Enhancing Security of Automotive OTA Firmware Updates via Decentralized Identifiers and Distributed Ledger Technology
Description
The increasing connectivity and complexity of automotive systems require enhanced mechanisms for firmware updates to ensure security and integrity. Traditional methods are insufficient for modern vehicles that require seamless over-the-air (OTA) updates. Current OTA mechanisms often lack robust security measures, leaving vehicles vulnerable to attacks. This paper proposes an innovative approach based on the use of decentralized identifiers (DIDs) and distributed ledger technology (DLT) for secure OTA firmware updates of on-vehicle software. By utilizing DIDs for unique vehicle identification, as well as verifiable credentials (VCs) and verifiable presentations (VPs) for secure information exchange and verification, the solution ensures the integrity and authenticity of software updates. It also allows for the revocation of specific updates, if necessary, thereby improving overall security. The security analysis applied the STRIDE methodology, which enabled the identification of potential threats, including spoofing, tampering, and privilege escalation. The results showed that our solution effectively mitigates these threats, while a performance evaluation indicated low latency during operations.
Files
electronics-13-04640.pdf
Files
(3.0 MB)
Name | Size | Download all |
---|---|---|
md5:e3e20fb2d2f08f98771dd5766ff3a3eb
|
3.0 MB | Preview Download |
Additional details
Funding
- CONFIDENTIAL6G — Confidential Computing and Privacy-preserving Technologies for 6G 101096435
- European Commission