Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security Practice and Experience

ISPEC 2018: Information Security Practice and Experience pp 455–467Cite as

Efficient and Secure Firmware Update/Rollback Method for Vehicular Devices

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11125))

Abstract

Updating a firmware of a vehicular device is inevitable in order to improve not only the functionality but also the security. The vehicle consists of devices which are resource-constrained and produced by different vendors. Therefore, a lightweight update method, which ensure the correctness of the update as a vehicular system, is required. Moreover, since the update is a critical task, it is mandatory to ensure the security of the update. Recently, on the other hand, the vehicular system becomes complicated, sometimes with a non-genuine device attached by car owner; and hence, we should consider the case where a vehicular system becomes inconsistent even though a patch has been correctly applied. In such case, a rollback of the firmware should be required. In this paper, we propose a secure and efficient firmware update/rollback method to solve above issues. We also demonstrate it with our experiments.

Z. Xia—Presently, the author is with the University of Toronto.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Firmwares can be updated off-line via. e.g., a device connected to the OBD-II or USB port. In this paper, we omit it and focus on the on-line update.

References

  1. Koscher, K., et al.: Experimental security analysis of a modern automobile (2010)

    Google Scholar 

  2. Miller, C., Valasek, C.: Adventures in automotive networks and control units. DEFCON 21, 260–264 (2013)

    Google Scholar 

  3. Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat 2015 (2015)

    Google Scholar 

  4. International Organization for Standardization (ISO): ISO11898:2015–1, road vehicles - controller area network (CAN) (2015)

    Google Scholar 

  5. National Institute of Standards and Technology (NIST): The keyed-hash message authentication code (HMAC) (2008)

    Google Scholar 

  6. National Institute of Standards and Technology (NIST): Recommendation for block cipher modes of operation: the CMAC mode for authentication (2016)

    Google Scholar 

  7. Han, K., Weimerskirch, A., Shin, K.G.: A practical solution to achieve real-time performance in the automotive network by randomizing frame identifier. In: 13th escar Europe 2015 (2015)

    Google Scholar 

  8. Xia, Z., Kawabata, T., Komano, Y.: A secure design for practical identity-anonymized CAN application. In: 14th escar Europe 2016 (2016)

    Google Scholar 

  9. Xia, Z., Komano, Y., Kawabata, T., Shimizu, H.: A centrally managed identity-anonymized CAN communication system. SAE Int. J. Transp. Cybersecur. Priv. 1(1), 19–37 (2018)

    Google Scholar 

  10. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9

    Chapter  Google Scholar 

  11. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  12. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_26

    Chapter  Google Scholar 

  13. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  14. Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45418-7_17

    Chapter  MATH  Google Scholar 

  15. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_4

    Chapter  Google Scholar 

  16. Komano, Y., Shimizu, H., Kawamura, S.: BS-CPA: built-in determined sub-key correlation power analysis. IEICE Trans. 93-A(9), 1632–1638 (2010)

    Article  Google Scholar 

  17. Coron, J.-S., Goubin, L.: On Boolean and arithmetic masking against differential power analysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44499-8_18

    Chapter  MATH  Google Scholar 

  18. Teraoka, H., Nakahara, F., Kurosawa, K.: Incremental update method for resource-constrained in-vehicle ECUs. In: IEEE 5th Global Conference on Consumer Electronics, pp. 1–2 (2016)

    Google Scholar 

  19. Teraoka, H., Nakahara, F., Kurosawa, K.: Incremental update method for in-vehicle ECUs. IPSJ Trans. Consum. Devices Syst. 7(2), 41–50 (2017)

    Google Scholar 

  20. http://www.daemonology.net/bsdiff/. Accessed 26 Feb 2018

  21. http://www.7-zip.org/sdk.html. Accessed 26 Feb 2018

  22. Lee, Y.S., Kim, J.H., Hung, H.V., Jeon, J.W.: A parallel re-programming method for in-vehicle gateway to save software update time. In: IEEE International Conference on Information and Automation, pp. 1497–1502. IEEE (2015)

    Google Scholar 

  23. Jang, S.J., Jeon, J.W.: Software reprogramming performance analysis of CAN FD and FLEXRAY protocols. In: IEEE International Conference on Information and Automation, pp. 2535–2540. IEEE (2015)

    Google Scholar 

  24. Lee, Y.S., Kim, J., Jang, S.J., Jeon, J.W.: Automotive ECU software reprogramming method based on ethernet backbone network to save time. In: 10th International Conference on Ubiquitous Information Management and Communication, IMCOM 2016, pp. 39:1–39:8. ACM (2016)

    Google Scholar 

  25. Burrows, M., Wheeler, D.: Incremental update method for in-vehicle ECUs. Digital SRC Research report, SRC-RR-124, 1–18 (1994)

    Google Scholar 

  26. Huffman, D.A.: A method for the construction of minimum redundancy codes. Proc. IRE 40(9), 1098–1101 (1952)

    Article  Google Scholar 

  27. Ziv, J., Lempel, A.: A universal algorithm for sequential data compression. IEEE Trans. Inf. Theory 23(3), 337–343 (1977)

    Article  MathSciNet  Google Scholar 

  28. Martin, G.N.N.: Range encoding: an algorithm for removing redundancy from a digitized message. In: Video & Data Recording Conference (1979)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Toshiba Corporation, Kawasaki, Japan

    Yuichi Komano, Zhengfan Xia, Takeshi Kawabata & Hideo Shimizu

Authors
  1. Yuichi Komano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhengfan Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Takeshi Kawabata
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hideo Shimizu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuichi Komano .

Editor information

Editors and Affiliations

  1. University of Aizu, Aizuwakamatsu, Japan

    Chunhua Su

  2. Meiji University, Tokyo, Japan

    Hiroaki Kikuchi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Komano, Y., Xia, Z., Kawabata, T., Shimizu, H. (2018). Efficient and Secure Firmware Update/Rollback Method for Vehicular Devices. In: Su, C., Kikuchi, H. (eds) Information Security Practice and Experience. ISPEC 2018. Lecture Notes in Computer Science(), vol 11125. Springer, Cham. https://doi.org/10.1007/978-3-319-99807-7_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99807-7_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99806-0

  • Online ISBN: 978-3-319-99807-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation