Abstract | Connected vehicles are increasingly threatened by cyberattacks during their long lifecycle. Therefore, timely Over-the-Air (OTA) update processes are becoming a mandatory mitigation mechanism and their security a critical task. In this paper, we present a novel secure OTA update distribution mechanism for connected vehicles that addresses threats and requirements of recent automotive security regulations and standards. We tailor our security concept to the capabilities of a Trusted Platform Module 2.0 (TPM) that we deploy as hardware trust anchor at the vehicle telematics unit and show its benefits and uniqueness regarding security guarantees and functionality in comparison to related work. In our concept, the TPM acts as trusted update distribution point that securely translates the asymmetric backend cryptography to the symmetric in-vehicle cryptography and as update authorization point that coordinates the update installation, e.g., regarding the vehicle state. These concepts are completely enforced inside the shielded location of the TPM, which then represents our minimal hardened trusted computing base on the telematics unit. The solution does not rely on boot time integrity mechanisms and thus even mitigates against advanced runtime and physical hardware cyberattacks. We evaluate our solution using a prototypical implementation within an automotive evaluation platform. |
---|