Revolutionising Connectivity: Over-the-Air solutions

Introduction

In today’s fast-paced digital landscape, technology is constantly evolving. Whether it’s a smartphone, a connected car, or a smart home device, staying up to date with the latest software and firmware is essential for security, functionality, and user experience. Over-the-Air (OTA) update solutions have emerged as a game-changing innovation to simplify and streamline the process of updating embedded systems and devices wirelessly, without requiring physical interventions. In this blog post, we will explore what OTA updates are, examine the challenges and advantages they offer, and then delve into how Amazon Web Services (AWS) cloud services can be leveraged to address these challenges effectively.

Challenges of OTA Updates

While OTA updates provide numerous benefits, they come with their fair share of challenges. One of the primary concerns is security. Transmitting software updates over the air can be a security risk, as malicious actors might intercept and tamper with the data. Ensuring the integrity and authenticity of updates is a critical challenge. Moreover, managing and coordinating updates for a vast array of devices, each with its own unique hardware and software configurations, can be complex. Compatibility issues, network connectivity, and device constraints are also hurdles to overcome. Additionally, OTA updates require robust testing to minimise the risk of errors that could disrupt device functionality or even lead to a bricked device.

Advantages of OTA Updates

Despite the challenges, OTA updates offer a plethora of advantages that make them an indispensable tool in the world of connected devices. First and foremost, they provide a convenient and hassle-free way to keep devices up to date. This is particularly valuable in sectors such as automotive, where safety-critical systems must remain current. OTA updates can enhance device performance, add new features, and patch vulnerabilities. By enabling remote updates, they reduce the need for costly and time-consuming recalls, which benefits both manufacturers and end-users. Furthermore, OTA updates can reduce the environmental impact of electronic waste by extending the lifespan of devices, as users can keep their gadgets up to date without the need for replacements.

OTA Platform Architecture

Generic Architectural components

The OTA update functionality is just a feature of a bigger IoT platform. Those platforms typically consists of several key components and modules that work together to facilitate the device management, connectivity, data processing, and application development for a network of IoT devices. All those components are out of scope for this blog post and from now on the term OTA Platform will specifically refer to the collection of components within a larger IoT platform that specifically implements the OTA feature.

While specific implementations may vary, here’s a high-level (and very simplified) overview of an OTA platform architecture:

OTA platform‘s main components — Icons from Flaticon

Let’s dive a bit deeper on the main components:

Off-board Components

• Device Management and Registry: This module is responsible for registering and managing all the connected devices in the OTA ecosystem. It includes features like device identification, metadata storage, and device grouping.
• OTA Server: This core module manages the entire update process. It includes features like campaign management, device targeting, update scheduling, and update job tracking. It coordinates the delivery of updates to devices and monitors their progress.
• Package Repository: OTA updates are stored in a secure repository. This repository holds the update packages, which are digitally signed to verify their authenticity and integrity. Additional access policies are usually enforced to allow only authorized and targeted devices to download a specific package.
• User Interface: The OTA platform often includes a user interface for administrators. Campaign managers or Operation teams can manage campaigns and monitor the status of updates.

On-board Components

• Device-Side Agent: On the device side, an OTA agent or client software is responsible for communicating with the OTA Server. It downloads update packages, verifies their authenticity, and installs updates when conditions are met (e.g., when the device is idle, the battery has an acceptable level, or the user accepted the update).
• Update Manager and Reporting client: In case an update encounters issues, a rollback mechanism can be initiated. Modern devices usually adopt dual partitioning technique: they will install the update in a passive partition an try to boot up. If there is a failure, it will just reboot from the primary partition. In case of success, instead, the role of the two partition are switched. During this process, a reporting client reports the status of updates back to the OTA server for tracking, auditing, and troubleshooting.

