NYU Tandon Joins Top Open-Source Initiative For Automotive Software And Cybersecurity
Researchers at the NYU Tandon School of Engineering has developed Uptane, universal, free, and open-source framework to protect wireless software updates in vehicles, as part of the OTA cybersecurity toolkit for a growing number of automakers and suppliers.
Open-source systems, which improve through open security reviews, are an increasingly popular approach to securing OTA updates via Wi-Fi or cellular connections that eliminate the need for drivers to return to dealerships for upgrades.
Automobiles, like laptops, can be hacked by malefactors seeking to remotely steal information, damage or hijack a vehicle, or even injure or kill its occupants. One means of incursion is to target over-the-air (OTA) software upgrades for on-board telematics systems or the electronic control units (ECU) for brakes, the engine, air bags and more. The risk of such attacks will only increase, as analysts predict that by 2022, 203 million OTA-enabled cars will roll into dealerships.
Because of this, as well as the increasing collaboration with Automotive Grade Linux (AGL), NYU Tandon has joined The Linux Foundation and Automotive Grade Linux (AGL) as an Associate Member.
Uptane, a universal, free, and open-source framework to protect wireless software updates in vehicles, has gained a foothold with automakers and suppliers alike since its 2017 introduction as a joint research initiative in consultation with government regulators, and industry.
The Rise Of Uptane
In 2017 the Linux Foundation recognized TUF, of which Uptane is a variant, as a key security system for thwarting attacks, designating TUF to be one of the two new projects hosted by its Cloud Native Computing Foundation. Popular Science named Uptane one of the top 100 inventions of 2017.
Advanced Telematic Systems, a division of leading in-car navigation company HERE Technologies, was the first European company to integrate the Uptane security framework into its OTA solutions.
The AGL project has over 120 members and is on track to be the leading shared software platform across the industry for in-vehicle applications including infotainment, instrument cluster, heads-up-display (HUD), telematics, autonomous driving, safety, and advanced driver assistance.
Developed by Justin Cappos, professor of computer science and engineering at NYU Tandon, along with industry, academic and government collaborators, Uptane is helping to secure the OTA software updates for vehicles manufactured by one of the three major U.S. automakers, and is available to many others, including AGL members.
The Update Framework
Based upon Cappos' widely-used TUF (The Update Framework), and developed with funding by the U.S. Department of Homeland Security, Uptane can prevent attacks during software updates by storing the correct encryption keys with the automaker, offline.
It allows automakers and suppliers not only to secure major software updates to automotive infotainment and telematics units, it also makes possible remote, inexpensive updates to the “edge” — the dozens of in-vehicle ECUs controlling numerous functions in today's vehicles. It also supports deployment of secure fixes for vulnerabilities exploited in an attack and allows automakers to completely control critical software and share that control when appropriate.
“Uptane helps Linux secure updates at places where Linux can't run, since many ECUs, such as brake controllers, have tiny Flash memories. While we are essentially an encryption algorithm independent of Linux, we are part of Linux' high-end expansion out to smaller devices,” said Cappos.
The platform's code is posted on Github for anyone to see, test, or use. When the NYU Tandon team unveiled Uptane last year, they did so with a challenge to security experts everywhere to try to find vulnerabilities before its adoption by the automotive industry. According to Cappos, the effort led to clarifications with Uptane's reference implementation.
“We are a good example of the tools Linux is encouraging,” said Cappos. “Since we are collaborating closely with AGL, it makes sense for NYU Tandon to be a member of the Linux Foundation. We think it's the right way to move forward and we are proud to be working with AGL and Linux Foundation.”
NYU Tandon's membership in AGL gives students opportunities for a full range of technical training classes, including basic and embedded Linux, device drivers and kernel internals, and Linux system and network administration; as well as hot topics like Kubernetes and blockchain.
Dan Cauchy, Executive Director of Automotive Grade Linux, The Linux Foundation, said,
“We are excited to welcome NYU Tandon School of Engineering to The Linux Foundation and Automotive Grade Linux. We are thankful for the opportunity to collaborate with the Uptane community and look forward to further leveraging the capabilities of the platform to improve the security of connected vehicles.”
“The NYU Tandon School of Engineering is proud to join the Automotive Grade Linux community, whose members share the deeply held belief of our Uptane researchers that the free and open exchange of knowledge will strengthen our transportation system and protect all drivers and their passengers,” said NYU Tandon Dean Katipalli Streenivasan. “Our school and the University-wide Center for Cybersecurity look forward to productive collaborations that will benefit our mobile society.”