Ji Zhang,Yu Lv,Zhi Liao

DOI: https://doi.org/10.1088/1742-6596/1074/1/012133

2018-09-01

Journal of Physics: Conference Series

Abstract:With the rapid development of automotive electronic technology, more ECUs with much complicated control programs are used in automobile, which could cause serious problems in security and sensitivity. To solve this problem, on-board ECU software program needs to be upgraded. Traditional upgrading technology is so complicated that only professionals can make it, which consumes long period and high cost. Thus, the remote wireless upgrade technology is of great importance in simplifying update process and improving efficiency. This paper aims to develop a completed remote upgrading system for an on-board ECU, involving the overall scheme of remote update, security technology and functional design. Firstly, a general plan is come up including the functional framework and telecommunication mechanism between remote server, on-board platform and ECU. Secondly, aiming to avoid potential safety hazards in remote update, optimal encryption algorithms are added to increase security mechanisms. Thirdly, the on-board hardware platform with Android operating system, remote server and client application are built to realize update-package upload and download as well as other functions through 3G/WiFi. ECU is connected to the platform through distributed CAN bus. Moreover, a bootloader program is developed to reprogram the ECU, which is verified in a test combined with the on-board platform.

Ali Shoker,Fernando Alves,Paulo Esteves-Verissimo

2023-07-05

Abstract:Over-the-Air (OTA) software updates are becoming essential for electric/electronic vehicle architectures in order to reduce recalls amid the increasing software bugs and vulnerabilities. Current OTA update architectures rely heavily on direct cellular repository-to-vehicle links, which makes the repository a communication bottleneck, and increases the cellular bandwidth utilization cost as well as the software download latency. In this paper, we introduce ScalOTA, an end-to-end scalable OTA software update architecture and secure protocol for modern vehicles. For the first time, we propose using a network of update stations, as part of Electric Vehicle charging stations, to boost the download speed through these stations, and reduce the cellular bandwidth overhead significantly. Our formalized OTA update protocol ensures proven end-to-end chain-of-trust including all stakeholders: manufacturer, suppliers, update stations, and all layers of in-vehicle Electric Control Units (ECUs). The empirical evaluation shows that ScalOTA reduces the bandwidth utilization and download latency up to an order of magnitude compared with current OTA update systems.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Robotics,Systems and Control

Xingchen Wu,Tianyu Gao,Guodong Lee

DOI: https://doi.org/10.1088/1742-6596/2216/1/012004

2022-03-01

Journal of Physics: Conference Series

Abstract:Abstract In view of the problem that the current update flashing of the traditional automotive electronic control unit (ECU) software highly relies on professional maintenance personnel and external equipment, a method for ECU remote data flashing is proposed to achieve remote and efficient upgrade of ECU software. Furthermore, through the introduction of backup partitions and differential upgrade methods, the problems of lack of fault-tolerant processing, high bandwidth requirements and low efficiency in traditional ECU software update flashing are also solved. In this article, a remote update system is built, including the server-side and the vehicle, and the interface and communication protocols are defined based on HTTPS. The above methods have been verified on NXP IMX 6 platform. Associated testing of the simulation of the ECU by the STM32 and ROCKCHIP demo board has been made based on the CAN and Ethernet simulating the vehicle network architecture. By the real data catching from Ethernet and the CAN, the details of the log file of the programs’ event tracking information are analyzed to obtain the experimental results. The results indicated that the incremental remote data updating system built in this article can remotely update the CAN software accurately and efficiently in all simulation tests, which proved the practicability, accuracy, and efficiency of this method.

Le Yu,Yangyang Liu,Pengfei Jing,Xiapu Luo,Lei Xue,Kaifa Zhao,Yajin Zhou,Ting Wang,Guofei Gu,Sen Nie,Shi Wu

2022-01-01

Abstract:In-vehicle protocols are very important to the security assessment and protection of modern vehicles since they are used in communicating with, accessing, and even manipulating ECUs (Electronic Control Units) that control various vehicle components. Unfortunately, the majority of in-vehicle protocols are proprietary without publicly available documents. Although recent studies proposed methods to reverse engineer the CAN protocol used in the communication among ECUs, they cannot be applied to vehicle diagnostics protocols, which have been widely exploited by attackers to launch remote attacks. In this paper, we propose a novel framework for automatically reverse engineering the diagnostic protocols of vehicles by leveraging professional diagnostic tools. Specifically, we design and develop a new cyber-physical system that uses a set of algorithms to control a programmable robotics arm with the aid of cameras to automatically trigger and capture the messages of diagnostics protocols as well as reverse engineer their formats, semantic meanings, and proprietary formulas required for processing the response messages. We perform a large-scale experiment to evaluate our prototype using 18 real vehicles. It successfully reverse engineers 570 messages (446 for reading sensor values and 124 for controlling components). The experimental results show that our framework achieves high precision in reverse engineering proprietary formulas and obtains much more messages than the prior approach based on app analysis.