Mandatory features for a robust and reliable solution

• Authentication and Authorisation: Security is a top priority in OTA updates. This module ensures that only authorised devices can receive and install updates. It often leverages user and device authentication mechanisms, encryption, and access controls.
• Scalability and Redundancy: The OTA platform must be designed to scale horizontally to accommodate a growing number of devices and updates. Redundancy is implemented to ensure high availability and fault tolerance.
• Monitoring and Analytics: Real-time monitoring and analytics tools are used to track the progress of updates, device health, and performance. This module provides insights into the success of update campaigns and can help identify issues.
• Logging and Auditing: Logging and auditing components record all relevant events, actions, and interactions within the OTA system. This is crucial for compliance, debugging, and security analysis.
• APIs and Integration: The OTA platform typically offers APIs to allow integration with other systems and services, such as device management platforms, IoT ecosystems, subscription or on-demand features stores, and third-party tools.

Leveraging AWS Cloud Services

To address the challenges associated with OTA updates, leveraging AWS cloud services is a compelling solution. AWS offers a suite of tools and services designed to simplify the process of managing, securing, and deploying OTA updates at scale. Examples are:

• AWS IoT Core provides secure, bi-directional communication for Internet-connected devices (such as sensors, actuators, embedded devices, wireless devices, and smart appliances) to connect to the AWS Cloud over MQTT, HTTPS, and LoRaWAN.
• AWS IoT Greengrass seamlessly extends AWS onto physical devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. AWS IoT Greengrass ensures your devices can respond quickly to local events and operate with intermittent connectivity. AWS IoT Greengrass minimizes the cost of transmitting data to the cloud by enabling you to author custom software and AWS Lambda functions that run on local devices
• AWS IoT Device Management is a cloud-based device management service that makes it easy for customers to securely manage IoT devices throughout their lifecycle. Customers can use AWS IoT Device Management to onboard device information and configuration, organize their device inventory, monitor their fleet of devices, and remotely manage devices deployed across many locations.

Additionally almost all the mandatory additional features listed above are either built-in in the aforementioned services or can be easily integrated.

OTA platform built with off-the-shelf AWS services — Icons from Flaticon

Bonus: OTA for automotive — a glimpse

In the automotive sector, the advantages of Over-the-Air updates take on a whole new level of significance. Vehicles today are essentially rolling computers, equipped with complex software systems that control everything from engine performance to infotainment features and advanced driver-assistance systems (ADAS). OTA updates in the automotive sector translate into enhanced safety, improved functionality, and a superior user experience. For instance, manufacturers can swiftly address and patch vulnerabilities in ADAS systems, ensuring that vehicles remain safe on the road. OTA updates also enable automakers to introduce new features and functionalities, such as improved navigation algorithms or entertainment options, without requiring a visit to the dealership. Furthermore, automotive companies can efficiently manage their extensive vehicle fleets, ensuring that updates are pushed seamlessly and securely to a diverse range of vehicle models, all while reducing operational costs and the environmental footprint associated with frequent recalls and physical updates. This not only benefits automakers in terms of customer satisfaction but also significantly enhances vehicle safety, performance, and longevity in an ever-evolving automotive landscape.

The Vehicle

While the fundamental functionalities of an OTA platform for this particular scenario might retain similarity, the key distinction lies in the complexity of the “device” it manages. A vehicle isn’t merely a singular device but rather an amalgamation of multiple devices.

Modern vehicle Electrical/Electronic (EE) architecture comprises diverse Electronic Control Units (ECUs) interconnected through communication networks (CAN bus, LIN bus, ethernet), forming the foundational framework governing a vehicle’s operations. Each ECU specializes in managing distinct subsystems, with sensors and actuators facilitating input and output, establishing a comprehensive and interconnected vehicle system. In today’s vehicles, numerous ECUs — ranging from controlling fuel injection and ignition timing to managing ABS and ADAS modules (adaptive cruise control, lane-keeping assistance, etc..) — govern every facet of operation.

Beyond these, two ECUs stand out: the Telematic Control Unit (TCU), pivotal in vehicle connectivity and interaction with the OTA server, and the infotainment system, serving as the interface for user-vehicle interaction.

