skip to main content

Breaking the Vehicle Over-The-Air Update System

Project

Project Details

Program
Computer Science
Field of Study
Connected Vehicles, Autonomous Vehicles, Software updates, Over-the-Air (OTA), security
Division
Computer, Electrical and Mathematical Sciences and Engineering
Center Affiliation
Resilient Computing and Cybersecurity Center

Project Description

A modern vehicle is composed of around 100 Electronic Control Unit (ECU) connected via several types of networks. An ECU is an embedded device, similar to a RaspberryPI, running an operating system, e.g., Linux-based or real-time OS, on top of which different software and firmware may run, depending on the application. Due to the imperfection of humans, software can have faults and vulnerabilities, which can lead to catastrophic failures that threatens human lives. This makes the manufacturers liable to such failures and thus often caused millions of vehicles recalls for repair. A smart solution is to take advantage of the vehicle connectivity to the Internet and surrounding and perform Over-The-Air (OTA) software and firmware when needed, very similar to smart phone software updates. It is clear that this process is critical and can have negative consequences if the OTA update system unreliable and insecure. We have introduced an OTA protocol and corresponding Proof of Concept (PoC) implementation that ensure an end-to-end chain of trust between all stakeholders: the manufacturer, suppliers, brokers, and the vehicle.

About the Researcher

Paulo Esteves-Verissimo
Professor, Computer Science
Computer, Electrical and Mathematical Science and Engineering Division

Affiliations

Education Profile

  • Ph.D., Electrical and Computer Engineering, University of Lisbon (PT), 1990
  • MSc, Electrical and Computer Engineering, University of Lisbon IST (PT), 1984
  • Lic., Electrical Engineering, University of Lisbon IST (PT), 1978

Research Interests

Professor Esteves-VerA­ssimo is currently interested in architectures, middleware and algorithms for resilient modular and distributed computing. It is increasingly believed that Resilient Computing will become the main paradigm for achieving secure and dependable operation of computer systems and networks in a near future, improving classic Cybersecurity techniques. This is due to important intrinsic characteristics of this B.o.K., such as: common approach to accidental and malicious faults/attacks; incremental and adaptive protection against polymorphic threat surfaces; elasticity, plasticity and sustainability. To this end, he investigates such paradigms and techniques reconciling security and dependability, as well as novel ways to apply them in order to achieve system resilience, in areas like: autonomous vehicles from earth to space; distributed control systems; digital health and genomics; SDN-based infrastructures; or blockchain and cryptocurrencies. His research is published in over 200 peer-refereed international publications and 5 international books. He was invited as well to present it in more than 70 keynote speeches or distinguished lectures at reputed venues. Esteves-VerA­ssimo also has a solid systems and engineering track record, having contributed to the design and engineering of several advanced industrial prototypes of distributed, fault-tolerant, secure or real-time systems, emerging from R&D projects he took part in.

Selected Publications

  • Jiangshan Yu, David Kozhaya, JA©rA©mie Decouchant, Paulo Esteves-VerA­ssimo. RepuCoin: Your Reputation is Your Power (2019). In IEEE Trans. on Computers, 68(8), 1225-1237.
  • Kreutz, Diego; Ramos, F. M. V.; Verissimo, Paulo; Rothenberg, C. E.; Azodolmolky, S.; Uhlig, S. ""Software-Defined Networking: A Comprehensive Survey"", in Proceedings of the IEEE (2015), 103(1), 14-76.
  • Giuliana Veronese, Miguel Correia, Alysson Bessani, Lau Lung, Paulo Verissimo, ""Efficient Byzantine Fault-Tolerance"", IEEE Tacs. on Computers, vol. 62, no. 1, Jan. 2013.
  • Paulo Sousa, Alysson Bessani, Miguel Correia, Nuno Ferreira Neves, Paulo VerA­ssimo. Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery. IEEE Tacs. on Parallel and Distributed Systems. Apr. 2010.
  • VerA­ssimo, P., Casimiro, A.: The timely computing base model and architecture. IEEE Tacs. on Computers, Special Issue on Asynchronous Real-Time Distr. Systems (2002).
  • D. Powell, D. Seaton, G. Bonn, P. VerA­ssimo, and F. Waeselynk. The Delta-4 approach to dependability in open distributed computing systems. In N. Suri, C. Walter, and M. Hugue, editors, Adv. in Ultra-Dependable Distr. Sys. IEEE Computer Society, 1995.

Desired Project Deliverables

The goal of this project is to demonstrate some attacks by running the PoC on embedded devices or even in a real vehicle. The role of the intern will be to understand the system and extend the demos we have already done in software, and experiment them empirically on real relevant devices. The objectives are to (1) raise awareness to the consequences of not doing OTA updates right, (2) to gauge if our system is secure empirically (3), and to improve it if is not.

Recommended Student Background

Security
Vehicle communications
Distributed Systems