Abstract
Updating a firmware of a vehicular device is inevitable in order to improve not only the functionality but also the security. The vehicle consists of devices which are resource-constrained and produced by different vendors. Therefore, a lightweight update method, which ensure the correctness of the update as a vehicular system, is required. Moreover, since the update is a critical task, it is mandatory to ensure the security of the update. Recently, on the other hand, the vehicular system becomes complicated, sometimes with a non-genuine device attached by car owner; and hence, we should consider the case where a vehicular system becomes inconsistent even though a patch has been correctly applied. In such case, a rollback of the firmware should be required. In this paper, we propose a secure and efficient firmware update/rollback method to solve above issues. We also demonstrate it with our experiments.
Z. Xia—Presently, the author is with the University of Toronto.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Firmwares can be updated off-line via. e.g., a device connected to the OBD-II or USB port. In this paper, we omit it and focus on the on-line update.
References
Koscher, K., et al.: Experimental security analysis of a modern automobile (2010)
Miller, C., Valasek, C.: Adventures in automotive networks and control units. DEFCON 21, 260–264 (2013)
Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat 2015 (2015)
International Organization for Standardization (ISO): ISO11898:2015–1, road vehicles - controller area network (CAN) (2015)
National Institute of Standards and Technology (NIST): The keyed-hash message authentication code (HMAC) (2008)
National Institute of Standards and Technology (NIST): Recommendation for block cipher modes of operation: the CMAC mode for authentication (2016)
Han, K., Weimerskirch, A., Shin, K.G.: A practical solution to achieve real-time performance in the automotive network by randomizing frame identifier. In: 13th escar Europe 2015 (2015)
Xia, Z., Kawabata, T., Komano, Y.: A secure design for practical identity-anonymized CAN application. In: 14th escar Europe 2016 (2016)
Xia, Z., Komano, Y., Kawabata, T., Shimizu, H.: A centrally managed identity-anonymized CAN communication system. SAE Int. J. Transp. Cybersecur. Priv. 1(1), 19–37 (2018)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_26
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3
Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45418-7_17
Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_4
Komano, Y., Shimizu, H., Kawamura, S.: BS-CPA: built-in determined sub-key correlation power analysis. IEICE Trans. 93-A(9), 1632–1638 (2010)
Coron, J.-S., Goubin, L.: On Boolean and arithmetic masking against differential power analysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44499-8_18
Teraoka, H., Nakahara, F., Kurosawa, K.: Incremental update method for resource-constrained in-vehicle ECUs. In: IEEE 5th Global Conference on Consumer Electronics, pp. 1–2 (2016)
Teraoka, H., Nakahara, F., Kurosawa, K.: Incremental update method for in-vehicle ECUs. IPSJ Trans. Consum. Devices Syst. 7(2), 41–50 (2017)
http://www.daemonology.net/bsdiff/. Accessed 26 Feb 2018
http://www.7-zip.org/sdk.html. Accessed 26 Feb 2018
Lee, Y.S., Kim, J.H., Hung, H.V., Jeon, J.W.: A parallel re-programming method for in-vehicle gateway to save software update time. In: IEEE International Conference on Information and Automation, pp. 1497–1502. IEEE (2015)
Jang, S.J., Jeon, J.W.: Software reprogramming performance analysis of CAN FD and FLEXRAY protocols. In: IEEE International Conference on Information and Automation, pp. 2535–2540. IEEE (2015)
Lee, Y.S., Kim, J., Jang, S.J., Jeon, J.W.: Automotive ECU software reprogramming method based on ethernet backbone network to save time. In: 10th International Conference on Ubiquitous Information Management and Communication, IMCOM 2016, pp. 39:1–39:8. ACM (2016)
Burrows, M., Wheeler, D.: Incremental update method for in-vehicle ECUs. Digital SRC Research report, SRC-RR-124, 1–18 (1994)
Huffman, D.A.: A method for the construction of minimum redundancy codes. Proc. IRE 40(9), 1098–1101 (1952)
Ziv, J., Lempel, A.: A universal algorithm for sequential data compression. IEEE Trans. Inf. Theory 23(3), 337–343 (1977)
Martin, G.N.N.: Range encoding: an algorithm for removing redundancy from a digitized message. In: Video & Data Recording Conference (1979)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Komano, Y., Xia, Z., Kawabata, T., Shimizu, H. (2018). Efficient and Secure Firmware Update/Rollback Method for Vehicular Devices. In: Su, C., Kikuchi, H. (eds) Information Security Practice and Experience. ISPEC 2018. Lecture Notes in Computer Science(), vol 11125. Springer, Cham. https://doi.org/10.1007/978-3-319-99807-7_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-99807-7_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99806-0
Online ISBN: 978-3-319-99807-7
eBook Packages: Computer ScienceComputer Science (R0)