Reliability Analysis of Wireless Automotive Applications with Transceiver Redundancy

Developing a Fail Operational System for ecar using wireless control

Master's Thesis, 2014

99 Pages, Grade: 1.7





List of Figures

List of Tables

1. Introduction
1.1. Motivation
1.2. Challenges

2. Related Work
2.1. Previous Research works
2.2. Differences of Existing Wireless Technologies
2.3. Conclusion

3. Requirement Analysis
3.1. Existing System Architecture in eCar
3.2. FMEA Concept
3.2.1. FMEA Overview
3.2.2. FMEA Methodology foundation
3.3. FMEA Table
3.4. FMEA Analysis
3.5. Conclusion

4. Design of a Fail-Operational Wireless System
4.1. Overview of Wireless System with Redundancy
4.2. Analysis of Wireless System with and without Redundancy
4.2.1. Mean Time To Failure
4.2.2. Reliability Block Diagrams
4.3. Algorithm Design
4.3.1. Algorithm Design Overview
4.3.2. Active Node Design
4.4. Conclusion

5. Implementation
5.1. Communication Protocol Design For Redundancy
5.1.1. Redundant Fail-Operational Protocol for UART
5.1.2. Redundant Fail-Operational Protocol for Wireless Channel
5.2. Hardware Platform
5.2.1. MSP-EXP430FXXX Introduction
5.2.2. CC2520 Transceiver
5.3. Software Platform
5.3.1. FreeRTOS Basics
5.3.2. Software Architecture
5.4. Conclusion

6. Experimental Results
6.1. Test Case1 - UART-R and UART-R1 Channel Failures
6.1.1. Experimental detail
6.1.2. Achieved and Expected results
6.1.3. Discussion
6.2. Test Case2 - Node Failures
6.2.1. Experimental detail
6.2.2. Achieved and Expected results
6.2.3. Discussion
6.3. Test Case3 - RSSI Decreases
6.3.1. Experimental detail
6.3.2. Achieved and Expected results
6.3.3. Discussion
6.4. Test Case4 - Wireless Channel Failures
6.4.1. Experimental detail
6.4.2. Achieved and Expected results
6.4.3. Discussion
6.5. Conclusion

7. Conclusion and Future Work


A. Glossary

B. Detailed Descriptions
B.1. Code Structure
B.2. Compilation



I received immense guidance, advice, unending support and encouragement from Dipl.-Ing. Hauke Stähle during my Master Thesis. I would therefore like to express my very great sincere appreciation to him and also thank him for having trust and confidence in me. Also I would like to express my gratitude to Fortiss GmbH An-Institut der Technische Universität M ünchen providing me the greate opportunity.

I would also like to extend my special thank to Prof. Dr.-Ing. Holger Stahl and Prof. Dr.-Ing. Markus Stichler for their patient guidance, advice, feedback and timely support.

Finally, I would like to thank my family and friends, specially to Er. Sajju Karki, for their care, support and help without which it would not have been possible for me to achieve my goal and make my life beautiful.


In this modern age, car has different functionalities and facilities. The implemen- tation is done by using different actuators, sensors and Electronics Control Units (ECUs). Due to high complexity of wiring and addition weight of a car, controlling and maintaining these devices are difficult. For the solution of complexities and weight growth, wireless technology has been used with TDMA method. The ap- proach for replacing wire by wireless technology may not be secure and reliabile. The Failure Mode and Effect Analysis (FMEA) methodology is implemented for failure analysis and reliability analysis is done by using Reliability Block Diagrams (RBD). These analysis are done to develope redundant system. Main focus of this thesis is to make the system behavior fail-operation using wireless technology.

The implementation of algorithm and protocol design has been done with MSP- EXP430 board and CC2520 transceiver to detect the single point failures and then the implementations are tested to detect different failure levels successfully.


In der heutigen Zeit haben Autos unterschiedliche Funktionalitäten und Einrich- tungen. Die Umsetzung wird durch die Verwendung unterschiedlicher Aktuator, Sensoren und Elektronik Control Units (ECUs) durchgef ührt. Aufgrund der hohen Komplexität der Verdrahtung und des zusätzlichen Gewichts eines Autos, sind das Steuern und Aufrechterhalten dieser Vorrichtungen schwierig. Um die Kom- plexität und die Gewichtszunahme zu l ösen, wird die Wireless-Technologie mit TDMA-Verfahren verwendet. Der Ansatz f ür den Austausch von Draht mit draht- loser Technologie kann nicht sicher und verlaesslich sein. Die Fehlerm öglichkeits- und -einflussanalyse oder kurz Auswirkungsanalyse Methodik wird f ür die Fehler- analyse durchgef ührt und Zuverlässigkeitsanalyse wird durch die Verwendung Zuverlässigkeits- Blockdiagramme (RBD) durchgef ührt. Diese Analysen werden durchgef ührt, um redundante Systeme zu entwickeln. Schwerpunkt dieser Arbeit ist, das Systemverhalten nicht-Betrieb mit Wireless-Technologie.

