傳統汽車生產製造、車輛內裝載零件及內部組裝都由單一廠商獨力完成，在現代，裝載在一台汽車的內部組件，會由品牌原廠交由不同的原始設備製造商(Original Equipment Manufacturer, OEM)協同生產。當傳統汽車結合電腦科技，其控制車載系統的核心就是電子控制單元(Electronic Control Unit, ECU)，也就是車載上的微型電腦。一台汽車上會裝設多顆ECU，其會組成車載內部網路，ECU可藉由控制車載系統提供使用者多樣化的服務，如：可感測障礙物，讓行進中的車輛自動停止的自動煞車系統，又或是可自動駕駛到指定目的地的自動行車系統等。另外，車載內部網路是屬於半開放式的網路，會透過車載閘道器過濾進出汽車內部的資訊與檔案。故攻擊者有機會通過閘道器進入車載內部網路，取得ECU的控制權，使攻擊者可操控車載系統，會造成駕駛與乘客的生命安全危害，承此原因，ECU的韌體需要OEM製造商不定時進行更新維護，以修補舊有漏洞與增加新服務，減少駭客侵入的風險。
本篇論文提出安全且有效率的ECU韌體更新協定，使OEM製造商可透過無線公開網路進行ECU韌體更新。並依據使用情境不同，設計兩種協定可供使用者依需求做選擇。在協定中，設計使用數位簽章(Digital Signature)、橢圓曲線迪菲-赫爾曼金鑰交換(Elliptic Curve Diffie-Hellman Key Exchange, ECDH)與雜湊訊息鑑別碼(Hash Message Authentication Code, HMAC)等技術，以完成身分鑑別與確保韌體完整性，並將協定進行效能與安全性分析，驗證本協定的安全強度足可抵抗一般惡意攻擊。

In traditional vehicle industry, all the components of vehicle were produced by a single manufacturer. Nowadays, vehicles are manufactured by various original equipment manufacturer (OEM) that rely on their expertise. Furthermore, manufactures start to combine traditional automobiles and computer technology. The kernel of this is electronic control unit (ECU). Lots of ECUs installed in vehicle that will construct intra-vehicular network. In detail, they can control car system and provide many service. For example, collision avoidance system and automatic driving system are both control by ECUs through the data. What’s more, they can exchange data across different networks with a central controller, gateway. Gateway can transfer and filter data that make semi-open intra-vehicular network. However, it also gives the attacker a chance to control ECUs which may make driver and passengers in danger. In order to fix flaws and add new service, ECUs need to update firmware from time to time.

In our research, we design safer and more effective protocol for OEM to realize updating ECU firmware via Internet. According to different scenarios, we provide two protocols for user to choose. We use digital signature, hash message authentication code and elliptic curve Diffie-Hellman key exchange to achieve authentication and firmware integrity. In the end, we will analyze the protocol’s performance and verify our protocol has ability to keep off malicious attack.

摘要 I
Abstract II
誌謝 III
目錄 IV
圖目錄 VI
表目錄 VII
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機與目標 3
1.3 章節介紹 3
第二章 密碼學相關理論與技術 4
2.1 橢圓曲線加密系統 4
2.2 橢圓曲線迪菲-赫爾曼金鑰交換 4
2.3 雜湊訊息鑑別碼 6
2.4 數位簽章 6
2.5 雜湊訊息鑑別碼與數位簽章特性比較 8
第三章 文獻探討 9
3.1 車載內部網路架構 9
3.2 ECU韌體更新 10
第四章 車載網路之韌體更新協定設計 13
4.1 設計概念 13
4.2 前提假設 17
4.3 符號定義 18
4.4 推播式韌體更新協定 20
4.4.1 初始化階段 20
4.4.2 韌體推送階段 21
4.5 推拉式韌體更新協定 25
4.5.1 初始化階段 25
4.5.2 身分鑑別與金鑰協商階段 27
4.5.3 韌體推送階段 29
第五章 分析與討論 33
5.1 效能分析 33
5.2 安全性分析 34
5.2.1 竊聽攻擊之防禦 34
5.2.2 金鑰安全性 34
5.2.3 重送攻擊之防禦 35
5.2.4 偽冒攻擊之防禦 35
5.2.5 中間人攻擊之防禦 36
5.2.6 前向安全性 36
第六章 結論 37
參考文獻 38

