Breaking the Vehicle Over-The-Air Update System


Project Description

A modern vehicle is composed of around 100 Electronic Control Unit (ECU) connected via several types of networks. An ECU is an embedded device, similar to a RaspberryPI, running an operating system, e.g., Linux-based or real-time OS, on top of which different software and firmware may run, depending on the application. Due to the imperfection of humans, software can have faults and vulnerabilities, which can lead to catastrophic failures that threatens human lives. This makes the manufacturers liable to such failures and thus often caused millions of vehicles recalls for repair. A smart solution is to take advantage of the vehicle connectivity to the Internet and surrounding and perform Over-The-Air (OTA) software and firmware when needed, very similar to smart phone software updates. It is clear that this process is critical and can have negative consequences if the OTA update system unreliable and insecure. We have introduced an OTA protocol and corresponding Proof of Concept (PoC) implementation that ensure an end-to-end chain of trust between all stakeholders: the manufacturer, suppliers, brokers, and the vehicle.
Program - Computer Science
Division - Computer, Electrical and Mathematical Sciences and Engineering
Center Affiliation - Resilient Computing and Cybersecurity Center
Field of Study - Connected Vehicles, Autonomous Vehicles, Software updates, Over-the-Air (OTA), security

About the

Paulo Esteves-Verissimo

Professor, Computer Science and Director, Resilient Computing and Cybersecurity Center (Computer, Electrical and Mathematical Science and Engineering Division)

Paulo Esteves-Verissimo

Desired Project Deliverables

The goal of this project is to demonstrate some attacks by running the PoC on embedded devices or even in a real vehicle. The role of the intern will be to understand the system and extend the demos we have already done in software, and experiment them empirically on real relevant devices. The objectives are to (1) raise awareness to the consequences of not doing OTA updates right, (2) to gauge if our system is secure empirically (3), and to improve it if is not.