Trishank Karthik Kuppusamy, Lois Anne Delong and Justin Cappos
Software update systems for automobiles can deliver significant benefits, but, if not implemented carefully, they could potentially incur serious security vulnerabilities. Previous solutions for securing software updates consider standard attacks and deploy widely understood security mechanisms, such as digital signatures for the software updates, and hardware security modules (HSM) to sign software updates. However, no existing solution considers more advanced security objectives, such as resilience against a repository compromise, or freeze attacks to the vehicle’s update mechanism, or a compromise at a supplier’s site.