Miao Xu,Wenyuan Xu,Jesse Walker,Benjamin Moore

DOI: https://doi.org/10.1145/2517968.2517973

2013-01-01

Abstract:Wireless sensor networks are increasingly being integrated into the modern automobile with the intention of improving safety and reducing costs. However, it has been shown that the first widely-deployed and mandatory in-car sensor networks --Tire Pressure Monitoring Systems (TPMSs) -- employ no cryptographic algorithms for protecting their wireless communication, incurring serious security and privacy risks for consumers. In this paper, we design and evaluate cost-effective secure communication protocols that can resolve the privacy and security vulnerabilities of existing TPMSs as well as other forthcoming in-car wireless sensor networks. Our implementation on Arduino platforms shows that the proposed protocol incurs modest overhead and is applicable to resource-constrained embedded systems.

Beibei Li,Wei Hu,Lemei Da,Yibing Wu,Xinxin Wang,Yiwei Li,Chaoxuan Yuan

DOI: https://doi.org/10.1007/s10462-024-10968-z

IF: 9.588

2024-10-05

Artificial Intelligence Review

Abstract:The continuous improvement in the connectivity, automation and autonomy levels of Intelligent Connected Vehicles (ICVs) significantly increases the probability of potential security threats. Over-the-Air (OTA) is a promising technique for upgrading features of ICVs and enhancing their reliability and security against environmental disturbances as well as malicious attacks. To better understand the potential security risks and possible countermeasures, we survey research works in ICV security during OTA from cloud upgrade, terminal upgrade, and object upgrade. We also summarize existing methods in OTA upgrading techniques and systematically investigate the overall framework of OTA upgrading methods from the perspectives of Software-Over-the-Air (SOTA) and Firmware-Over-the-Air (FOTA).We further discuss possible mitigation strategies and open issues yet to be resolved in this research direction. This survey shows that OTA provides a powerful technique for upgrading the ICV features and improving ICV security.

computer science, artificial intelligence

Subir Halder,Amrita Ghosal,Mauro Conti

DOI: https://doi.org/10.48550/arXiv.1904.00685

2019-04-01

Cryptography and Security

Abstract:This survey highlights and discusses remote OTA software updates in the automotive sector, mainly from the security perspective. In particular, the major objective of this survey is to provide a comprehensive and structured outline of various research directions and approaches in OTA update technologies in vehicles. At first, we discuss the connected car technology and then integrate the relationship of remote OTA update features with the connected car. We also present the benefits of remote OTA updates for cars along with relevant statistics. Then, we emphasize on the security challenges and requirements of remote OTA updates along with use cases and standard road safety regulations followed in different countries. We also provide for a classification of the existing works in literature that deal with implementing different secured techniques for remote OTA updates in vehicles. We further provide an analytical discussion on the present scenario of remote OTA updates with respect to care manufacturers. Finally, we identify possible future research directions of remote OTA updates for automobiles, particularly in the area of security.

George Kornaros,Othon Tomoutzozlou,Marcello Coppola,Georgios Kornaros,Othon Tomoutzoglou

DOI: https://doi.org/10.1109/mm.2018.053631143

IF: 2.8212

2018-09-01

IEEE Micro

Abstract:With emerging smart automotive technologies, vehicle-to-vehicle communications, and software-dominated enhancements for enjoyable driving and advanced driver assistance systems, the complexity of providing guarantees in terms of security, trust, and privacy in a modern cyber-enabled automotivesystem is significantly elevated. New threat models emerge that require efficient system-level countermeasures. This article introduces synergies between on- and off-chip networking techniques to ensure secure execution environments for electronic control units. The proposed mechanisms consist of hardware firewalling and on-chip network physical isolation, whose mechanisms are combined with system-wide cryptographic techniques in automotive controller area network (CAN)-bus communications to provide authentication and confidentiality.

