This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Secure Boot Revisited: Challenges for Secure Implementations in the Automotive Domain
ISSN: 2572-1046, e-ISSN: 2572-1054
Published August 13, 2020 by SAE International in United States
Citation: Sanwald, S., Kaneti, L., Stöttinger, M., and Böhner, M., "Secure Boot Revisited: Challenges for Secure Implementations in the Automotive Domain," SAE Int. J. Transp. Cyber. & Privacy 2(2):69-81, 2019, https://doi.org/10.4271/11-02-02-0008.
Secure boot, although known for more than 20 years, frequent attacks from hackers that show numerous ways to bypass the security mechanism, including electronic control units (ECUs) of the automotive industry. This paper investigates the major causes of security weaknesses of secure boot implementations. Based on penetration test experiences, we start from an attacker’s perspective to identify and outline common implementation weaknesses. Then, from a Tier-One perspective, we analyze challenges in the research and development process of ECUs between original equipment manufacturers (OEMs) and suppliers that amplify the probability of such weakness. The paper provides recommendations to increase the understanding of implementing secure boot securely on both sides and derives a set of reference requirements as a starting point for secure boot ECU requirements.