Cover Image

Don't brick your car: Firmware confidentiality and rollback for vehicles

In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system(s). Therefore, the life cycle of t...

Full description

Saved in:
Bibliographic Details
Main Authors: Mansor, Hafizah, Markantonakis, Konstantinos, Akram, Raja Naeem, Mayes, Keith
Format: Conference or Workshop Item
Language:English
English
Published: IEEE 2015
Subjects:
T175 Industrial research. Research and development
Online Access:http://irep.iium.edu.my/58087/7/58087.pdf
http://irep.iium.edu.my/58087/8/58087-Don%27t%20brick%20your%20car_SCOPUS.pdf
http://irep.iium.edu.my/58087/
http://doi.org/10.1109/ARES.2015.58
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.iium.irep.58087
record_format dspace
spelling my.iium.irep.580872017-08-21T06:47:50Z http://irep.iium.edu.my/58087/ Don't brick your car: Firmware confidentiality and rollback for vehicles Mansor, Hafizah Markantonakis, Konstantinos Akram, Raja Naeem Mayes, Keith T175 Industrial research. Research and development In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system(s). Therefore, the life cycle of these controllers should be carefully managed. In this paper, we examine the vehicular firmware updates process and their associated security issues. We have analysed the security of the firmware update protocol proposed in the EVITA project, referred as EVITA protocol, which is considered as a main industrial effort in this field and found some potential shortcomings. Based on the analysis, in this paper we have suggested a number of improvements to the EVITA protocol, related with safety and security measures. The proposed improved protocol, also referred as EVITA+ protocol includes a rollback mechanism while preserving the confidentiality of the firmware. The integrity and authenticity of the flash driver are also considered in the EVITA+ protocol. The EVITA+ protocol is formally analysed using CasperFDR and Scyther to ensure the security of the firmware update process. Finally, we provide an insight analysis and our experience in relation to the efficiency, suitability and performance of the aforementioned tools in the field of automotive security. IEEE 2015 Conference or Workshop Item REM application/pdf en http://irep.iium.edu.my/58087/7/58087.pdf application/pdf en http://irep.iium.edu.my/58087/8/58087-Don%27t%20brick%20your%20car_SCOPUS.pdf Mansor, Hafizah and Markantonakis, Konstantinos and Akram, Raja Naeem and Mayes, Keith (2015) Don't brick your car: Firmware confidentiality and rollback for vehicles. In: 10th International Conference on Availability, Reliability and Security (ARES 2015), 24th-27th August 2015, Toulouse, France. http://doi.org/10.1109/ARES.2015.58 10.1109/ARES.2015.58
institution Universiti Islam Antarabangsa Malaysia
building IIUM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider International Islamic University Malaysia
content_source IIUM Repository (IREP)
url_provider http://irep.iium.edu.my/
language English
English
topic T175 Industrial research. Research and development
spellingShingle T175 Industrial research. Research and development
Mansor, Hafizah
Markantonakis, Konstantinos
Akram, Raja Naeem
Mayes, Keith
Don't brick your car: Firmware confidentiality and rollback for vehicles
description In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system(s). Therefore, the life cycle of these controllers should be carefully managed. In this paper, we examine the vehicular firmware updates process and their associated security issues. We have analysed the security of the firmware update protocol proposed in the EVITA project, referred as EVITA protocol, which is considered as a main industrial effort in this field and found some potential shortcomings. Based on the analysis, in this paper we have suggested a number of improvements to the EVITA protocol, related with safety and security measures. The proposed improved protocol, also referred as EVITA+ protocol includes a rollback mechanism while preserving the confidentiality of the firmware. The integrity and authenticity of the flash driver are also considered in the EVITA+ protocol. The EVITA+ protocol is formally analysed using CasperFDR and Scyther to ensure the security of the firmware update process. Finally, we provide an insight analysis and our experience in relation to the efficiency, suitability and performance of the aforementioned tools in the field of automotive security.
format Conference or Workshop Item
author Mansor, Hafizah
Markantonakis, Konstantinos
Akram, Raja Naeem
Mayes, Keith
author_facet Mansor, Hafizah
Markantonakis, Konstantinos
Akram, Raja Naeem
Mayes, Keith
author_sort Mansor, Hafizah
title Don't brick your car: Firmware confidentiality and rollback for vehicles
title_short Don't brick your car: Firmware confidentiality and rollback for vehicles
title_full Don't brick your car: Firmware confidentiality and rollback for vehicles
title_fullStr Don't brick your car: Firmware confidentiality and rollback for vehicles
title_full_unstemmed Don't brick your car: Firmware confidentiality and rollback for vehicles
title_sort don't brick your car: firmware confidentiality and rollback for vehicles
publisher IEEE
publishDate 2015
url http://irep.iium.edu.my/58087/7/58087.pdf
http://irep.iium.edu.my/58087/8/58087-Don%27t%20brick%20your%20car_SCOPUS.pdf
http://irep.iium.edu.my/58087/
http://doi.org/10.1109/ARES.2015.58
_version_ 1643615280345120768
score 13.214268

Similar Items