How to Meet Integration, Safety and Security Challenges in Autonomous Systems
Written by Andre Odermatt
May 3, 2018
Changes in the way we travel and the way merchandise is delivered are well underway as we are already becoming accustomed to Unmanned Aerial Vehicles (UAVs) and drones. Millions of drones were shipped in 2017 and there are now more than 770,000 registered drones in the US. (Registration is required for any drone over .55lbs.) UAVs have an increasingly dominant role beyond military applications. Self-driving cars are just around the corner but it doesn’t stop there. The flying car is no longer science fiction-- The aerospace company Vahana has already made its first flight of a single-person, vertical take-off and landing aircraft. A society where there is no need for drivers licenses and where subscriptions to transportation services replace personal vehicles is within reach.
As with all new technologies, there are challenges. The challenges of making autonomous systems secure and safe come from many directions. The safety requirements for UAVs in the air are different from self-driving cars, and different again for small photo drones. UAVs operating in a desert war zone may also have different requirements from an UAV in civilian airspace.So what technology is needed to develop autonomous systems and how is this different from the current systems?
- More sensors means more data. The human factor is replaced by sensors. Lidar, cameras and other task-specific sensors (e.g., lane sensors) replicate what the human eye sees. Lidar can produce gigabytes of data in a short amount of time. All of this data has to get to the right place at the right time for processing and decision making.
- In the future, external communication or system-to-system communication is needed. To improve safety and optimize traffic flows, there will be a need for Vehicle-to-Vehicle (V2V) communication.
- Vehicles will take advantage of smaller and more powerful computers to allow the vehicle to make decisions locally based on sensor information. When a self-driving car detects an object, it can’t wait for that data to go to the cloud before making a decision about what to do. The decision has to be made locally for real-time performance and reliability. This is why artificial Intelligence is becoming a key element of autonomous systems.
One thing that is common in all autonomous systems is effective connectivity. It is impossible to build an autonomous system without effective communication between components. The key is to get the right data to the right place at the right time. RTI Connext® is a connectivity framework based on the Data Distribution Service (DDS) for real-time systems, an Object Management Group (OMG) standard. DDS provides scalable, real-time, dependable, high-performance and interoperable data exchange using a publish-subscribe pattern. DDS perfectly addresses the needs of autonomous systems. DDS handles addressing, data marshalling, and de-marshalling if subscribers and publishers are on different platforms. DDS supports mechanisms that go beyond the basic publish-subscribe model. The key benefit is that applications that use DDS for their communications are decoupled using a data-centric approach where data is the interface between components. This is exactly what is needed in an autonomous system. The different components depend on getting the data they need. An autonomous system will resemble the diagram below:
All of the different system components connect to the databus. The databus is a virtual concept shared by all participating components. The databus is where components get the information they need and provide the information they produce to other components. New components can be added to the databus dynamically. The databus can even be split into different levels, for example, a local databus and external connectivity to the cloud.
Here is an example of a hierarchical databus for an autonomous system using the RTI Connext Databus:
As mentioned earlier, safety is an important requirement. Most of the functionality needed to build an autonomous system is built in software, and entirely bug-free software is not realistic. Software has to pass rigorous testing to make sure it is safe. For example, The FAA applies DO-178 as the document it uses for guidance to determine if software will perform reliably in an airborne system. Getting DO-178 certified is not only time consuming, it is also expensive. Certification can cost $100 per line of code. With autonomous systems it is important to use software components which have certification evidence, not only to keep costs down, but also to meet time-to-market requirements. RTI was the first supplier to release a safety-critical databus based on DDS.
Now that we have a safety certifiable connectivity framework in place, what about security? In current systems, security was not always a concern since there was no external communication. Cars already have sensors and connectivity inside the car. However, there was no – or very limited – connectivity to the outside. Once the door was closed and the car was driving, it was hard to hack into a car. The same with a plane. In order to hijack a plane, you have to get on the plane first and there are plenty of security measures in place to avoid that. This changes with autonomous systems. As we established earlier, communication to the outside will be needed for autonomous systems, which makes them more vulnerable. The safety of an autonomous system could be compromised by malicious hacking without the proper security measures in place.
The first thought is usually to use a secure link. We can use TLS for the external communication. However, if a hacker gets access to the secure link, the hacker can access all the data on that link. We need a better level of security. Like at your home, you don’t have a single key that gives access to everything. If a thief gets into the house, they don’t automatically have access to the safe or locked cabinets. A fine-grained level of security is needed for external communication. The DDS Security Standard offers distributed access control mechanisms dictating which data participants can publish or subscribe without a single point of vulnerability. This means unauthorized applications would be denied permission to publish commands to control braking or steering. Or, if data is compromised on the databus, the subscriber could cryptographically authenticate the message and discard anything that doesn’t match established policies. DDS and DDS Security provide the forward-looking flexibility needed to help connect and secure autonomous systems. Based on the OMG DDS Security specification, RTI Connext DDS Secure has built-in plugins for providing interoperable authentication, access control, cryptography and a logging topic. The beauty of the DDS Security standard is that security is configured; you do not have to change your code in order to make your system secure.
The future is here and it is an exciting future. The way we move around the world is changing and with the new challenges we will see new technologies emerge. With RTI Connext, we are ready to build the autonomous systems of the future.
This blog post highlights my recent presentation "Meeting Integration, Safety and Security Challenges in Autonomous Systems Software" at AUVSI Xponential.