This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Assuring Vehicle Update Integrity Using Asymmetric Public Key Infrastructure (PKI) and Public Key Cryptography (PKC)

Journal Article
11-02-02-0013
ISSN: 2572-1046, e-ISSN: 2572-1054
Published August 24, 2020 by SAE International in United States
Assuring Vehicle Update Integrity Using Asymmetric Public Key Infrastructure (PKI) and Public Key Cryptography (PKC)
Sector:
Citation: Kent, D., Cheng, B., and Siegel, J., "Assuring Vehicle Update Integrity Using Asymmetric Public Key Infrastructure (PKI) and Public Key Cryptography (PKC)," SAE Int. J. Transp. Cyber. & Privacy 2(2):141-158, 2019, https://doi.org/10.4271/11-02-02-0013.
Language: English

References

  1. Christidis, P., Pelkmans, L., De Vlieger, I., Cowan, R., Hultén, S., Morato, A., Azkárate, G., and Estevan, R. , “Trends in Vehicle and Fuel Technologies,” in Review of past trends, European Commission, Joint Research Centre IPTS-Institute for Prospective Technological Studies, Spain, 2003.
  2. Siegel, J.E., Erb, D.C., and Sarma, S.E. , “A Survey of the Connected Vehicle Landscape Architectures, Enabling Technologies, Applications, and Development Areas,” IEEE Transactions on Intelligent Transportation Systems 19(8):2391-2406, Aug 2018.
  3. Ebert, C., and Jones, C. , “Embedded Software: Facts, Figures, and Future,” Computer 42(4):42-52, 2009.
  4. Miller, C., and Valasek, C. , “Remote Exploitation of an Unaltered Passenger Vehicle,” Black Hat USA 2015:91, 2015.
  5. Studnia, I., Nicomette, V., Alata, E., Deswarte, Y., Kaâniche, M., and Laarouchi, Y. , “Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks,” in Dependable Systems and Networks Workshop (DSN-W), 2013 43rd Annual IEEE/IFIP Conference on, Budapest, Hungary, June 24-27, 2013, IEEE, 2013, 1-12.
  6. Othmane, L.B., Weffers, H., Mohamad, M.M., and Wolf, M. , “A Survey of Security and Privacy in Connected Vehicles,” in Wireless Sensor and Mobile Ad-Hoc Networks (New York: Springer, 2015), 217-247.
  7. Sommer, F., Dürrwang, J., and Kriesten, R. , “Survey and Classification of Automotive Security Attacks,” Information 10:148, 2019.
  8. Bello, L.L., Mariani, R., Mubeen, S., and Saponara, S. , “Recent Advances and Trends in On-board Embedded and Networked Automotive Systems,” IEEE Transactions on Industrial Informatics 15(2):1038-1051, 2018.
  9. Kohnhäuser, F., Püllen, D., and Katzenbeisser, S. , “Ensuring the Safe and Secure Operation of Electronic Control Units in Road vehicles,” in 2019 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, IEEE, 2019, 126-131.
  10. Karthik, T., Brown, A., Awwad, S., McCoy, D., Bielawski, R., Mott, C., Lauzon, S., Weimerskirch, A., and Cappos, J. , “Uptane: Securing Software Updates for Automobiles,” in International Conference on Embedded Security in Car, Munich, Germany, 2016, 1-11.
  11. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H. et al. , “Experimental Security Analysis of a Modern Automobile,” in 2010 IEEE Symposium on Security and Privacy, Oakland, CA, May 16-19, 2010, IEEE, 2010, 447-462.
  12. Jung, H.J., Ahn, H.S., and Lee, C.H. , “Firmware Upgrade Method and System Thereof,” South Korea Patent 20 150 074 414A, December 24, 2013, discontinued.
  13. Zander, J., Zmuda, M., Tatourian, I.A., and Szymanski, P. , “Methods and Apparatus to Use a Security Coprocessor for Firmware Protection,” U.S. Pending US Patent App. 15/273,997, March 7, 2018.
  14. Davies, J. , Implementing SSL/TLS Using Cryptography and PKI (Hoboken, NJ: John Wiley & Sons, 2011).
  15. Möller, B., Duong, T., and Kotowicz, K. , “This POODLE Bites: Exploiting the SSL 3.0 Fallback,” Security Advisory, 2014, https://www.openssl.org/~bodo/ssl-poodle.pdf.
  16. “The Poodle Attack and the End of SSL 3.0,” Mozilla Security Blog, October 2014. [Online]. Available: https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-SSL-3-0/.
  17. “The Poodle Attack and the End of SSL 3.0,” Mozilla Security Blog, October 2014. [Online]. Available: https://security.googleblog.com/2015/09/disabling-SSLv3-and-rc4.html.
  18. “December 2014 Internet Explorer Security Updates & Disabling SSL 3.0 Fallback,” Internet Explorer Team Blog, December 2014. [Online]. Available: https://blogs.msdn.microsoft.com/ie/2014/12/09/december-2014-internet-explorer-security-updates-disabling-SSL-3-0-fallback/.
  19. “Microsoft Included CA Certificate List.” [Online]. Available: https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT.
  20. “List of Available Trusted Root Certificates in ios 13, ipados 13, macos 10.15, watchos 6, and tvos 13.” [Online]. Available: https://support.apple.com/en-us/HT210770.
  21. “Mozilla Included CA Certificate List.” [Online]. Available: https://ccadbpublic.secure.force.com/mozilla/IncludedCACertificateReport.
