research-article

Secure over-the-air firmware updating for automotive electronic control units

Authors:

Dimitris Mbakoyiannis,

Othon Tomoutzoglou,

George KornarosAuthors Info & Claims

SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

Pages 174 - 181

https://doi.org/10.1145/3297280.3297299

Published: 08 April 2019 Publication History

Get Access

Abstract

This work presents secure over-the-air firmware updating that brings a homogenized updating process across OEMs, suppliers and sub-tiers, removing at the same time the costs for individual security precautions and cryptographic countermeasures for each individual component or sub-system. The objective is to overcome all attacks to the servers, to the networks and to the diverse electronic control units (ECUs) in modern vehicles.

The proposed herein secure over-the-air firmware updating, as applied in firmware updating for vehicles, employs separation of roles, e.g., the manager server employs firmware versioning and entitlements for each vehicle and its corresponding ECUs and dependency resolution on behalf of vehicles; In a firmware server, each ECU firmware is associated with metadata that are signed and uploaded by the OEM and/or its suppliers, while a timestamp server on demand records and signs the more recent time for ECUs firmware. An STM32F7xx-based prototype demonstrates a real vehicle case.

References

[1]

K. Daimi, M. Saed, S. Bone and M. Rizwan, "Securing Vehicle ECUs Update Over The Air," In 12th Twelfth Advanced International Conference on Telecommunications, 2016, pp. 45--50.

Google Scholar

[2]

G. Kornaros, E. Wozniak, O. Horst, N. Koch, C. Prehofer, A. Rigo, M. Coppola, "Secure and Trusted Open CPS Platforms", in book Handbook of Research on Solutions for Cyber-Physical Systems Ubiquity, Ed.: N. Druml, A. Genser, A. Krieg, M. Menghin and A. Hoeller, IGI Global book series Advances in Systems Analysis, Software Engineering, and High Performance Computing (ASASEHPC), 2017.

Google Scholar

[3]

G. Kornaros and S. Leivadaros, "Securing Dynamic Firmware Updates of Mixed-Critical Applications", In 3rd IEEE International Conference on Cybernetics (CYB-CONF), 2017, pp. 1--7.

Crossref

Google Scholar

[4]

K. Kuppusamy, Trishank, A. Brown, S. Awwad, D. McCoy, R. Bielawski, C. Mott, S. Lauzon, A. Weimerskirch, and J. Cappos, "Uptane: Securing software updates for automobiles," In 14th Embedded Security in Cars (escar), 2016.

Google Scholar

[5]

H. Mansor, K. Markantonakis, R. N. Akram and K. Mayes, "Don't Brick Your Car: Firmware Confidentiality and Rollback for Vehicles," In 2015 10th International Conference on Availability, Reliability and Security, 2015, pp. 139--148.

Digital Library

Google Scholar

[6]

M. Wolf, A. Weimerskirch, T. Wollinger, "State of the art: embedding security in vehicles," Eurasip Journal on Embedded Systems, 2007.

Google Scholar

[7]

R. Petri et al., "Evaluation of Lightweight TPMs for Automotive Software Updates Over the Air," In 6th escar USA, 2017.

Google Scholar

[8]

A. J. Poulter, S. J. Johnston and S. J. Cox, "SRUP: The secure remote update protocol," 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), 2016, pp. 42--47.

Google Scholar

[9]

J. Samuel, N. Mathewson, J. Cappos, and R. Dingledine, "Survivable key compromise in software update systems," in Proceedings of the 17th ACM Conference on Computer and Communications Security, ser. CCS '10, 2010, pp. 61--72. {Online} Available

Digital Library

Google Scholar

[10]

C. Smith, "The Car Hacker's Handbook: A Guide for the Penetration Tester", 1st ed., No Starch Press, 2016.

Digital Library

Google Scholar

[11]

M. Steger, A. Dorri, S. S. Kanhere, K. Romer, R. Jurdak, and M. Karner, "Secure wireless automotive software updates using blockchains: A proof of concept", in Advanced Microsystems for Automotive Applications 2017, pp. 137--149, Springer, 2018.

Google Scholar

[12]

Windriver Systems Inc., "Implementing Over-the-Air Software Updates for Automotive Applications", Whitepaper, {Online} Available: :http://events.windriver.com/wrcd01/wrcm/2017/11/Over-the-Air-Updates-for-Automotive-White-Paper.pdf, 2017.

