Secure OTA Software Updates in Connected Vehicles: A survey

This survey highlights and discusses remote OTA software updates in the automotive sector, mainly from the security perspective. In particular, the major objective of this survey is to provide a comprehensive and structured outline of various research directions and approaches in OTA update technologies in vehicles. At first, we discuss the connected car technology and then integrate the relationship of remote OTA update features with the connected car. We also present the benefits of remote OTA updates for cars along with relevant statistics. Then, we emphasize on the security challenges and requirements of remote OTA updates along with use cases and standard road safety regulations followed in different countries. We also provide for a classification of the existing works in literature that deal with implementing different secured techniques for remote OTA updates in vehicles. We further provide an analytical discussion on the present scenario of remote OTA updates with respect to care manufacturers. Finally, we identify possible future research directions of remote OTA updates for automobiles, particularly in the area of security.

[1]  D. de Waard,et al.  Behavioral adaptation of young and older drivers to an intersection crossing advisory system. , 2015, Accident; analysis and prevention.

[2]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[3]  Kevin Fu,et al.  Secure Software Updates: Disappointments and New Challenges , 2006, HotSec.

[4]  D.K. Nilsson,et al.  Secure Firmware Updates over the Air in Intelligent Vehicles , 2008, ICC Workshops - 2008 IEEE International Conference on Communications Workshops.

[5]  Mikael Asplund,et al.  Decentralized Firmware Attestation for In-Vehicle Networks , 2019, Proceedings of the 5th on Cyber-Physical System Security Workshop - CPSS '19.

[6]  Klaus Grimm Software technology in an automotive company - major challenges , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[7]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[8]  Muhammad Sabir Idrees,et al.  Secure Automotive On-Board Protocols: A Case of Over-the-Air Firmware Updates , 2011, Nets4Cars/Nets4Trains.

[9]  Mohd Murtadha Mohamad,et al.  A Survey of Security and Privacy in Connected Vehicles , 2015 .

[10]  Syed Masud Mahmud,et al.  Analysis of a Secure Software Upload Technique in Advanced Vehicles using Wireless Links , 2007, 2007 IEEE Intelligent Transportation Systems Conference.

[11]  Jiajia Liu,et al.  In-Vehicle Network Attacks and Countermeasures: Challenges and Future Directions , 2017, IEEE Network.

[12]  Alois Knoll,et al.  Future cars: necessity for an adaptive and distributed multiple independent levels of security architecture , 2013, HiCoNS '13.

[13]  Ahmad-Reza Sadeghi,et al.  ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices , 2018, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[14]  Ulf Lindqvist,et al.  Key management and secure software updates in wireless process control environments , 2008, WiSec '08.

[15]  Gene Tsudik,et al.  Secure Code Update for Embedded Devices via Proofs of Secure Erasure , 2010, ESORICS.

[16]  Shucheng Yu,et al.  Investigating and securing communications in the Controller Area Network (CAN) , 2017, 2017 International Conference on Computing, Networking and Communications (ICNC).

[17]  Lei Sun,et al.  A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs , 2008, 2008 IEEE Globecom Workshops.

[18]  Kemal Akkaya,et al.  Block4Forensic: An Integrated Lightweight Blockchain Framework for Forensics Applications of Connected Vehicles , 2018, IEEE Communications Magazine.

[19]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[20]  Kathiresh Mayilsamy,et al.  An integrated approach for data security in vehicle diagnostics over internet protocol and software update over the air , 2018, Comput. Electr. Eng..

[21]  Salil S. Kanhere,et al.  BlockChain: A Distributed Solution to Automotive Security and Privacy , 2017, IEEE Communications Magazine.

[22]  Subra Ganesan,et al.  Firmware over the air for automotive, Fotamotive , 2014, IEEE International Conference on Electro/Information Technology.

[23]  Takeshi Kato,et al.  Approaches for Vehicle Cyber-Security in the US , 2017 .

[24]  Lajos Hanzo,et al.  A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends , 2015, Proceedings of the IEEE.