computer science, software engineering, hardware & architecture

Qi-Xian Huang,Min-Yi Chiu,Chi-Shen Yeh,Hung-Min Sun

DOI: https://doi.org/10.3390/su142013660

IF: 3.9

2022-01-01

Sustainability

Abstract:In recent years, since edge computing has become more and more popular, its security issues have become apparent and have received unprecedented attention. Thus, the current research concentrates on security not only regarding devices such as PCs, smartphones, tablets, and IoTs, but also the automobile industry. However, since attack vectors have become more sophisticated than ever, we cannot just protect the zone above the system software layer in a certain operating system, such as Linux, for example. In addition, the challenges in IoT devices, such as power consumption, performance efficiency, and authentication management, still need to be solved. Since most IoT devices are controlled remotely, the security regarding system maintenance and upgrades has become a big issue. Therefore, a mechanism that can maintain IoT devices within a trusted environment based on localhost or over-the-air (OTA) will be a viable solution. We propose a mechanism called STBEAT, integrating an open-source project with ARM TrustZone to solve the challenges of upgrading the IoT system and updating system files more safely. This paper focuses on the ARMv7 architecture and utilizes the security stack from TrustZone to OP-TEE under the STM32 board package, and finally obtains the security key from the trusted application, which is used to conduct the cryptographic operations and then install the newer image on the MMC interface. To sum up, we propose a novel software update strategy and integrated ARM TrustZone security extension to beef up the embedded ecosystem.

Franco Oberti,Alessandro Savino,Ernesto Sanchez,Filippo Parisi,Stefano Di Carlo

DOI: https://doi.org/10.1109/TDMR.2022.3157000

2022-03-07

Abstract:The automobile industry is no longer relying on pure mechanical systems; instead, it benefits from advanced Electronic Control Units (ECUs) in order to provide new and complex functionalities in the effort to move toward fully connected cars. However, connected cars provide a dangerous playground for hackers. Vehicles are becoming increasingly vulnerable to cyber attacks as they come equipped with more connected features and control systems. This situation may expose strategic assets in the automotive value chain. In this scenario, the Controller Area Network (CAN) is the most widely used communication protocol in the automotive domain. However, this protocol lacks encryption and authentication. Consequently, any malicious/hijacked node can cause catastrophic accidents and financial loss. Starting from the analysis of the vulnerability connected to the CAN communication protocol in the automotive domain, this paper proposes EXT-TAURUM P2T a new low-cost secure CAN-FD architecture for the automotive domain implementing secure communication among ECUs, a novel key provisioning strategy, intelligent throughput management, and hardware signature mechanisms. The proposed architecture has been implemented, resorting to a commercial Multi-Protocol Vehicle Interface module, and the obtained results experimentally demonstrate the approach's feasibility.

Cryptography and Security

Yunje Shin,Sanghoon Jeon

DOI: https://doi.org/10.3390/s24051447

IF: 3.9

2024-02-24

Sensors

Abstract:The escalating advancement in Software-Defined Vehicles (SDVs) necessitates a formidable strategy for firmware updates, where traditional methods often fall short of guaranteeing absolute integrity. Although decentralization has been explored in studies for firmware integrity verification using blockchain technology, it lacks comprehensive validation in the context of automotive over-the-air (OTA) updates. By recognizing the limitations of current practices and the partial validation of decentralized approaches, such as blockchain, in the automotive sector, our study introduces a novel mechanism for firmware over-the-air (FOTA) updates. This mechanism is grounded in the widely adopted message queuing telemetry transport (MQTT) protocol, integral to the Internet of Things (IoT) domain, and leverages Merkle tree-based blockchain verification to fortify the fidelity and efficiency of firmware updates. Our proposed solution not only prioritizes the stability crucial to automotive OTA updates but also ensures that performance is not compromised. This dual focus on reliability and efficiency represents a significant stride forward in the development of secure, scalable SDV firmware update protocols.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Asad Waqar Malik,Anis U. Rahman,Arsalan Ahmad,Max Mauro Dias Santos

