Don’t Brick Your Car: Firmware Confidentiality and Rollback for Vehicles

Hafizah Mansor, Konstantinos Markantonakis, Raja Akram, Keith Mayes

Research output: Chapter in Book/Report/Conference proceedingPublished conference contribution

11 Citations (Scopus)


In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system(s). Therefore, the life cycle of these controllers should be carefully managed. In this paper, we examine the vehicular firmware updates process and their associated security issues.We have analysed the security of the firmware update protocol proposed in the EVITA project, referred as EVITA protocol, which is considered as a main industrial effort in this field and found some potential shortcomings. Based on the analysis, in this paper we have suggested a number of improvements to the EVITA protocol, related with safety and security measures. The proposed improved protocol, also referred as EVITA+ protocol includes a rollback mechanism while preserving the confidentiality of the firmware. The integrity and authenticity of the flash driver are also considered in the EVITA+ protocol. The EVITA+ protocol is formally analysed using CasperFDR and Scyther to ensure the security of the firmware update process. Finally, we provide an insight analysis and our experience in relation to the efficiency, suitability and performance of the aforementioned tools in the field of automotive security.
Original languageEnglish
Title of host publicationThe 2015 10th International Conference on Availability, Reliability and Security
PublisherIEEE Press
Number of pages10
Publication statusPublished - 19 Oct 2015


Dive into the research topics of 'Don’t Brick Your Car: Firmware Confidentiality and Rollback for Vehicles'. Together they form a unique fingerprint.

Cite this