Advertisement

Let’s Get Mobile: Secure FOTA for Automotive System

  • Hafizah Mansor
  • Konstantinos Markantonakis
  • Raja Naeem Akram
  • Keith Mayes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9408)

Abstract

Over-the-air (OTA) firmware update is available in some systems such as mobile networks. Security plays a vital role to ensure that the firmware update process is successful despite possible threats against it. Therefore mobile devices may be useful to support the OTA firmware update process for other devices such as those used for automotive applications. Using a mobile device as a tool can offer added security features as well as giving flexibility to the process. Automotive security is of high importance as it is critically related to the safety and reliability of the vehicle. We propose a secure OTA firmware update (FOTA) protocol to offer flexibility to the firmware update process, while meeting the required security requirements. The protocol was formally analysed using Scyther and CasperFDR and no known attack was found.

Keywords

Firmware update Over-the-air Electronic Control Unit Formal analysis CasperFDR Scyther 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Cremers, C.: Scyther User Manual, draft edn (February 2014)Google Scholar
  2. 2.
    Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  3. 3.
    Flach, T., Mishra, N., Pedrosa, L., Riesz, C., Govindan, R.: Carma: towards personalized automotive tuning. In: Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems, pp. 135–148. ACM (2011)Google Scholar
  4. 4.
    Henniger, O.: EVITA: E-Safety Vehicle Intrusion Protected Applications. Technical report, EVITA (2011)Google Scholar
  5. 5.
    Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST), pp. 641–646. IEEE (2009)Google Scholar
  6. 6.
    Idrees, M.S., Schweppe, H., Roudier, Y., Wolf, M., Scheuermann, D., Henniger, O.: Secure automotive on-board protocols: a case of over-the-air firmware updates. In: Strang, T., Festag, A., Vinel, A., Mehmood, R., Rico Garcia, C., Röckl, M. (eds.) Nets4Trains/Nets4Cars 2011. LNCS, vol. 6596, pp. 224–238. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  7. 7.
    Lowe, G.: Casper: A compiler for the analysis of security protocols. Journal of Computer Security 6(1), 53–84 (1998)Google Scholar
  8. 8.
    Wolf, M., Gendrullis, T.: Design, implementation, and evaluation of a vehicular hardware security module. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 302–318. Springer, Heidelberg (2012) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Hafizah Mansor
    • 1
  • Konstantinos Markantonakis
    • 1
  • Raja Naeem Akram
    • 1
  • Keith Mayes
    • 1
  1. 1.Information Security Group, Smart Card CentreRoyal Holloway, University of LondonEghamUK

Personalised recommendations