Securing Software Updates for Automobiles

Uptane is the first software update system designed to protect software delivered over-the-air to the computerized units of automobiles. The framework can thwart attacks from malicious actors who can compromise servers and networks at the manufacturing level. Hence, it is designed to be resilient even to the best efforts of nation state attackers. Uptane is integrated into Automotive Grade Linux, an open source system currently used by many large OEMs, and has also been adopted by a number of U.S. and international manufacturers. Within the next few years, more than one-third of new cars on U.S. roads will include Uptane.

Currently considered the de facto secure standard for software updates on automobiles, in July 2018 the IEEE/ISTO Federation began formally standardizing Uptane under a non-profit consortium called the Uptane Alliance. This step will encourage adoption and ensure clear guidance for future users. The design overview, standards documents, deployment considerations, technical papers, security audits, and a public reference implementation are freely available for all to use.