Die Umsetzung des Algorithmus und das Protokoll-Design wurde mit MSPEXP430 board und CC2520 Transceiver umgesetzt, um die Einzelfehler zu erkennen und dann werde die Implementierungen getestet, um verschiedene Fehlerebenen erfolgreich zu erkennen.

List of Figures

1.1. Wiring Harness

1.2. Wireless Connections

2.1. Wireless Comparision

3.1. Existing System Architecture in eCar

3.2. Existing System Architecture Block Diagram

3.3. The process flow for using FMEA

3.4. FMEA Graph

4.1. Master Node Wireless System with Redundancy.

4.2. Slave Node Wireless System with Redundancy

4.3. Hazard Rate as a function of age

4.4. ASIL table.

4.5. RBD Series Combination

4.6. RBD Parallel Combination

4.7. RBD Combine Series and Parallel Combination

4.8. Master Node Reliability Block Diagram

4.9. Master Node Reliability Block Diagram with Redundancy

4.10. Flow Chart for failure monitoring and controlling

5.1. Redundant Fail-Operational Protocol for UART.

5.2. Status Protocol

5.3. Actions Protocol

5.4. Wireless Channel Protocol

5.5. UART-R Connection between Master Node1 and Master Node

5.6. Connection between MSP-EXP430F5438A and CC2520 transceiver

5.7. Software Architecture Overview

5.8. Software Architecture Detail

6.1. Setup for Experimentation

List of Tables

3.1. FMEA Table

4.1. Failure Rate for MSP43f538-Exp board’s Component list

4.2. Failure Rate for CC2520 board’s Component list

4.3. Failure Levels

6.1. Wireless Channel assignments with odd channels

6.2. Wireless Channel assignments with even channels

6.3. Wireless Channel assignments with odd and even channels

B.1. Root level folder details

B.2. Second level folder details

B.3. Second level app folder details

B.4. File level details

1. Introduction

1.1. Motivation

Now-a-days a car is not just to drive from place to place but one also needs com- fort, safety, entertainment, GPS system, efficient mileage etc. inside it. To have these kind of facilities inside a car means more sensors, switches, wires and con- nectors figure 1.1. New high technology cars are using more than 150 sensors and switches[8] to have different facilities and functionalities. For example, A General Motors is offering ’Stability Track’ as standard by 2007[8] which has an automatic control stability function for a vehicle in slippery or snowy track to stable the ve- hicle moving out of the track or control when using brake system or while taking turns. This stability system could prevent one-third of fatal accidents, for which it requires several sensors in the wheels, steering and breaks, thus increasing wiring complexity and weight of a vehicle[15]. The wiring harness is the heaviest, most complex, bulky and expensive electrical component in a vehicle and it can con- tribute up to 50kg to the vehicle mass[8] and also decrease fuel efficiency due to weight[1]. Therefore, wiring harness can be replaced by using reliable wireless system figure 1.2, as a result weight of car decreases and fuel efficiency increases.

A Domain Architecture [16] is used for developing and organizing various kinds of Electronics Control Units (ECU) to control different facilities. Because of many facilities there are many domains and sub-domains like Safety, Infotainment, Body and many more. All the domains communication are possible through sin- gle gateway which increases complexity and is even more chaotic when domains are directly connected. Solution to this problem is to use reliable wireless channel communication, which means direct wireless channel connection with domains and sub-domains.

Use of the reliable wireless system also makes an easy integration of different ECUs, as a result number of connectors and wiring harness decreases. Also placement of sensors will be easy which increases design flexibility because one should not take care about the wire connection and placement inside the cars.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.1.: Wiring connections topology[2].

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.2.: Wireless Connections topology.,

image source:

1.2. Challenges

Wireless communication is a cutting edge technology which uses electromagnetic waves for transmission. Normally, wireless communication are not used for real- time system in an automotive applications for controlling and communicating be- tween different Electronic Control Unit (ECU). There are many conflicts, problems and challenges but only a reliable wireless channel design, a protocol design for an automobile application and a fail-operational behavior system design will be further discussed here.

