Don't brick your car: Firmware confidentiality and rollback for vehicles
In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system(s). Therefore, the life cycle of t...
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English English |
| Published: |
IEEE
2015
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/58087/ http://irep.iium.edu.my/58087/ http://irep.iium.edu.my/58087/ http://irep.iium.edu.my/58087/7/58087.pdf http://irep.iium.edu.my/58087/8/58087-Don%27t%20brick%20your%20car_SCOPUS.pdf |
| id |
iium-58087 |
|---|---|
| recordtype |
eprints |
| spelling |
iium-580872017-08-21T06:47:50Z http://irep.iium.edu.my/58087/ Don't brick your car: Firmware confidentiality and rollback for vehicles Mansor, Hafizah Markantonakis, Konstantinos Akram, Raja Naeem Mayes, Keith T175 Industrial research. Research and development In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system(s). Therefore, the life cycle of these controllers should be carefully managed. In this paper, we examine the vehicular firmware updates process and their associated security issues. We have analysed the security of the firmware update protocol proposed in the EVITA project, referred as EVITA protocol, which is considered as a main industrial effort in this field and found some potential shortcomings. Based on the analysis, in this paper we have suggested a number of improvements to the EVITA protocol, related with safety and security measures. The proposed improved protocol, also referred as EVITA+ protocol includes a rollback mechanism while preserving the confidentiality of the firmware. The integrity and authenticity of the flash driver are also considered in the EVITA+ protocol. The EVITA+ protocol is formally analysed using CasperFDR and Scyther to ensure the security of the firmware update process. Finally, we provide an insight analysis and our experience in relation to the efficiency, suitability and performance of the aforementioned tools in the field of automotive security. IEEE 2015 Conference or Workshop Item PeerReviewed application/pdf en http://irep.iium.edu.my/58087/7/58087.pdf application/pdf en http://irep.iium.edu.my/58087/8/58087-Don%27t%20brick%20your%20car_SCOPUS.pdf Mansor, Hafizah and Markantonakis, Konstantinos and Akram, Raja Naeem and Mayes, Keith (2015) Don't brick your car: Firmware confidentiality and rollback for vehicles. In: 10th International Conference on Availability, Reliability and Security (ARES 2015), 24th-27th August 2015, Toulouse, France. http://doi.org/10.1109/ARES.2015.58 10.1109/ARES.2015.58 |
| repository_type |
Digital Repository |
| institution_category |
Local University |
| institution |
International Islamic University Malaysia |
| building |
IIUM Repository |
| collection |
Online Access |
| language |
English English |
| topic |
T175 Industrial research. Research and development |
| spellingShingle |
T175 Industrial research. Research and development Mansor, Hafizah Markantonakis, Konstantinos Akram, Raja Naeem Mayes, Keith Don't brick your car: Firmware confidentiality and rollback for vehicles |
| description |
In modern cars, there are a number of controllers
that play a major role in the overall operations
of the vehicles. The secure and updated firmware of these
controllers is crucial to the overall security and reliability
of the vehicle and its electronic system(s). Therefore, the
life cycle of these controllers should be carefully managed.
In this paper, we examine the vehicular firmware updates
process and their associated security issues. We have analysed
the security of the firmware update protocol proposed in
the EVITA project, referred as EVITA protocol, which is
considered as a main industrial effort in this field and
found some potential shortcomings. Based on the analysis,
in this paper we have suggested a number of improvements
to the EVITA protocol, related with safety and security
measures. The proposed improved protocol, also referred
as EVITA+ protocol includes a rollback mechanism while
preserving the confidentiality of the firmware. The integrity
and authenticity of the flash driver are also considered in the
EVITA+ protocol. The EVITA+ protocol is formally analysed
using CasperFDR and Scyther to ensure the security of
the firmware update process. Finally, we provide an insight
analysis and our experience in relation to the efficiency,
suitability and performance of the aforementioned tools in
the field of automotive security. |
| format |
Conference or Workshop Item |
| author |
Mansor, Hafizah Markantonakis, Konstantinos Akram, Raja Naeem Mayes, Keith |
| author_facet |
Mansor, Hafizah Markantonakis, Konstantinos Akram, Raja Naeem Mayes, Keith |
| author_sort |
Mansor, Hafizah |
| title |
Don't brick your car: Firmware confidentiality and rollback for vehicles |
| title_short |
Don't brick your car: Firmware confidentiality and rollback for vehicles |
| title_full |
Don't brick your car: Firmware confidentiality and rollback for vehicles |
| title_fullStr |
Don't brick your car: Firmware confidentiality and rollback for vehicles |
| title_full_unstemmed |
Don't brick your car: Firmware confidentiality and rollback for vehicles |
| title_sort |
don't brick your car: firmware confidentiality and rollback for vehicles |
| publisher |
IEEE |
| publishDate |
2015 |
| url |
http://irep.iium.edu.my/58087/ http://irep.iium.edu.my/58087/ http://irep.iium.edu.my/58087/ http://irep.iium.edu.my/58087/7/58087.pdf http://irep.iium.edu.my/58087/8/58087-Don%27t%20brick%20your%20car_SCOPUS.pdf |
| first_indexed |
2023-09-18T21:22:07Z |
| last_indexed |
2023-09-18T21:22:07Z |
| _version_ |
1777411951295463424 |