News Embedded · start a touchscreen-based Human Machine Interface (HMI) ap-plication, the starter kit is based on Clairitec’s 7’’ Resistive Intelligent Display (800x480 pix-els)

EmbeddedNews european

business press

www.eenewsembedded.com

November 2019

191023_TI20_EEMB_EU_Snipe.indd 1 10/1/19 5:19 PM

Sem

icon

duct

ors

Pass

ives

Elec

trom

echa

nica

lPo

wer

Circ

uit P

rote

ctio

nAu

tom

atio

nCo

nnec

tors

Inte

rcon

nect

Hype

rfas

tIo

TSw

itche

sRF

IDTM

R M

agne

tic S

enso

rsRF

Dire

ctio

nal C

oupl

ers

Bipo

lar D

igita

l Lat

chin

g Se

nsor

Logi

cD

igita

l Om

nipo

lar

Crys

tals

Augm

ente

d Re

ality

Eart

h-Fr

iend

ly D

ispl

ayEm

bedd

ed C

ellu

lar

IO-L

ink

Sole

noid

sPr

oxim

ity S

enso

rCa

paci

tive

Touc

hEm

bedd

ed C

ompu

ters

Ther

moc

oupl

e In

terf

ace

PIR

Sens

orSP

I Int

erfa

ceLi

near

Ultr

a Lo

w-P

ower

Nar

row

band

Mes

h-N

etw

orke

dVi

rtua

l Rea

lity

Keyf

obIs

olat

ors

MCU

sRF

Eva

luat

ion

Dev

Boa

rds

RF A

nten

nas

Axis

Tilt

Zett

abyt

e Er

aI2

CRo

botic

Pro

cess

Aut

omat

ion

Mic

rose

rvic

e Ar

chite

ctur

eRe

zenc

e Co

mpa

tible

XCVR

Imm

ersi

ve E

xper

ienc

eAr

ti� c

ial I

ntel

ligen

ceIn

tern

et o

f Thi

ngs

Na-

TECC

3D A

ltera

tion

Qua

ntum

Com

putin

gSh

unt S

ense

Touc

hles

sSm

art H

ome

Tech

nolo

gy5G

Mob

ileEn

ergy

Har

vest

ing

Mot

orD

ata

Acqu

isiti

on

Infr

ared

The

rmop

ileTr

iboe

lect

ricM

agne

tic P

ositi

onGe

stur

e Co

ntro

lIn

terc

onne

ctRe

cten

naCo

nnec

ted

Clou

dD

ecou

pled

Net

wor

kHy

brid

Env

elop

e-Tr

acki

ng S

igna

lRe

-Ent

rant

Lev

erag

ed D

esig

nEm

bedd

ed L

ogic

TEGs

Pass

ives

Logi

c Ec

o-Sy

stem

Third

-Ord

er S

enso

rCl

ock/

Tim

ing

Mem

ory

Filte

rsSo

CTh

erm

al M

anag

emen

tCl

ass-

G Am

pli�

erD

ecim

ated

Pow

er-E

f� ci

ency

Mic

row

ave

Blue

toot

hRe

mot

e Co

ntro

lFP

GA

DD

SBa

tter

ies

Beta

volta

ics

MiW

i Tra

nsce

iver

Nan

ogen

erat

ors

AMR

Recy

clin

g Ra

diow

aves

Ask

Rece

iver

Tran

sfor

mer

sSo

lar

Sens

or2-

Way

Rem

ote

Sim

plex

Tra

nsm

issi

onAD

CPo

tent

iom

eter

sIn

terf

ace

NFC

Freq

uenc

y Sy

nthe

size

rsO

scill

ator

sLo

w E

nerg

yPM

ICRe

lays

WPC

-Cer

ti� e

dSm

art D

evic

esCa

paci

tors

Elec

trom

echa

nica

lO

ptoi

sola

tors

ZigB

eeSe

mic

ondu

ctor

sEM

ITo

ols

Hard

war

eCa

ble

191023_YINN_EEEMB_EU.indd 1 10/2/19 3:11 PM

3 November 2019www.eenewsembedded.com EmbeddedNews

eeNews Europe

ReaderOf fer

Sem

icon

duct

ors

Pass

ives

Elec

trom

echa

nica

lPo

wer

Circ

uit P

rote

ctio

nAu

tom

atio

nCo

nnec

tors

Inte

rcon

nect

Hype

rfas

tIo

TSw

itche

sRF

IDTM

R M

agne

tic S

enso

rsRF

Dire

ctio

nal C

oupl

ers

Bipo

lar D

igita

l Lat

chin

g Se

nsor

Logi

cD

igita

l Om

nipo

lar

Crys

tals

Augm

ente

d Re

ality

Eart

h-Fr

iend

ly D

ispl

ayEm

bedd

ed C

ellu

lar

IO-L

ink

Sole

noid

sPr

oxim

ity S

enso

rCa

paci

tive

Touc

hEm

bedd

ed C

ompu

ters

Ther

moc

oupl

e In

terf

ace

PIR

Sens

orSP

I Int

erfa

ceLi

near

Ultr

a Lo

w-P

ower

Nar

row

band

Mes

h-N

etw

orke

dVi

rtua

l Rea

lity

Keyf

obIs

olat

ors

MCU

sRF

Eva

luat

ion

Dev

Boa

rds

RF A

nten

nas

Axis

Tilt

Zett

abyt

e Er

aI2

CRo

botic

Pro

cess

Aut

omat

ion

Mic

rose

rvic

e Ar

chite

ctur

eRe

zenc

e Co

mpa

tible

XCVR

Imm

ersi

ve E

xper

ienc

eAr

ti� c

ial I

ntel

ligen

ceIn

tern

et o

f Thi

ngs

Na-

TECC

3D A

ltera

tion

Qua

ntum

Com

putin

gSh

unt S

ense

Touc

hles

sSm

art H

ome

Tech

nolo

gy5G

Mob

ileEn

ergy

Har

vest

ing

Mot

orD

ata

Acqu

isiti

on

Infr

ared

The

rmop

ileTr

iboe

lect

ricM

agne

tic P

ositi

onGe

stur

e Co

ntro

lIn

terc

onne

ctRe

cten

naCo

nnec

ted

Clou

dD

ecou

pled

Net

wor

kHy

brid

Env

elop

e-Tr

acki

ng S

igna

lRe

-Ent

rant

Lev

erag

ed D

esig

nEm

bedd

ed L

ogic

TEGs

Pass

ives

Logi

c Ec

o-Sy

stem

Third

-Ord

er S

enso

rCl

ock/

Tim

ing

Mem

ory

Filte

rsSo

CTh

erm

al M

anag

emen

tCl

ass-

G Am

pli�

erD

ecim

ated

Pow

er-E

f� ci

ency

Mic

row

ave

Blue

toot

hRe

mot

e Co

ntro

lFP

GA

DD

SBa

tter

ies

Beta

volta

ics

MiW

i Tra

nsce

iver

Nan

ogen

erat

ors

AMR

Recy

clin

g Ra

diow

aves

Ask

Rece

iver

Tran

sfor

mer

sSo

lar

Sens

or2-

Way

Rem

ote

Sim

plex

Tra

nsm

issi

onAD

CPo

tent

iom

eter

sIn

terf

ace

NFC

Freq

uenc

y Sy

nthe

size

rsO

scill

ator

sLo

w E

nerg

yPM

ICRe

lays

WPC

-Cer

ti� e

dSm

art D

evic

esCa

paci

tors

Elec

trom

echa

nica

lO

ptoi

sola

tors

ZigB

eeSe

mic

ondu

ctor

sEM

ITo

ols

Hard

war

eCa

ble

191023_YINN_EEEMB_EU.indd 1 10/2/19 3:11 PM

Contents

Dear readers,

Welcome to the November edition of eeNews Embedded. This month we will focus on three different areas of electronics. The overriding theme of the issue is security. With so many devices connected today, and that number predicted to explode in the near future, the number of potential attack vectors for hackers has also increased dramatically. Almost every vendor is making efforts to plug these security holes, but at the same time, hackers are also finding new ways to gain access to systems. Inside the issue we look at different ways to secure distributed systems, while ensuring they are as future proofed as possible.