OTA Update for Vehicles

Understanding the intricate structure of a vehicle emphasizes the necessity to mirror this complexity within the OTA server and client for effective management. On the OTA server side, managing firmware extends beyond the main device — it now encompasses firmware, applications, and configurations for numerous remotely updatable ECUs, entailing substantial security and management challenges.

Conversely, the vehicle’s client assumes a broader responsibility, orchestrating updates across multiple ECUs while accommodating each device’s constraints and connectivity specifics (e.g., UDS stack, download orchestration for ECUs with limited storage, MCU vs MPU etc.). (Hint: In recent developments, there’s a movement towards standardizing ECU hardware and centralizing primary logic into a central controller, referred as HPC. Future vehicles could become more “software-defined”, but that’s a topic for another blog post 😉)

To further increase the complexity, vehicles come in diverse models and horsepower configurations, yet frequently employ a shared EE architecture. Furthermore, OTA updates enable customized services for individual customers, demanding unique treatment for each vehicle during OTA operations. Additionally, the automotive market operates on a global scale, featuring distinct legislative environments across countries, presenting varied compliance hurdles.

Safety and Certification

In the automotive industry, especially in applications where human safety is at stake, ensuring the reliability and safety of both hardware and software is crucial. For instance, the International Organization for Standardization (ISO) 26262 is a key standard for functional safety, outlining requirements for the development of automotive safety-related electrical and electronic systems. This lead to the adoption of standardized tools and software components. If you are interested, you can start looking at QNX. It is a real-time operating system (RTOS) commonly used in automotive embedded systems. It is known for its reliability, security, and ability to meet stringent safety standards required in automotive applications. It has been successfully utilized in safety-critical systems like airbag control, instrument clusters, and infotainment systems.

Could off-the-shelf IoT AWS services be a go-to choice for carmakers?

As shown, vehicles are intricate systems composed of various interconnected components. The complexity of these systems presents challenges when integrating with generic cloud services like AWS. The uniqueness and specificity of automotive systems might not align seamlessly with standard cloud solutions. Moreover, compliance with these regulations demands specialized handling of data, security, and safety measures. Generic cloud services may not inherently meet these industry-specific compliance standards.

Even though the above needs can be addressed, there is another battle to fight. Tier 1 producing the ECUs, especially the TCU and the infotainment, might prioritize their own interests. They or their partners might develop the onboard OTA client, potentially leading the carmaker to adopt this client and its associated OTA server due to factors like cost, time constraints, or a lack of expertise.

Nevertheless, this isn’t the end for cloud providers such as AWS. Considering the global scale of the challenge, where availability, resilience, and scalability are imperative, cloud services can still aid carmakers and Tier 1s in streamlining and enhancing their solutions and processes. The below picture depicts how a basic OTA platform can be robustly implemented on AWS.

Basic OTA Platform based on AWS cloud services — icons form Flaticon

Route 53 serves to direct requests to the nearest region, assuming a uniform deployment scenario (which often isn’t the case due to legislative variations across regions like China, North America, and Europe). S3, known for its cost-effective storage, pairs with CloudFront’s distribution, enabling updates to be disseminated closer to the vehicles.

To ensure robustness, the solution typically spans multiple Availability Zones (AZs) for high availability. Network load balancer distribute traffic to elastic compute services like Elastic Container Services (ECS) or Elastic Kubernetes Service (EKS) hosting the OTA Server.

Furthermore, essential services like CloudWatch, CloudTrail, and IAM play pivotal roles in offering security measures, audit trails, and monitoring capabilities indispensable for an OTA system’s reliability and security.

Conclusions

In conclusion, Over-the-Air update solutions are revolutionising the way we keep our connected devices up to date. While they come with their own set of challenges, leveraging AWS cloud services can help overcome these obstacles. With robust security, efficient device management, scalability, AWS provides a comprehensive solution for deploying OTA updates at scale, ensuring that devices remain secure and up to date while minimizing downtime and disruption. As technology continues to advance, OTA updates will play a pivotal role in keeping our devices running smoothly and securely in an ever-connected world.