An adaptable security-by-design approach for ensuring a secure Over the Air (OTA) update in modern vehicles

Research output: Contribution to journalArticlepeer-review

13 Downloads (Pure)

Abstract

The rise in Connected and Automated Vehicles (CAVs) and Intelligent Transport Systems (ITSs) introduced by OEMs has increased the demand for modern vehicle sophistication. This sophistication involves a variety of software capabilities and functionalities embedded in over 100 ECUs in a vehicle. This has led to the need for over-the-air (OTA) updates. OTA updates can be delivered wirelessly, eliminating the need to bring vehicles to the garage for updates. This is more convenient for owners, reduces costs for OEMs, and reduces greenhouse gas emissions. There exist different OTA update considerations that are adopted by automotive OEMs, such as the Uptane framework, Open Mobile Alliance Device Management (OMA-DM) standard, and the general ISO 24089 standard, including subvariance of Uptane and OMA-DM. However, the systematic implementation of security-by-design applying ISO 21434 in OTA systems is less employed, and there remains a gap in this practice of security-by-design that the automotive industry can adapt to ensure a systematic approach to secure OTA update technology. OTA update security hinges on identifying vulnerability pathways for potential malicious attacks. Therefore, identifying and mitigating potential vulnerabilities throughout the OTA update process is critical for robust security. This paper proposes an adaptable security-by-design approach to OTA update, built and extended from our work Iyieke et al. (2023). The adaptable security-by-design approach is then applied to a developed prototype OTA update system based on the Uptane framework as implemented by Toradex. Security-by-design is a well-established concept in enterprise systems, but is still developing in the cyber–physical system of automotive cybersecurity. Our proposed approach covers the security engineering lifecycle, the logical security layered concept, and the security architecture. A threat analysis and risk assessment (TARA) is performed based on the international automotive cybersecurity standard ISO/SAE 21434. The highest threats identified from the TARA are formalized, and corresponding mitigation actions are defined according to UNECE WP29. Penetration testing is conducted to verify the approach’s capability to reinforce the security of the OTA update systems against some of the identified risks and threats. Our proposed approach provides a systematic and adaptable security-by-design approach to ensure secure OTA updates in modern vehicles; OEMs and other stakeholders can use it to develop secure OTA systems regardless of the OTA update technology used.
Original languageEnglish
Article number104268
Number of pages28
JournalComputers and Security
Volume150
Early online date14 Dec 2024
DOIs
Publication statusE-pub ahead of print - 14 Dec 2024

Bibliographical note

This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).

Funding

The authors gratefully acknowledge the invaluable support of CONIGITAL LTD for their generous sponsorship of this research through their Ph.D. research student program.

FundersFunder number
Conigital Limited

    Keywords

    • Security-by-design
    • Automotive cybersecurity
    • Over the Air update (OTA)
    • Threat analysis and risk assessments (TARA)
    • Connected and Automated Vehicles (CAVs)
    • Intelligence Transport Systems (ITS)
    • Security architecture

    Fingerprint

    Dive into the research topics of 'An adaptable security-by-design approach for ensuring a secure Over the Air (OTA) update in modern vehicles'. Together they form a unique fingerprint.

    Cite this