The other topics we look at inside the issue are medical and automotive electronics. Both areas will rely heavily on networks and therefore are susceptible to security breaches. The consequences of those breaches could be deadly, making securing them from attack the highest priority. Always-on functionality is also a requirement, giving designers further headaches. Inside, we’ll look at some of the latest technologies and techniques that will hopefully take some of that stress away.

Ally Winning

A 7’’ resistive touch interface, out-of-the-boxThis month, Clairitec is giving away three of its 7’’ Resis-tive Starter Kits (RS232-USB version), worth 370€ each, for eeNews Europe’s readers to win. Designed to help you quickly

start a touchscreen-based Human Machine Interface (HMI) ap-plication, the starter kit is based on Clairitec’s 7’’ Resistive Intelligent Display (800x480 pix-els) with an integrated HMI board and a metal protective cover. The display is EMC compli-ant and withstands

a temperature range from -20 to +70°C. The kit comes with all the required connecting cables, including a USB cable for

the communication with your PC, a USB stick and a USB/miniUSB adapter to upload the graphic charter to the display without a PC, interface casing with a RS232/CAN and power supply connector, and an USB to RS232 interface cable. The kit also ships with the Graph-Converter HMI software, allowing you to quickly and easily create a custom graphical user interface and to download it into the Clairitec module. A 12V power supply (international plug) com-pletes the offering so you can start out of the box.

Check the reader offer online at

www.eenewseurope.com

Page 4 - 5Making secure and reliable cars using separation and virtualisation techniques

Page 6 - 10Trusted Platform Modules provide security for e-mobility

Page 12 - 13Accurate vehicle position sensing

Page 14 - 15Reliability by design for event records in the transport sector

Page 16 - 18Advances in medical image processing

Page 19Products

EmbeddedNews

europeanbusiness presswww.eenewsembedded.com

November 2019

191023_TI20_EEMB_EU_Snipe.indd 1

10/1/19 5:19 PM

https://www.facebook.com/EENews-Europe-264480083592516/

4 November 2019 www.eenewsembedded.comEmbeddedNews

@eeNewsEurope

Security

Making secure and reliable cars using separation and virtualisation techniquesCarmelo Loiacono, Green Hills Software

The vehicle and mobility industry is dealing with the trend of bringing different electronic domains onto a single platform. This leads to the challenge of enabling applica-

tions with more strict security and safety requirements to work in a secure environment on a single platform. In addition, the increasingly interconnected nature of a vehicle’s control mod-ules means there is no safety without security. Security features must include not just physical access and protection of confi-dential information, but also critical safety systems.

Separation kernelsSeparation kernels offer advanced features to embedded systems software developers that need to: ensure that the heterogeneous software components are free from interference, protect the information flow and reinforce the car communi-cation system with respect to security and safety aspects. A well-designed separation kernel must ensure that errors within a process will not propagate through the whole system. This can be done by confining the writing space of the processes in a specific memory area. The separation kernel consist of “com-partments” named partitions in each of which runs a separate process. A process running on a partition can be composed of multiple tasks (threads). Inside the partition, separation is not guaranteed, whereas separation is ensured between different partitions.

The key benefits of the separation kernel are to:• Contain errors• Allow execution without interference of different critical pro-

cesses on a single hardware platform• Ensure confidentiality of sensitive data• Enable integration of new features without having to re-test the entire system

Operating systems, which do not use separation as the founda-tion can enter undefined states, result in deadlock and have a non-deterministic execution flow. This can have serious consequences on systems, especially in the automotive field. A separation kernel designed to be used in critical systems must always ensure that computational and memory resources are always available to each process running on a partition.

Another important property of security-oriented operating sys-tems is the ability to prevent denial-of-service attacks. Usually, such attacks are avoided by assigning a fixed amount of CPU and memory to each process. Moreover, the static allocation of resources in terms of time will ensure that each process is executed in a given time window. This preserves the integrity of the processes, avoiding execution outside of their temporal window.

The separation kernel, in the automotive field, is mainly used in digital cluster (or instrument cluster) applications. These are the digital version of the instrument panel of a car (speedom-eter, warning lights etc). The main requirements of this kind of applications are: real-time operation, safety, reliability, and

performance. Also, car manufacturers expect their cluster ap-plications to be available for use as quickly as possible, that is, have a very short boot time. Even though it can be challenging to have the whole digital cluster system available in a few mil-liseconds, it is possible to enable certain critical functions, such as the rear-view camera, in a very short time.

The microkernel architecture, introduced in some separation kernels, ensures that the kernel can easily be tested and veri-fied, in order to be free of bugs and security holes. In microker-nel architectures only basic services are part of the kernel: sup-port for communication between partitions (IPC), virtual memory management and scheduling. Other complex services are run inside the partitions, resulting in a more safe and reliable kernel. Figure 1 shows a separation architecture using a microkernel. Notice that some services, such as the file system management and device drivers, are running in user mode, in different parti-tions and independent from the microkernel, which implements only basic functions.

Another important aspect concerns the third-party certifica-tion of the separation kernel. A separation kernel certified for different fields (e.g. avionic, military, automotive) may be used in specific applications requiring high degrees of security and safety. The highest certification level for safety in the automotive industry is ISO 26262 ASIL D. In the following, we will show sys-tems with different criticality levels running on top of a separa-tion kernel (mixed-criticality systems).

VirtualisationThe virtualisation concept has recently been introduced in the automotive field to bring cluster and In-Vehicle-Infotainment (IVI) applications on to the same hardware platform. The IVI applica-tions are composed of hardware and software components that provide audio and video entertainment, such as radio, news, navigation systems, Bluetooth connectivity and WiFi.

In this context, we define virtualisation as the ability to run an

Figure 1 – Microkernel separation architecture

https://twitter.com/eenewseurope


eeNews Europe

operating system, called the guest, on top of another operating system, called the host. Virtualisation can be essentially:• Type 1 or bare metal, in which the functions of the host oper-

ating system are replaced by a software component called a hypervisor, that also allows the guest operating system to run;

• Type 2 or hosted, where the hypervisor is a normal user pro-cess on the host operating system.

Portable virtualisation infrastructure, with a flexible architecture to allow the management of the various hardware features avail-able on today’s microprocessors, maximises the use of hard-ware dedicated to the virtualisation.

Below we will see a variety of scenarios opened up by separa-tion and virtualisation technologies.

Mixed criticality systems Mixed criticality systems are those in which jobs are running with different security and safety requirements. Figure 2 shows an architecture where applications having different certification levels (some of them are not certified at all) are running on the same hardware platform. This type of architecture ensures that the execution of non-certified applications does not compro-mise the execution of certified ones. Moreover it guarantees that there is no interference between applications with differ-ent certification levels (freedom from interference). This can be achieved due to the separation properties offered by separation kernels.

As mentioned above, a new trend in the automotive industry is to combine cluster with In Vehicle Infotainment (IVI) ap-plications. These have very different security requirements.

Furthermore, today’s IVI applications are mainly run on a Linux distribution for embedded systems, such as Yocto. Using a well-designed separation kernel and virtualisation technology, it is possible to securely combine a cluster system with an IVI system on the same hardware platform, without performance loss. Figure 3 shows a scenario where some components of a cluster application are run on a CPU, such as an ARM Cortex-A with Memory Management Unit (MMU), and other cluster components are running on a less complex CPU, such as an ARM Cortex-M. The Cortex-M is running tasks that receive information on the car status. These tasks are actually software components running on the AUTOSAR operating system. Figure 3 also shows, on the Cortex-A side, an IVI system running on a Linux operating system for embedded platforms. In order to be executed within a separation kernel partition, the Linux operat-ing system needs to be controlled by a virtual machine monitor (VMM).

Although the main advance introduced by this scenario is the combination of cluster and IVI applications on the same platform, it is also possible to have some AUTOSAR software components running in a partition of the separation kernel, improving the scheduling flexibility.

