Over-The-Air (OTA) Updates for Vehicular Embedded Devices with End-to-End Reliable Computing
Abstract
Connected vehicles have software that needs to be updated to correct vulnerabilities and add new features. Over-the-air (OTA) updates prevent the owner from bringing the vehicle to a service center but enable attacks that modify the executables, putting lives at risk. This paper proposes an OTA architecture that combines the two most widely adopted hardware security technologies: Intel SGX on the server and ARM TrustZone on the client. This work stands out by proposing end-to-end trusted computing to protect the architecture from attackers capable of controlling the entire operating system, both in the server and vehicle. The implementation uses the CACIC-DevKit on the server and a vehicular-embedded device with the OP-TEE secure system. The experiments reveal that the impact of TEE is only 2% of the total time for transferring a 1KB software block.References
Anati, I., Gueron, S., Johnson, S., and Scarlata, V. (2013). Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, volume 13. ACM New York, NY, USA.
Carter, K., Foltzer, A., Hendrix, J., Huffman, B., and Tomb, A. (2013). SAW: the software analysis workbench. In Proceedings of the 2013 ACM SIGAda annual conference on High integrity language technology, pages 15–18.
Costan, V. and Devadas, S. (2016). Intel SGX explained. Cryptology ePrint Archive.
De Souza, L. A. C., Camilo, G. F., M. Campista, M. E., M. K. Costa, L. H., and M. B. Duarte, O. C. (2022). Enhancing Automatic Attack Detection through Spectral Decomposition of Network Flows. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference, pages 2074–2079.
Göttel, C., Felber, P., and Schiavoni, V. (2019). Developing secure services for IoT with OP-TEE: a first look at performance and usability. In Distributed Applications and Interoperable Systems: 19th IFIP WG 6.1 International Conference, DAIS 2019, Held as Part of the 14th International Federated Conference on Distributed Computing Techniques, DisCoTec 2019, Kongens Lyngby, Denmark, June 17–21, 2019, Proceedings 19, pages 170–178.
Henriques, A. C. P. (2022). Secure Over-the-Air Vehicle Updates using Trusted Execution Environments (TEE). Master’s thesis, Universidade do Porto.
Hern, A. (2013). North Korean ’Cyberwarfare’ Said to Have Cost South Korea £500m. The Guardian, 16.
Karthik, T., Brown, A., Awwad, S., McCoy, D., Bielawski, R., Mott, C., Lauzon, S., Weimerskirch, A., and Cappos, J. (2016). Uptane: Securing software updates for automobiles. In International Conference on Embedded Security in Car, pages 1–11.
Kornaros, G., Tomoutzoglou, O., Mbakoyiannis, D., Karadimitriou, N., Coppola, M., Montanari, E., Deligiannis, I., and Gherardi, G. (2020). Towards holistic secure networking in connected vehicles through securing CAN-bus communication and firmware-over-the-air updating. Journal of Systems Architecture, 109:101761.
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al. (2010). Experimental security analysis of a modern automobile. In 2010 IEEE symposium on security and privacy, pages 447–462. IEEE.
Mukherjee, A., Gerdes, R., and Chantem, T. (2021). Trusted Verification of Over-the-Air (OTA) Secure Software Updates on COTS Embedded Systems. In Workshop on Automotive and Autonomous Vehicle Security (AutoSec), volume 2021, page 25.
Ngabonziza, B., Martin, D., Bailey, A., Cho, H., and Martin, S. (2016). Trustzone explained: Architectural features and use cases. In 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pages 445–451. IEEE.
Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., and Fetzer, C. (2018). Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In 2018 Usenix Annual Technical Conference (USENIX ATC 18), pages 227–240.
Sarkar, S., Choudhary, G., Shandilya, S. K., Hussain, A., and Kim, H. (2022). Security of zero trust networks in cloud computing: A comparative review. Sustainability, 14(18):11213.
Scarlata, V., Johnson, S., Beaney, J., and Zmijewski, P. (2018). Supporting third party attestation for Intel SGX with Intel data center attestation primitives. White paper.
Suzaki, K., Nakajima, K., Oi, T., and Tsukamoto, A. (2020). Library implementation and performance analysis of GlobalPlatform TEE Internal API for Intel SGX and RISC-V Keystone. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 1200–1208. IEEE.
Thomaz, G. A., Guerra, M. B., Sammarco, M., and Campista, M. E. M. (2023a). CACIC-DevKit: Construção de Sistemas IoT com Políticas de Acesso Customizáveis e Segurança por Hardware. In Anais Estendidos do XLI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 1–8. SBC.
