A framework for self-verification of firmwareupdates over the air in vehicle ecus

Paper in proceeding, 2008

An upcoming trend for automobile manufacturers is to provide firmware updates over the air (FOTA) as a service. Since the firmware controls the functionality of a vehicle, security is important. To this end, several secure FOTA protocols have been d veloped. However, the secure FOTA protocols only solve the security for the transmission of the firmware binary. Once the firm ware is downloaded, an attacker could potentially modify its contents before it is flashed to the corresponding ECU's ROM. Thus, there is a need to extend the flashing procedure to also verify that the correct firmware has been flashed to the ECU. We present a framework for self-verification of firmware updates over the air. We include a verification code in the transmission to the vehicle, and after the firmware has been flashed, the integrity of the memory contents can be verified using the verification code. The verification procedure entails only simple hash functionnsand is thus suitable for the limited resources in the vehicle. Virtualization techniques are employed to establish a truste computing base in the ECU, which is then u ed to perform the verification. The proposed framework allows the ECU it selfto perform self-verification and can thus ensure the successful flashing of the firmwa e.