Other unknown electromagnetic sources or same frequency source devices can cause a destructive interference to wireless channels. The Hackers or the bad guys can intrude into it because the wireless technology is easily available to everyone and it is cheaper too. They can even block the signal completely in drive by wire- less car which may cause human death also.The system will be installed inside the car so not only outsider has bad effects on wireless system but also car en- gine due to high noise can introduce interference and vibrations. The vibration due to engine or while driving on damage track can cause path loss which results in a distorted wireless channel. These bad effects can cause decrease in Signal to Noise Ration(SNR), increase in Bit Error Rate(BER), payload corruption etc. As a result there will be a wireless communication lost between Electronic Control Units (ECUs).

Like in other wired real-time systems, till now there is no specific wireless pro- tocol designed for the real-time communication considering the environment for automotive use cases. For the reliability purpose the redundant system architec- ture must have a fail-operational behavior, this means even with the single point failure of the system like failure of transceiver or node, the whole system (using re- dundant system) should work as normal. So, the whole system should guarantee safety and fail-operational system which means real-time system must be reliable system.

Above mentioned are the challenges to be solved during the design and implementation of the system because it can lead to a catastrophic damage.

2. Related Work

2.1. Previous Research works

The new generation vehicles have already started integration of automotive application ”drive-by-wire” associated with the mechanical backups[17]. For the complete electrical system in an automotive field, a redundant system has been developed called duo-duplex system[17]. This system implements the redundant wire channel with ECUs. The fault communication between ECUs are controlled by a control block called BUSPWR block [17]. The redundant system follow the principle of fail-silent strategy and redundancy management are implemented using software engineering aspect using C-code[17].

Wireless technology is a cutting edge research topic for various sensor networks and automotive applications for replacement or alternative solution for complex wiring technology. There are different wireless protocols like UWB, ZigBee, Blue- tooth, WiFi etc. for possible use in an automotive area. So, the various automotive applications with wireless sensor networks research such as intra-vechicular net- work in an engine compartment use UWB channel model to get an engine status even from the difficult area of an engine where a wire cannot be installed[3]. Blind spot information System (BLIS) for safety purpose [15], wireless bike brake with hard real-time system[10] etc. has been discussed. Also ECUs of an e-car has been successfully controlled by using a wireless channel which increases feasibility to drive an e-car by wireless connections[19]. But wireless communication needs reliability and safety too. For reliability purpose, a radio Hose made of a metal- ized flexible rubber is used as a wave guide for wireless communication. But it has a limitation of high path loss with increase in length[9]. Also wireless con- trol with TDMA slots in a hard real-time critical design for a bicycle brake had been designed and successfully experimented [10]. The system use replicator to improve reliability and also consider non-faulty communication[10]. Different failure mode analysis standard techniques (ISO26262, RBD, Fault Tree, etc.) are used to make the fail operational system reliable which is discussed in brake-by- wire system[18]. The patent application publication[7] discussed about a redundant path according to the failure of the main system regarding channel blockage, hardware failure etc. which is useful idea for reliability achievement.

2.2. Differences of Existing Wireless Technologies

Among various appropriate wireless technologies, comparison figure 2.1 between WiFi, Bluetooth and ZigBee has been chosen because these are easily available, short range wireless communication with low power consumption[14].

From the figure 2.1, even though WiFi has approximately lower latency[1], high bandwidth (22MHz), high data rate (105Mbps) with respect to ZigBee and Blue- tooth[14] and also more cell nodes(2007) [14], lower overhead(31) [14] with re- spect to Bluetooth, WiFi is not good for short range communication because it has high-overhead[14], bad link budget[21], high cost[12] compared with ZigBee.

Bluetooth has higher latency, more power consumption, complex and high bytes of over-head with respect to ZigBee [14]. It also has complicated protocol and is difficult for modification according to the sensor requirement where as ZigBee has simple protocol and easy modification as required[14].

ZigBee uses CSMA-CA mechanism for channel access which is defined by IEEE 802.15.4 standard. Any device wishing to communicate during the contention access period (CAP) between two beacons shall compete with other devices using a slotted CSMA-CA mechanism [11]. Therefore, it is not guarantee that high priority will have access to the channel. So, there will be lost of messages and also may increase the latency time. Real-time need guarantee time scheduled system. Hence, ZigBee’s MAC layer is not suitable real-time system.

