Systematic threat assessment and security testing of automotive over-the-air (OTA) updates

Shahid Mahmood, Hoang Nga Nguyen, Siraj Shaikh

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)
208 Downloads (Pure)


Modern cars host numerous special-purpose computing and connectivity devices facilitating the correct functioning of various in-vehicle systems. These devices host complex software systems with over 100-million lines of code, requiring regular and timely updates for functional and security improvements. Addressing the shortcomings of the legacy update system, over-the-air (OTA) software update system has emerged as an efficient, cost-effective, and convenient solution for delivering updates to automobiles remotely. While OTA offers several benefits, it introduces new security challenges requiring immediate attention, as attackers can abuse these update systems to undermine the vehicle security and safety. There are numerous studies investigating various aspects of the automotive cybersecurity; however, security testing of automotive OTA has not been covered adequately, with most of the prior work primarily focusing on proposing improved techniques for securing automotive OTA updates. In order to ensure these update systems are effectively secure, thorough security assessment needs to be performed. To the best of our knowledge, there is currently no study that proposes or employs a systematic security testing approach for evaluating the security of automotive OTA update systems. This study closes this gap by presenting an in-depth security evaluation of Uptane framework, by employing a structured threat analysis approach to constructing attack trees and applying a model-based security testing approach for generating effective security test cases. We implement a software tool that generates the security test cases by analysing the structure of the attack trees and ultimately executing those test cases against the target system. We carry out several experimental attacks on the Uptane reference implementation. While many of the experimental results showed that the reference implementation is secure against different threats and cyberattacks, some findings suggest that the implementation is vulnerable to the denial-of-service and eavesdropping attacks.
Original languageEnglish
Article number100468
Number of pages22
JournalVehicular Communications
Early online date18 Mar 2022
Publication statusPublished - Jun 2022

Bibliographical note

This is an Open Access article distributed under the terms of the Creative
Commons Attribution License (,
which permits unrestricted use, distribution, and reproduction in any medium,
provided the original work is properly cited


  • Automotive OTA
  • Automotive cybersecurity
  • Automotive over-the-air
  • Model-based security testing
  • Threat modeling
  • Uptane

ASJC Scopus subject areas

  • Automotive Engineering
  • Electrical and Electronic Engineering


Dive into the research topics of 'Systematic threat assessment and security testing of automotive over-the-air (OTA) updates'. Together they form a unique fingerprint.

Cite this