Master Thesis

In this thesis, the conception and implementation of a safety-critical gateway between the potentially conflicting communication systems FlexRay and CAN were examined in the context of the AUTOSAR architecture. Due to non-disclosure agreements with Bertrandt AG, the detailed results and source code cannot be published, but the following summary enables an insight into the technical challenges and solutions.

Project Context and Objective

The increasing networking of modern vehicles requires powerful gateways that transmit data loss-free and in real-time between different bus systems. The goal of this work was to develop a gateway that not only bridges the gap between the time-triggered FlexRay and the event-based CAN but also considers modern security aspects.

Technical Challenges

• Protocol Translation (FlexRay <-> CAN): Conversion of static FlexRay slots into dynamic CAN messages while maintaining strict latency requirements.
• Hardware Connection via SPI: A special hurdle was the control of the USB transceiver FTDI FT121 via the SPI interface, as specific low-level drivers had to be implemented for this.
• USB Configuration Interface: A possibility was created via the USB interface to dynamically influence the routing and mapping of messages.
• AUTOSAR Integration & Cost Optimization: Since there were no functional safety-critical requirements for this specific control unit, a commercial AUTOSAR OS was dispensed with for cost reasons. Instead, only the AUTOSAR BSW stack (Basic Software) was used.
• Bootloader Adjustments: The decision for an OS-less BSW environment required comprehensive adjustments to the processor startup and the bootloader to ensure stable operation.
• Security Layer: Integration of cryptographic methods (e.g., Message Authentication Codes - MACs) to secure the authenticity of messages, which was pioneering work in the field of automotive security at that time (2014).
• Resource Management: Implementation on an embedded target with limited computing power and memory, with a focus on efficient processing in the interrupt context.

Developed Solutions

1. Conception of a Hybrid Scheduling Method: To optimize timing behavior during the transition from FlexRay to CAN, a buffer management was developed that minimizes jitter.
2. Security Architecture: Establishing a “Chain of Trust” by verifying signed messages directly in the gateway stack to prevent replay attacks and man-in-the-middle attacks.
3. Performance Analysis: Execution of extensive load tests with residual bus simulations to prove the robustness of the gateway at maximum bus load.

The work was created during my time as a working student and master’s student at Bertrandt AG and laid the foundation for my deeper understanding of automotive networks and security architectures.

Note: The complete documentation of the master thesis is classified as confidential and is not available for public download.