SIGYN II 2009-2012
Partners and sub projects
Partners:
•
Volvo Cars
•
Alkit communication
•
SP
•
EIS by Semcon
•
Chalmers
•
Viktoriainstitutet
Sub projects:
1. Academy & Administration
2. Security cOncept and IT Architecture (SOTA)
3. Safety Analysis and concept for Diagnostics and software
Download (SADD)
4. TrAfic Control and Test car mAnagement (TACTA)
5. Connected car Impact on Repair shops and After sales (CIRA)
concepts for remote diagnostics and SWDL
SIGYN II Studies
with focus on Safety & Security
Remote asynchronous
Diagnostics & SWDL
Remote SWDL
task & result
Remote Diagnostic
task & result
Synchronous
remote session
Vehicle state of
health
Remote online
Diagnostics
Wireless
Diagnostics &
SWDL
Remote data
measurement task &
result
Safety and Security
concept cover all parts.
SIGYN II Safety Analysis
Vehicle diagnostics and software download has been performed during
decades in workshops with no or little concern of System Safety, so why start
considering System Safety in this project?
Because of the addition of the term ”Remote”
• Previously the diagnostic client was always physically attached to the
vehicle via the OBD-connector (and became de-attached before the
vehicle left the workshop)
• Soon the diagnostic client will be built into the vehicle (thus never deattached)
In addition, there will be occasions when the workshop mechanic have no
visual overview of the vehicle when performing remote diagnostics
Issuer: [Name] [CDS ID], [Organisation], [Name of Doc], Security Class: Proprietary
Date created: [YYYY-MM-DD]
3
Scope of analysis
Issues covered by the Safety analysis
1) Remote Diagnostics & SWDL
2) Local
3) Asynchronous
2) Remote
3) Synchronous
4) Vehicle user and the diagnostic operator are
part of the system under consideration.
What can be done with remote diagnostics?
Diagnostic Readout Services
• Are only able to readout information (signals, DTCs etc.) from the vehicle
• Does not affect ECUs operation
Diagnostic Control Services
• May write data affecting ANY vehicle function, overruling the vehicle user intention
• Has the ability to set the vehicle in programming mode (SWDL)
I.e. unexpected diagnostic control could in worst case manipulate brakes, turn-off
headlights etc. while the vehicle moves!  Functional safety has to be considered!
Issuer: [Name] [CDS ID], [Organisation], [Name of Doc], Security Class: Proprietary
Date created: [YYYY-MM-DD]
4
Conducting risk analysis
In SIGYN II different conventional methods, such as
FMECA/HAZOP/FTA, have been applied… 
Speed > 90 km/h
Vehicle parked
The conclusions are that there are risks both caused by potential system malfunction
and in normal operation, but the analysis becomes too extensive. A systematic
approach was applied where the analysis was subdivided into:
1. Safety Analysis in normal operation, SIGYN II analysis method developed
2. Hazard and risk Assessment ISO 26262
Issuer: [Name] [CDS ID], [Organisation], [Name of Doc], Security Class: Proprietary
Date created: [YYYY-MM-DD]
5
Analysis Result: Functional Safety
Concept (FSC)
Remote diagnostic services shall be classified as either safe or risk related
• NO restrictions applies for safe diagnostic services (readout or control)
• Risk related services can only be executed after the following conditions are fulfilled:
a) An initiation sequence is performed which secures that a vehicle user:
• Is present at the car (by action)
• Is informed about the
effects of the script/services
• Confirms consent and controls when
diagnostics start
b) Defined vehicle conditions are fulfilled:
• ‘Vehicle not moving’ is always a mandatory condition
• SWDL requires additional conditions than other diagnostics
The above applies only for vehicles that are not located in a designated area (e.g.
workshop or factory)
The vehicle user shall always be able to abort any ongoing remote diagnostics
Issuer: [Name] [CDS ID], [Organisation], [Name of Doc], Security Class: Proprietary
Date created: [YYYY-MM-DD]
6
Technical Safety Concept (TSC)
There are several different ways for implementing the FSC into a real vehicle. The
decision of which implementation to use must be based on deep knowledge of the
in-vehicle electric architecture and a cost/benefit estimation which has not been
within the scope of SIGYN II.
Different proposals of technical safety concepts regarding a general requirement
allocation were made, which all had more or less pros and cons.
The overall result of the safety analysis is a concept containing both methodologies
and proposals.
.
Issuer: [Name] [CDS ID], [Organisation], [Name of Doc], Security Class: Proprietary
Date created: [YYYY-MM-DD]
7
Road map Remote diagnostics &
SWDL
Remotedatacollectionandvisualization
SIGYN II Research 2009-2012
• AE Remote diagnostics
Remotedata
collection&
visualization
Frequency
Time on Task
AE projects for base technologies 2009-2011:
• WLAN (b/g/n) inc. Ethernet
• SWDL Next generation
Coming FFI application
Remote vehicle data
collection and visalization.
AE projects for base technologies 2011-2013:
• Make concepts remote (AE 2011-2013)
• Vehicle information security (AE 2011-2013)
TKO
2009
2010
Issuer: [Name] [CDS ID], [Organisation], [Name of Doc], Security Class: Proprietary
Date created: [YYYY-MM-DD]
AR
2011
2012
2013
SIGYN functions:
• Vehicle data collection
• Synchronous workshop diagnostics
• Vehicle data measurement & callibration
• Remote SWDL
• Remote online diagnostic read
out
• Vehicle state of Health
Security
concept
Safety
concept
• Remote SWDL
• Remote parameter settings and data measurement
• Remote online diagnostic control
Remote
Services
• Remote SWDL & parameter setting
campaign
1