TY - UNPB
T1 - An Adaptable Security-by-Design Approach for Ensuring a Secure Over the Air (Ota) Update in Modern Vehicles
AU - Iyieke, Victormills Onyekachi
AU - Jadidbonab, Hesamaldin
AU - Bryans, Jeremy W.
AU - Rakib, Abdur
AU - Dhaliwal, Don
AU - Kosmas, Odysseas
PY - 2024/1/31
Y1 - 2024/1/31
N2 - The increase in Connected and Automated Vehicles (CAVs) and Intelligence Transport Systems (ITSs) by OEMs has increased the requirement for modern vehicle sophistication comprising various software capabilities and functionality embedded in over 100 ECUs in a vehicle. This has led to the need for over-the-air (OTA) updates. OTA updates can be delivered wirelessly, eliminating the need to bring vehicles to the garage for updates. This is more convenient for owners, reduces costs for OEMs, and lowers greenhouse gas emissions. Researchers, Industrial partners, and OEMs have developed several OTA technology standards, such as the Uptane framework, Open Mobile Alliance Device Management (OMA-DM), ISO 24089, and ISO 21434 standards. However, the systematic implementation of security-by-design applying ISO 21434 in OTA systems is not well-known, and there remains a gap in this practice of security-by-design that the automotive industry can adapt to ensure a systematic approach to secure OTA update technology. OTA update security hinges on identifying vulnerability pathways for potential malicious attacks. Therefore, identifying and mitigating potential vulnerabilities throughout the OTA update process is critical for robust security. This paper proposes a secure OTA update technique with an adaptable security-by-design approach built and extended from our work in Iyieke et al. (2023). The adaptable security-by-design approach is then applied to a developed prototype OTA update system based on the Uptane framework as implemented by Toradex. Security-by-design is a wellestablished concept in enterprise systems, but it is still developing in the cyber-physical system of automotive cybersecurity. Our proposed approach covers the security engineering lifecycle, logical security layered concept, and security architecture. A threat analysis and risk assessment (TARA) is conducted based on the international automotive cybersecurity standard ISO/SAE 21434. The highest threats identified from the TARA are formalized, and corresponding mitigation actions are defined according to UNECE WP29. Penetration testing is conducted to verify the approach’s capability to reinforce the security of the OTA update systems against some of the identified risks and threats. Our proposed approach provides a systematic, adaptable security-by-design approach for ensuring secure OTA updates in modern vehicles; OEMs and other stakeholders can use it to develop secure OTA systems regardless of the OTA framework used.
AB - The increase in Connected and Automated Vehicles (CAVs) and Intelligence Transport Systems (ITSs) by OEMs has increased the requirement for modern vehicle sophistication comprising various software capabilities and functionality embedded in over 100 ECUs in a vehicle. This has led to the need for over-the-air (OTA) updates. OTA updates can be delivered wirelessly, eliminating the need to bring vehicles to the garage for updates. This is more convenient for owners, reduces costs for OEMs, and lowers greenhouse gas emissions. Researchers, Industrial partners, and OEMs have developed several OTA technology standards, such as the Uptane framework, Open Mobile Alliance Device Management (OMA-DM), ISO 24089, and ISO 21434 standards. However, the systematic implementation of security-by-design applying ISO 21434 in OTA systems is not well-known, and there remains a gap in this practice of security-by-design that the automotive industry can adapt to ensure a systematic approach to secure OTA update technology. OTA update security hinges on identifying vulnerability pathways for potential malicious attacks. Therefore, identifying and mitigating potential vulnerabilities throughout the OTA update process is critical for robust security. This paper proposes a secure OTA update technique with an adaptable security-by-design approach built and extended from our work in Iyieke et al. (2023). The adaptable security-by-design approach is then applied to a developed prototype OTA update system based on the Uptane framework as implemented by Toradex. Security-by-design is a wellestablished concept in enterprise systems, but it is still developing in the cyber-physical system of automotive cybersecurity. Our proposed approach covers the security engineering lifecycle, logical security layered concept, and security architecture. A threat analysis and risk assessment (TARA) is conducted based on the international automotive cybersecurity standard ISO/SAE 21434. The highest threats identified from the TARA are formalized, and corresponding mitigation actions are defined according to UNECE WP29. Penetration testing is conducted to verify the approach’s capability to reinforce the security of the OTA update systems against some of the identified risks and threats. Our proposed approach provides a systematic, adaptable security-by-design approach for ensuring secure OTA updates in modern vehicles; OEMs and other stakeholders can use it to develop secure OTA systems regardless of the OTA framework used.
KW - Security-by-design
KW - Automotive Cybersecurity
KW - Over the Air Update (OTA)
KW - Threat Analysis and Risk Assessments (TARA)
KW - Connected and Automated Vehicles (CAVs)
KW - Intelligence Transport Systems (ITS)
KW - Security Architecture
U2 - 10.2139/ssrn.4711138
DO - 10.2139/ssrn.4711138
M3 - Preprint
BT - An Adaptable Security-by-Design Approach for Ensuring a Secure Over the Air (Ota) Update in Modern Vehicles
PB - Social Science Research Network (SSRN)
ER -