Trusted Verification of Over-the-Air (OTA) Secure Software Updates on COTS Embedded Systems

Over-the-air (OTA) software updates are an important feature to remotely analyze and upgrade any section of currently running software on battery-operated electric vehicles and its supply equipment. Even though a secure OTA framework can verify and validate updates before installation, the integrity of the framework itself cannot be guaranteed, and can easily introduce system and software vulnerability with potential catastrophic consequences. In this paper, we show how a popular automotive OTA secure update framework (Uptane) can be deployed entirely inside a TEE-enabled commercial off-the-shelf (COTS) embedded device to extend its security considerations and improve its resilience against both internal and external security breaches. We also present a software analysis tool that leverages SAWScript to verify our proposed solution against any functional and logical inconsistency, while validating our approach on a real COTS hardware (Raspberry Pi 3B).