  22. Ayer, A. , “Misissued/Suspicious Symantec Certificates,” mozilla.dev.security.policy, Jan 2017. [Online]. Available: https://groups.google.com/forum/#!msg/mozilla.dev.security. policy/fyJ3EK2YOP8/yvjS5leYCAAJ
  23. Dasgupta, P., Chatha, K., and Gupta, S.K. , “Viral Attacks on the dod Common Access Card (cac),” Tempe, AZ: Department of Computer Science and Engineering, Arizona State University, ND, 2009, http://cactus.eas.asu.edu/partha/Papers-PDF/2007/milcom.pdf.
  24. “Li 500 - Personnel Administration,” United States Department of Defense, p. 5, 2018. [Online]. Available: https://comptroller.defense.gov/Portals/45/Documents/defbudget/fy2019/budget_justification/pdfs/02_Procurement/04_DHRA_FY2019_Procurement_J-Book.pdf
  25. Cappos, J., Samuel, J., Baker, S., and Hartman, J.H. , “A Look in the Mirror: Attacks on Package Managers,” in Proceedings of the 15th ACM Conference on Computer and Communications Security, Alexandria, VA, Oct. 2008, ACM, 2008, 565-574.
  26. Signing Builds for Release, Online, Google. [Online]. Available: https://source.android.com/devices/tech/ota/sign_builds.
  27. A/B (Seamless) System Updates, Online, Google. [Online]. Available: https://source.android.com/devices/tech/ota/ab.
  28. Protect against security threats with SafetyNet, Online, Google. [Online]. Available: https://developer.android.com/training/safetynet.
  29. Mulliner, C., and Kozyrakis, J. , “Inside Android’s Safetynet Attestation,” Black Hat EU 2017:75, 2017.
  30. Ermolov, M. , “Intel x86 root of trust: loss of trust,” March 2020. [Online]. Available: https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html.
  31. DS2477: DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection, Maxim Integrated, September 2018, rev. 0. [Online]. Available: https://datasheets.maximintegrated.com/en/ds/DS2477.pdf.
  32. Ford Motor Company, “Ford motor company - 2018 annual report,” Ford Motor Company, 2018. [Online]. Available: https://s22.q4cdn.com/857684434/files/doc_financials/2018/annual/2018-Annual-Report.pdf.
  33. “Fourth quarter 2018 global sales,” General Motors, 2018. [Online]. Available: https://investor.gm.com/static-files/94d3733b-213e-4cc4-be70-9f44dbd54944.
  34. “2018 annual report,” FCA Motor Company, 2018. [Online]. Available: https://www.fcagroup.com/en-US/investors/financial_regulatory/financial_reports/files/FCA_NV_2018_Annual_Report.pdf.
  35. Tschofenig, H. and Pegourie-Gonnard, M. , “Performance of State-of-the-Art Cryptography on Arm-based Microprocessors,” in NIST Lightweight Cryptography Workshop 2015, Gaithersburg, MD, July 20-21, 2015. [Online]. Available: https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/presentations/session7-vincent.pdf.
  36. Ledwaba, L.P., Hancke, G.P., Venter, H.S., and Isaac, S.J. , “Performance Costs of Software Cryptography in Securing New-generation Internet of Energy Endpoint Devices,” IEEE Access 6:9303-9323, 2018.
  37. Cho, K.T. and Shin, K.G. , “Fingerprinting Electronic Control Units for Vehicle Intrusion Detection,” in 25th USENIX Security Symposium (USENIX Security 16), Austin, TX, Aug. 10-12, 2016, 911-927.
  38. (March 2019) Operation shadowhammer. Kaspersky Global Research and Analysis Team. [Online]. Available: https://securelist.com/operation-shadowhammer/89992/.
  39. Skorobogatov, S. , “Physical Attacks on Tamper Resistance: Progress and Lessons,” in Proceedings of 2nd ARO Special Workshop on Hardware Assurance, Washington, DC, 2011.
  40. Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A., and Walstad, C. , “Formal Analysis of Kerberos 5,” Theoretical Computer Science 367(1-2):57-87, 2006.
  41. Kent, D. , “Pki-Based ecu Update Assurance - Public Gitlab Repository,” Michigan State University. [Online]. Available: https://gitlab.msu.edu/kentdan3/pki-based-ecu-update-assurance-public.
  42. Quigley, M., Conley, K., Gerkey, B.P., Faust, J., Foote, T., Leibs, J., Wheeler, R., and Ng, A.Y. , “Ros: An Open-source Robot Operating System,” in ICRA Workshop on Open Source Software, Kobe, Japan, May 17, 2009.
  43. “OpenSSL: Cryptography and SSL/tls toolkit,” The OpenSSL Project. [Online]. Available: https://www.openSSL.org/.
  44. Lloyd, J. , “Botan: Crypto and tls for modern c++,” 2019. [Online]. Available: https://botan.randombit.net/.
  45. Banerjee, M., Lee, J., and Choo, K.-K.R. , “A Blockchain Future for Internet of Things Security: A Position Paper,” Digital Communications and Networks 4(3):149-160, 2018.
  46. Falco, G. and Siegel, J.E. , “Assuring Automotive Data and Software Integrity Employing Distributed Hash Tables and Blockchain,” 2020.
  47. Siegel, J. , “System and Method for Providing Predictive Software Upgrades,” U.S. Patent 9,086,941 B1, 2015.
  48. Sandaruwan, G., Ranaweera, P., and Oleshchuk, V.A. , “Plc Security and Critical Infrastructure Protection,” in 2013 IEEE 8th International Conference on Industrial and Information Systems, University of Peradeniya, Sri Lanka, Dec. 17-20, 2013, IEEE, 2013, 81-85.

Cited By