A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs

Nilsson, Dennis; Sun, Lei; Nakajima, Tatsuo

doi:10.1109/glocomw.2008.ecp.56

Cited by 41 publications

(28 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This research is related to a number of research studies [4], [17], [18]. For instance, [19] introduces a Secure Firmware updates Over The Air (SFOTA) protocol for intelligent vehicles in order to secure the transmission of the firmware code between the portal and the vehicle. The proposed framework facilitates code verification for firmware updates based on a simple hash chain calculation on memory contents, a challenge-response mechanism, and the inclusion of random numbers to prevent pre-image attacks.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Secure Protocol for Remote-Code Integrity Attestation of Embedded Systems: The CSP Approach

Al-Wosabi

Shukur

2019

IEEE Access

View full text Add to dashboard Cite

No doubt, a person of modern society relying on Embedded Systems (ESs) has increased rapidly and the era of digital machines is gaining popularity among users and also systems providers. At the same time, such instruments face substantial security challenges because they usually operate in a physically unprotected environment, and thus attract the attackers to gain unauthorized access for utilizing the system functions. Accordingly, system integrity is important and hence there is a need to propose a technique/tool to verify that the original/pure systems codes have been used in those devices. In this research, our main objective is to design a system architecture with a secure communication for code integrity attestation of an ES. Indeed, the study presents the proposed system architecture for ESs integrity attestation which includes two main phases: fetching an ES code at a server site and examining the ES at a remote site (using a designed user application). Essentially, the hash function (SHA-2) with a random key to calculate a unique digest value for a targeted system have been utilized. Also, the study used timestamps and nonce values, two secure keys, and public key algorithm to design a secure protocol in-order to prevent potential attacks during data and the associated values transfer between the server and the remote user application. As many researchers state that the formal methods are very precise and accurate for presenting system specifications; this study modeled and analyzed the proposed attestation protocol using the Communicating Sequential Processes (CSP) formal method approach. Besides, the Compiler for the Analysis of Security Protocols (Casper) has been used to translate the protocol description into the corresponding process algebra CSP model. Then, the researcher used the Failures Divergences Refinement (FDR) to evaluate the proposed protocol. Those formal method tools are considered as a reliable verification measurement in-order to figure-out potential flaws and correct them. Overall, the final output of checking all the defined secrecy and authentication assertions using FDR 4.2.0, and thus all the secrecy and authentication specifications defined in the developed Casper script are passed.INDEX TERMS Embedded systems, code integrity, code integrity attestation, software tampering, tampering detection, CSP formal method approach, FDR, Casper.

show abstract

Section: Related Workmentioning

confidence: 99%

“…If the user application receives C6, it can decrypt it using its secret key (refer to (19)) to extract the validity status based on the validity of the received user nonce value (refer to Fig. 3: step 20) as follows:…”

Section: E Security Notationsmentioning

confidence: 99%

A Secure Protocol for Remote-Code Integrity Attestation of Embedded Systems: The CSP Approach

Al-Wosabi

Shukur

2019

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In a typical FOTA update, a firmware binary is sent from an Original Equipment Manufacturer (OEM) or other party from the backend system via the TCC to the Telematic Control Moduel in the car and then flashed to the ROM of the ECU [37]. The binary goes through a series of communication channels (including Internet, wireless communication, and in-car buses) and entities, which possess a large attack surface from a security point of view.…”

Section: Chassismentioning

confidence: 99%

“…The binary goes through a series of communication channels (including Internet, wireless communication, and in-car buses) and entities, which possess a large attack surface from a security point of view. Following the guideline in [38] and based on existing work [39,37,36], several misuse cases are identified in the CHASSIS security assessment. The threats and threat scenarios are identified using the information security Confidentiality, Integrity, and Availability (CIA) model in a brainstorming session.…”

Section: Chassismentioning

confidence: 99%

A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems

Schmittner

Schoitsch

et al. 2015

Proceedings of the 1st ACM Workshop on Cyber-Physical System Security

View full text Add to dashboard Cite

The increasing integration of computational components and physical systems creates cyber-physical system, which provide new capabilities and possibilities for humans to control and interact with physical machines. However, the correlation of events in cyberspace and physical world also poses new safety and security challenges. This calls for holistic approaches to safety and security analysis for the identification of safety failures and security threats and a better understanding of their interplay. This paper presents the application of two promising methods, i.e. Failure Mode, Vulnerabilities and Effects Analysis (FMVEA) and Combined Harm Assessment of Safety and Security for Information Systems (CHASSIS), to a case study of safety and security co-analysis of cyber-physical systems in the automotive domain. We present the comparison, discuss their applicabilities, and identify future research needs.

show abstract

“…In this work, we describe both kinds (software and firmware) as SOTA considering firmware as a special case of software. The Over The Air (OTA) approach would minimize the customer inconvenience and allow faster updates, since the software could be downloaded, as soon as the release is ready [5]. Otherwise, it will save important costs compared to the traditional update process in the workshop.…”

Section: Introductionmentioning

confidence: 99%

A Generic System for Automotive Software Over the Air (SOTA) Updates Allowing Efficient Variant and Release Management

Guissouma

Diewald

Sax

2018

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

The introduction of Software Over The Air (SOTA) Updates in the automotive industry offers both the Original Equipment Manufacturer and the driver many advantages such as cost savings through inexpensive over the air bug fixes. Furthermore, it enables enhancing the capabilities of future vehicles throughout their life-cycle. However, before making SOTA a reality for safetycritical automotive functions, major challenges must be deeply studied and resolved: namely the related security risks and the required high system safety. The security concerns are primarily related to the attack and manipulation threats of wireless connected and update-capable cars. The functional safety requirements must be fulfilled despite the agility needed by some software updates and the typically high variants numbers. We studied the state of the art and developed a generic SOTA updates system based on a Server-Client architecture and covering main security and safety aspects including a rollback capability. The proposed system offers release and variant management, which is the main novelty of this work. The proof of concept implementation with a server running on a host PC and an exemplary Electric/Electronic network showed the feasibility and the benefits of SOTA updates.

show abstract

A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs

Cited by 41 publications

References 17 publications

A Secure Protocol for Remote-Code Integrity Attestation of Embedded Systems: The CSP Approach

A Secure Protocol for Remote-Code Integrity Attestation of Embedded Systems: The CSP Approach

A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems

A Generic System for Automotive Software Over the Air (SOTA) Updates Allowing Efficient Variant and Release Management

Contact Info

Product

Resources

About