Firmware Over the Air for Securely Updating ECUs of the Vehicle

Bhavesh Raju Mudhivarthi; Prabhat Thakur; Alok Kumar; Sagar Anturkar; G. Singh

doi:10.2174/0122103279346608250109112823

image of Firmware Over the Air for Securely Updating ECUs of the Vehicle

Firmware Over the Air for Securely Updating ECUs of the Vehicle
Authors: Bhavesh Raju Mudhivarthi¹, Prabhat Thakur^1,2, Alok Kumar³, Sagar Anturkar⁴ and G. Singh²
View Affiliations Hide Affiliations

¹ Department of Electronics and Telecommunication Engineering, Symbiosis Institute of Technology, Symbiosis International (Deemed University) Pune, Maharashtra, India; ² Department of Electrical and Electronics Engineering Sciences, University of Johannesburg, S Africa; ³ Department of Electronics and Communication Engineering, Jaypee University of Information Technology, Waknaghat, Solan, HP, India ; ⁴ Department of Engineering, Verolt Engineering Pvt Ltd, Pune, Maharashtra, India
Source: International Journal of Sensors Wireless Communications and Control
Available online: 24 January 2025
DOI: https://doi.org/10.2174/0122103279346608250109112823
- Received: 15 Aug 2024
- Accepted: 12 Nov 2024
- Available online: 24 Jan 2025

Abstract

Introduction

An automobile is a software-defined machine on top of the wheels including more than 100 electronic control units (ECU) with million lines of code. The integration of ECU in the automobile ensures the customer’s needs by providing safety, security, entertainment, and comfort features.

Methods

The firmware integrated into the ECU should be updated to avoid latency in operation and bugs, and to add new features. The traditional update process of ECU holds loopholes like more waiting time, unavailability of service centers, and security threats. To overcome this, over-the-air (OTA) updates are introduced in the vehicle, but security is the major concern while transmitting firmware over the air.

Results

The proposed system ensures the wireless firmware update with the uptane framework with background Timestamp Update Framework (TUF) ensures the security. The timestamp generated is valid for 86400 seconds to validate the freshness. In addition, security assessment and reverse engineering are performed on the designed system to check for security breaches.

Conclusion

The system secures the firmware over arbitrary and replay attacks on the Original Equipment Manufacturer (OEM) server.

Article metrics loading...

/content/journals/swcc/10.2174/0122103279346608250109112823

2025-01-24

2025-10-09

From This Site

/content/journals/swcc/10.2174/0122103279346608250109112823

dcterms_title,dcterms_subject,pub_keyword

-contentType:Contributor -contentType:Concept -contentType:Institution

10

5

Full text loading...

