Secure Firmware Updates over the Air in Intelligent Vehicles

Modern intelligent vehicles have electronic control units containing firmware that enables various functions in the vehicle. New firmware versions are constantly developed to remove bugs and improve functionality. Automobile manufacturers have traditionally performed firmware updates over cables but in the near future they are aiming at conducting firmware updates over the air, which would allow faster updates and improved safety for the driver. In this paper, we present a protocol for secure firmware updates over the air. The protocol provides data integrity, data authentication, data confidentiality, and freshness. In our protocol, a hash chain is created of the firmware, and the first packet is signed by a trusted source, thus authenticating the whole chain. Moreover, the packets are encrypted using symmetric keys. We discuss the practical considerations that exist for implementing our protocol and show that the protocol is computationally efficient, has low memory overhead, and is suitable for wireless communication. Therefore, it is well suited to the limited hardware resources in the wireless vehicle environment.

[1]  Ulf E. Larson,et al.  Simulated attacks on CAN buses: vehicle virus , 2008 .

[2]  Syed Masud Mahmud,et al.  Wireless Multicasting for Remote Software Upload in Vehicles With Realistic Vehicle Movements , 2005 .

[3]  Quynh Dang Randomized Hashing for Digital Signatures , 2009 .

[4]  Hugo Krawczyk,et al.  Strengthening Digital Signatures Via Randomized Hashing , 2006, CRYPTO.

[5]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[6]  Panagiotis Papadimitratos,et al.  SECURING VEHICULAR COMMUNICATIONS , 2006, IEEE Wireless Communications.

[7]  David E. Culler,et al.  Securing the Deluge network programming system , 2006, 2006 5th International Conference on Information Processing in Sensor Networks.

[8]  Radovan Miucic,et al.  Firmware Update Over The Air (FOTA) for Automotive Industry , 2007 .

[9]  Ulf Lindqvist,et al.  Key management and secure software updates in wireless process control environments , 2008, WiSec '08.

[10]  M. Luk,et al.  MiniSec: A Secure Sensor Network Communication Architecture , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[11]  S. Mahmud,et al.  Secure software upload in an intelligent vehicle via wireless communication links , 2005, IEEE Proceedings. Intelligent Vehicles Symposium, 2005..