Google Scholar

Cited By

View all

Shin YJeon S(2024)A Research on Secure OTA Network Protocol for VehiclesTransaction of the Korean Society of Automotive Engineers10.7467/KSAE.2024.32.8.62532:8(625-631)Online publication date: 1-Aug-2024
https://doi.org/10.7467/KSAE.2024.32.8.625
Shin YJeon S(2024)MQTree: Secure OTA Protocol Using MQTT and MerkleTreeSensors10.3390/s2405144724:5(1447)Online publication date: 23-Feb-2024
https://doi.org/10.3390/s24051447
Akkaoui RStefanov APalensky PEpema D(2024)Resilient, Auditable, and Secure IoT-Enabled Smart Inverter Firmware Amendments With BlockchainIEEE Internet of Things Journal10.1109/JIOT.2023.332195411:5(8945-8960)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3321954
Show More Cited By

Index Terms

Secure over-the-air firmware updating for automotive electronic control units
1. Computer systems organization
  1. Embedded and cyber-physical systems
2. Security and privacy

Recommendations

A hierarchical and secure approach for automotive firmware upgrades
Abstract
With the development of intelligent and connected vehicles, the expansion of software necessitates an increased significance and frequency of automotive firmware upgrades. The abundance of potential attack vectors and valuable data renders these ...
Attack Surface and Vulnerability Assessment of Automotive Electronic Control Units
ICETE 2015: Proceedings of the 12th International Joint Conference on e-Business and Telecommunications - Volume 4

Modern vehicles are controlled by an on-board network of ECUs (Electronic Control Units), which are specially

designed computers that contain tightly tailored and customized software. Especially the trends for ECU

connectivity and for semi-autonomous ...
FLoRa+: Energy-efficient, Reliable, Beamforming-assisted, and Secure Over-the-air Firmware Update in LoRa Networks
The widespread deployment of unattended LoRa networks poses a growing need to perform Firmware Updates Over-The-Air (FUOTA). However, the FUOTA specifications dedicated by LoRa Alliance fall short of several deficiencies with respect to energy efficiency, ...

Comments

Information & Contributors

Information

Published In

SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

April 2019

2682 pages

ISBN:9781450359337

DOI:10.1145/3297280

Conference Chairs:
Chih-Cheng Hung
Kennesaw State University, Marietta, Georgia
,
George A. Papadopoulos
University of Cyprus, Nicosia, Cyprus

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC '19

Sponsor:

SIGAPP

SAC '19: The 34th ACM/SIGAPP Symposium on Applied Computing

April 8 - 12, 2019

Limassol, Cyprus

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
507
Total Downloads

Downloads (Last 12 months)95
Downloads (Last 6 weeks)7

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Shin YJeon S(2024)A Research on Secure OTA Network Protocol for VehiclesTransaction of the Korean Society of Automotive Engineers10.7467/KSAE.2024.32.8.62532:8(625-631)Online publication date: 1-Aug-2024
https://doi.org/10.7467/KSAE.2024.32.8.625
Shin YJeon S(2024)MQTree: Secure OTA Protocol Using MQTT and MerkleTreeSensors10.3390/s2405144724:5(1447)Online publication date: 23-Feb-2024
https://doi.org/10.3390/s24051447
Akkaoui RStefanov APalensky PEpema D(2024)Resilient, Auditable, and Secure IoT-Enabled Smart Inverter Firmware Amendments With BlockchainIEEE Internet of Things Journal10.1109/JIOT.2023.332195411:5(8945-8960)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3321954
Li BHu WDa LWu YWang XLi YYuan C(2024)Over-the-air upgrading for enhancing security of intelligent connected vehicles: a surveyArtificial Intelligence Review10.1007/s10462-024-10968-z57:11Online publication date: 3-Oct-2024
https://doi.org/10.1007/s10462-024-10968-z
Kornaros GBerki GGrammatikakis M(2024)Quantum-Secure Communication for Trusted Edge Computing with IoT DevicesICT Systems Security and Privacy Protection10.1007/978-3-031-56326-3_12(163-176)Online publication date: 24-Apr-2024
https://doi.org/10.1007/978-3-031-56326-3_12
Puder AHenle JSax E(2023)Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive IndustryHealthcare10.3390/healthcare1106087211:6(872)Online publication date: 16-Mar-2023
https://doi.org/10.3390/healthcare11060872
Barletta VCaivano DVincentiis MRagone AScalera MMartín M(2023)V-SOC4AS: A Vehicle-SOC for Improving Automotive SecurityAlgorithms10.3390/a1602011216:2(112)Online publication date: 14-Feb-2023
https://doi.org/10.3390/a16020112
Shendkar PUndre YMahadik ABorse MPatil R(2023)Attribute-based Access Control for Secure Firmware Over-The-Air Updates in Vehicles2023 7th International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC58438.2023.10290472(257-261)Online publication date: 11-Oct-2023
https://doi.org/10.1109/I-SMAC58438.2023.10290472
Ben Hlima IKacem HGharsallah A(2023)Efficient implementation of low cost and secure framework with firmware updatesIET Computers & Digital Techniques10.1049/cdt2.1205417:3-4(89-99)Online publication date: 10-May-2023
https://dl.acm.org/doi/10.1049/cdt2.12054
Verderame LRuggia AMerlo A(2023)PARIOTJournal of Network and Computer Applications10.1016/j.jnca.2023.103699217:COnline publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103699
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

A hierarchical and secure approach for automotive firmware upgrades

Attack Surface and Vulnerability Assessment of Automotive Electronic Control Units

FLoRa+: Energy-efficient, Reliable, Beamforming-assisted, and Secure Over-the-air Firmware Update in LoRa Networks

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations