliche Leistungsabsenkung sowie Notlauf einzelner Funktionalitäten möglich. Dies wird durch von Ende zu Ende abgesicherte Freigabe- bzw. Abschaltbotschaften erreicht, die AAV nach Vergleichen unabhängig von MC an die Aktorik sendet. Im konkreten Einsatz zur Lenkwinkelerfassung wird demonstriert, wie bzw. dass die höchsten normativen Anforderungen an die Hardwaresicherheitsintegrität für eine ECU mit nur einem Rechnersystem erfüllt werden. Anschließend wird in einer tiefgreifenden und umfassenden Bewertung der Sicherheitsintegrität in Systemen mit dem vorgestellten Sicherheitskonzept verallgemeinernd seine Eignung für Fahrzeugfunktionalitäten mit Sicherheitszielen bis ASIL D gezeigt und nachgewiesen

Construcción de una cámara semianecoica para test de componentes de automoción

En este trabajo fin de máster se presenta una solución al problema de la construcción de una cámara semianecoica para componentes de automoción, tratando de plasmar los requerimientos necesarios para construirla, un método para validarla y finalmente su puesta en marcha. Es un proyecto de ingeniería que se llevó a cabo entre 2017 y 2018 en la empresa Applus Laboratories, situada en Bellaterra (Barcelona).In this proyect, a solution is presented when building a semi-anechoic chamber for automotive components, trying to show the necessary requirements to build it, a method to validate it and finally its start-up. It was an engineering project that was carried out between 2017 and 2018 in the company Applus Laboratories, located in Bellaterra (Barcelona).Universidad de Sevilla. Máster Universitario en Electrónica, Tratamiento de Señal y Comunicacione

Fault-tolerant satellite computing with modern semiconductors

Miniaturized satellites enable a variety space missions which were in the past infeasible, impractical or uneconomical with traditionally-designed heavier spacecraft. Especially CubeSats can be launched and manufactured rapidly at low cost from commercial components, even in academic environments. However, due to their low reliability and brief lifetime, they are usually not considered suitable for life- and safety-critical services, complex multi-phased solar-system-exploration missions, and missions with a longer duration. Commercial electronics are key to satellite miniaturization, but also responsible for their low reliability: Until 2019, there existed no reliable or fault-tolerant computer architectures suitable for very small satellites. To overcome this deficit, a novel on-board-computer architecture is described in this thesis.Robustness is assured without resorting to radiation hardening, but through software measures implemented within a robust-by-design multiprocessor-system-on-chip. This fault-tolerant architecture is component-wise simple and can dynamically adapt to changing performance requirements throughout a mission. It can support graceful aging by exploiting FPGA-reconfiguration and mixed-criticality.  Experimentally, we achieve 1.94W power consumption at 300Mhz with a Xilinx Kintex Ultrascale+ proof-of-concept, which is well within the powerbudget range of current 2U CubeSats. To our knowledge, this is the first COTS-based, reproducible on-board-computer architecture that can offer strong fault coverage even for small CubeSats.European Space AgencyComputer Systems, Imagery and Medi