一种可适应的安全设计方法,用于确保现代车辆的安全空中(OTA)更新

IF 6.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2025-03-01 Epub Date: 2024-12-14 DOI:10.1016/j.cose.2024.104268
Victormills Iyieke , Hesamaldin Jadidbonab , Abdur Rakib , Jeremy Bryans , Don Dhaliwal , Odysseas Kosmas
{"title":"一种可适应的安全设计方法,用于确保现代车辆的安全空中(OTA)更新","authors":"Victormills Iyieke ,&nbsp;Hesamaldin Jadidbonab ,&nbsp;Abdur Rakib ,&nbsp;Jeremy Bryans ,&nbsp;Don Dhaliwal ,&nbsp;Odysseas Kosmas","doi":"10.1016/j.cose.2024.104268","DOIUrl":null,"url":null,"abstract":"<div><div>The rise in Connected and Automated Vehicles (CAVs) and Intelligent Transport Systems (ITSs) introduced by OEMs has increased the demand for modern vehicle sophistication. This sophistication involves a variety of software capabilities and functionalities embedded in over 100 ECUs in a vehicle. This has led to the need for over-the-air (OTA) updates. OTA updates can be delivered wirelessly, eliminating the need to bring vehicles to the garage for updates. This is more convenient for owners, reduces costs for OEMs, and reduces greenhouse gas emissions. There exist different OTA update considerations that are adopted by automotive OEMs, such as the Uptane framework, Open Mobile Alliance Device Management (OMA-DM) standard, and the general ISO 24089 standard, including subvariance of Uptane and OMA-DM. However, the systematic implementation of security-by-design applying ISO 21434 in OTA systems is less employed, and there remains a gap in this practice of security-by-design that the automotive industry can adapt to ensure a systematic approach to secure OTA update technology. OTA update security hinges on identifying vulnerability pathways for potential malicious attacks. Therefore, identifying and mitigating potential vulnerabilities throughout the OTA update process is critical for robust security. This paper proposes an adaptable security-by-design approach to OTA update, built and extended from our work Iyieke et al. (2023). The adaptable security-by-design approach is then applied to a developed prototype OTA update system based on the Uptane framework as implemented by Toradex. Security-by-design is a well-established concept in enterprise systems, but is still developing in the cyber–physical system of automotive cybersecurity. Our proposed approach covers the security engineering lifecycle, the logical security layered concept, and the security architecture. A threat analysis and risk assessment (TARA) is performed based on the international automotive cybersecurity standard ISO/SAE 21434. The highest threats identified from the TARA are formalized, and corresponding mitigation actions are defined according to UNECE WP29. Penetration testing is conducted to verify the approach’s capability to reinforce the security of the OTA update systems against some of the identified risks and threats. Our proposed approach provides a systematic and adaptable security-by-design approach to ensure secure OTA updates in modern vehicles; OEMs and other stakeholders can use it to develop secure OTA systems regardless of the OTA update technology used.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104268"},"PeriodicalIF":6.8000,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An adaptable security-by-design approach for ensuring a secure Over the Air (OTA) update in modern vehicles\",\"authors\":\"Victormills Iyieke ,&nbsp;Hesamaldin Jadidbonab ,&nbsp;Abdur Rakib ,&nbsp;Jeremy Bryans ,&nbsp;Don Dhaliwal ,&nbsp;Odysseas Kosmas\",\"doi\":\"10.1016/j.cose.2024.104268\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The rise in Connected and Automated Vehicles (CAVs) and Intelligent Transport Systems (ITSs) introduced by OEMs has increased the demand for modern vehicle sophistication. This sophistication involves a variety of software capabilities and functionalities embedded in over 100 ECUs in a vehicle. This has led to the need for over-the-air (OTA) updates. OTA updates can be delivered wirelessly, eliminating the need to bring vehicles to the garage for updates. This is more convenient for owners, reduces costs for OEMs, and reduces greenhouse gas emissions. There exist different OTA update considerations that are adopted by automotive OEMs, such as the Uptane framework, Open Mobile Alliance Device Management (OMA-DM) standard, and the general ISO 24089 standard, including subvariance of Uptane and OMA-DM. However, the systematic implementation of security-by-design applying ISO 21434 in OTA systems is less employed, and there remains a gap in this practice of security-by-design that the automotive industry can adapt to ensure a systematic approach to secure OTA update technology. OTA update security hinges on identifying vulnerability pathways for potential malicious attacks. Therefore, identifying and mitigating potential vulnerabilities throughout the OTA update process is critical for robust security. This paper proposes an adaptable security-by-design approach to OTA update, built and extended from our work Iyieke et al. (2023). The adaptable security-by-design approach is then applied to a developed prototype OTA update system based on the Uptane framework as implemented by Toradex. Security-by-design is a well-established concept in enterprise systems, but is still developing in the cyber–physical system of automotive cybersecurity. Our proposed approach covers the security engineering lifecycle, the logical security layered concept, and the security architecture. A threat analysis and risk assessment (TARA) is performed based on the international automotive cybersecurity standard ISO/SAE 21434. The highest threats identified from the TARA are formalized, and corresponding mitigation actions are defined according to UNECE WP29. Penetration testing is conducted to verify the approach’s capability to reinforce the security of the OTA update systems against some of the identified risks and threats. Our proposed approach provides a systematic and adaptable security-by-design approach to ensure secure OTA updates in modern vehicles; OEMs and other stakeholders can use it to develop secure OTA systems regardless of the OTA update technology used.