To sum up, separation and virtualisation technologies open up new scenarios in the automotive world and improve the security of the whole system. In the future, with the increasing use of processors that support virtualisation technology, it will also be possible to take advantage of these technologies for powertrain applications in the automotive industry.www.ghs.com

Figure 2 – Separation architecture with mixed criticality systems

Figure 3 – Cluster and IVI applications running on the same hardware platform

Arm and Green Hills Software work on functional safetyGreen Hills Software has become a launch partner in Arm’s new Functional Safety Partnership Program.The collaboration between the two companies will help promote the avail-ability of Green Hills products, which have supported the Arm architecture for 12 years, and the hardware/soft-ware platform has become the base for safety-critical embedded systems for many applications, including

automobiles, building security, aircraft, surgical devices and industrial machinery and more.Arm assists customers to integrate functional safety through

a range of IP, design tools, support and involvement with international safety orga-nizations. Arm’s Functional Safety Partner-ship Program promotes partners such as Green Hills Software in the categories of Software and Tools, Design Services and Training Services.Green Hills Softwarewww.ghs.com



@eeNewsEurope

Trusted Platform Modules provide security for e-mobilityMartin Brunner, Infineon Technologies

The continued adoption of electric vehicles and the subse-quent electrification of the drivetrain have huge implica-tions on the entire industry. It is not appropriate to see

electricity as simply an alternative form of fuel for vehicles; it represents an entirely new paradigm in mobility.

E-mobility, as it is referred to, encompasses fundamental changes to the design, ownership and use of vehicles. For ex-ample: while autonomy is often held up as the prime use-case for connected cars, also the infrastructure required to support e-mobility dictates that vehicles become accessible in ways never before conceived. Therefore, while the industry is still developing solutions to implement automation levels 3 through to 5, the need for fully connected vehicles has already arrived with the electric car. The most apparent reason is perhaps the necessary interconnectivity between the vehicle and the charg-ing infrastructure now being put in place across towns and cities worldwide. Charging cars will be one of many examples in an era that sees vehicles as a service and communications hub.

Making security part of the architecture As a society, we are comfortable with accessing services and often assured by the (perhaps perceived) levels of security provided. The same is true in industry, where the concept of Platforms as a Service (PaaS) is already becoming the norm. Here, the use of security is implicit, established by special inter-est groups such as the Trusted Computing Group (TCG), whose standards are often adopted by committees and organiza-tions including the IEC and ISO. As vehicles turn into service platforms, car manufacturers must also explore the potential risks associated with increased connectivity and the solutions now available to them. The Trusted Platform Module (TPM) has emerged as the most appropriate form of delivering e-mobility in a secured way.

If e-mobility is to be successful, it needs to provide and main-tain an optimal and verifiable level of security for transactions between the vehicle and the charge point. The nature of an open market means that there will be many competing suppliers of charge points, but for the consumer this must not be allowed to become a barrier to adoption. This only escalates the chal-lenge, because this essential service now becomes a primary attack surface. The charging infrastructure must be able to sup-port the negotiation and communication between vehicles and charge stations, supplied and maintained by various manufac-turers and providers.

The vehicle as we perceive it has been a part of our lives for well over 100 years now and while its capabilities have of course changed immeasurably since the earliest examples, ultimately the ICE still operates in much the same way. The majority of developments made over the course of time have been aimed at improving fuel efficiency in what is essentially a closed system. Fuel is stored and consumed within the vehicle and the nature of liquid fuel means it has always been relatively simple to refuel.

Replacing liquid fuel with electric charge is clearly changing that. Fuel in the form of electricity is now effectively less regu-lated, as it is no longer necessary to obtain it from a licensed

Security

Reference architecture of a connected vehicle as a communications and service platform



eeNews Europe

supplier. Any electric vehicle owner can typically charge their vehicle from any electrical outlet, but in terms of scale it be-comes necessary to impose control with the fewest possible restrictions.

This combination of ease of access coupled with protection is very well established in the computing world and it is here the automotive industry is turning, in order to establish standards that can be applied to e-mobility. The Trusted Computing Group has driven the development and acceptance of the specification referred to as the Trusted Platform Module (TPM) to further the goal of protecting while still providing ease of access.

This specification is now being implemented using dedicated semiconductors by integrated device manufacturers, referred to as discrete TPMs to differentiate them from implementations that form part of another integrated device or are implemented purely in software; the TCG sees discrete TPMs as the most se-cure. If certified according to Common Criteria (ISO/IEC 15408) to its adopted standard defining TPMs (ISO/IEC 11889), devices that meet this specification are resistant to physical attacks and implement security features including authentication, encryption and cryptography that help secure connected systems using protected keys. TPM 2.0 is the latest iteration of the specifica-tion and it provides a more flexible approach to developing a solution.

Secured microcontrollers that comply with TPM 2.0 offer levels

of tamper-resistance that simply aren’t included in general purpose microcontrollers, developed in accordance with the use-cases being developed for e-mobility, for example charg-ing. One form of protection includes adding a root of trust to implement secured boot at power-up, which uses authentica-tion to verify that the code/data stored in an external memory hasn’t been tampered with before it is loaded into the proces-sor’s main memory. Other forms of intrusion include so-called ‘side-channel’ attacks, which exploit easily accessible informa-tion about the system to gain insights. This may include using non-invasive techniques, such as differential power analysis, which has been shown to be effective in the reconstruction of data. This is specifically important, since as there is physical ac-cess to both vehicle and charging station, physical attacks must be considered in the attacker model. As well as securing the access points in a connected vehicle, it will also be necessary to use a TPM to secure sensitive data generated by modern vehicles. This may include but is not limited to data attributed to vehicle operation and maintenance as well as data attributed to the driver or owner (containing Personally Identifiable Informa-tion (PII), accounting and billing details, etc.) whose integrity, authenticity – and in some cases also confidentiality and/or non-repudiation – needs to be protected.

The benefits of choosing a TPM based on a discrete secured microcontroller include protection against physical and logi-cal attacks, both malicious and those that may be benign but potentially disruptive.

Media partners

Fachmedium der Automatisierungstechnik

2ew20P Your e-code for free admission

embedded-world.de / voucher

Exhibition organizer

NürnbergMesse GmbHT +49 9 11 86 06-49 [email protected]

Conference organizer

WEKA FACHMEDIEN GmbHT +49 89 2 55 56-13 49 [email protected]

Nuremberg, Germany

25– 27.2.2020

@embedded_world #ew20 #futurestartshere

embedded-world.de/voucher

DISCOVER INNOVATIONSOver 1,000 companies and more than 30,000 visitors from 84

countries – this is where the embedded community comes together.

Don’t miss out! Get your free ticket today!

Your e-code for free admission: 2ew20P

ew20_190x136_GB_eeNews_Europe_BES.indd 1 10.10.19 14:48



@eeNewsEurope

The Microchip name and logo and the Microchip logo are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. All other trademarks are the property of their registered owners.© 2019 Microchip Technology Inc. All rights reserved. MEC2301A-ENG-09-19

Learn More at www.microchip.com/Medical-IoT

How Can You Get Your Next Medical Device to the Cloud?Tools to Secure and Connect Your IoT Medical Device Design

Give your next Internet of Things (IoT) medical device design a head start by using one of our many medical demo designs as a foundation to build your own product. Pairing these demo design files with one of our IoT development boards provides you with a complete roadmap and testing ground to get your device up and running in no time.

• Jump-start your product with demo design files covering multiple types of medical devices

• Pulse Oximeter Demo shows you how to measure heart rate and blood oxygen saturation

• Plug-and-play IoT development boards provide an easy and effective way to securely connect embedded medical applications to Cloud IoT Core platforms

Security

E-Mobility interfaces and reference architectureThe primary actors in the e-mobility charging infrastructure include the electric vehicle (EV) and the charge point, referred to as the Electric Vehicle Supply Equipment, or EVSE. Within the EV, an Electric Vehicle Communication Controller (EVCC) will negotiate with the Supply Equipment Communication Control-ler (SECC) over a connection compliant with the ISO/IEC 15118 specification.

Within the EV the EVCC will control the on-board charging circuit, provide feedback to the vehicle user through an HMI, and remain in close negotiation with the vehicle’s ECU(s). On the EVSE side, the SECC will negotiate with its own electric en-ergy meter and pass data generated by that to the paying unit, as well as have final control over the physical delivery of the electricity drawn by the EV. It will also typically feature an HMI to inform the vehicle user of each stage of the process.

At the interface of each of these discrete functions, it will be es-sential to provide security through state of the art cryptography to safeguard the user’s data and the infrastructure’s integrity.