Abbildung in dieser Leseprobe nicht enthalten

Figure 2.1.: Wireless Protocol Comparision[2].

2.3. Conclusion

From the previous research work, ZigBee is an appropriate protocol for wireless communication[14]. Currently e-Car drive-by-wireless, developed by Fortiss has shown the feasibility of a wireless communication between different ECUs using ZigBee protocol with beacon enabled and time triggered[19]. But for the safe and reliable wireless system above ideas such as duo-duplex wired system, replicator implementation, radio hose used as a wave-guide etc. can be reference for new reliability implementation in wireless communication for an automotive applications.

3. Requirement Analysis

3.1. Existing System Architecture in eCar

Abbildung in dieser Leseprobe nicht enthalten

Figure 3.1.: Existing System Architecture in eCar[19].

The existing system architecture figure 3.1 consist of a central system which is used as a main system to control front axle and rear axle. But in drive-by-wireless [19] system, a wireless channel had been implemented through which the central system and a rear axle communicate. In central system, wireless communicationbetween a master node and a slave node at rear axle is based on zigBee protocol using beacon based communication. Detail block diagram is shown in figure 3.2

Abbildung in dieser Leseprobe nicht enthalten

Figure 3.2.: Existing System Architecture Block Diagram.

Figure 3.2 shows the block diagram of a master and a slave node only. The mas- ter node is at central system and the slave node is at rear axle. The block diagram figure 3.2 consist of node, transceiver, UART, SPI, power supply of the system and networks or systems block. Node is the MPS430F5438-Experimental board with daughter board transceiver (CC2520) attached via SPI built-in on the board. UART is a serial communication to Network or the systems after transmitting or receiv- ing data from the transceiver. Power supply system is power supply for the whole system architecture. A network or a system means other board connection which may be communicating data to the sensors via CAN bus or to the main computer in the central system as seen in figure 3.1. And for the wireless communication zigBee protocol has been used.

In drive-by-wireless[19], the wireless communication is beacon based and time triggered (TDMA) which is broadcast by Master Node to all slave nodes. Here, only between one master and one slave wireless communication is implemented inside the wave guide. The main purpose of the wave guide is to prevent electromagnetic interference from inside or outside the vehicle and external attack.

3.2. FMEA Concept

3.2.1. FMEA Overview

Below are short definition and detail about useful approaches and analysis according to the FMEA, Reliability Analysis Center[2].

The purpose of the FMEA is to identify the results or effects of an item’s failure on system operation and to classify each potential failure according to its severity. The FMEA provides quick visibility of obvious failure modes and identifies poten- tial single failure points which can be eliminated or minimized with redesign.

There are two different implementation approaches with FMEA. They are - Hardware approach and Functional approach. But mostly in complex system both approaches are combined for FMEA implementation.

Qualitative and quantitative analysis are two ways of analysis in FMEA. In qualitative analysis, probability of item’s failures are mentioned with its severity effect level according to the system requirement and usability. But in quantitative analysis, the failure probability and severity effect is used for item failure rate which is useful data source for MIL-HDBK-217[4]. Qualitative analysis is favorable first for FMEA and after finding probability and severity level, quantitative analysis is done to calculate and evaluate MTTF[5].

3.2.2. FMEA Methodology foundation

The process flow [6] below figure 3.3 shows when and how FMEA upper level and lower level of the systems are explained for analysis.

Below are the description of the steps in figure 3.3 for FMEA used for qualitative analysis:

I Define the system and Identify components:

The system is inside the car with the shielding box. The master node is at a central system and slave node is at rear axle connected to the sensor to control the wheel. Master and Slave node sends or received data via wireless channel. Following are few components list and functional definition:

Abbildung in dieser Leseprobe nicht enthalten

Abbildung in dieser Leseprobe nicht enthalten

Figure 3.3.: The process flow for using FMEA[6].

I.A Antenna: Responsible for transmit and receive signal in RF stage.

I.B Power supply system: Responsible for power supply to the entire system.

I.C Shielding box: Responsible to protect from electromagnetic interference from inside and outside vehicle.

I.D Micro-controller (MSP430f5438). Responsible for controlling and analyzing data between transceiver and Networks or systems.

I.E Transceiver (CC2520)
I.E.1 ADC/DAC : Responsible for conversion of analogue data to digital and vice-versa.
I.E.2 Local Oscillator: Responsible to generate constant sine wave signal for RF amplifier and mixer.

