There is little doubt that cars have caught the attention of hackers, and little hope that these trends will be reversed. In 2016, Uptane, an open-source software security project, designed with direct input from automotive manufacturers and suppliers, was introduced to address this threat.
In a nutshell, Uptane implementations secure automotive systems by establishing a set of checks and balances on a vehicle’s electronic control units (ECUs) to ensure the authenticity of incoming software updates. Nevertheless, technology is useless or even dangerous if not implemented properly. Shortly after its official launch, leaders of the Uptane project, including Dr. Justin Cappos, an associate professor of computer science and engineering at NYU Tandon, and representatives from the automotive industry, began the process of standardizing the technology. Version 1.0.0 of its Standard for Design and Implementation was released under the auspices of IEEE/ISTO on July 31, 2019.
Now that the Uptane framework has been widely adopted, including integration into Automotive Grade Linux, an open source system currently used by many large OEMs, and implementations by a number of tier 1 suppliers, including Airbiquity and HERE, Uptane announces the release of its first update to that Standard. Version.1.1.0 was officially released on January 8, 2021, along with a version-controlled Deployment Best Practices companion document.
In addition to Cappos, several other current and former members of Tandon’s Secure Systems Lab have been active contributors to the Standard and Deployment documents. These include Dr. Trishank Karthik Kuppusamy, a 2017 Ph.D. graduate and a lead developer on Uptane, Ph.D. candidate Marina Moore, and developer Sebastien Awwad.
The Standard is available online in both HTML and PDF versions. To read more about Uptane V.1.1.0, read the article released by NYU here.