Security implications There are numerous examples of how modern vehicles are be-ing compromised through new communication channels. Even technology provided by Third Parties intended to secure these valuable assets has shown to be susceptible to cyberattacks, allowing criminals to remotely take control of a vehicle, by disabling it even while the owner is driving the car. The poten-tial attack surfaces increase significantly when considering the e-mobility reference architecture and its various stakeholders, interfaces and communication paths, as outlined above.

When other forms of seemingly unrelated forms of communica-tion are included, such as a Bluetooth connection to the driver’s smart phone, or WiFi for the other occupants, it becomes clear that the potential security risks and attack points need to be routed through a central security ECU, equipped with hardware-assisted security, such as a TPM.

The process of charging an electric vehicle using a publicly ac-cessible charging point perfectly encapsulates the total threat associated with a connected society. The technical require-ments of such as system are already numerous, involving high power, highly efficient semiconductors and passive compo-

nents designed to handle hundreds of volts. In this respect, it will reshape the way vehicles are designed, but coupled with this are the requirements to be able to identify, authenticate and safeguard the information that will necessarily be passed between the vehicle and the infrastructure in order to facilitate public charging points.

The cryptography involved will need to protect not only the charging infrastructure but also the vehicles using it. At a sys-tem level, a charging station is an access port to the network, which could potentially allow access between any devices con-nected to the same network. In this respect the electric grid can be seen as the largest of all networks, access to which is not controlled by physical access. If it were a data center it would be protected from malicious intent by placing it within a secured building, surrounded by a security fence and surveillance system, along with human guards. When considered in this re-spect, it becomes clear that the requirement for highly secured systems within each vehicle accessing the grid is paramount.

As part of the ISO 15118 international standard comes the concept of Plug & Charge. Intended to be robust enough to withstand the immediate and future needs of e-mobility, it can be expressed as enabling a secured and convenient way of charging an electric vehicle, covering both wired and wireless charging technologies based on AC and DC subsystems.

At its core, Plug & Charge is intended to ensure confidentiality, data integrity and authenticity, and it achieves this through the algorithms defined by ISO 15118 for symmetric and asymmetric cryptography.

Symmetric cryptography describes the process of using a single key for both the encryption and decryption of information and it is one of the oldest known forms of cryptography. Any system that implements symmetric cryptography dictates that the sender and receiver must both agree on the single key used on both sides of the secured channel. This is used to achieve the confidential exchange of data in a Plug & Charge system.

Conversely, asymmetric cryptography uses two different keys; one for encryption and another for decryption, and this technique is used to provide data integrity and authentication within Plug & Charge. Asymmetric cryptography uses what is normally termed a Public key for encryption and a Private key for decryption. There is no intrinsic difference between the two keys, the term Public is applied because it is not critical that

Beside the vehicle itself and the charging infrastructure, e-mobility involves further entities.

When charging an electric vehicle the charging station becomes a hub to the energy grid.


The Microchip name and logo and the Microchip logo are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. All other trademarks are the property of their registered owners.© 2019 Microchip Technology Inc. All rights reserved. MEC2301A-ENG-09-19

Learn More at www.microchip.com/Medical-IoT

How Can You Get Your Next Medical Device to the Cloud?Tools to Secure and Connect Your IoT Medical Device Design

Give your next Internet of Things (IoT) medical device design a head start by using one of our many medical demo designs as a foundation to build your own product. Pairing these demo design files with one of our IoT development boards provides you with a complete roadmap and testing ground to get your device up and running in no time.

• Jump-start your product with demo design files covering multiple types of medical devices

• Pulse Oximeter Demo shows you how to measure heart rate and blood oxygen saturation

• Plug-and-play IoT development boards provide an easy and effective way to securely connect embedded medical applications to Cloud IoT Core platforms


@eeNewsEurope

Small Powerful Deployable

The Big Thing in

RFSoC is Here.(And it’s only 2.5 inches wide!)

Pentek’s Model 6001 FPGA board lets you quickly develop and deploy RFSoC technology, while optimizing your system for SWaP.

Mounted on your custom carrier or Pentek’s proven 3U VPX carrier, the new QuartzXM® comes pre-loaded with a full suite of IP modules, robust software,and fully integrated hardware — all geared to shorten time to market and reduce design risk.

And at only 4"x2.5", it can be deployed in extremely compact environments, including aircraft pods, unmanned vehicles, mast-mounted radars and more.

•QuartzXM eXpress Module speeds migration to custom form factors

•Powerful Zynq® Ultrascale+™ RFSoC with built-in wideband A/Ds, D/As & ARM processors

•Dual 100 GigE interfaces for extreme system connectivity

•Robust Factory-Installed IP for waveform generation, real-time data acquisition and more

•Board Resources include PCIe Gen.3 x8 and 16 GB DDR4 SDRAM

•Navigator® Design Suite BSP and FPGA design kit for seamless integration with Xilinx Vivado®

All this plus FREE lifetime applications support!

Pentek, Inc., One Park Way, Upper Saddle River, NJ 07458 Phone: 201-818-5900 • Fax: 201-818-5904 • email: [email protected] • www.pentek.comWorldwide Distribution & Support, Copyright © 2019 Pentek, Inc. Pentek, Quartz, QuartzXM and Navigator are trademarks of Pentek, Inc. Other trademarks are properties of their respective owners.

UnleashthePoweroftheRFSoC.DownloadtheFREEWhitePaper!www.pentek.com/go/eetrfsoc

QuartzXMBigThingAd_EETE.indd 1 3/29/2019 2:37:29 PM

Security

the key is kept secret. If the Public key is discovered it can be used to encrypt a message but it cannot be used to recover, or decrypt, the same message. In this respect only the Private key must be kept secret. Implemented as a tamper resistant, secured and certified microcontroller using advanced hardware security technology a TPM is able to securely store Private keys and it also includes a true random number generator in order to generate such cryptographic keys.

It is the nature of properly implemented asymmetric cryptogra-phy that a Private key cannot be derived from a Public key or the data it encrypts, and only the Private key associated to a certain Public key can be used to decrypt a message. In gen-eral, when implementing secured communications, plain text will be encrypted using a Public key and decrypted by a Private key, while this procedure is inverted for the process of authenti-cation using a digital signature. That is, only the Private key can be used for creating the signature while the associated Public key is used to verify the signature.

In a Plug & Charge application, asymmetric cryptography would be used to establish a secured connection, authenticated using digital signatures and allowing a common key to be agreed. At that point, symmetric cryptography can be used for all other message exchanges during the charging session. This is be-cause the computational effort required for asymmetric cryptog-raphy, which involves Elliptic Curve Diffie-Hellman algorithms, is high relative to symmetric cryptography, so the use of both forms of encryption provides the appropriate levels of security without becoming a processing burden.

The entire process is governed by the use of digital certificates, as outlined in ISO 15118 and based on a Public Key Infrastruc-

ture (PKI). This describes the way in which digital certificates are created, stored, distributed and eventually revoked by what is termed Certificate Authorities, or CAs.

The digital certificates used in Plug & Charge are used in the authentication and authorisation of the agents involved with the electric vehicle charging infrastructure, comprising the Charge Point Operator, the Certificate Provisioning Service (CPS), the Mobility Operator (MO) and the Car Manufacturer, or OEM.

In order to protect the authenticity of these entities involved in the EV charging infrastructure, the integrity of the thereby exchanged data and the confidentiality of sensitive informa-tion a tamper resistant, secured and certified microcontroller, such as one certified to TPM 2.0, is an essential building block to provide the security features needed to protect EV charging use cases and thus enable trusted e-mobility. The OPTIGA TPM SLI 9670 is Infineon Technologies’ AEC Q100 qualified Trusted Platform Module, based on a tamper resistant, secured and certified microcontroller. As a turnkey solution it is supplied with firmware compliant with TCG specifications and is designed for use in telematics control units, connected gateways and any ECU that requires strong security.

