Onboard computing units in cars are a desirable target for hackers. Defensive strategies are out there, but many automotive manufacturers and suppliers are not equipped to choose between them. To make the differences between available options clearer, the Uptane project recently announced the availability of two new educational resources. On June 12, Uptane, a secure software update framework designed specifically for the automotive industry, published its first whitepaper and announced its first international virtual workshop. The former is now available for download at https://uptane.github.io/papers/Uptane_first_whitepaper.pdf, while the latter will be held on September 23 and is currently open for registration.
The whitepaper, entitled Uptane: Securing delivery of software updates for ground vehicles, starts with an explanation of the growing vulnerability of the computing units in cars—known as electronic control units—and why security strategies developed for conventional systems may not be able to defend them. It urges manufacturers to take a realistic approach to cybersecurity, one that recognizes that it’s not a question of if an attack may occur but when. This mindset is the governing idea behind compromise resilience, a defensive strategy that aims to minimize the damage should an attack occurs. As the whitepaper emphasizes, a design built for compromise resilience—an element that sets Uptane apart from most other automotive cybersecurity systems— will not disintegrate if a hacker obtains control of a repository or a signing key. In addition, compromise resilient systems like Uptane have built-in mechanisms to make a quicker recovery from such attacks.
You can read the whitepaper here
To ensure that Uptane is also on the industry’s radar on a global level, the group is partnering with escar Europe, the world’s leading automotive cyber security conference, to offer its first international workshop. The free workshop, which will be held online from 1 p.m.to 4:30 p.m. in Germany (7 a.m. to 10:30 a.m New York time, 8:00 p.m. to 11:30 Tokyo time), is offered in two parts. Session 1 will offer a general introduction to the Uptane framework, while Session 2 is for those who may already have some familiarity with Uptane and are interested in learning more from companies and organizations that have implemented the framework.
Registration is open now through escar Europe at https://www.escar.info/escar-europe/registration.html. Note that you can register for the workshop even if you are not attending the escar conference in November. One registration entitles you to attend both sessions.
To wrap up a busy June, Uptane also released V.1.2.0 of its Standard for Design and Implementation and its Deployment Best Practices. The changes in the new versions primarily address issues of clarity.
Uptane is a Linux Foundation / Joint Development Foundation hosted project. It was developed by a team of engineers at New York University Tandon School of Engineering in Brooklyn, NY, the University of Michigan Transportation Research Institute in Ann Arbor, MI, and the Southwest Research Institute in Austin, TX, under a grant from the U.S. Department of Homeland Security.