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"150 \",\"pages\":\"Article 104268\"},\"PeriodicalIF\":6.8000,\"publicationDate\":\"2025-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824005741\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2024/12/14 0:00:00\",\"PubModel\":\"Epub\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824005741","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/12/14 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

原始设备制造商推出的联网和自动驾驶汽车(cav)和智能交通系统(ITSs)的兴起增加了对现代车辆复杂性的需求。这种复杂性涉及到嵌入在车辆100多个ecu中的各种软件能力和功能。这导致了对空中(OTA)更新的需求。OTA更新可以无线传输,无需将车辆开到车库进行更新。这对车主来说更方便,降低了原始设备制造商的成本,并减少了温室气体排放。汽车oem采用了不同的OTA更新考虑因素,如Uptane框架、开放移动联盟设备管理(OMA-DM)标准和通用ISO 24089标准,包括Uptane和OMA-DM的子方差。然而,在OTA系统中应用ISO 21434系统实现安全设计的情况较少,并且在这种安全设计实践中仍然存在空白,汽车行业可以适应这种空白,以确保系统的方法来保护OTA更新技术。OTA更新的安全性取决于识别潜在恶意攻击的漏洞路径。因此,识别和减轻整个OTA更新过程中的潜在漏洞对于强大的安全性至关重要。本文提出了一种自适应的设计安全方法来进行OTA更新,该方法是在我们的工作Iyieke等人(2023)的基础上构建和扩展的。然后,将这种适应性强的设计安全方法应用到基于Uptane框架的开发原型OTA更新系统中,该系统由Toradex实现。设计安全在企业系统中是一个成熟的概念,但在汽车网络安全的网络物理系统中仍处于发展阶段。我们提出的方法涵盖了安全工程生命周期、逻辑安全分层概念和安全体系结构。威胁分析和风险评估(TARA)基于国际汽车网络安全标准ISO/SAE 21434进行。从塔拉确定的最高威胁已正式确定,并根据欧洲经委会WP29确定了相应的缓解行动。进行渗透测试是为了验证该方法增强OTA更新系统的安全性,以抵御某些已识别的风险和威胁的能力。我们提出的方法提供了一种系统的、适应性强的安全设计方法,以确保现代车辆的安全OTA更新;无论使用何种OTA更新技术,oem和其他利益相关者都可以使用它来开发安全的OTA系统。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
An adaptable security-by-design approach for ensuring a secure Over the Air (OTA) update in modern vehicles
The rise in Connected and Automated Vehicles (CAVs) and Intelligent Transport Systems (ITSs) introduced by OEMs has increased the demand for modern vehicle sophistication. This sophistication involves a variety of software capabilities and functionalities embedded in over 100 ECUs in a vehicle. This has led to the need for over-the-air (OTA) updates. OTA updates can be delivered wirelessly, eliminating the need to bring vehicles to the garage for updates. This is more convenient for owners, reduces costs for OEMs, and reduces greenhouse gas emissions. There exist different OTA update considerations that are adopted by automotive OEMs, such as the Uptane framework, Open Mobile Alliance Device Management (OMA-DM) standard, and the general ISO 24089 standard, including subvariance of Uptane and OMA-DM. However, the systematic implementation of security-by-design applying ISO 21434 in OTA systems is less employed, and there remains a gap in this practice of security-by-design that the automotive industry can adapt to ensure a systematic approach to secure OTA update technology. OTA update security hinges on identifying vulnerability pathways for potential malicious attacks. Therefore, identifying and mitigating potential vulnerabilities throughout the OTA update process is critical for robust security. This paper proposes an adaptable security-by-design approach to OTA update, built and extended from our work Iyieke et al. (2023). The adaptable security-by-design approach is then applied to a developed prototype OTA update system based on the Uptane framework as implemented by Toradex. Security-by-design is a well-established concept in enterprise systems, but is still developing in the cyber–physical system of automotive cybersecurity. Our proposed approach covers the security engineering lifecycle, the logical security layered concept, and the security architecture. A threat analysis and risk assessment (TARA) is performed based on the international automotive cybersecurity standard ISO/SAE 21434. The highest threats identified from the TARA are formalized, and corresponding mitigation actions are defined according to UNECE WP29. Penetration testing is conducted to verify the approach’s capability to reinforce the security of the OTA update systems against some of the identified risks and threats. Our proposed approach provides a systematic and adaptable security-by-design approach to ensure secure OTA updates in modern vehicles; OEMs and other stakeholders can use it to develop secure OTA systems regardless of the OTA update technology used.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
期刊最新文献
A Multi-Frequency Temporal Spatio-Transformer for adversarially robust IoT intrusion detection Debapt: Ontology-driven multi-agent debate for APT adversary profile construction from cyber threat intelligence CoolTest: Randomness test suited for small data volumes ODHD: On-Demand Helper Data generation for reliable NVM-free key derivation from SRAM PUF From Systematic Threat Search to pentesting: Industrial Control Systems threat models
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1