ConclusionAs EVs and the infrastructure needed to support e-mobility con-tinue to develop it is clear that the Trusted Platform Module will become an essential technology in its delivery. Through the use of TPMs both consumers and manufacturers can anticipate a safe and secure experience, as we as a society make the evolu-tionary step towards full electric and fully autonomous mobility.

www.infineon.com

Higher security and performance for cloud-connected devicesInfineon’s OPTIGA Trust M solution is intended to enhance the security of connected devices while improving overall system

perfor-mance.OPTIGA Trust M securely stores unique device credentials and assists cloud con-nection up to ten times

faster than software-only alternatives.Assets, including certificates and key pairs used to identify a device can be injected into chip at Infineon’s secured factory. This set-up minimizes design, integration and deployment effort by providing a cryptographic toolbox, protected I2C interface and open source code on GitHub. The high-end se-curity controller is certified according to CC EAL6+ (high) and provides advanced asymmetric cryptography. It has a lifetime of 20 years and can be securely updated in the field.Infineonwww.infineon.com/optiga-trust-m

Winbond and Karamba get together on embedded cybersecurityKaramba Security and Winbond will collaborate to enhance embedded software security in automotive and other con-

nected industries.The new part-nership will see Karamba offer enhanced hardware security using Winbond’s secure memories. The collaboration is intended to of-fer cybersecurity solutions using

Winbond’s TrustME secure Flash memories with Karamba’s embedded security policy. The range of secure memories combines a NOR flash manufacturing process and hardware security technology. The company’s offerings range from a se-cured EAL5+ Common Criteria certified Flash memory device to cost effective EAL2 and Arm PSA certified memories.Winbond’s secure memory with tamper resistance allows Karamba’s Runtime Integrity security to focus on perfor-mance, automatically hardening the full image of the connect-ed system and preventing modification of the factory settings.Karamba Security www.karambasecurity.com


Small Powerful Deployable

The Big Thing in

RFSoC is Here.(And it’s only 2.5 inches wide!)

Pentek’s Model 6001 FPGA board lets you quickly develop and deploy RFSoC technology, while optimizing your system for SWaP.

Mounted on your custom carrier or Pentek’s proven 3U VPX carrier, the new QuartzXM® comes pre-loaded with a full suite of IP modules, robust software,and fully integrated hardware — all geared to shorten time to market and reduce design risk.

And at only 4"x2.5", it can be deployed in extremely compact environments, including aircraft pods, unmanned vehicles, mast-mounted radars and more.

•QuartzXM eXpress Module speeds migration to custom form factors

•Powerful Zynq® Ultrascale+™ RFSoC with built-in wideband A/Ds, D/As & ARM processors

•Dual 100 GigE interfaces for extreme system connectivity

•Robust Factory-Installed IP for waveform generation, real-time data acquisition and more

•Board Resources include PCIe Gen.3 x8 and 16 GB DDR4 SDRAM

•Navigator® Design Suite BSP and FPGA design kit for seamless integration with Xilinx Vivado®

All this plus FREE lifetime applications support!

Pentek, Inc., One Park Way, Upper Saddle River, NJ 07458 Phone: 201-818-5900 • Fax: 201-818-5904 • email: [email protected] • www.pentek.comWorldwide Distribution & Support, Copyright © 2019 Pentek, Inc. Pentek, Quartz, QuartzXM and Navigator are trademarks of Pentek, Inc. Other trademarks are properties of their respective owners.

UnleashthePoweroftheRFSoC.DownloadtheFREEWhitePaper!www.pentek.com/go/eetrfsoc

QuartzXMBigThingAd_EETE.indd 1 3/29/2019 2:37:29 PM


@eeNewsEurope

Automotive

Accurate vehicle position sensingMark Patrick, Mouser Electronics

It seems beyond doubt that fully autonomous vehicles are go-ing to be an important part of our future society, and aspects of the core functionality that will enable this to happen are, to

some extent, already beginning to be featured in car models – with many of today’s vehicles having certain self-drive dimen-sions to them. Right now, technologies such as adaptive cruise control, lane monitoring and self-parking are all readily available, even on mid-range vehicles.

What all of these features rely on, and what will be fundamen-tal to future fully autonomous vehicle designs, is the ability to sense position and trajectory accurately at all times while the vehicle is being operated. The challenge for automotive design-ers lies in the phrase “at all times.” Technologies such as GPS have a huge installed base and are generally very accurate, but the signal on which GPS relies is not 100% guaranteed and can disappear in cities with tall buildings or during adverse weather conditions. While this is inconvenient for navigation, causing drivers to perhaps miss a turning, it could be catastrophic for vehicle control and positioning – leading to an accident and thus putting lives in danger.

Rather than relying solely on GPS technology, automobile engi-neering teams have begun to implement onboard technologies, such as light imaging detection and ranging (LiDAR). Already trialed on Uber’s fleet, LiDAR has some advantages over GPS. However, it still suffers from being easily confused when complex situations arise, such as in the heavy traffic found at intersections.

MEMS-based inertial navigationIn the search for a viable solution that will constantly provide an accurate position for the vehicle, designers are looking to inertial measurement mechanisms to provide a solution. Based on micro electro-mechanical system (MEMS) technology, inertial measurement uses accelerometers and gyroscopes to measure the movement of the vehicle and, through subsequent process-ing of that information, calculate a highly accurate position at all times.

As well as providing position information, these systems can detect the orientation of the vehicle, including whether it is posi-tioned on a level surface or not. Such details are highly valuable in autonomous driving – as they allow more/less torque or brak-ing force to be applied as necessary to drive or stop the vehicle in a fully controlled manner that assures stability is maintained.

While many onboard vehicle sensors are primarily silicon, some parameters such as force can only be measured mechanically. MEMS sensors incorporate highly miniaturised mechanical components that are combined with electronic devices using micro-fabrication techniques to form a fully integrated sensing system.

MEMS-based accelerometers typically include a mechanically suspended mass, similar to a pendulum, that is held in place by spring tension. As the vehicle moves, so does the mass, and this movement is then translated into an electronic signal – often using capacitive or piezo-electric technology. In many

vehicle applications, a single MEMS device contains a three-axis accelerometer, enabling acceleration to be measured in all three planes simultaneously.

In contrast to accelerometers that measure linear forces, gyro-scope sensors measure angular velocity in degrees per second (°/s) or in revolutions per second (rps), in order to give the speed of rotation. Combining this with a three-axis accelerometer to form an inertial measurement unit (IMU) gives a complete pic-ture of the vehicle’s movement – facilitating a number of comfort and safety functions, as well as accurate position reporting. If

an IMU detects that a vehicle is rotating suddenly about its axis, then electronic stability programs can apply power and/or brak-ing to specific wheels to return the vehicle to a stable trajectory, so that a potential accident is avoided.

In the event of an accident actually occurring, then the rapid change in acceleration from (for example) hitting another vehicle or a wall can be detected by the accelerometer and/or the gyroscope and measures taken to try to prevent a rollover. The rapid response of the system also allows automatic injury miti-gation procedures to be initiated, such as tensioning seatbelts or deploying airbags, almost instantaneously. Fuel and electrics can be shut off (thereby lessening the likelihood of fire), but not before the vehicle has made an automated call to first respond-ers giving its exact location and asking for help.

Design and selection considerations for IMUsGiven that MEMS-based accelerometers, gyroscopes and IMUs will be at the very center of life-critical onboard automotive systems, it becomes equally critical that designers select the correct device for each and every application. The most basic considerations relate to the type of device: Does the application need an accelerometer, a gyroscope or both integrated into an IMU? Should the accelerometer be a single-axis or three-axis type?

Key considerations from an electrical performance perspective

Figure 1: SCA3300 IMU from Murata.



eeNews Europe

are the measurement range, resolu-tion, linearity, stability, bandwidth and accuracy; all of these are impor-tant and must be considered in line with the needs of the application as they affect overall accuracy. Other parameters, such as any offset (output present at zero accelera-tion) and long-term drift, also need to be taken into account – although more sophisticated devices include calibration and signal-conditioning hardware so that the output signal is not affected.

While energy efficiency and fuel economy are major concerns in modern automotive applications, the power consumption of these de-vices is in the order of a milliamp or so, and therefore does not present an issue. However, given the high levels of electrical noise present in many modern automotive applica-tions, electro-magnetic interference (EMI) susceptibility should be care-fully considered, as it can affect operation and accuracy.

There are various environmental parameters to be contemplated too. Ambient temperatures can be elevated in vehicles, espe-cially in the confined spaces where sensors may be located, so the operating temperature levels that the sensor can support obviously need to reflect this. Designers should also pay atten-tion to the absolute maximum mechanical parameters, most notably values for shock and vibration resilience. The size and type of package offered is important to ensure that the device will fit in the available space and that it is compatible with modern automated manufacturing systems (pick-and-place and reflow soldering) in order to keep costs down and maximise reliability.

