Test instrumentation can help bullet-proof your communication equipment designed for next-generation vehicles.
The 5G rollout brings with it a host of real-time IoT capabilities to automotive designs. Use cases such as enhanced Mobile Broadband (eMBB, high-data-rate use cases for 4G LTE and 5G NR services that allows a high data rate across a wide coverage area) and Ultra-Reliable Low Latency Communication (URLLC) are empowering autonomous vehicles, infotainment systems and security programs. They are also allowing automobiles to leverage smart cities systems (V2N). These capabilities, however, create a new set of design verification hurdles for engineers. Cybersecurity is one such challenge threatening automotive designs that use 5G technologies. Prevention of attacks that can create dangerous scenarios in automotive and other mission-critical applications is a new design consideration for engineers developing components and systems.
Much of this concern is due to vulnerabilities caused by 5G’s complex architecture. Instead of using centralized hardware-based switching, 5G employs a software-defined network. This network employs virtualization functions that can be vulnerable from multiple points should someone gain control of the software. Other vulnerabilities arise because of the high bandwidth and large number of devices connecting to the network.
The flexibility of the 5G architectural approach enables use of efficient, interoperable multi-service pipelines within the core network. These transmission paths support virtual end-to-end network services through network slicing (Figure 1). Network slicing lets multiple logical networks run atop a shared physical network infrastructure. The slices occupying a single physical network are separated such that traffic and security breaches from one slice cannot interfere with another slice. Each slice has the bandwidth and quality of service (QoS) parameters necessary to support a specific class of service.
Network slicing supports advanced techniques such as URLLC and eMBB, as well as the traditional mobile voice and broadband services. It also benefits telematics control units (TCUs) used in autonomous vehicles. Furthermore, network slicing improves other Machine-to-Machine (M2M) connections used in infrastructure services for smart cities, smart grids, and smart roadways.
Though 5G networks benefit automotive designs, they introduce vulnerabilities at almost every layer of the network stack. Such security risks weren’t a concern with 4G LTE, but the air interface that connects 5G user equipment (UE) with base stations potentially lets cyber criminals inject malicious control signals. These malicious signals can potentially misdirect traffic, take control of vehicles, force disconnections, or induce critical system failures (Figure 2).
Relatively secure carrier networks will offload considerable 5G traffic to the less secure internet. Recognizing the potential for nefarious activity, 5G network architectures integrate several security features, including security edge protection proxy at the border of the Public Land Mobile Network (PLMN, a mobile wireless network using earth-based stations rather than satellites), enhanced privacy for the Subscription Permanent Identifier (SUPI, a string of decimal digits representing the Mobile Country Code and Mobile Network Code identifying the network operator), and a unified authentication framework that includes the Security Anchor Function (SEAF decides whether UE is authentic via what’s called an anchor key). To design secure UE, engineers must use components, software, and design practices that ensure compatibility and compliance with ABBA (basically a parameter signifying which security features are enabled), SEAF, and other security mechanisms defined in 3GPP TS 33.501.
Testing to ensure the UE complies with 5G network security requirements is vital to protect automotive systems. Engineers need a high degree of confidence that their products can resist compromise or corruption. Many UE manufacturers employ a Practical Security Testing process (Figure 3) to ensure product performance.
Figure 3. An efficient test environment can verify automotive TCUs through a 5G and 4G Internet connection. Using network simulators, the TCU can receive multiple IP addresses for various IP connections using numerous APNs that can include IP multimedia subsystem (IMS) servers for VoLTE/VoNR, T-put server for testing maximum IP throughput, and an internet gateway.
Practical Security Testing uses a network simulator such as a signaling tester or wireless communications test set. These tools serve as a base station to connect with the UE and a testing server that exercises the device using commercial or proprietary software. Functional security measurements are one of a series of tests necessary to verify the UE performs according to specification.
Similar to the general functional testing performed during design verification, testing for 5G automotive systems also focuses on security functions. Here, a network simulator typically exercises the UE with sequences created by a lab or a production server.