I.F UART: Responsible just to transmit and receive data between Node and Networks or systems.

I.G SPI: Responsible just to tx and rx data between transceiver and Node.

I.H Software: Responsible for functionality control in micro-controller.

II Define Ground Rules and Assumptions:

Overview of the system failure has been done by research and brain storming method. The severity levels are defined according to how much dangerous is for human beings and probabilities are defined according to the default system quality. The mission time assumption is 12 hours because normally a vehicle should be stopped for human relaxation after continuous driving for 12 hours. An automotive environment can have worst scenarios so for the quantity anal- ysis for MTTF calculation, the assumption are made with worst favorable con- dition. The automotive environment can have temperature range of -50 to +120 degree Centigrade and also consideration of worst case, stress is taken with highest value, quality factor taken with lower value etc.

Also from the FMECA, Reliability Research Center [2], severity effects and probability levels are defined as below.

II.A Category I - Catastrophic: A failure which may cause death or whole system loss.

II.B Category II - Critical: A failure which may cause severe injury to a living being, major property damage, or major system damage which will result in a mission loss.

II.C Category III - Marginal: A failure which may cause minor injury, minor property damage, or minor system damage which will result in delay or loss of availability or mission degradation.

II.D Category IV - Minor: A failure not serious enough to cause injury, prop- erty damage or system damage, but which will result in unscheduled mainte- nance or repair.

II.E Probability level 1: A probability of occurance of single failure mode prob- ability that happened remotely or extremely unlikely during the mission time interval.

II.F Probability level 2: A probability of occurance of single failure mode prob- ability that happened moderately or resonably during the mission time inter- val.

II.G Probability level 3: A probability of occurance of single failure mode probability that happened occasionally during the mission time interval.

II.H Probability level 4: A probability of occurance of single failure mode probability that happened frequently during the mission time interval.

III System Block Diagram:

The system diagram of a wireless section with master and slave is depicted in figure 3.2 whose failure and its effects analysis has to be done.

IV Identify Failure modes:

From the system block diagram, the failure modes are defined using hardware and functional approach because it is difficult to identify precisly all hardwares and functions for failure modes. During the brainstroming to identify failure modes of hardware components and functional components mixed approach table 3.1 is prepared below. Failure modes in hardware can have potential effect on functional system level and hardware system level and vice-versa.

V Perform failure effects/causes:

After identifying failure modes now its causes and potential failure has to be de- termined. Below table 3.1 shows the failure effects and its causes which may or may not be detected by visual inspection and also some exceptional cases (like babling idiot etc.) has been included.

VI Severity ranking and probability:

The two column severity ranking and failure probability depends on failure modes, effects and causes. These values are a part of qualitative analysis of FMEA and also it varies completely according to the system mission and its function.

3.3. FMEA Table

In this section, the FMEA table [20] for the system block diagram figure 3.2 has been prepared but external networks and systems are not part of analysis because it is related with sensors or other systems and this thesis is more concerned with reliability of wireless systems only.

To prepare FMEA, the system is divided into five components/functions and its subcomponents/subfunctions. The column of table 3.1 divided respectively failure modes, failure causes, potential effects, severity effect level and probability of failures. Each failure is determined by failure mode which identifies the single point of failure in the system.

Also failures of different components/functions are divided according to its effects and probability of occurrence. The severity effects in a system which are difficult to prevent has determined concerning effect on users[20].

Abbildung in dieser Leseprobe nicht enthalten


Excerpt out of 99 pages


Reliability Analysis of Wireless Automotive Applications with Transceiver Redundancy
Developing a Fail Operational System for ecar using wireless control
University of Applied Sciences Rosenheim  (University of Applied Science)
Catalog Number
ISBN (eBook)
ISBN (Book)
File size
2014 KB
Automotive, ecar, fail operational system, redundant transceiver, wireless application
Quote paper
Roshan Chulyada (Author), 2014, Reliability Analysis of Wireless Automotive Applications with Transceiver Redundancy, Munich, GRIN Verlag,


  • No comments yet.
Read the ebook
Title: Reliability Analysis of Wireless Automotive Applications with Transceiver Redundancy

Upload papers

Your term paper / thesis:

- Publication as eBook and book
- High royalties for the sales
- Completely free - with ISBN
- It only takes five minutes
- Every paper finds readers

Publish now - it's free