by KENOTOM,
In the modern automotive industry, vehicles are becoming more intelligent with increased needs for connectivity and updates throughout their lifecycle. Some years ago, most vehicles were using fewer electronic components with limited needs for Software (SW) updates. If a SW update was needed, the vehicle on most cases had to be taken to a dealership. Today however, vehicle functionalities such as Autonomous Driving (AD) and Advanced Driver Assistance Systems (ADAS) require constant SW updates, for improvements, bug fixes and functionality enhancement. This shift requires manufacturers to use Over-the-Air (OTA) SW update technology, for streamlining operations and maintenance, while at the same time reducing costs and simplifying user experience.
Figure 1 : Over-the-Air topology.
What is an Over-the-Air Update?
An OTA update allows Original Equipment Manufacturers (OEMs) to wirelessly send SW to vehicles, where it is automatically installed and thus the need for the owner to get the vehicle to a service center is eliminated. Consequently, the cost of SW/FW updates will be substantially reduced, both for OEMs and customers. OEMs will be able to immediately patch SW bugs without the need of releasing costly recalls, while at the same time the customer will enjoy an enhanced vehicle experience.
Over-the-Air Update Advantages
OTA update is beneficial in numerous ways:
- No in-person recalls: An OTA-serviced recall will be performed much faster, since a visit from the owner will not be necessary. Additionally, the public exposure of the recall problem will not be required, thus eliminating bad publicity for the OEM.
- Time and money savings: Besides saving time for the vehicle owner, OTA updates can result in significant savings for the automaker when it comes to labor costs.
- Diagnostics collection: This procedure could be simplified, since OEMs will be receiving data from the vehicles through OTA technology for the needed diagnostic information.
- Enhancement of features: With OTA feature updates, a vehicle can become better-equipped as it ages, resulting in a slower rate of depreciation. In some cases, OTA-added features and capabilities may even increase the value of a vehicle.
- Compliance/Safety: As new rules and standards are introduced, especially in AD/ADAS, these can be easily integrated to the vehicles through OTA updates.
Over-the-Air Update Challenges
In the automotive sector, OTA updates face some major challenges when it comes to security. Although service departments may save money in labor costs due to OTA updates, there is significant risk of security attacks during the procedure of the update. Besides the danger of personal information exposure, the driver can also end up in hazardous situations if an attacker successfully injects malicious SW within the vehicle. Such attacks could result in significant compromise of critical vehicle ECUs, that could lead to major malfunctions such as locking of the vehicle or abnormal operation of the engine, transmission, steering, braking, etc.
REWIRE on Over-the-Air Updates
Wireless SW and FW updates carry the risk of security attacks and therefore it is imperative to establish robust security measures and fail-safe mechanisms to counter potential cyber threats. The REWIRE framework aims to streamline automotive OTA security and reinforce existing security protocols. Here are the key components of the REWIRE approach:
- Code Differentiation: To enhance security, REWIRE segregates the code responsible for performing SW/FW updates from the main current code, using Trusted Execution Environments (TEE).
- Encryption and Authentication: Secure OTA update processes require encryption and authentication. REWIRE employs the side-channel resistant mode of operation for the authenticated encryption AES scheme which is used for encrypting and authenticating SW updates.
- Attestation Mechanisms: These mechanisms validate the state of the updated component, providing enhanced security and operational assurance, ensuring that the correct update is installed on the vehicle.
- Risk Assessment: If the attestation fails, the device promptly transmits the status of the failed attestation to the REWIRE risk assessment component. This ensures administrators are aware of potential attacks.
- Sanitized Update Packages: Only thoroughly validated update packages—free from common vulnerabilities and implementation flaws—are deployed.
- Individualized Communication: The update process maintains a “one-to-one” communication between administrators and each vehicle, as each vehicle possesses its unique keys and attestation properties.
With all the above features, REWIRE framework aims at facilitating easier and more secure OTA updates, as well as the verification of SW/FW updates after application. These attributes are essential in the automotive industry of today (and tomorrow), to make the driving experience and the maintenance of vehicles safer and more flexible. Stay tuned as more updates will follow…
References
- Halder, Subir, Amrita Ghosal, and Mauro Conti. “Secure over-the-air software updates in connected vehicles: A survey.” Computer Networks 178 (2020): 107343.
- Bauwens, Jan, et al. “Over-the-air software updates in the internet of things: An overview of key principles.” IEEE Communications Magazine2 (2020): 35-41.