This project addresses the critical security vulnerabilities in Over-the-Air(OTA) updates for modern vehicles, which have become essential "driving computers" requiring frequent software and firmware updates. While OTA technoogy enables convenient wireless updates directly from servers to vehicle systems, it faces significant cybersecurity threats including man-in-the-middle attacks, firmware spoofing, and unauthorized access that compromise vehicle safety and user privacy. Our research develops comprehensive security countermeasures throgh advanced encryption, digital signatures, and secure boot process implemented across network, system, and application levels, providing the automotive industry with essential tools to effectively combat emerging cyber threats and ensure secure software deployment.
Precondition
- Assume that the attacker has access to the network where the OTA update is taking place
Attack Procedure
- Attacker performs ARP spoofing and IP forwarding to gain a man-in-the-middle position between broker and client.
- Intercept client's download URL request and redirects to malicious URL
- Download a malicious image on the client side
Security Plan
- Ensuring confidentiality through TLS and strengthening data integrity through digital signatures
- Plan to explore ways to ensure trustworthiness of certificates and keys
Precondition
- Assume that the attacker know the broker IP and Client IP, and can intercept the OTA update packets
Attack Procedure
- Capture vulnerable message packets through sniffing
- Retransmit captured packets by posing as a fake broker
- Download a vulnerable older version on the client side
Security Plan
- Check the expire time by verifying the timestamp
- Prevent an abnormal rollback by managing version list
Hanbin Yeo 
|
Jangwoon Park 
|
Kunho Park 
|