Another area that will need concentrating on is interfacing with the system. Some devices offer an analogue output, while others include an onboard analogue-to-digital converter and provide one of the popular interface types (such as SPI or I2C). Clearly this needs to align with the rest of the system hardware, to allow for easy integration. Knowing that the output signal can be relied on is key to avoiding potential catastrophes. Some inertial measurement devices offer integrated self-test, which provides a further level of assurance of the integrity of acquired data. Functionality of this type will be invaluable when systems come under the auspices of automotive safety integration level (ASIL).

Designers, particularly those less familiar with the technology, should also look at the device supplier and make themselves familiar with the support tools (both hardware and software) available for the device they are considering specifying. Useful design tools, such as evaluation kits and breakout boards, can significantly lessen design risk and time-to-market.

Current inertial measurement technologiesMurata’s SCA3300 is a high performance IMU based on a three-axis accelerometer that uses proven capacitive 3D-MEMS

technology. Optimised for automotive applications, it can measure up to ±6g at temperatures up to 125°C while consum-ing just 1mA. The output signal shows strong bias stability with low levels of noise, thereby providing accurate measurements. Designed, manufactured and tested to exhibit high stability, reli-ability and quality, this device includes advanced self-diagnosis features as standard. An onboard mixed-signal ASIC performs signal processing to the convenient and versatile digital SPI. Housed in a robust 12-pin molded SMD package that guaran-tees reliable operation, the SCA3300 occupies just 7.6mm x 3.3mm x 8.6mm.

Designed for high-end applications, the GYPRO MEMS gy-roscope from TDK measures the rate of angular movement around the z-axis (yaw). It provides a high accuracy 24-bit output via an SPI and offers stability better than 0.8°/hour with noise levels below 0.1°/√hour. An embedded temperature sen-sor allows for on-the-fly compensation, while a continuous self-test function assures a valid output at all times. There are mul-tiple variants available, covering data rates as high as 1800Hz and latencies as low as 1ms. Initial design support comes from a range of Arduino M0-compatible evaluation boards that help to simplify the prototyping process.

SummaryDependable and accurate sensing of movement and position is vital to the success of fully autonomous vehicles, and is impor-tant even in today’s ADAS-centric car models – where, in certain situations, driving is possible with only minimal human input. A new breed of MEMS-based accelerometers and gyroscopes are delivering the ruggedness, reliability and breadth of functionality needed for these demanding automotive applications. Through careful selection of the right device for the application criteria, supported by design tools from the chosen device manufac-turer, engineers are now able to deploy highly advanced inertial measurement systems quickly, and with confidence.

www.mouser.com

Figure 2: TDKs GYPRO MEMS.



@eeNewsEurope

Reliability by design for event records in the transport sectorSusan Heidrich, Hyperstone

In a world of growing cities and increased traffic, the com-plexity behind modern transport systems is growing, and so too are the safety requirements and standards that frame

them. The development and design of black boxes also known as event recorders and Juridical Recording Units (JRU) in the transport industry is an example where the sector has seen rap-id design advancements over the last decade. These advanced requirements and standards are a direct result of the growing demand for increased safety and the masses of data needed to ensure efficient optimisation.

Event recorders are vital to analysing the cause of accidents. In doing so, they record and collect data at set intervals to measure, analyse, validate and optimise trends and functional-ity. They are deployed in a range of environments, from deserts and snow fields to deep oceans and skies. Nowadays, more than ever before they are expected to be rugged and remain operational under all conditions for longer periods of time. The industrial requirements are getting stricter, and this in turn is fostering a deeper respect for the design process. Henry Royce once said, ‘small things make perfection, but perfection is no small thing’. This sentiment has never been truer than it is for the design of applications that guard our right to safety. Vehicle manufacturers, rail operators and passengers expect technol-ogy that they can rely on at all times, on a normal day as well as in an emergency.

There are hundreds of individual components that make up event recorders and while in a worst case scenario one loose screw could result in a damaged system, the most integral and complex component responsible for the efficient management of the ever growing strings of data being processed and stored on the memory is the flash memory controller.

Understanding use case and work loadThe flash memory controller’s design is demanding and diverse. Depending on where you source flash memory controllers for your design – there is a lot to consider and a lot of questions you should be asking. Flash memory controllers are the brains of NAND flash storage systems and like all brains, they have different capabilities and different IQs. Many companies invest in pre-designed modules and only realise after the fact that their devices are failing due to a workload their device cannot man-age. This approach may be understandable in consumer ap-plications where cost plays a crucial role in the design process, but for industrial solutions where safety, reliability and security are of upmost importance – understanding unique demanding workloads needs to be more than just an afterthought. By re-searching your workload in depth and discussing this with your controller company and system integrator, you can ensure your end product is tailored to your needs.

Event recorders and the standards that frame themEvent recorders have write intensive use cases. In other words, this means the flash memory controller is responsible for the

efficient processing of constant streams of data being written onto the flash memory. Significant amounts of data are col-lected from sensors and recorders on speed and traffic, steering angles, acceleration, deceleration, hazards and much more. The physical act of writing data onto a flash memory is very differ-ent to that of reading, and ultimately has a strong impact on the life expectancy of the flash memory. High quality, industrially designed flash memory controllers can be tailored to specific use cases and when researched one can see that coupled with certain flash memory types, the life expectancy of the storage systems can change from months to years or even years to decades. Write intensive work loads are one aspect that shape the design of event recorders; stringent requirements, quality standards and certifications are another.

Standards and certifications shape and act as the integral framework in defining design processes. Since the core goal of event recorders is to optimise safety and record all functionality, its standards are strict. Similar to flight data recorders on air-crafts, the task of recording data on the operations of controls and performance involves a complex data collection, which is guarded by predefined standards. Design regulations shift in different countries around the globe but generally speaking,

Automotive



eeNews Europe

event recorders must be fire resistant, shock resistant, resilient to static crushes, immersion in water and magnetic fields. While robust housing plays a main role in this, it is the flash memory controller that must also remain reliable and withstand the demanding requirements and environmental challenges such as extreme temperatures and vibration.

‘Disk-on-Board’ storage modules are ideal event recordersA rugged and ideal solution to avoid and best manage shock resistance in storage modules is by designing Disk-on-Board modules. This approach allows PCB design engineers to place the storage components (flash memory and the flash memory controller) onto the mainboard and remove the connector. This saves space and means the system is much less likely to have contact issues due to vibration. This is especially important in shaking transportation environments like those an event recorder must endure. Disk-on-Board has several advantages and less vibration and more shock resistance is just one of the many benefits. Companies can also choose exactly which type of flash memory is suited to their exact use case and identify and source the ideal flash memory controller which supports that workload. This allows companies to have a fixed Bill of Materials (BoM).

Sourcing the controller and memory directly guarantees com-panies have consistent access to the specified components. If a module vendor chooses to update a product with a new con-troller, new firmware, different flash or anything else, requalifica-tion becomes an issue many did not plan with. Disk-on-Board circumvents this problem leaving companies and design engi-neers in control, which is also an advantage for data recording applications and its special requirements.

Achieve reliability by designReliability as a concept is understood differently depending on requirements. Even though there are stringent standards fram-ing many design decisions, reliability by design comes from efficient trade-offs. There needs to be a firm plan and commu-nication on how the flash memory controllers firmware should

manage the flash under the specific use case. Undeniably an industrial requirement, companies need to ask themselves what exactly does my design need?

But true reliability is not achieved by testing, or binning it is achieved by a complex well thought out design. For example, Hyperstone’s FlashXE® ecosystem is a collective of features, mechanisms and complex processes aimed at increasing the reliability of flash memory. Hyperstone specialises in the design of industrially robust flash memory controllers and to achieve reliability by design, there are various state-of-the-art features implemented into different phases and design processes of the flash memory controller. Hyperstone controllers, in conjunc-tion with a comprehensive understanding of the use case allow companies to design stable robust storage solutions ideal for event recorders or other industrially demanding environments.

