Introduction and Challenge
The automotive sector is experiencing one of the most profound transformations in its history, with vehicles being transformed from mechanical machines to highly connected, software-defined platforms. Modern cars host dozens of ECUs and rely on real-time software functionalities to manage everything from braking and steering to infotainment, connectivity, and advanced driver assistance systems. This growing software dependency brings with it a major security challenge. Software flaws can have life-critical consequences, making secure and continuous software updates, trust monitoring, and migration of software functions non-negotiable. The REWIRE Project succeeded to addresses those problems, demonstrating how trusted computing, formal verification, and secure attestation can protect the entire lifecycle of in-vehicle systems.
In the general context, vehicles must operate continuously and reliably in highly dynamic environments. Their electronic architectures are complex, comprising components sourced from multiple suppliers. They are often exposed to both physical and remote attack vectors, and they must remain secure over long lifespans—often exceeding 15 years. Updating and securing these systems is notoriously challenging, especially when large fleets are involved. Traditional patch management approaches are slow, involve significant manual intervention, and often leave systems vulnerable for extended periods. Attackers can exploit these windows to inject malicious software, compromise ECUs, or tamper with communication channels. A new security model is required—one that can guarantee integrity and trust across the vehicle’s entire lifecycle.
REWIRE Architecture and Experimental Setup in Automotive
The REWIRE automotive demonstrator integrates several complementary components into a unified security framework. The Trusted Computing Base (TCB) anchors runtime attestation, secure migration, and process state verification. Zero-Touch Onboarding (ZTO) automates secure enrollment of components into the vehicle network. The secure Over-the-Air (OTA) update mechanism ensures that software patches are distributed rapidly and verifiably. The Key Management System (KMS) harmonizes cryptographic operations across different ECUs, while the Migration Service allows functions to be moved seamlessly from one ECU to another in case of compromise or failure. Finally, the Facility Layer and AI-based Misbehaviour Detection Engine provide orchestration and monitoring capabilities that ensure real-time detection and response.This integrated approach makes it possible to maintain trust and operational integrity across the entire in-vehicle ecosystem.
In order to evaluate REWIRE in realistic conditions, the consortium developed an automotive testbed mirroring real E/E architectures. RISC-V-based StarFive VisionFive 2 boards were configured as ECUs, connected via a simulated in-vehicle network to a central controller responsible for updates and key management. This setup was paired with NVIDIA’s virtual environment to simulate real driving scenarios and control subsystems such as steering and speed. This combination allowed the team to test REWIRE’s capabilities under load and in operationally relevant conditions. In addition, REWIRE’s OTA mechanism ensures that update packages are encrypted, integrity-protected, and verified at every stage of their lifecycle. Each ECU receives its update over a secure channel, verifies its trust state, and confirms successful installation to the controller. Key synchronization and rotation are handled automatically through the KMS, ensuring that cryptographic material remains secure. This model enables manufacturers to update entire fleets in minutes rather than hours, eliminating many of the vulnerabilities associated with delayed patching and manual processes.
Conclusions
The connected car revolution requires security architectures that match its pace. REWIRE delivers exactly that: trusted computing, automated onboarding, secure patching, and seamless migration. It shows that the automotive edge can be both intelligent and trustworthy, setting the stage for safer, more resilient mobility systems. The automotive pilot demonstrated the feasibility of integrating zero-touch onboarding, secure OTA patching, and software migration into real-world vehicle architectures. This enhances operational resilience, reduces costs, and positions manufacturers to comply more easily with emerging regulatory frameworks. The impact extends beyond security—it strengthens trust in the entire automotive ecosystem.