In modern cars, there are a number of electronic controllers that play a major role in the overall operation of the vehicle. Secure firmware updates of these controllers are crucial to the overall security and reliability of the vehicle and its associated electronic system(s). Therefore, the life cycle of these controllers should be carefully managed. In this research thread, we are examining the vehicular firmware updates processes and their associated security issues. In particular, we have analysed existing industrial proposals (e.g. the EVITA project) and suggested several improvements to the protocol, related to safety and security measures. These have been implemented in commercial Electronic Control Units (ECUs), and they are also analysed using mechanical tools (CasperFDR and Scyther). This research thread also examined the use of mobile devices for firmware updates and verifying the “trustworthiness” of vehicles.
This thread is currently expanding to cover secure firmware updates for safety and security sensitive devices, e.g. drones and avionics sensors.