Event records are an integral part of modern transport systems. They are designed to optimise safe practices and provide in depth analysis in the event of an accident. Shaped by industrial standards, they are only as reliable as their weakest component which is why manufactures should give considerable thought to the exact demands of their unique use case and give a thought to a disk-on-board approach. High quality controllers with a flexible firmware are ideal for industrially demanding storage solutions.

www.hyperstone.com

FPGA MANAGER™ IP Solution One tool for all FPGA communications

Streaming, made simple.

Enclustra offers design services at all stages of development of an FPGA-based system, from high-speed hardware and HDL firmware to embedded software, and from specification and

implementation through to prototype production.

Our expertise spans a wide range of application areas, including: embedded processing, motion & drive control, vision, SDR,

test & measurement.

FPGA Design Center

MERCURY+ AA1Intel® Arria® 10 SoC Module

MERCURY+ XU9Xilinx® Zynq® UltraScale+™ SoC Module

Linux BSP and tool chain – Reference design – User schematics – PCB footprint – 3D-model

PCIe® Gen3

USB 3.0

Gigabit Ethernet

C/C++C#/.NET

MATLAB®FPGA

PCle®USB 3.0

Gigabit Ethernet

PCIe® Gen3

USB 3.0

Gigabit Ethernet

C/C++C#/.NET

MATLAB®FPGA

124.19EC.024 RZ Inserate AA1 und XU9 190x90.indd 1 04.07.19 13:05



@eeNewsEurope

Medical

Advances in medical image processingAnton Patyuchenko, Analog Devices, Inc.

Technological advancements achieved in medical imaging over the last century created unprecedented opportuni-ties for non-invasive diagnostic and established medical

imaging as an integral part of healthcare systems today. One of the major areas of innovation representing these advancements is the interdisciplinary field of medical image processing.

This field of rapid development deals with a broad number of processes ranging from raw data acquisition to digital image communication that underpin the complete data flow in modern medical imaging systems. Nowadays, these systems offer in-creasingly higher resolutions in spatial and intensity dimensions, as well as faster acquisition times resulting in an extensive amount of high quality raw image data that must be properly processed and interpreted to attain accurate diagnostic results.

Core areas of medical image processingThere are numerous con-cepts and approaches for structuring the field of medi-cal image processing that focus on different aspects of its core areas illustrated in Figure 1. These areas shape three major processes underlying this field—image formation, image computing, and image management.

The process of image forma-tion is comprised of data acquisition and image recon-struction steps, providing a solution to a mathematical in-verse problem. The purpose of image computing is to improve interpretability of the reconstructed image and extract clinically relevant information from it. Finally, image manage-ment deals with compression, archiving, retrieval, and commu-nication of the acquired images and derived information.

Data acquisitionThe first integral step in image formation is an acquisition of raw imaging data. It contains the original information about captured physical quantities describing internal aspects of the body. This information becomes the primary subject for all subsequent steps of image processing.

Different types of imaging modalities may utilise different physi-cal principles and thus involve detection of different physical quantities. For example, in digital radiography (DR) or com-puted tomography (CT), it is the energy of incident photons; in positron emission tomography (PET), it is the photons energy and their detection time; in magnetic resonance imaging (MRI), it is the parameters of a radio-frequency signal emitted by the excited atoms; and in ultrasonography, it is the parameters of the acoustic echoes.

However, regardless of the type of imaging modality, the data acquisition process can be subdivided into detection of a physi-cal quantity that also includes its conversion into an electrical signal, preconditioning of the acquired signal, and its digitisa-tion. A generic block diagram representing all these steps ap-plicable to most of the medical imaging modalities is schemati-cally depicted in Figure 2.

Image reconstructionImage reconstruction is a mathematical process of forming an image using the acquired raw data. For multidimensional imag-ing, this process also includes a combination of multiple data sets captured at different angles or different time steps. This part of medical image processing deals with inverse problems, which is a fundamental subject of the field. There are two pri-mary algorithms used to solve this type of problems—analytical and iterative.

Typical examples of analytical methods include filtered back-projection (FBP), widely used in tomography; Fourier transform (FT), particularly important in MRI; and delay and sum (DAS) beamforming, a technique which is integral to ultrasonography. These algorithms are elegant and efficient in terms of required processing power and computational time.

However, they are based on idealised models and thus have some distinctive limitations, including their inability to handle such complex factors as statistical properties of the measure-ment noise and physics of an imaging system.

Iterative algorithms overcome those limitations to enable signifi-cant improvement in insensitivity to noise and the capability to reconstruct an optimal image using incomplete raw data. Itera-tive methods typically use a system and statistical noise model to calculate projections based on the initial object model with assumed coefficients. The difference between the calculated projections and the original data defines new coefficients used to update the object model. This procedure is repeated using multiple iteration steps until a cost function, which maps the

Figure 1. Structural classification of the topic categories in medical image processing.



eeNews Europe

estimated and true values, is minimised—resulting in a conver-gence of the reconstruction process to the final image.There is a large variety of iterative methods including maximum likelihood expectation maximisation (MLEM), maximum a poste-riori (MAP), algebraic reconstruction (ARC) technique, and many others widely used across medical imaging modalities today.

Image computingImage computing deals with computational and mathematical methods operated on reconstructed imaging data to extract clinically relevant information. These methods are applied for enhancement, analysis, and visualisation of the imaging results.

EnhancementImage enhancement refines a transform representation of an image to improve interpretability of the contained informa-tion. Its methods can be subdivided into spatial and frequency domain techniques.

The spatial domain techniques operate directly on image pixels, which is particularly useful for contrast optimisation. These techniques typically rely on logarithmic, histogram, and power law transforms. The frequency domain methods use frequency transform and are best suited for smoothening and sharpening the images by applying different kinds of filters.

Utilisation of all these techniques allow for noise and inhomogeneity reduction, contrast optimisation, enhancement of edges, elimina-tion of artifacts, and improvement of other relevant properties that are crucial for the subsequent image analysis and its accurate interpretation.

AnalysisImage analysis is the central process in im-age computing that uses a broad variety of methods which can be grouped into three main categories: image segmentation, image regis-tration, and image quantification.

The image segmentation process partitions the image into meaningful contours of differ-ent anatomical structures. Image registration ensures correct alignment of multiple images, which is particularly important for analysis of temporal changes or a combination of images acquired using different modalities. The process of quantifica-tion determines properties of the identified structures such as volume, diameter, composition, and other relevant anatomical or physiological information. All these processes have a direct impact on the inspection quality of the imaging data and the accuracy level of medical findings.

VisualisationThe visualisation process renders the image data to visually represent anatomical and physiological imaging information in a specific form over defined dimensions. Through direct interac-tion with data, the visualisation can be performed both at the initial and intermediate phases of imaging analysis—for in-stance, to assist segmentation and registration processes, and at the final stage to display the refined results.

Image managementThe final part of medical image processing deals with manage-

ment of the acquired information and encompasses various techniques for storage, retrieval, and communication of image data. There are several standards and technologies developed to address various aspects of image management. For exam-ple, the medical imaging technology picture archiving and com-munication system (PACS) provides economical storage and access to images from multiple modalities and the digital imag-ing and communication medicine (DICOM) standard is used for storing and transmitting medical images. Special techniques for image compression and streaming provide efficient realisation of these tasks.

Challenges and trendsMedical imaging is a relatively conservative field where the transition from research to clinical applications may often take more than a decade. However, its complex nature embraces multifaceted challenges on all fronts of its constituent scientific disciplines, which steadily drives continuous developments of novel approaches. These developments represent major trends that can be identified across the core areas of medical image processing today.

The area of image acquisition benefits from innovative hardware technologies developed to enhance the raw data quality and

enrich their informational content. Integrated front-end solu-tions enable faster scan times, finer resolutions, and advanced architectures such as ultrasound/mammography, CT/PET, or PET/MRI combo systems.

Fast and efficient iterative algorithms are increasingly used for the image reconstruction replacing analytical methods. They enable dramatic image quality improvement in PET, X-ray dose reduction in CT, and compressed sensing in MRI. Data-driven signal models are replacing human-defined models to provide better solutions to inverse problems based on limited or noisy data. The main research areas representing the trends and challenges in image reconstruction include modeling of system physics and development of signal models, optimisation algo-rithms, and methods for image quality assessment.

