Breaking the Vehicle Over-The-Air Update System
Overview
A modern vehicle is composed of around 100 Electronic Control Unit (ECU) connected via several types of networks. An ECU is an embedded device, similar to a RaspberryPI, running an operating system, e.g., Linux-based or real-time OS, on top of which different software and firmware may run, depending on the application. Due to the imperfection of humans, software can have faults and vulnerabilities, which can lead to catastrophic failures that threatens human lives. This makes the manufacturers liable to such failures and thus often caused millions of vehicles recalls for repair. A smart solution is to take advantage of the vehicle connectivity to the Internet and surrounding and perform Over-The-Air (OTA) software and firmware when needed, very similar to smart phone software updates. It is clear that this process is critical and can have negative consequences if the OTA update system unreliable and insecure. We have introduced an OTA protocol and corresponding Proof of Concept (PoC) implementation that ensure an end-to-end chain of trust between all stakeholders: the manufacturer, suppliers, brokers, and the vehicle.
Expected deliverables
The goal of this project is to demonstrate some attacks by running the PoC on embedded devices or even in a real vehicle. The role of the intern will be to understand the system and extend the demos we have already done in software, and experiment them empirically on real relevant devices. The objectives are to (1) raise awareness to the consequences of not doing OTA updates right, (2) to gauge if our system is secure empirically (3), and to improve it if is not.
Questions and Answers
Where to find answers to Frequently Asked Questions about applying to VSRP?
Contacts
Supervisors
Biography
Paulo Esteves-Veríssimo is a professor in the Computer Science (CS) program at KAUST. Previously, he was a professor and FNR PEARL Chair at the University of Luxembourg's (Uni.lu) Faculty of Science, Technology and Medicine (FSTM). He also led the CritiX Research Lab at the SnT Centre at Uni.lu, which achieved world-class results and established enduring research capacity in resilient computing, cybersecurity, and dependability.
He has also been a professor and a board member of the University of Lisbon (ULisboa), Portugal. At ULisboa, he created the Navigators research group and was the founding director of Laboratório de Sistemas Informáticos de Grande Escala (LaSIGE). From its founding in 1998, the computer science and engineering lab LaSIGE has carried out research in leading-edge areas backed by key indicators of excellence.
He was UNILU-SnT’s representative at the European Cyber Security Organization (ESCO) and member of its Scientific & Technical Committee (STC). He served as Chair of the IFIP WG 10.4 on Dependable Computing and Fault-Tolerance and vice-chair of the Steering Committee of the IEEE/IFIP DSN conference. He is a Fellow of the IEEE, a Fellow of the ACM and an associate editor of IEEE Transactions on Emerging Topics in Computing (TETC).
Research Interests
Professor Esteves-Veríssimo is interested in architectures, middleware and algorithms for resilient modular and distributed computing. In addition to examining paradigms and techniques that reconcile security and dependability, he also explores novel applications of these paradigms and techniques. By doing so, he achieves system resilience in areas such as autonomous vehicles, distributed control systems, digital health and genomics, and blockchain and cryptocurrency.
Dr. Esteves-Veríssimo’s research has featured in over 200 peer-reviewed international publications and five international books. He has delivered over 70 keynote speeches and distinguished lectures at reputable venues. As a systems and engineering specialist, he has contributed to designing and engineering several advanced industrial prototypes of distributed, fault-tolerant, secure or real-time systems developed through research and development.