On our website, we would like to use the services of third-party providers who help us improve our promotional offerings (marketing), evaluate the use of our website (performance) and adapt the website to your preferences (functionality). We need your consent for the use of these services; you can always revoke this consent. You can find information about the services and the chance to reject them under “User-defined.” You can find additional information in our Data Protection Policy.

1 - 5 March 2021 // DIGITAL

Welcome to embedded world Newsroom!

Safety and Security – Not only a Technical Challenge

Embedded systems are increasingly taking over complex control tasks that were previously reserved for humans. The topic of artificial intelligence in embedded systems whether microcontrollers, FPGA or dedicated hardware is gaining impressive momentum e.g. in the automotive sector. At the same time, connectivity and cloud services are key technologies for the exchange and processing of data generated in this process. The motto of the embedded world Conference 2020 "Connecting Embedded Intelligence" impressively underlines this trend.

What does this mean for development and technical management? While established process models and standards such as IEC61508 or ISO26262 are available for classic safety applications in the field of classic control application, which developers and project managers can use as a guide, the complex algorithms of the future will bring new challenges. The gap between what is technically possible and what is or should be allowed is currently widening rapidly.

For example, how can one certify a self-learning system that might behave differently depending on the "learning curve"? Due to the significantly higher complexity and dynamics of intelligent embedded systems, one will have to think about new methods and strategies in development and qualification, which will certainly result in a significantly increased effort, especially in the first projects. The following example shall illustrate this challenge.

While monitoring the wheel speed in an ABS/ESP system is still comparatively easy to implement, the correctness of a camera image for obstacle detection is much more complex to evaluate. The serious accident of a Tesla due to an unrecognized truck tarpaulin not long ago showed the dramatic effects such misinterpretations of data can have. How do dynamic variables such as weather, traffic situation and especially the driving style of non-autonomously navigating vehicles affect the algorithms? Can an algorithm that has learned its driving experience in the more relaxed environment of Columbus, Ohio transfer this experience to a dense urban scenario in New York or Mumbai? Or do we need a driving license for algorithms?

The example of autonomous driving also shows the exciting challenges for future software tests. The current standards require proof of sufficient test coverage. But when has a system sufficiently been tested? Especially when the functionality of a system depends more on the "learned" real data rather than on the implemented logic.

Current proposals go so far that only an AI system is capable of monitoring a safety-critical AI algorithm. The idea that Alexa or Siri can monitor a plane or an autonomously navigating vehicle in which I am currently sitting causes a certain uneasiness, at least for me. If humans alone cannot master the complexity of such systems (or do not want to master them for cost reasons, as current examples such as Boeing's MCAS system show), how can a man-made AI do it?

Besides these technical questions, additional and new challenges in terms of ethics and liability arise. Is an algorithm allowed to decide who a vehicle runs over in a dangerous situation and who it should avoid? While a car driver can invoke the so-called "decision emergency" in such a situation, this argumentation is rather ineffective with an intelligent algorithm. In the view of many lawyers, the responsibilities have not yet been conclusively clarified.

An even greater challenge is the area of information security. More and more embedded systems have an interface to the cloud, which can be used to parameterize and update the system. Especially with complex systems, these interfaces are absolutely necessary so that an update can be quickly installed in the event of an error. It is to be expected that such over-the-air updates will become even more important in future intelligent systems, as more and more errors can only be detected in the field.

In addition, there is a trend towards outsourcing computationally intensive tasks from the embedded system to the cloud and using the results of these computing operations to control critical components.

Unfortunately, these interfaces offer a possible target for hackers, who in the worst-case scenario can manipulate entire fleets or industrial plants. The situation becomes particularly critical if such an interface can be used to intervene in safety-critical functions.  This means that information security will have to be given a much higher priority in the future and security will be an essential architectural requirement right from the start.

Modern microcontrollers therefore increasingly offer hardware-based cryptography modules. With the help of these functions, security concepts can be developed for open intelligent systems making attacks more difficult and limiting the negative effects. However, current analyses show that such systems can only be considered secure for a few years until a weak point is found and exploited. Unfortunately, this usually happens faster than the lifetime of a product would require. At the same time, the first reports on quantum computers are appearing on the horizon, which may very quickly make today's security concepts look very old. Even if it is not to be expected that such hardware can be acquired by the hacker around the corner in the next few years especially in the area of industrial applications there are unfortunately also government institutions that do not always have only good intentions.

The following applies to both functional security and information security: both must be taken into account from the outset, making a system "secure" afterwards will not work.

embedded world Conference

This year, the topics of embedded safety and security will again be the focus of the embedded world Conference, taking place in Nuremberg from 25 to 27 February 2020. In a total of 26 lectures in four specialized sessions, experts will provide answers to the above questions over two whole days. The program of the embedded world Conference is available at: www.embedded-world.eu

Author: Prof. Dr. Peter Fromm, member of the steering board of embedded world Conference.

top