Efficient and Secure Firmware Update/Rollback Method for Vehicular Devices

  • Yuichi KomanoEmail author
  • Zhengfan Xia
  • Takeshi Kawabata
  • Hideo Shimizu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11125)


Updating a firmware of a vehicular device is inevitable in order to improve not only the functionality but also the security. The vehicle consists of devices which are resource-constrained and produced by different vendors. Therefore, a lightweight update method, which ensure the correctness of the update as a vehicular system, is required. Moreover, since the update is a critical task, it is mandatory to ensure the security of the update. Recently, on the other hand, the vehicular system becomes complicated, sometimes with a non-genuine device attached by car owner; and hence, we should consider the case where a vehicular system becomes inconsistent even though a patch has been correctly applied. In such case, a rollback of the firmware should be required. In this paper, we propose a secure and efficient firmware update/rollback method to solve above issues. We also demonstrate it with our experiments.


  1. 1.
    Koscher, K., et al.: Experimental security analysis of a modern automobile (2010)Google Scholar
  2. 2.
    Miller, C., Valasek, C.: Adventures in automotive networks and control units. DEFCON 21, 260–264 (2013)Google Scholar
  3. 3.
    Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Black Hat 2015 (2015)Google Scholar
  4. 4.
    International Organization for Standardization (ISO): ISO11898:2015–1, road vehicles - controller area network (CAN) (2015)Google Scholar
  5. 5.
    National Institute of Standards and Technology (NIST): The keyed-hash message authentication code (HMAC) (2008)Google Scholar
  6. 6.
    National Institute of Standards and Technology (NIST): Recommendation for block cipher modes of operation: the CMAC mode for authentication (2016)Google Scholar
  7. 7.
    Han, K., Weimerskirch, A., Shin, K.G.: A practical solution to achieve real-time performance in the automotive network by randomizing frame identifier. In: 13th escar Europe 2015 (2015)Google Scholar
  8. 8.
    Xia, Z., Kawabata, T., Komano, Y.: A secure design for practical identity-anonymized CAN application. In: 14th escar Europe 2016 (2016)Google Scholar
  9. 9.
    Xia, Z., Komano, Y., Kawabata, T., Shimizu, H.: A centrally managed identity-anonymized CAN communication system. SAE Int. J. Transp. Cybersecur. Priv. 1(1), 19–37 (2018)Google Scholar
  10. 10.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  11. 11.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). Scholar
  12. 12.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). Scholar
  13. 13.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). Scholar
  14. 14.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001). Scholar
  15. 15.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003). Scholar
  16. 16.
    Komano, Y., Shimizu, H., Kawamura, S.: BS-CPA: built-in determined sub-key correlation power analysis. IEICE Trans. 93-A(9), 1632–1638 (2010)CrossRefGoogle Scholar
  17. 17.
    Coron, J.-S., Goubin, L.: On Boolean and arithmetic masking against differential power analysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000). Scholar
  18. 18.
    Teraoka, H., Nakahara, F., Kurosawa, K.: Incremental update method for resource-constrained in-vehicle ECUs. In: IEEE 5th Global Conference on Consumer Electronics, pp. 1–2 (2016)Google Scholar
  19. 19.
    Teraoka, H., Nakahara, F., Kurosawa, K.: Incremental update method for in-vehicle ECUs. IPSJ Trans. Consum. Devices Syst. 7(2), 41–50 (2017)Google Scholar
  20. 20.
  21. 21. Accessed 26 Feb 2018
  22. 22.
    Lee, Y.S., Kim, J.H., Hung, H.V., Jeon, J.W.: A parallel re-programming method for in-vehicle gateway to save software update time. In: IEEE International Conference on Information and Automation, pp. 1497–1502. IEEE (2015)Google Scholar
  23. 23.
    Jang, S.J., Jeon, J.W.: Software reprogramming performance analysis of CAN FD and FLEXRAY protocols. In: IEEE International Conference on Information and Automation, pp. 2535–2540. IEEE (2015)Google Scholar
  24. 24.
    Lee, Y.S., Kim, J., Jang, S.J., Jeon, J.W.: Automotive ECU software reprogramming method based on ethernet backbone network to save time. In: 10th International Conference on Ubiquitous Information Management and Communication, IMCOM 2016, pp. 39:1–39:8. ACM (2016)Google Scholar
  25. 25.
    Burrows, M., Wheeler, D.: Incremental update method for in-vehicle ECUs. Digital SRC Research report, SRC-RR-124, 1–18 (1994)Google Scholar
  26. 26.
    Huffman, D.A.: A method for the construction of minimum redundancy codes. Proc. IRE 40(9), 1098–1101 (1952)CrossRefGoogle Scholar
  27. 27.
    Ziv, J., Lempel, A.: A universal algorithm for sequential data compression. IEEE Trans. Inf. Theory 23(3), 337–343 (1977)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Martin, G.N.N.: Range encoding: an algorithm for removing redundancy from a digitized message. In: Video & Data Recording Conference (1979)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Yuichi Komano
    • 1
    Email author
  • Zhengfan Xia
    • 1
  • Takeshi Kawabata
    • 1
  • Hideo Shimizu
    • 1
  1. 1.Toshiba CorporationKawasakiJapan

Personalised recommendations