Anway Mukherjee, Ryan Gerdes, and Tam Chantem (Virginia Tech)

Over-the-air (OTA) software updates are an important feature to remotely analyze and upgrade any section of currently running software on battery-operated electric vehicles and its supply equipment. Even though a secure OTA framework can verify and validate updates before installation, the integrity of the framework itself cannot be guaranteed, and can easily introduce system and software vulnerability with potential catastrophic consequences. In this paper, we show how a popular automotive OTA secure update framework (Uptane) can be deployed entirely inside a TEE-enabled commercial off-the-shelf (COTS) embedded device to extend its security considerations and improve its resilience against both internal and external security breaches. We also present a software analysis tool that leverages SAWScript to verify our proposed solution against any functional and logical inconsistency, while validating our approach on a real COTS hardware (Raspberry Pi 3B).

View More Papers

Bringing Balance to the Force: Dynamic Analysis of the...

Abdallah Dawoud (CISPA Helmholtz Center for Information Security), Sven Bugiel (CISPA Helmholtz Center for Information Security)

Read More

Demo #3: I Am Not Afraid of the GPS...

Ali A. Abdallah (UC Irvine), Zaher M. Kassas (UC Irvine) and Chiawei Lee (US Air Force Test Pilot School)

Read More

Drivers and Passengers Maybe the Weakest Link in the...

Aiping Xiong (Pennsylvania State University), Zekun Cai (Pennsylvania State University) and Tianhao Wang (University of Virginia)

Read More

GPSKey: GPS based Secret Key Establishment for Intra-Vehicle Environment

Edwin Yang (University of Oklahoma) and Song Fang (University of Oklahoma)

Read More