As the imaging hardware captures ever-increasing amounts of data and the algorithms become more complex there is a strong need for more efficient computational technologies. This is a great challenge addressed by more powerful graphical proces-sors and multiprocessing techniques that enable a completely

Figure 2. Generic block diagram of the data acquisition process.



@eeNewsEurope

Medical

new scale of opportunities for transitioning from research to applications.The major trends and challenges associ-ated with this transition in image comput-ing and image management encompass numerous topics, some of which are presented in 3.

Continuous developments resulting in novel technologies associated with all these topics narrow the gap between the research and clinical applications and foster the integration of the field of medi-cal image processing into the physicians’ workflow to ensure more accurate and more reliable imaging results than ever before.

Analog Devices offers diverse solutions addressing the most demanding require-ments of medical imaging imposed on the data acquisition electronics design in terms of dynamic range, resolution, accuracy, linearity, and noise. Here are a few examples of such solutions developed to ensure the highest level of initial quality of raw imaging data.

A highly integrated analogue front-end ADAS1256 with 256-channels is designed specifically for DR applications. Mul-tichannel data acquisition systems ADAS1135 and ADAS1134 with excellent linearity performance maximise image quality in CT applications. Multichannel ADCs AD9228, AD9637, AD9219, and AD9212 are optimised for outstanding dynamic perfor-mance and low power to meet PET requirements. A pipelined ADC AD9656 offers outstanding dynamic and low power performance for MRI. An integrated receiver front-end AD9671

is designed for low cost and low power medical ultrasound ap-plications where a small package size is critical.

ConclusionMedical image processing is a highly complex, interdisciplinary field comprising numerous scientific disciplines ranging from mathematics and computer science to physics and medicine. This article is an attempt to present a simplified but well-structured framework of core areas representing this field with their major subjects, trends, and challenges. Among them is the process of data acquisition being the first and one of the most important areas that defines the initial quality level of raw data used in all subsequent stages of the medical image processing framework.

www.analog.com

Figure 3. Example of major trend topics in medical image computing today.

Infrared detectors for healthcare marketsADE Technology will use Lynred’s thermal sensors to de-velop new systems for emerging applications in Taiwan, from medical care and assisted living for the elderly to livestock

managementLynred announces it has secured a large volume contract for its 80×80 infrared detectors from ADE Technology Inc., an advanced technology integrator. This is the first time that Lynred has signed with the Taiwan-based company, a provider of

fully off-the-shelf or tailored solutions for security, healthcare, farming management and residential markets.ADE Technology will integrate high volumes of infrared detec-tors from Lynred, with the aim of developing for the market a first-of-its-kind system. This system will be designed with multi-sensors, including thermal imagery, that can monitor and display real-time data on vital signs in applications for the medical care of people and animals.ADE Technology www.lynred.comwww.ade.tw

Real-time clock for wearables draws under 180nAMore than 35 percent smaller than the tiniest RTC alterna-tives, the MAX31341B nanoPower real-time clock (RTC) from

Maxim Integrated Products oper-ates at less than 180nA.The 2x1.5mm device offloads the central microcon-troller from time-keeping, allowing for greater energy savings during

sleep cycles and extension of battery runtime in wearables and portable equipment. The IC is designed to remain on dur-ing dormant periods, providing timekeeping so that the micro-controller shuts down to preserve power and extend battery life. Available in an ultra-small wafer-level package, the chip minimizes external circuitry by incorporating features such as integrated load cap, trickle charger, power management and 64-byte RAM. It offers accurate time-keeping up to 100ppm accuracy over the -40 to +85ºC temperature range.Maxim Integrated www.maximintegrated.com



eeNews Europe

Products

New congatec SMARC module with NXP i.MX 8M Mini processorThe conga-SMX8-Mini offers higher performance at significant-ly fewer watts due to the new 14nm FinFET structure.

congatec introduces a new SMARC 2.0 Computer-on-Module with NXP i.MX 8M Mini processor. The conga-SMX8-Mini offers higher performance at signifi-cantly fewer watts due to the new 14nm FinFET

structure. The module also offers 3D graphics with full-HD res-olution. The new SMARC 2.0 platform is ideal for established markets – such as industrial and medical HMIs, kiosk, vending and infotainment systems – as well as new markets, including situational awareness, machine learning or voice controlled and video enabled residential gateway devices. For mobile and transportation applications, the new SMARC modules offer extended temperature support from -40°C to 85°C and an extended longevity of up to 15 years. Smart vision-based applications benefit from the hardware-accelerated MIPI CSI-2 camera interface.The new SMARC modules with NXP i.MX 8M Mini processor are application-ready sub systems that come with a compre-hensive ecosystem including ready-to-go boot loader imple-mentation, pre-qualified Linux, Yocto and Android BSPs and fully featured evaluation carrier boards. congatec’s personal integration support and broad range of individually selectable technical services significantly simplify the integration of this new NXP processor for custom.congatec www.congatec.com

World’s smallest medical grade FIR sensorMelexis has announced what the company claims is the world’s smallest medical grade FIR sensor, available in a sur-face mount package for a variety of applications

These applications include wearables and, in particu-lar, hearables and clinical point-of-care applications.MLX90632 is based upon Melexis’ established far infrared (FIR) technol-ogy that is based on all objects emitting heat radiation. Miniaturized

far-infrared sensors can be sensitive to thermal disturbances, but MLX90632 mitigates this through compensation algorithms to deliver high levels of thermal stability. The medical-grade MLX90632 has been optimized for the normal human body temperature range, where it offers medical-grade accuracy of ±0.2°C.The device comes in a 3x3x1mm QFN package, which inte-grates the sensor element, signal processing, digital interface and optics.Melexiswww.melexis.com

Rutronik adds Recom 2W DC/DC converters for medical useRutronik has added the new Recom REM2 series modular 2W DC/DC converters with full medical certification.

In a small SIP8 package (23.0 x 8.0 x 12.2mm) and with many variants, the series provides flexibility in PCB layout design. The REM2 series offers a choice of input voltage ranges, common output voltages and single or dual outputs.

The 2W DC/DC converters have reinforced isolation of 5.2kVDC/1 minute,and also 2MOPP (Means of Patient Protec-tion) at 250VAC at 5.000m. Input voltages from 3.3 to 24VDC and output voltages between ±3.3 and ±12VDC are feasible. At a 20MHz bandwidth the output voltage fluctuates by 150mVp-p at most.The converters have an operating temperature range of -40°C to +80°C, and provide up to 85% efficiency with no derating. At 50% maximum load, they can be used at an operating temper-ature of up to +95°C. At +25°C the REM2 series has an MTBF (Meantime between Failure) of 12900x103 hours, at +80°C it is 5300x103 hours.The REM2 series is compliant to class A/B EMC and 60601-1-2 (4th ed.) medical EMC using a simple external LC filter and is certified to CB, IEC/EN and ANSI/AAMI 60601-1 (3rd ed.) medi-cal safety standards. It comes with a warranty of five years.Rutronikhttps://rutronik.com/rem2

VxWorks now IEC 62304 compliant for medical useWind River has announced that the latest release of VxWorks Cert Edition is compliant to the IEC 62304 medical standard.

The RTOS now has a suite of safety certification evidence for automotive, avionics, industrial, and medical use.The medical certification was assessed by TÜV SÜD for applications requiring up to IEC 62304 - Class C compliance for “Medical device soft-ware – Software life cycle processes.” The COTS software with the associ-ated evidence package,

is designed for safety-critical medical devices, helping manu-facturers reduce or even eliminate the validation efforts around “SOUP” (Software of Unknown Provenance).Wind Riverwww.windriver.com/markets/medical/


europeanbusiness press

EmbeddedNews

ANALOGNews

AUTOMOTIVENews

LED LIGHTINGNews

POWER MANAGEMENTNews

TEST & MEASUREMENTNews

EUROPENews

RF - Microwave

MW

subscribe to our newsletters

www.eenewseurope.com/newsletters

NEWSLETTERS

up to date

Make sure

youget

the

information

you need

House Ad 2017 (Embedde).indd 1 4/09/18 16:51

Documents

News Embedded · start a touchscreen-based Human Machine Interface (HMI) ap-plication, the starter kit is based on Clairitec’s 7’’ Resistive Intelligent Display (800x480 pix-els)