DOI: https://doi.org/10.1109/tnsm.2022.3181027

2023-02-03

IEEE Transactions on Network and Service Management

Abstract:With recent advancements in software-defined vehicles, over-the-air (OTA) software updates are crucial to roll out new software and patches for connected vehicles. Traditionally, outdated vehicles are recalled by the manufacturers, however, owners are notoriously difficult to reach with recall notices. Also, organizational and procedural challenges result in many outdated vehicles with insecure and unstable software. In this paper, we propose a dissemination framework for OTA updates using a federated fog environment. Pushing the update to all vehicles via the fog nodes may congest the network, leading up to a single-point failure for update dissemination, as well as, disruption to other installed services at the fog nodes. We propose a software-defined mechanism to select a pivot, which gets the update from the fog node and streams it to other vehicles. Moreover, a timer-barrier mechanism is proposed to identify any malicious vehicles that are barred from participating in pivot selection. The experimental evaluation demonstrates that the proposed scheme improves network convergence time by 40% with 95% node trustworthiness.

computer science, information systems

Abir Bazzi,Adnan Shaout,Di Ma

DOI: https://doi.org/10.1109/access.2024.3409629

IF: 3.9

2024-06-12

IEEE Access

Abstract:The automotive industry is experiencing a significant evolution from traditional hardware-defined to software-defined architecture, enabling higher levels of autonomy, connectivity, safety, and richer in-vehicle experiences. A service oriented architecture is essential for realizing Software-Defined Vehicles (SDVs) and fostering new business models for OEMs. However, this architecture evolution requires new development paradigms to address the increasing complexity of software, which is essential for seamless software development, integration, and deployment from cloud or backend repositories to the vehicle. Given the complexity of vehicular software updates, particularly when dealing with highly distributed embedded ECUs, a software-centric approach is more efficient and suitable to cover different architectures and configurations, ensuring consistency across all platforms. Therefore, we propose a variability-rich scheme for software updates based on a Merkle tree approach that can cope with the complexity of the new software architecture while addressing the safety and security requirements of real-time and resource-constrained embedded systems in the vehicle. The technical analysis and experiments conducted in this paper demonstrate how the proposed scheme, which combines a digital signature and a Merkle hash tree, achieves synergistic authentication and verification of multiple software variants. Our approach offers OEMs the ability to sign a software module once and verify it across multiple ECU variants, providing a more efficient alternative to the traditional method of creating a software update package for each variant. This approach not only adds flexibility to software updates and reduces the complexity of software variant management, but also maintains the security of the vehicle, ensuring that there is no compromise in the safety of the passengers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ivan Edmar Carvajal Roca,Jian Wang,Jun Du,Shuangqing Weit

DOI: https://doi.org/10.1109/iwcmc48107.2020.9148360

2020-01-01

Abstract:Despite the benefits of electric and autonomous vehicles, current in-vehicle networks lack a robust and feasible security framework that considers the authentication, confidentiality, and integrity for the communication of Electronic Control Units (ECUs). Although a centralized key management mechanism offers an efficient solution, the security fully relies on this centralized unit, which leads to a single point of failure problem. In this paper, we present a semi-centralized key management framework to secure in-vehicle networks. It provides a decentralized and dynamic key distribution during the vehicle's operation and considers different aspects such as ECU's broadcast communication, ECU manufacturing process and ECU authentication without the use of certificates from external third parties. Finally, the implementation and the simulation of our framework validate the feasibility and practical use of our approach.

Jose Soriano,Guillermo Jiménez,Ernesto Correa,Noel Ruiz,Guillermo Jimenez

DOI: https://doi.org/10.1109/hpsr52026.2021.9481853

2021-06-07

Abstract:Car Manufacturer has to address today growing threats, cars have been incrementally becoming more complex with more code and on the other hand they have to maintain its components during extended life spans of several years compared with other industries. This, together with the increasing connectivity thanks to the connected car and 5G, is becoming a major concern for the industry. FISHY offers a prime opportunity to address some of these challenges since it will offer a homogenous way to tackle some of the threats. The focus of this document is to describe how the supply chain for its IOT components, that are part of the ECU, can be secured to maintain security over time, all using surveillance techniques such as continuous vulnerability management or firmware and software updates using out-of-band channels. Finally, we will discuss the importance of security maintain-ability as a key enabler for long-term crypto-based protection.