Thomaz, G. A., Guerra, M. B., Sammarco, M., Detyniecki, M., and Campista, M. E. M. (2023b). Tamper-proof access control for IoT clouds using enclaves. Ad Hoc Networks, 147:103191.
Tsai, C.-C., Porter, D. E., and Vij, M. (2017). Graphene-SGX: A Practical Library {OS} for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17), pages 645–658.
Carter, K., Foltzer, A., Hendrix, J., Huffman, B., and Tomb, A. (2013). SAW: the software analysis workbench. In Proceedings of the 2013 ACM SIGAda annual conference on High integrity language technology, pages 15–18.
Costan, V. and Devadas, S. (2016). Intel SGX explained. Cryptology ePrint Archive.
De Souza, L. A. C., Camilo, G. F., M. Campista, M. E., M. K. Costa, L. H., and M. B. Duarte, O. C. (2022). Enhancing Automatic Attack Detection through Spectral Decomposition of Network Flows. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference, pages 2074–2079.
Göttel, C., Felber, P., and Schiavoni, V. (2019). Developing secure services for IoT with OP-TEE: a first look at performance and usability. In Distributed Applications and Interoperable Systems: 19th IFIP WG 6.1 International Conference, DAIS 2019, Held as Part of the 14th International Federated Conference on Distributed Computing Techniques, DisCoTec 2019, Kongens Lyngby, Denmark, June 17–21, 2019, Proceedings 19, pages 170–178.
Henriques, A. C. P. (2022). Secure Over-the-Air Vehicle Updates using Trusted Execution Environments (TEE). Master’s thesis, Universidade do Porto.
Hern, A. (2013). North Korean ’Cyberwarfare’ Said to Have Cost South Korea £500m. The Guardian, 16.
Karthik, T., Brown, A., Awwad, S., McCoy, D., Bielawski, R., Mott, C., Lauzon, S., Weimerskirch, A., and Cappos, J. (2016). Uptane: Securing software updates for automobiles. In International Conference on Embedded Security in Car, pages 1–11.
Kornaros, G., Tomoutzoglou, O., Mbakoyiannis, D., Karadimitriou, N., Coppola, M., Montanari, E., Deligiannis, I., and Gherardi, G. (2020). Towards holistic secure networking in connected vehicles through securing CAN-bus communication and firmware-over-the-air updating. Journal of Systems Architecture, 109:101761.
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al. (2010). Experimental security analysis of a modern automobile. In 2010 IEEE symposium on security and privacy, pages 447–462. IEEE.
Mukherjee, A., Gerdes, R., and Chantem, T. (2021). Trusted Verification of Over-the-Air (OTA) Secure Software Updates on COTS Embedded Systems. In Workshop on Automotive and Autonomous Vehicle Security (AutoSec), volume 2021, page 25.
Ngabonziza, B., Martin, D., Bailey, A., Cho, H., and Martin, S. (2016). Trustzone explained: Architectural features and use cases. In 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pages 445–451. IEEE.
Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., and Fetzer, C. (2018). Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In 2018 Usenix Annual Technical Conference (USENIX ATC 18), pages 227–240.
Sarkar, S., Choudhary, G., Shandilya, S. K., Hussain, A., and Kim, H. (2022). Security of zero trust networks in cloud computing: A comparative review. Sustainability, 14(18):11213.
Scarlata, V., Johnson, S., Beaney, J., and Zmijewski, P. (2018). Supporting third party attestation for Intel SGX with Intel data center attestation primitives. White paper.
Suzaki, K., Nakajima, K., Oi, T., and Tsukamoto, A. (2020). Library implementation and performance analysis of GlobalPlatform TEE Internal API for Intel SGX and RISC-V Keystone. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 1200–1208. IEEE.
Thomaz, G. A., Guerra, M. B., Sammarco, M., and Campista, M. E. M. (2023a). CACIC-DevKit: Construção de Sistemas IoT com Políticas de Acesso Customizáveis e Segurança por Hardware. In Anais Estendidos do XLI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 1–8. SBC.
Thomaz, G. A., Guerra, M. B., Sammarco, M., Detyniecki, M., and Campista, M. E. M. (2023b). Tamper-proof access control for IoT clouds using enclaves. Ad Hoc Networks, 147:103191.
Tsai, C.-C., Porter, D. E., and Vij, M. (2017). Graphene-SGX: A Practical Library {OS} for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17), pages 645–658.
Published
2024-05-20
How to Cite
THOMAZ, Guilherme A.; SAMMARCO, Matteo; CAMPISTA, Miguel Elias M..
Over-The-Air (OTA) Updates for Vehicular Embedded Devices with End-to-End Reliable Computing. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 559-573.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1442.