[25]  Sanjay Jha,et al.  SEDA: Secure Over-the-Air Code Dissemination Protocol for the Internet of Things , 2018, IEEE Transactions on Dependable and Secure Computing.

[26]  Nick Mathewson,et al.  Survivable key compromise in software update systems , 2010, CCS '10.

[27]  Christoph Schmittner,et al.  Status of the Development of ISO/SAE 21434 , 2018, EuroSPI.

[28]  Christoph Krauß,et al.  Evaluation of Lightweight TPMs for Automotive Software Updates over the Air , 2016 .

[29]  Lei Chen,et al.  Cooperative Intersection Management: A Survey , 2016, IEEE Transactions on Intelligent Transportation Systems.

[30]  David W. Keith,et al.  Impact of the Volkswagen emissions control defeat device on US public health , 2015 .

[31]  Bill Canis Issues with Federal Motor Vehicle Safety Standards , 2017 .

[32]  Yves Deswarte,et al.  Survey on security threats and protection mechanisms in embedded automotive networks , 2013, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).

[33]  Radovan Miucic,et al.  Firmware Update Over The Air (FOTA) for Automotive Industry , 2007 .

[34]  Ulf E. Larson,et al.  Securing vehicles against cyber attacks , 2008, CSIIRW '08.

[35]  Hemanth Kumar,et al.  Enhancing connected car adoption: Security and over the air update framework , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[36]  Alan Wassyng,et al.  Safe and Secure Automotive Over-the-Air Updates , 2018, SAFECOMP.

[37]  Paul C. van Oorschot,et al.  Secure Software Installation on Smartphones , 2011, IEEE Security & Privacy.

[38]  Jerry den Hartog,et al.  Security and privacy for innovative automotive applications: A survey , 2018, Comput. Commun..

[39]  Justin Cappos,et al.  Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories , 2017, USENIX Annual Technical Conference.

[40]  Tae-Sung Kim,et al.  Security risk assessment framework for smart car using the attack tree analysis , 2017, Journal of Ambient Intelligence and Humanized Computing.

[41]  Liam Kilmartin,et al.  Intra-Vehicle Networks: A Review , 2015, IEEE Transactions on Intelligent Transportation Systems.

[42]  Salil S. Kanhere,et al.  Secure Wireless Automotive Software Updates Using Blockchains: A Proof of Concept , 2017 .

[43]  Péter Gáspár,et al.  Security issues and vulnerabilities in connected car systems , 2015, 2015 International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS).

[44]  S. Mahmud,et al.  Secure software upload in an intelligent vehicle via wireless communication links , 2005, IEEE Proceedings. Intelligent Vehicles Symposium, 2005..

[45]  Stefan Savage,et al.  Fast and Vulnerable: A Story of Telematic Failures , 2015, WOOT.

[46]  Pascal Schniepp,et al.  Digital transformation of CRM systems in the automotive industry Leveraging big data for customer profiling , 2013 .

[47]  Guy-Vincent Jourdan Software Security Vulnerabilities Seen As Feature Interactions , 2009, ICFI.

[48]  Neville A. Stanton,et al.  Effects of adaptive cruise control and highly automated driving on workload and situation awareness: A review of the empirical evidence , 2014 .

[49]  Kay Römer,et al.  Generic framework enabling secure and efficient automotive wireless SW updates , 2016, 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA).

[50]  Stephen Flowerday,et al.  Smartphone information security awareness: A victim of operational pressures , 2014, Comput. Secur..

[51]  K. Mansour,et al.  AiroDiag: A sophisticated tool that diagnoses and updates vehicles software over air , 2012, 2012 IEEE International Electric Vehicle Conference.

[52]  Gereon Meyer,et al.  European Roadmap Smart Systems for Automated Driving , 2015 .

[53]  Bart Preneel,et al.  Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[54]  Qusay H. Mahmoud,et al.  Cyber physical systems security: Analysis, challenges and solutions , 2017, Comput. Secur..

[55]  Antonello Calabrò,et al.  A tour of secure software engineering solutions for connected vehicles , 2018, Software Quality Journal.

[56]  Damon McCoy,et al.  Uptane : Securing Software Updates for Automobiles , 2016 .