Chaoxin Tan,Yang Zhang,Zhu Ma,Jun Xu,Bin Mei

DOI: https://doi.org/10.3969/j.issn.1671-7104.2019.06.009

2019-11-30

Abstract:This paper introduces a network remote firmware update system based on IAP technology, which aims to solve the problems of low efficiency and high cost in the traditional upgraded medical device firmware (lower computer program) mode, and to improve the portability of the lower computer program upgrade maintenance. In order to better cope with market changes, customer needs, and solve software failures in medical devices, it is necessary to update and upgrade medical device software in a timely manner. Through the IAP technology and Internet communication technology of STM32 platform, this solution can complete the update of all instrument firmware in a short time, which not only saves a lot of travel expenses, mailing costs and labor costs, but also greatly shortens the update time.

Ching-Hu Lu,Chi-Hsien Liu,Zhi-Hong Chen

DOI: https://doi.org/10.1007/s12652-020-02492-z

IF: 3.662

2020-09-04

Journal of Ambient Intelligence and Humanized Computing

Abstract:With the rapidly increasing number of Internet of Things (IoT) devices, various interconnected devices have become targets of growing cyberattacks. Keeping the firmware of an IoT device up-to-date is one feasible way to protect the device against cyberattacks. The existing approaches of firmware update (including distribution and validation) are not scalable in distribution to increasing numbers of devices, however, let alone able to provide reliable validation. To address the above issues, this study proposes a hybrid update scheme, including distributed membership-based firmware sharing for firmware distribution and smart-contract-enabled firmware validation via a blockchain (BC). This hybrid update approach leverages the advantages of a peer-to-peer network and a blockchain. Evaluation of the study has shown that the proposed distributed membership-based firmware sharing is more secure and scalable to an increasing number of devices. The proposed smart-contract-enabled firmware validation is more efficient than the firmware validation in existing studies since it can effectively reduce unwanted repeat validation via a smart contract in a blockchain. In addition, it can help make sure all members of an IoT-enabled service having the right firmware before providing the service to users. Such designs can improve service quality and also reduce as much human intervention to leverage the strengths of an IoT-enabled application or system.

computer science, information systems,telecommunications, artificial intelligence

Vishal Bhargava,N. S. Raghava

DOI: https://doi.org/10.1007/s11277-024-10901-1

IF: 2.017

2024-03-12

Wireless Personal Communications

Abstract:IoT (Internet of Things) use cases cover all the verticals of industry/organization. From manufacturing unit to building management, from X protocol to Y protocol, from A device to Z device; everywhere it is using. The number of IoT devices is increasing exponentially, especially in remote areas. These devices, which are deployed, need to update also, as the software development process for an IoT device is not a one-time action. Even devices running on a small software needs to be updated with the time for bug fixing or feature addition."Using more computing to move less data" is the new computing paradigm. Hence, low internet connectivity for large computing scale software updates of such IoT devices must be considered. In this paper, we proposed an implementation of a method that needed low internet connectivity for Firmware Over the Air (FOTA) of embedded devices.

telecommunications

David Fernández Blanco,Frédéric Le Mouël,Trista Lin,Marie-Pierre Escudié

DOI: https://doi.org/10.1109/access.2023.3294256

IF: 3.9

2023-07-29

IEEE Access

Abstract:Over the last few decades, automotive embedded Information and Communication Technology (ICT) systems have been used to enhance vehicle performance and enrich peopleâ's driving experience, increasing the panel of software features within them. However, even though until now automakers have kept up with the innovation pace in terms of the functionalities that have been offered to passengers, the majority of automakers' efforts have concentrated on bringing in these new functionalities by adding an unceasingly larger set of ECUs. All of this has been done without evolving any of the embedded software architecture consequently, due to budgetary constraints, legislative limitations, retro-compatibility problems, and a lack of awareness of the trending IT innovation. This unbalanced progress has then led to a substantial increase in in-vehicle architectural complexity, which has become a major concern for automakers nowadays as it makes the vehicle repairing process more complex, decreases software traceability and clashes with the objective of having higher business flexibility, modularity, and dynamicity within the vehicles. In this paper, we are going to go through literature, both academic and industrial, and propose a comprehensive study into automotive system transformation. We begin by giving a detailed analysis of the causes of evolution under five axes - i.e., society, business, industry, application, and technical. Then, we discuss the convergence of cars and software life cycles and propose a three-layered analysis of automotive ICT systems consisting of architecture design, software pipelines, and run-time management. Finally, we are going to propose certain detailed guidelines on the evolution perspectives for automotive systems through deriving from the convergence of advances in IT, as well as current and future automotive environmental constraints.

computer science, information systems,telecommunications,engineering, electrical & electronic