Secure Software Delivery and Installation in Embedded Systems

  • André Adelsbach
  • Ulrich Huber
  • Ahmad-Reza Sadeghi
Conference paper

DOI: 10.1007/978-3-540-31979-5_22

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3439)
Cite this paper as:
Adelsbach A., Huber U., Sadeghi AR. (2005) Secure Software Delivery and Installation in Embedded Systems. In: Deng R.H., Bao F., Pang H., Zhou J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg

Abstract

Increasingly, software (SW) in embedded systems can be updated due to the rising share of flashable electronic control units (ECUs). However, current SW installation procedures are insecure: an adversary can install SW in a given ECU without any sender authentication or compatibility assessment. In addition, SW is installed on an all-or-nothing base: with the installation, the user acquires full access rights to any functionality. Concepts for solving individual deficiencies of current procedures have been proposed, but no unified solution has been published so far.

In this paper we propose a method for secure SW delivery and installation in embedded systems. The automotive industry serves as a case example leading to complex trust relations and illustrates typically involved parties and their demands. Our solution combines several cryptographic techniques. For example, public key broadcast encryption enables secure SW distribution from any provider to all relevant embedded systems. Trusted computing allows to bind the distributed SW to a trustworthy configuration of the embedded system, which then fulfills a variety of security requirements. Finally, we outline the management of flexible access rights to individual functionalities of the installed SW, thus enabling new business models.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • André Adelsbach
    • 1
  • Ulrich Huber
    • 1
  • Ahmad-Reza Sadeghi
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr-University BochumGermany

Personalised recommendations