Abstract
The significant growth of software, processing, and connectivity in automobiles has progressively placed cyber security in the forefront of automotive system design. In the modern era, the concept of connected vehicles facilitates advanced features like vehicle diagnostics and firmware updates over the Internet. As the diagnostic data and firmware update files are highly sensitive, the integrity and authentication of these are highly imperative. A hybrid technique for the enhanced data security using the blend of cryptography and image steganography is proposed for the Vehicle Firmware Update Over-the-Air (FOTA) Process. In the proposed method, Elliptic Curve Integrated Encryption Scheme followed by 3-bit least significant bit Image Steganography technique is used to ensure data integrity and gray level co-occurence matrix (GLCM) is used for authentication of firmware update patch. A prototype using AURIX TC275-TRB as Electronic Control Unit and Raspberry Pi as the telematics unit, has been developed to illustrate the viability of the proposed method. From the results obtained, it is inferred that the proposed method for data security in FOTA performs better than the method recommended by the AUTOSAR.
Similar content being viewed by others
Data availability
Enquiries about data availability should be directed to the authors.
Abbreviations
- AES:
-
Advanced encryption standard
- AES-GCM:
-
Advanced encryption standard Galois counter mode
- CAN:
-
Controller area network
- CGW:
-
Central gateway
- CLI:
-
Command line interface
- ECC:
-
Elliptic curve cryptography
- ECDH:
-
Elliptic-curve Diffie–Hellman
- ECDLP:
-
Elliptic curve discrete logarithm problem
- ECIES:
-
Elliptic curve integrated encryption scheme
- ECU:
-
Electronic control unit
- FOTA:
-
Firmware update over-the-air
- GLCM:
-
Gray level co-occurence matrix
- HAT:
-
Hardware at top
- LSB:
-
Least significant bit
- MAC:
-
Message authentication code
- MAC:
-
Media access control
- MSE:
-
Mean square error
- OEM:
-
Original equipment manufacturer
- OS:
-
Operating system
- PBKDF2:
-
Password based key derivation function 2
- PSNR:
-
Peak signal-to-noise ratio
- RAM:
-
Random access memory
- RSA:
-
Rivest, Shamir, Adleman
- SHA:
-
Secure Hash Algorithm
- SoC:
-
System on chip
- SOTA:
-
Software update over-the-air
- SPI:
-
Serial peripheral interface
- TCU:
-
Telematics control unit
- UCM:
-
Update and configuration management
- WLAN:
-
Wireless local area network
References
Kathiresh, M., Neelaveni, R., Benny, M. A., & Moses, B. J. S. (2021). Vehicle diagnostics over internet protocol and over-the-air updates. In M. Kathiresh & R. Neelaveni (Eds.), Automotive embedded systems. EAI/Springer innovations in communication and computing. Springer.
Halder, S., Ghosal, A., & Conti, M. (2020). Secure over-the-air software updates in connected vehicles: A survey, computer networks. Computer Networks. https://doi.org/10.1016/j.comnet.2020.107343
Shavit, M., Gryc, A., & Miucic, R. (2007). Firmware update over the air (FOTA) for automotive industry, SAE Technical Paper Asia Pacific Automotive Engineering Conference. https://doi.org/10.4271/2007-01-3523
Le, V. H., den Hartog, J., & Zannone, N. (2018). Security and privacy for innovative automotive applications: A survey. Computer Communications, 132, 17–41. https://doi.org/10.1016/j.comcom.2018.09.010
Florian, S., Martin, L., Sebastian, S., Marko, W., Alexandre, B., Harris, W. R., Somesh, J., Thomas, P., Axel, P., & Samarjit, C. (2013). Security challenges in automotive hardware/software architecture design. In Design, automation & test in europe conference & exhibition, pp 458–463. https://doi.org/10.7873/DATE.2013.102
Yu, H., Lin, C.-W. (2016). Security concerns for automotive communication and software architecture. In IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp 600–603. https://doi.org/10.1109/INFCOMW.2016.7562147
Pike, L., Sharp, J., Tullsen, M., & Hickey Bielman J, P. C. (2013). Secure automotive software: The next steps. IEEE Software, 34(3), 49–55. https://doi.org/10.1109/MS.2017.78
Qiang, Hu., & Luo, F. (2018). Review of secure communication approaches for in-vehicle network. International Journal of Automotive Technology, 19, 879–894. https://doi.org/10.1007/s12239-018-0085-1
Specification of Update and Configuration Management AUTOSAR AP Release 17-10, AUTOSAR, Document ID 888, October 27, (2017). autosar.org/fileadmin/user_upload/standards/adaptive/17-10/AUTOSAR_SWS_UpdateAndConfigManagement.pdf