References

Miucic R Mahmud SM Wireless multicasting for remote software upload in vehicles with realistic vehicle movements SAE Tech. Pap. 2005 10.4271/2005‑01‑0323
[Google Scholar]
Bogdan D. Bogdan R. Popa M. Delta flashing of an ECU in the automotive industry. IEEE 11th International Symposium on Applied Computational Intelligence and Informatics (SACI) Timisoara, Romania, 2016, pp. 503-508. 10.1109/SACI.2016.7507429
[Google Scholar]
de Boer G. Engel P. Praefcke W. Generic remote software update for vehicle ecus using a telematics device as a gateway. Adv. Microsyst. Automot. Appl. 2005 2005 371 380 10.1007/3‑540‑27463‑4_27
[Google Scholar]
Nilsson D.K. Sun L. Nakajima T. A framework for self-verification of firmware updates over the air in vehicle ECUs. 2008 IEEE Globecom Workshops New Orleans, LA, USA, 2008, pp. 1-5. 10.1109/GLOCOMW.2008.ECP.56
[Google Scholar]
Mayilsamy K. Ramachandran N. Sunder Raj V. An integrated approach for data security in vehicle diagnostics over internet protocol and software update over the air. Comput. Electr. Eng. 2018 71 578 593 10.1016/j.compeleceng.2018.08.002
[Google Scholar]
Pospisil O. Fujdiak R. Mikhaylov K. Ruotsalainen H. Misurec J. Testbed for lorawan security: Design and validation through man-in-the-middle attacks study. Appl. Sci. (Basel) 2021 11 16 7642 10.3390/app11167642
[Google Scholar]
Idrees M.S. Schweppe H. Roudier Y. Wolf M. Scheuermann D. Henniger O. Secure automotive on-board protocols: A case of over-the-air firmware updates. Communication Technologies for Vehicles: Third International Workshop, Nets4Cars/Nets4Trains Oberpfaffenhofen, Germany, March 23- 24, 2011, pp. 224–238. 10.1007/978‑3‑642‑19786‑4_20
[Google Scholar]
Vrachkov D.G. Todorov D.G. Research of the systems for Firmware Over The Air (FOTA) and Wireless Diagnostic in the new vehicles. 2020 XXIX International Scientific Conference Electronics (ET) 2020, pp. 1–4. 10.1109/ET50336.2020.9238345
[Google Scholar]
Martínez-Cruz A. Ramírez-Gutiérrez K.A. Feregrino-Uribe C. Morales-Reyes A. Security on in-vehicle communication protocols: Issues, challenges, and future research directions. Comput. Commun. 2021 180 1 20 10.1016/j.comcom.2021.08.027
[Google Scholar]
Górski T. Towards Continuous Deployment for Blockchain. Appl. Sci. (Basel) 2021 11 24 11745 10.3390/app112411745
[Google Scholar]
Ayres N. Deka L. Paluszczyszyn D. Continuous automotive software updates through container image layers. Electronics 2021 10 6 739 10.3390/electronics10060739
[Google Scholar]
Koerner A. B. Hendriks B. Kürschner M. Selective software updates with in situ monitoring of non-homogeneous automotive electronic control units. ACI Mobility Summit 2021 10.2514/6.2021‑3025
[Google Scholar]
Mahmood S. Nguyen H.N. Shaikh S.A. Systematic threat assessment and security testing of automotive over-the-air (OTA) updates. Veh. Commun. 2022 35 100468 10.1016/j.vehcom.2022.100468
[Google Scholar]
Hu X. Huang G. Ning Y. Wang L. Suo J. Ota K. Zhang J. A lightweight and confidential communication scheme for on-vehicle ECUs. IEEE Netw. 2024 38 3 34 40 10.1109/MNET.2024.3365946
[Google Scholar]
Khan M.N. Rahman H.U. Hussain T. Yang B. Qaisar S.M. Enabling trust in automotive IoT: Lightweight mutual authentication scheme for electronic connected devices in internet of things. IEEE Trans. Consum. Electron. 2024 ••• 1 1 10.1109/TCE.2024.3410300
[Google Scholar]
Bodkhe U. Tanwar S. V2XCom: Lightweight and secure message dissemination scheme for Internet of vehicles. Security and Privacy 7 6 10.1002/spy2.352
[Google Scholar]
Naresh V.S. Reddi S. Allavarpu V.V.L.D. Provable secure dynamic lightweight group communication in VANETs. Trans. Emerg. Telecommun. Technol. 2024 35 4 e4273 10.1002/ett.4273
[Google Scholar]
Huang X. Li L. Zhang H. Yang J. Kuang J. IoVCipher: A low-latency lightweight block cipher for internet of vehicles. Ad Hoc Netw. 2024 160 103524 10.1016/j.adhoc.2024.103524
[Google Scholar]
Bazzi A. Shaout A. Ma D. MT-SOTA: A Merkle-tree-based approach for secure software updates over the air in automotive systems. Appl. Sci. 2023 13 16 9397 10.3390/app13169397
[Google Scholar]
Nasr A. Ghoneima M. Abdullah B.A. Automotive software self reprogramming OTA. 2022 13th International Conference on Electrical Engineering (ICEENG) Cairo, Egypt, 2022, pp. 76-80. 10.1109/ICEENG49683.2022.9781935
[Google Scholar]
Mayilsamy K. Ramachandran N. Moses B.J.S. Ravikumar A. A hybrid approach to enhance data security in wireless vehicle firmware update process. Wirel. Pers. Commun. 2022 125 1 665 684 10.1007/s11277‑022‑09571‑8
[Google Scholar]
Karthik T. Uptane: Securing software updates for automobiles. International Conference on Embedded Security in Car 2016, pp. 1–11.
[Google Scholar]
Samuel J. Mathewson N. Cappos J. Dingledine R. Survivable key compromise in software update systems. Proceedings of the 17th ACM conference on Computer and communications security 2010, pp. 61–72. 10.1145/1866307.1866315
[Google Scholar]
Ghosal A. Halder S. Conti M. Secure over-the-air software update for connected vehicles. Comput. Netw. 2022 218 109394 10.1016/j.comnet.2022.109394
[Google Scholar]
Mudhivarthi B.R. Thakur P. Singh G. Aspects of cyber security in autonomous and connected vehicles. Appl. Sci. 2023 13 5 3014 10.3390/app13053014
[Google Scholar]
Kuppusamy T.K. DeLong L.A. Cappos J. Uptane: Security and customizability of software updates for vehicles. IEEE Veh. Technol. Mag. 2018 13 1 66 73 10.1109/MVT.2017.2778751
[Google Scholar]
Kuppusamy T.K. Torres-Arias S. Diaz V. Cappos J. Diplomat: Using delegations to protect community repositories. 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16) 2016, pp. 567–581.
[Google Scholar]
Johns O. Andell A. TUF on the Tangle: Securing software updates using a distributed ledger. 2021
[Google Scholar]
Bozdal M. Samie M. Jennions I. A survey on can bus protocol: Attacks, challenges, and potential solutions. 2018 International Conference on Computing, Electronics & Communications Engineering (iCCECE) 2018, pp. 201–205. 10.1109/iCCECOME.2018.8658720
[Google Scholar]
Zhang K. Olmsted A. Examining autonomous vehicle operating systems vulnerabilities using a cyber-physical approach. 2021 IEEE International Intelligent Transportation Systems Conference (ITSC) 2021, pp. 976-981. 10.1109/ITSC48978.2021.9564848
[Google Scholar]
Khansa L. Zobel C.W. Assessing innovations in cloud security. J. Comput. Inf. Syst. 2014 54 3 45 56 10.1080/08874417.2014.11645703
[Google Scholar]
Xun Y. Liu J. Kato N. Fang Y. Zhang Y. Automobile driver fingerprinting: A new machine learning based authentication scheme. IEEE Trans. Industr. Inform. 2020 16 2 1417 1426 10.1109/TII.2019.2946626
[Google Scholar]
Deng J. Yu L. Fu Y. Hambolu O. Brooks R.R. Security and data privacy of modern automobiles. Data Analytics for Intelligent Transportation Systems. Elsevier 2017 131 163 10.1016/B978‑0‑12‑809715‑1.00006‑7
[Google Scholar]
Dantas Y.G. Nigam V. Ruess H. Security engineering for ISO 21434 2020
Ebert C. John J. Practical Cybersecurity with ISO 21434. ATZelectronics worldwide 2022 17 3-4 8 13 10.1007/s38314‑021‑0741‑5
[Google Scholar]
Mbakoyiannis D. Tomoutzoglou O. Kornaros G. Secure over-the-air firmware updating for automotive electronic control units Proceedings of the 34th ACM/SIGAPP symposium on applied computing 2019, pp. 174–181. 10.1145/3297280.3297299
[Google Scholar]
Rakotondravony N. Taubmann B. Mandarawi W. Weishäupl E. Xu P. Kolosnjaji B. Protsenko M. de Meer H. Reiser H.P. Classifying malware attacks in IaaS cloud environments. J. Cloud Comput. 2017 6 1 26 10.1186/s13677‑017‑0098‑8
[Google Scholar]
Csikor L. Lim H. W. Wong J. W. Ramesh S. Parameswarath R. P. Chan M. C. RollBack: A new time-agnostic replay attack against the automotive remote keyless entry systems. arXiv:2210.11923 2022 10.1145/3627827
[Google Scholar]

