Secure over-the-air firmware updating for automotive electronic control units

This work presents secure over-the-air firmware updating that brings a homogenized updating process across OEMs, suppliers and sub-tiers, removing at the same time the costs for individual security precautions and cryptographic countermeasures for each individual component or sub-system. The objective is to overcome all attacks to the servers, to the networks and to the diverse electronic control units (ECUs) in modern vehicles. The proposed herein secure over-the-air firmware updating, as applied in firmware updating for vehicles, employs separation of roles, e.g., the manager server employs firmware versioning and entitlements for each vehicle and its corresponding ECUs and dependency resolution on behalf of vehicles; In a firmware server, each ECU firmware is associated with metadata that are signed and uploaded by the OEM and/or its suppliers, while a timestamp server on demand records and signs the more recent time for ECUs firmware. An STM32F7xx-based prototype demonstrates a real vehicle case.