Systematic threat assessment and security testing of automotive over-the-air updates

  • Shahid Mahmood

    Student thesis: Doctoral ThesisDoctor of Philosophy


    Modern cars host numerous special-purpose, sophisticated computing and connectivity devices facilitating the correct functioning of various in-vehicle systems. These devices in the connected cars host complex software systems with more than 100 million lines of code, requiring regular and timely updates for functional enhancements and most importantly for fixing security-related bugs that could be exploited by adversaries to compromise the security of the vehicle. To replace the old mechanism for updating in-vehicle software which is expensive and inefficient for carmakers and inconvenient for the customers, Over-The-Air (OTA) software update system has emerged as an efficient, cost-effective and convenient solution for delivering software updates to automobiles remotely. While OTA offers several benefits, it introduces new security challenges
    that warrant immediate attention to carry out in-depth security analysis, as attackers can maliciously use the software update systems as attack vectors to undermine the vehicle security and safety. There are numerous studies investigating various aspects of the automotive cybersecurity; however, security testing of automotive OTA has not been covered adequately, with most of the prior work focusing on proposing improved techniques for securing automotive OTA updates. In order to ensure these update systems are effectively secure, thorough security assessment needs to be performed. To the best of our knowledge, there is currently no study that proposes or employs a
    systematic security testing approach for evaluating the security of automotive OTA update systems. This thesis closes this gap by presenting an in-depth security evaluation of Uptane framework, by using a structured threat analysis approach to constructing attack trees and employing a model-based security testing approach for generating effective security test cases. We implement a software tool that generates the security test cases by analyzing the structure of the attack trees and ultimately executing those test cases against the target system. We carried out several experiments mounting various attacks on the reference implementation of Uptane framework. While many of the experimental results showed that the framework is secure, providing effective protection against different threats and cyberattacks, some findings suggest that the reference implementation is vulnerable to the denial-of-service and eavesdropping attacks that can cause the system to fail in responding to legitimate update requests from clients and disclose sensitive information to malicious entities, respectively.
    Date of AwardJul 2021
    Original languageEnglish
    Awarding Institution
    • Coventry University
    SupervisorHoang Nga Nguyen (Supervisor) & Siraj Shaikh (Supervisor)

    Cite this