[1] M. Khurram, H. Kumar, A. Chandak, V. Sarwade, N. Arora, and T. Quach, "Enhancing connected car adoption: Security and over the air update framework," pp. 194-198, 2016.
[2] S. Woo, H. J. Jo, and D. H. Lee, "A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN," IEEE Transactions on Intelligent Transportation Systems, pp. 1-14, 2014.
[3] Y. S. Lee, J. H. Kim, H. V. Hung, and J. W. Jeon, "A parallel re-programming method for in-vehicle gateway to save software update time," pp. 1497-1502, 2015.
[4] H. Mansor, K. Markantonakis, R. N. Akram, K. Mayes, and I. Gurulian, "Log Your Car: The Non-invasive Vehicle Forensics," pp. 974-982, 2016.
[5] H. A. Odat and S. Ganesan, "Firmware over the air for automotive, Fotamotive," pp. 130-139, 2014.
[6] Y. Onuma, Y. Terashima, and R. Kiyohara, "ECU Software Updating in Future Vehicle Networks," pp. 35-40, 2017.
[7] A. Acker and B. Beaton, "Software Update Unrest: The Recent Happenings Around Tinder and Tesla," pp. 1891-1900, 2016.
[8] M. Steger, M. Karner, J. Hillebrand, W. Rom, C. Boano, and K. Romer, "Generic framework enabling secure and efficient automotive wireless SW updates," pp. 1-8, 2016.
[9] V. L. L. Thing and J. Wu, "Autonomous Vehicle Security: A Taxonomy of Attacks and Defences," pp. 164-170, 2016.
[10] S. R. Singh, A. K. Khan, and S. R. Singh, "Performance evaluation of RSA and Elliptic Curve Cryptography," pp. 302-306, 2016.
[11] M. B. H. Krawczyk, R. Canetti, "HMAC: Keyed-Hashing for Message Authentication," RFC 2104, Internet Engineering Task Force (IETF), 1997.
[12] 莊嶸騰, "車載網路再進化- 高速網路共通性平台," vol. 108期, pp. 14-19[Online],Available: https://www.artc.org.tw/upfiles/ADUpload/knowledge/tw_knowledge_501525448.pdf
[13] D. K. Nilsson, U. E. Larson, and P. H. Phung, "Vehicle ECU classification based on safety-security characteristics," pp. 102-102, 2008.
[14] F. Sagstetter et al., "Security Challenges in Automotive Hardware/Software Architecture Design," pp. 458-463, 2013.
[15] K. Han and K. G. Shin, "Prevention of information mis-translation by a malicious gateway in connected vehicles," pp. 247-254, 2016.
[16] R. Hassan, K. Markantonakis, and R. N. Akram, "Can You Call the Software in Your Device be Firmware?," pp. 188-195, 2016.
[17] H. Teraoka, F. Nakahara, and K. Kurosawa, "Incremental update method for resource-constrained in-vehicle ECUs," pp. 1-2, 2016.
[18] G. Pedroza, M. S. Idrees, L. Apvrille, and Y. Roudier, "A Formal Methodology Applied to Secure Over-the-Air Automotive Applications," pp. 1-5, 2011.
[19] N. Jain, S. G. Mali, and S. Kulkarni, "Infield firmware update: Challenges and solutions," pp. 1232-1236, 2016.
[20] D. K. Nilsson, L. Sun, and T. Nakajima, "A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs," pp. 1-5, 2008.
[21] D. K. Nilsson and U. E. Larson, "Secure Firmware Updates over the Air in Intelligent Vehicles," pp. 380-384, 2008.
[22] M. Steger, C. Boano, M. Karner, J. Hillebrand, W. Rom, and K. Romer, "SecUp: Secure and Efficient Wireless Software Updates for Vehicles," pp. 628-636, 2016.
[23] A. Maruaisap and P. Kumhom, "A hardware-based security scheme for in-vehicle CAN," pp. 1-5, 2016.
[24] 唐偲瑋,劉佳琳,許勝翔,莊祐軒,羅乃維, "在Android平台上使用特徵指紋技術以實現App完整性驗證機制 An App Integrity Evaluation Mechanism Using Fingerprint Technology on Android Platform," 2016.