Let’s Get Mobile: Secure FOTA for Automotive System
Over-the-air (OTA) firmware update is available in some systems such as mobile networks. Security plays a vital role to ensure that the firmware update process is successful despite possible threats against it. Therefore mobile devices may be useful to support the OTA firmware update process for other devices such as those used for automotive applications. Using a mobile device as a tool can offer added security features as well as giving flexibility to the process. Automotive security is of high importance as it is critically related to the safety and reliability of the vehicle. We propose a secure OTA firmware update (FOTA) protocol to offer flexibility to the firmware update process, while meeting the required security requirements. The protocol was formally analysed using Scyther and CasperFDR and no known attack was found.
KeywordsFirmware update Over-the-air Electronic Control Unit Formal analysis CasperFDR Scyther
Unable to display preview. Download preview PDF.
- 1.Cremers, C.: Scyther User Manual, draft edn (February 2014)Google Scholar
- 3.Flach, T., Mishra, N., Pedrosa, L., Riesz, C., Govindan, R.: Carma: towards personalized automotive tuning. In: Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems, pp. 135–148. ACM (2011)Google Scholar
- 4.Henniger, O.: EVITA: E-Safety Vehicle Intrusion Protected Applications. Technical report, EVITA (2011)Google Scholar
- 5.Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST), pp. 641–646. IEEE (2009)Google Scholar
- 6.Idrees, M.S., Schweppe, H., Roudier, Y., Wolf, M., Scheuermann, D., Henniger, O.: Secure automotive on-board protocols: a case of over-the-air firmware updates. In: Strang, T., Festag, A., Vinel, A., Mehmood, R., Rico Garcia, C., Röckl, M. (eds.) Nets4Trains/Nets4Cars 2011. LNCS, vol. 6596, pp. 224–238. Springer, Heidelberg (2011) CrossRefGoogle Scholar
- 7.Lowe, G.: Casper: A compiler for the analysis of security protocols. Journal of Computer Security 6(1), 53–84 (1998)Google Scholar