A powerful new generation of test and simulation equipment has been developed to address the specific security concerns associated with automotive designs. These systems can efficiently verify compliance with 3GPP by connecting with actual service servers. This lets comprehensive testing take place without the influence of an RF channel, as well as under specific network conditions. This approach can also reproduce bugs and cyber-attacks common in the field while the UE sits in the lab.
Efficient cyber-security testing requires flexible hardware with application-specific software. For example, mobility testing for E-UTRAN New Radio – Dual Connectivity (EN-DC is a way of enabling 5G services and data rates in a predominantly 4G network. UEs supporting EN-DC can connect simultaneously to LTE master nodes and 5G-NR secondary nodes.) Using this application-specific software, EN-DC mobility testing can take place without the need to create complicated scenarios. It simplifies the testing process while providing the flexibility for future tests as standards evolve.
Software lets you handle specific tests and levels of complexity. Use a base-station emulator to create an interactive test environment without complicated test scripts. They can support multi-system simulation of common actions such as, to name a few, cell selection/reselection, roaming, Single Radio Voice Call Continuity (SRVCC), a way of handing over Voice over (VoLTE) to 2G/3G networks. VoLTE uses LTE channels for phone calls rather than low-bandwidth voice channels and EPS fallback lets phones use the 5G core with NR, but the radio access network may trigger moving the phone to an internet service during call establishment. Such a system makes it possible to efficiently create a real-world environment to test UE for key functions for IMS (IP Multimedia Core Network Subsystem, a framework for delivering IP multimedia services) such as VoLTE , voice over 5G NR (VoNR), data communications, and messaging. All these tests can take place without forcing the operator to have an extensive understanding of the network protocol.
Using scripts, you can create your own test cases. You’ll need a deep knowledge of the protocol to write these low-level scripts such as writing test scripts using a ladder sequence with IMS protocol scripting. The benefits of this more complex approach include a higher level of flexibility and scalability.
You can also use software to capture IMS call flows from a live network and convert that data into a script, removing the need for the deep knowledge of the IMS protocol. This approach also lets you test IMS functions using carrier-specific IMS implementations.
Script software also gives engineers the ability to:
- Check user-specific abnormal tests and protocol checks at any message level.
- Conduct call processing of LTE for IMS development and evaluation.
- Test STIR/SHAKEN (Secure Telephone Identity Revisited and Signature-based Handling of Asserted information using toKENs, a framework for ensuring the authenticity of a given call) to prevent VoIP call spoofing from spammers.
- Have flexible support for evolving 5G core specification, such as Voice over NR (VoNR).
Dedicated software and network emulators verify the requirements of 5G use cases. For example, it’s more important to verify maximum throughput in eMBB on a 5G UE than on a 4G LTE device. Necessary tests include IP throughput performance and TCP/UDP/FTP. Tests must also support Carrier Aggregation (CA) with 2×2 or 4×4 multiple-input-multiple-output (MIMO) with up to 256QAM.
Engineers must also quantify power consumption and heat levels at maximum throughput to satisfy 3GPP standards. Software supports detailed settings related to the base station, packets communication state, UE Tx RF output, and power consumption.
Other functional tests for compliance include stress tests of the CPU and software at maximum throughput and tests of a device that supports dual SIM dual active (DSDA, where two SIM cards are constantly active). An example test would measure the UE as it simultaneously conducts 1,000 SMS messages, VoLTE, video streaming, and downloading a large file to measure how robust the software is and test for stack overflows.
Also critical for automotive designs is reject testing to see how a TCU responds in abnormal conditions and to duplicate field issues. Three types of reject testing include:
Cellular Signaling Message Reject — An example would be an attach reject with a specified reject cause code, and reject for a certain amount of time, a certain number of re-tries or on a certain cell.
IMS Message Reject — This is for testing abnormal situations with the IMS protocol to see how the TCU software responds.
APN Reject — For rejecting the connection when the TCU requests a certain APN name. (Access Point Name or APN is the name for the settings a phone reads to set up a connection to the gateway between the carrier’s cellular network and the public internet.)
Today’s hardware and software help create test environments that emulate real-world scenarios, letting you verify designs and ensure that systems comply with 3GPP security standards.