A Generic System for Automotive Software Over the Air (SOTA) Updates Allowing Efficient Variant and Release Management

  • Houssem GuissoumaEmail author
  • Axel Diewald
  • Eric Sax
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 852)


The introduction of Software Over The Air (SOTA) Updates in the automotive industry offers both the Original Equipment Manufacturer and the driver many advantages such as cost savings through inexpensive over the air bug fixes. Furthermore, it enables enhancing the capabilities of future vehicles throughout their life-cycle. However, before making SOTA a reality for safety-critical automotive functions, major challenges must be deeply studied and resolved: namely the related security risks and the required high system safety. The security concerns are primarily related to the attack and manipulation threats of wireless connected and update-capable cars. The functional safety requirements must be fulfilled despite the agility needed by some software updates and the typically high variants numbers.

We studied the state of the art and developed a generic SOTA updates system based on a Server-Client architecture and covering main security and safety aspects including a rollback capability. The proposed system offers release and variant management, which is the main novelty of this work. The proof of concept implementation with a server running on a host PC and an exemplary Electric/Electronic network showed the feasibility and the benefits of SOTA updates.


Connected vehicles SOTA updates Variant management Security Safety Release management Electronic control unit 


  1. 1.
    Staron, M.: Automotive Software Architectures: An Introduction, 1st edn. Springer, Cham (2017)CrossRefGoogle Scholar
  2. 2.
    Hobbs, C.: Embedded Software Development for Safety-Critical Systems. Auerbach Publications, Boston (2015)CrossRefGoogle Scholar
  3. 3.
    Sax, E.: Automatisiertes Testen Eingebetteter Systeme in der Automobilindustrie. Hanser-Verlag, München (2008). ISBN 978-3-446-41635-2Google Scholar
  4. 4.
    Khurram, M., Kumar, H., Chandak, A., Sarwade, V., Arora, N., Quach, T.: Enhancing connected car adoption: Security and over the air update framework. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 194–198, December 2016Google Scholar
  5. 5.
    Nilsson, D.K., Sun, L., Nakajima, T.: A framework for selfverification of firmware updates over the air in vehicle ECUs. In: 2008 IEEE Globecom Workshops, pp. 1–5, November 2008Google Scholar
  6. 6.
    Bird, E., Colin, J.: Improving software, reliability & innovation - executive summary. IHS Technology, Technical report (2015)Google Scholar
  7. 7.
    Sax, E., Reussner, R., Guissouma, H., Klare, H.: A survey on the state and future of automotive software release and configuration management. KIT, Technical report, November 2017Google Scholar
  8. 8.
    Dakroub, H., Cadena, R.: Analysis of software update in connected vehicles. SAE Int. J. Passeng. Cars Electron. Electr. Syst. 7(2), 411–417 (2014).
  9. 9.
    Els, E.: The hackers holy grail - the OBD has manufacturers worried. In: Automotive Diagnostic Systems. CarTech Inc., Denver, June 2017Google Scholar
  10. 10.
    Odat, H.A., Ganesan, S.: Firmware over the air for automotive, fotamotive. In: IEEE International Conference on Electro/Information Technology, pp. 130–139, June 2014Google Scholar
  11. 11.
    Liu, L., Moulic, R., Shea, D.: Cloud service portal for mobile device management. In: 2010 IEEE 7th International Conference on E-Business Engineering, pp. 474–478, November 2010Google Scholar
  12. 12.
    Shin, J., Chung, Y., Ko, K.S., Eom, Y.I.: Design and implementation of the management agent for mobile devices based on OMA DM. In: Proceedings of the 2nd International Conference on Ubiquitous Information Management and Communication, ICUIMC 2008, pp. 575–579. ACM (2008)Google Scholar
  13. 13.
    Culver, M.: Over-the-air software updates to create boon for automotive market, IHS says. IHS Automotive, September 2015Google Scholar
  14. 14.
    Tesla: Software updates (2017).
  15. 15.
    Nilsson, D.K., Larson, U.E.: Secure firmware updates over the air in intelligent vehicles. In: ICC Workshops - 2008 IEEE International Conference on Communications Workshops, pp. 380–384, May 2008Google Scholar
  16. 16.
    Mansour, K., Farag, W., ElHelw, M.: AiroDiag: a sophisticated tool that diagnoses and updates vehicles software over air. In: 2012 IEEE International Electric Vehicle Conference, pp. 1–7, March 2012Google Scholar
  17. 17.
    Freiwald, A., Hwang, G.: Safe and secure software updates over the air for electronic brake control systems. SAE Int. J. Passeng. Cars Electron. Electr. Syst. 10(1), 71–82 (2016)Google Scholar
  18. 18.
    Tilkov, S., Vinoski, S.: Node.js: using JavaScript to build high-performance network programs. IEEE Internet Comput. 14(6), 80–83 (2010).
  19. 19.
    Internet Engineering Task Force (IETF): OAuth 2.0 Authorization Framework, May 2018.
  20. 20.
    Tse, D.W.K., Chen, D., Liu, Q., Wang, F., Wei, Z.: Emerging issues in cloud storage security: encryption, key management, data redundancy, trust mechanism. In: Wang, L.S.-L., June, J.J., Lee, C.-H., Okuhara, K., Yang, H.-C. (eds.) Multidisciplinary Social Networks Research. Springer, Heidelberg (2014)Google Scholar
  21. 21.
    Schmittner, C., Ma, Z., Reyes, C., Dillinger, O., Puschner, P.: Using SAE J3061 for Automotive Security Requirement EngineeringGoogle Scholar
  22. 22.
    Volkswagen: Online configuratro, February 2016.
  23. 23.
    Berger, T., Rublack, R., Nair, D., Atlee, J.M., Becker, M., Czarnecki, K., Wasowski, A.: A survey of variability modeling in industrial practice. In: Proceedings of the Seventh International Workshop on Variability Modelling of Software-intensive Systems (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Karlsruhe Institute of TechnologyKarlsruheGermany

Personalised recommendations