Decentralized firmware attestation for in-vehicle networks

Abstract: Today's vehicles are controlled by several so called electronic control units (ECUs). ECUs can be seen as small computers that work together in order to perform a common task. They control everything from critical tasks such as engine control to less critical functionality such as window control. The most prominent trend that can be observed today is the development of self-driving functionality. Due to inherent complexity of self-driving functionality, ECUs are becoming more dependent on each other. A fundamental problem in today's vehicles is that there does not exist any efficient way of achieving trust in the vehicle's internal-network. How can ECUs be assured that the output of other ECUs can be trusted? If an ECU produces the wrong output when the vehicle is in autonomous mode it can lead to the vehicle performing unsafe actions and risking the lives of the passengers and driver. In this thesis we evaluate different already established firmware attestation solutions for achieving trust in a decentralized network. Furthermore, three new firmware attestation solutions specially tailored for the automotive domain are proposed. We demonstrate that all the found existing solutions have a fundamental flaw, they all have a single point of failure. Meaning that if you eliminate the correct node, the entire attestation process stops functioning. Thus, a new more robust solution specially tailored for the automotive domain needed to be developed. Three different consistency verification mechanisms were designed. One parallel solution, one serial solution and one merkle-tree solution. Two of the three proposed solutions, the parallel solution and serial solution, were implemented and assessed. Two tests were conducted, a detection performance test and a timing performance test. By assessing the detection performance test and timing performance test of the serial and parallel solutions, it was concluded that the parallel solution showed a significant improvement in both stability and performance over the serial solution.