Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Over-the-Air Updates: The Ultimate Security Anti-Hero


Published on

Visteon presented at TU-Automotive Detroit in Novi, Michigan, on June 7, 2018.

Published in: Automotive
  • Be the first to comment

Over-the-Air Updates: The Ultimate Security Anti-Hero

  1. 1. Visteon Confidential Over-the-Air Updates: The Ultimate Security Anti-Hero! June 7th 2018 Srini Adiraju
  2. 2. Over-the-Air Updates: The Ultimate Security Anti-Hero! 2
  3. 3. An Automotive Technology Company on the Move • A top-five Tier 1 connected car supplier* • Largest supplier focused exclusively on cockpit electronics • Leading the transition of digital cockpits to autonomous driving 3
  4. 4. Industry-Leading Cockpit Electronics Product Portfolio Only pure-play in automotive cockpit electronics Source: Rankings from 2016 ABI Research and IHS Markit. Instrument clusters Head-up displays Infotainment Displays Self-drivingConnectivityCockpit computer Visteon Market Position Top 5 Connected car Tier 1 supplier 4
  5. 5. Cockpit Technology Trends 5 20102005 2015 2020 2025 ECU Consolidation Connected Car HMI for Level 3 Autonomous Digital Cockpit
  6. 6. Over-the-Air Updates: Industry Challenges 6
  7. 7. ECU Consolidation in Automotive Electronics Complex network of Inter-dependent ECUs Yesterday ECUs in car 30 - 100+ Consolidation of ECUs into domain controllers Less ECUS but more Interfaces Cockpit Controller Today Tomorrow Cockpit Controller ADAS/AD Controller 7
  8. 8. Change in Business Models • Expectation of Content refresh over time • Improving the User Experience • Expert Reviews by 3rd Parties i.e, Consumer reports, • Feature Parity with Competition New feature updates beyond model years 8
  9. 9. Broader OTA challenges ECU Consolidation Interfaces increasing rapidly Extremely complex vehicle architectures Interoperability among multiple connectivity standards 9 Connectivity Cellular, WiFi, DSRC Networking Stacks InteroperabilityComplex Vehicle Architectures Support for Multiple Protocols Controller Consolidation Multiple Domains Bluetooth, WiFi, V2X
  10. 10. OTA: What can go wrong ? 10
  11. 11. Software updates went wrong 11 Bug free software is a myth
  12. 12. A Bug Fixed or Created ? 12 How Security Bugs are created Source:,-2-years-ago
  13. 13. Debian Linux bug 13
  14. 14. Best Practices 14
  15. 15. Multi-Layered OTA Architecture: Best Practices • Comprehensive Multi-Layered Architecture • Update at the ECU Component Level • Update Multiple Domains within a domain Controller • Multi-processor update Strategy e.g., VIP and SOC • Two Copy Update and Rollback Strategy • A, B Copy • Background downloading • Storage Implications • Local vs Cloud • Have consistent and common Packaging format and update mechanism across all channels • CAN • FOTA • Block level Updates • File level updates are extremely error- prone • Power hit tolerance 16
  16. 16. Multi-Layered OTA Architecture: Best Practices (Contd..) • Deploying wrong versions of the software • Minimize the number of active versions in the field • Compatibility • APIs/Interfaces • Shared Objects/Static Libraries • Driver/Underlying changes • Dependencies • Hardware Acceleration Flags • Compiler Flags, Features • Periodic updates • Test, test and test • BETA programs • Bug Reporting mechanism • Bug Bounties 17
  17. 17. Cost of OTA • Storage to Hold Two copies • A/B Copy Architecture • Where is the holding Area • Cloud • Local Gateway • Memory for all the images • Hardware Capabilities i.e., SHE And HSM 18
  18. 18. Secure Update Release Process End to end comprehensive secure solutions aided byprocess Secure OTA Block Based Secure Over the air updates, Secure Programming/Flashing Block-based OTA delivery to vehicle SAE J3061 Cybersecurity Framework Security Requirements Secure Design Threat and risk analysis Features Security tests Code Analysis Security operations System Validation Fuzz testing Pen testing Incident Response Process Secure Manufacturing OTA 19
  19. 19. Questions ? Thank you 20