Specification of Crypto Interface for Adaptive Platform AUTOSAR AP Release 17-10, AUTOSAR, Document ID 883, October 27, (2017). https://www.autosar.org/fileadmin/user_upload/standards/adaptive/17-10/AUTOSAR_SWS_AdaptiveCryptoInterface.pdf
Steger, M., Boano, C. A., Niedermayr, T., Karner, M., Hillebrand, J., Roemer, K., & Rom, W. (2018). An efficient and secure automotive wireless software update framework. IEEE Transactions on Industrial Informatics, 14(5), 2181–2193. https://doi.org/10.1109/TII.2017.2776250
Steger, M., Karner, M., Hillebrand, J., Rom, W., Boano, C., & Römer, K. (2016). Generic framework enabling secure and efficient automotive wireless SW updates. In IEEE 21st international conference on emerging technologies and factory automation (ETFA), pp. 1–8. https://doi.org/10.1109/ETFA.2016.7733575
Mayilsamy, K., Ramachandran, N., & Raj, V. S. (2018). An integrated approach for data security in vehicle diagnostics over IP and software update over the air. Computers & Electrical Engineering, 71, 578–593. https://doi.org/10.1016/j.compeleceng.2018.08.002
Liu, Z., Seo, H., Großschädl, J., & Kim, H. (2016). Efficient implementation of NIST-compliant elliptic curve cryptography for 8-bit AVR-based sensor nodes. IEEE Transactions on Information Forensics and Security, 11(7), 1385–1397. https://doi.org/10.1109/TIFS.2015.2491261
Liu, Z., Weng, J., Hu, Z., & Seo, H. (2016). Efficient elliptic curve cryptography for embedded devices. ACM Transactions Embedded Computing Systems, 16(2), 53:1-53:18. https://doi.org/10.1145/2967103
Chandra, S., Paira, S., Alam, S. S., & Sanyal, G. (2014). A comparative survey of symmetric and asymmetric key cryptography. In Proceedings of 2014 international conference on electronics, communication and computational engineering (ICECCE), pp. 83–93, https://doi.org/10.1109/ICECCE.2014.7086640.
Lara-Nino, C. A., Diaz-Perez, A., & Morales-Sandoval, M. (2018). Elliptic curve lightweight cryptography: A survey. IEEE Access, 6, 72514–72550. https://doi.org/10.1109/ACCESS.2018.2881444
Standards for Efficient Cryptography 2 (SEC 2), Certicom Research, 2010. Retrieved December 15, 2021 from https://info.isl.ntt.co.jp/crypt/eng/archive/dl/oef/nttdoc-oef2-en-20080806.pdf
Kaur, N., & Behal, S. (2014). A survey on various types of steganography and analysis of hiding techniques. International Journal of Engineering Trends and Technology (IJETT), 11(8), 392. https://doi.org/10.14445/22315381/IJETT-V11P276
Sugathan, S. (2016). An improved LSB embedding technique for image steganography. In Proceedings of 2016 2nd international conference on applied and theoretical computing and communication technology (iCATccT), pp 609–612, https://doi.org/10.1109/ICATCCT.2016.7912072
Xing, Z., & Jia, H. (2019). Multilevel color image segmentation based on GLCM and improved Salp Swarm Algorithm. IEEE Access, 7, 37672–37690. https://doi.org/10.1109/ACCESS.2019.2904511
Roberto de Oliveira, P., Delisandra Feltrim, V., Andreia Fondazzi Martimiano, L., & Brasilino Marcal Zanoni, G. (2014). Energy consumption analysis of the cryptographic key generation process of RSA and ECC algorithms in embedded systems. IEEE Latin America Transactions, 12(6), 1141–1148. https://doi.org/10.1109/TLA.2014.6894012
Dumitrescu, S., Wu, X., & Wang, Z. (2003). Detection of LSB steganography via sample pair analysis. IEEE Transactions on Signal Processing, 51(7), 1995–2007. https://doi.org/10.1109/TSP.2003.812753
Benedikt Boehm. (2014). StegExpose—A tool for detecting LSB steganography, arXiv.org. School of Computing University of Kent. https://arxiv.org/abs/1410.6656
Funding
The authors declare that no funds, grants, or other support were received during the preparation of this manuscript. The manuscript has no associated data
Author information
Authors and Affiliations
Contributions
All authors contributed to the study conception, material preparation, algorithms development and their analysis. The first draft of the manuscript was written by KM and all authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors have not disclosed any competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Mayilsamy, K., Ramachandran, N., Moses, B.J.S. et al. A Hybrid Approach to Enhance Data Security in Wireless Vehicle Firmware Update Process. Wireless Pers Commun 125, 665–684 (2022). https://doi.org/10.1007/s11277-022-09571-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-022-09571-8