/content/journals/swcc/10.2174/0122103279346608250109112823

Firmware Over the Air for Securely Updating ECUs of the Vehicle

Bentham Science Publishers ; https://doi.org/10.2174/0122103279346608250109112823

/content/journals/swcc/10.2174/0122103279346608250109112823

Data & Media loading...

Article Type: Research Article

Keywords: attacks ; FOTA ; security ; Firmware ; over-the-air

Firmware Over the Air for Securely Updating ECUs of the Vehicle

Abstract

From This Site

Most Read This Month

Most Cited Most Cited RSS feed

MQTT Implementations, Open Issues, and Challenges: A Detailed Comparison and Survey

Improved Convolutional Neural Network and Heuristic Technique based on Forecasting and Sizing of Hybrid Renewable Energy System

A Pill to Find Them All: IoT Device Behavior Fingerprintin g using Capsule Networks

Concept and Application of Envelope Spectrum Analysis in the Field of Vibration Signal Processing

A Study on Security Issues and Attacks, Challenges and Future Improvements in Cloud-based IoT

Proactive Routing Mechanism for Removing Far Sensor in IoT using A Design of B * Index

A Concise Review on Internet of Things: Architecture, Enabling Technologies, Challenges, and Applications

Signal Assessment Using ML for Evaluation of WSN Framework in Greenhouse Monitoring

Enhancing Image Dehazing Efficiency with Dual Colour Space Attentional Deep Networks

A Survey on Game Theory based Interference Mitigation in WBASN