Once you have Ethernet well established in controlling a car's vital functions added to the wireless Internet access already available, it will be a short step before people will be hacking cars from the comfort of their own homes.
We engineers don't pay enough attention to security so that the technology we create leads to nightmares.
Last week there were police reports in Winnipeg of a $5 universal remote available on the Internet that will unlock any car. The only protection the police are recommending is to physically disable the remote sensing system in the car. I guarantee that most engineers reading this police report would not bother. It's human nature to not take a threat seriously until it hits close to home. This attitude should not be acceptable when designing systems that may endanger the public.
... and that's just my personal opinion! But let me tell you what makes me think so:
1. Being an engineer that has relatively closely followed the evolution of PoE I can tell you all the features and building blocks, that are defined in the specifications have their deep roots in the physics of the implementation and are result of healthy mixture of quality- and reliability-aware engineering and field-related experience. Why would I believe anything of it can be skipped without penalty?
2. Let me go deeper into technical details by just pointing out some automotive-level objectives constraining any automotive implementation:
- EMI/EMC requirements are way higher than corresponding industrial/consumer-level ones
- Safety requirements are higher than consumer-level - who would like to end up without instruments on a crowded highway because his/her kid on the rear seat could not wait until the next motorway station?
- Quality requirements are scaled to 10+ years... unlike just about any consumer device lifetime...
- Due to the functional integration - how many devices in the car can cope with mere 6W of power (a head-unit? Navigation system? Audio-amp?)? Without PSE you cannot provide significantly more power than those 6W. The mentioned alternative of higher current rated magnetics is fiction - even if theoretically possible - the cost of such tends to grow higher than the cost of extra power wire (plus connector)!
It is relatively easy to demonstrate that such an implementation can be functional, but its whole another story to drive it towards mass-production-ready, automotive-quality implementation - there are so much other factors that come to play!
3. And let's go even at the lowest level and give few examples of its physical flaws:
- The mere fact the current to/from source is send over two separate wires increases the effective (loop) antenna area and leads to increased EMI coupling tendency. This can be minimized, of course, by suitable filtering of the power supply, both at the source and the sink side. Such extra filtering, though, drives cost high (here it starts departing from the ZERO projection). Every hardware engineer will tell you, that a DC/DC regulator features harmonic-rich current current consumption, which (unfiltered) leads inevitably to EMI problems. So you would tend to invest in some high-value capacitors and inductors to avoid such (beware cost!)...
- More than 12V out of a (current) car battery (or even just a short circuit protection) you can only implement with extra power conditioning circuitry. That one comes at a *non-zero* cost! Actually, we were talking about filtering of the power supply in the sink side - that includes capacitors. When the car has been powered down for some time - those are completely drained. The in-rush current that flows through them in the moment of initial powering the system can go as high as 50+ Ampere, without power pre-conditioning, even for a short time, that energy is enough to either blow a fuse or at least significantly reduce device lifetime by gradually degrading the magnetics. So you cannot just take any cheap DC/DC regulator - you need one with special features (cost adder!) and due to specific safety and diagnostic automotive requirements cannot quite avoid micro-controller involved...
- So what about power - I need more than 6W, I don't need to go higher than the 12V, I'll just take higher rated magnetics - well, here you hit a natural physics "wall". The DC current flowing through coil like the one found in the PoE magnetics creates magnetic field. Materials used to build such components can store a definite amount of magnetic energy, and that's how they transfer signal: converting it from electrical to magnetic and then back to electrical on the other side. The problems arises when you reach the limit you can store (something called "saturation") - such effect takes place, when you try to pass too much DC current through the magnetics - they just stop being able to pass the signal any more... Hmm, so why don't you just make it bigger - it can hold more - well that's true, but it comes with a small side-effect: it lowers the usable frequency of such, so you cannot use it any more to transfer the signal bandwidth you need...
You may ask - are there any further reasons for and against such implementations and I would say: yes, plenty (e.g. PoE discussions lasted more than decade...)! But bottom line, it sums up to:
Automotive implementation of Power over Ethernet is a nice feature, but that comes at a NON-ZERO (read: positive) cost! So it only makes sense in a few application areas, where specific constraints will justify the extra cost included!
I would add that automotive Ethernet will be on a single pair, unlike commercial Ethernet which uses two pairs for Rx and Tx. So the schema is wrong here.
It's still possible to do PoE on one pair and much more cost effective. But it's not new.
Regarding security issues: we are talkin here about a data link beetween video sources (ADAS and rear-view cameras). Nothing is controlling the car and there's no connection to the internet or WiFi. It's a closed bus.
Many thanks Ivanov for the comments. You make some interesting points that I would like to address.
Indeed Automotive EMC/EMI requirements are much more stringent than consumer or even industrial. However, standard Ethernet, including PoE, has already been proven to pass automotive OEM limits, so it is certainly possible, even though a challenge!
It's really a misnomer that Ethernet is just for consumer market. It has a proven track record in many markets including enterprise and industrial with proven quality and long lifetimes. Standard 2-pair Ethernet is already in the car today and has been deployed since 2008 – many tens of millions of Ethernet ports are already being used in cars today. Organizations like AVNu are actively working with the car manufacturers on next generation Ethernet IVN and defining Automotive profiles for Ethernet AVB (Audio Video Bridge) standards.
6W should be acceptable for most applications in the car that need PoE, for example the classic case is rear view camera, where power needs are typically around 2W. I would not envisage PoE being needed for Head units and the like, which would almost certainly have a power feed. It will likely be of most benefit with smaller remote units. If more than 6W is required then I totally agree with you and increased PoE voltage is the way to go, not higher current rated magnetics. Custom magnetics are certainly costly and preferably avoided. The key element with this approach is the use of standard components - PHY, DC-DC regulators, Ethernet magnetics, albeit auto qualified. For increased voltage above 12V certainly a boost regulator would be needed but is relatively inexpensive. In fact you may want a buck / boost regulator anyway for 12 V regulation to cope with battery voltage drops (to 6V-7V)?
Again I agree with your comments regarding the evolution of PoE standards and it's proven robust nature. This is indeed one of the benefits or reusing such standards rather than 're-inventing the wheel'. But for automotive, unlike PoE for consumer, classification is unlikely to be required as the network is fixed and known during production. Automotive often takes advantage of this facet, for example to ensure fast boot up times, and ultra-low power sleep mode functionality. If you want to include classification process there is nothing to stop you but you pay for the dedicated PSE Controller (relatively expensive in a PoE BOM) – something the car manufacturers are keen to avoid! The term 'PoE for Free' should not to be taken literally :-) With optimization of the already proven PoE methods you can offer power over data lines with relatively no major additions to what would be a typical automotive power management solution for Ethernet (without PoE). This has proved to be somewhat attractive for the automotive industry.
If you are interested Micrel does offer an Automotive PoE evaluation kit based on this solution, compromising of AEC-Q100 automotive components (both Ethernet and Power).
Now security issues there's a whole new topic we could discuss, but I'll leave that for another time!
What are the engineering and design challenges in creating successful IoT devices? These devices are usually small, resource-constrained electronics designed to sense, collect, send, and/or interpret data. Some of the devices need to be smart enough to act upon data in real time, 24/7. Specifically the guests will discuss sensors, security, and lessons from IoT deployments.