簡易檢索 / 詳目顯示

回結果列表
研究生: 周淵修
Yuan-Hsiu Chou
論文名稱: 區域體系架構車輛無線更新安全框架
Over-The-Air Update Security Framework for Zonal Architecture Vehicle
指導教授: 查士朝
Shi-Cho Cha
口試委員: 羅乃維
Nai-Wei Lo
黃政嘉
Jheng-Jia Huang
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2023
畢業學年度: 111
語文別: 中文
論文頁數: 109
中文關鍵詞: 車輛無線更新安全區域體系架構車用乙太網路二階段提交協定原子性更新
外文關鍵詞: Vehicle Over-The-Air Update Security, Zonal Architecture, Automotive Ethernet, Two-phase Commit, Atomic Updates
相關次數: 點閱:158下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 隨著電動車和自動駕駛技術的快速發展,汽車的內部軟硬體系統變得越來越複雜。過去功能域體系架構(Domain Architecture)的車輛已經無法有效應對安全性與使用者娛樂持續增長的需求。因此,汽車產業正在朝向更具可擴充性和靈活性的區域體系架構(Zonal Architecture)轉變。目前主流認為透過車用乙太網路(Automotive Ethernet)作為車內骨幹網路的區域體系架構,有望成為一種各家車廠通用的車內網路架構,以滿足現代車輛對於高效能和彈性的需求。
    同時,由於車輛內部軟硬體的大量增加,使得無線更新(Over-The-Air,OTA)成為未來維護汽車軟體和硬體最新狀態以及車輛安全性的關鍵技術。因此,本研究關注於區域體系架構車輛的無線更新安全性,包括如何從 OTA 雲端伺服器安全地下載更新包、如何防止駭客竄改或偽造更新包、以及當更新失敗時應制定相應的策略等。這些問題都需要深入的探討,以避免惡意的更新或是部分元件更新失敗導致車用電子系統異常,危害駕駛人身安全。
    本研究針對上述問題提出了一套適用於區域體系架構的車輛無線更新策略。首先,透過將二階段提交(Two-phase Commit)協定應用於區域體系架構車輛的更新流程中,確保了更新操作的原子性,避免車用電子系統的異常運作。此外,本研究分析了區域體系架構車輛無線更新可能的安全威脅,並為該架構下主要的車載元件制定了一套符合 UNECE R156 和 ISO24089 國際車輛軟體更新標準的安全需求規格,確保了車輛在更新過程中的穩定性。這套框架對於未來汽車產業的發展具有重大影響,不僅為車廠提供了一個具有實施參考價值的模型,還為未來的車輛軟體更新提供了更強的安全保證,推動了汽車產業的進步。

    With the advancement of electric vehicles and autonomous driving, the complexity of vehicles' internal systems has significantly increased. Consequently, the in-vehicle network architecture is transitioning from the traditional Domain Architecture to a more scalable and flexible Zonal Architecture. By adopting Automotive Ethernet as the backbone of the in-vehicle network, this new architecture has the potential to become a universal standard across various manufacturers, effectively meeting the needs for efficiency and flexibility in modern vehicles.
    Moreover, Over-The-Air (OTA) updates have emerged as a crucial technology for maintaining the latest software and hardware in vehicles, as well as ensuring safety. We focus on the security threats of OTA updates within Zonal Architecture, including secure download of update packages, prevention of tampering, and strategies for
    handling update failures. These issues require thorough examination to prevent malicious updates and ensure driver safety.
    This research presents an OTA update strategy for vehicles with Zonal Architecture. We utilize the Two-phase Commit protocol to ensure atomicity in update operations, thus preventing malfunctionsin automotive electronics. Further, we identify potential security threats of OTA updates within Zonal Architecture and formulate security requirements that adhere to international vehicle software update standards UNECE R156 and ISO24089. This work provides a reference model for manufacturers,
    significantly impacting the future development of the automotive industry. Additionally, it enhances the security assurance for future vehicle software updates.

    摘要 I Abstract II 誌謝 III 目錄 IV 圖目錄 VII 表目錄 IX 第一章 緒論 1 1.1 前言 1 1.2 研究動機與目的 2 1.3 論文架構 4 第二章 背景知識 5 2.1 車輛 OTA 更新定義與發展 5 2.1.1 車輛 OTA 更新與以往 OTA 更新之差異 5 2.1.2 OTA 更新的歷史發展 5 2.1.3 未來趨勢 6 2.2 車用電子系統與車內網路 7 2.2.1 車用電子系統 7 2.2.2 車內網路通訊技術 8 2.2.3 區域體系架構主要之車載元件及功能 10 2.2.4 車內網路架構之轉變 14 2.3 基於車用乙太網路連接之車載元件間資料傳遞 17 2.3.1 AUTOSAR 適應性平台介紹 17 2.3.2 資料通訊協定:SOME/IP 19 2.3.3 SOME/IP 通訊機制 20 2.3.4 SOME/IP 封包格式 23 2.3.5 更新包傳遞情境分析 25 2.4 基於控制器區域網路連接之車載元件間資料傳遞 26 2.4.1 控制器區域網路基本概念 26 2.4.2 控制器區域網路資料傳輸方式 26 2.4.3 資料接收決定機制 29 2.4.4 大型資料傳遞情境分析 30 2.4.5 控制器區域網路之挑戰 31 2.5 更新包內容與車載元件位址設計 32 2.5.1 更新包內容 32 2.5.2 車載元件位址設計 34 2.6 軟韌體更新過程分析 37 2.6.1 電子控制單元韌體更新 37 2.6.2 區域控制器軟體更新 39 2.7 OTA 更新挑戰 40 第三章 文獻探討 41 3.1 車聯網安全 41 3.2 車輛 OTA 技術 42 3.2.1 OTA 更新階段 42 3.2.2 OTA 概述與安全更新 43 3.2.3 OTA 雲端伺服器架構 44 3.2.4 OTA 網路安全與威脅模型 46 3.2.5 現有之車輛無線韌體更新標準 46 3.2.6 與本論文之比較 47 第四章 車輛 OTA 更新安全威脅分析 48 4.1 車內網路架構與車輛 OTA 更新流程分析 48 4.1.1 未來車內網路架構分析 48 4.1.2 車輛 OTA 更新流程分析 49 4.2 車輛 OTA 安全威脅分析 50 4.2.1 威脅來源一:OTA 雲端伺服器 50 4.2.2 威脅來源二:基地台 51 4.2.3 威脅來源三:車輛實體與周邊 52 4.2.4 威脅來源四:車輛系統內部攻擊行為 53 4.2.5 威脅來源五:更新原子性問題 54 4.3 安全需求分析 55 第五章 車輛 OTA 更新安全框架設計 58 5.1 安全框架總覽 58 5.2 保持更新原子性之策略 58 5.2.1 二階段提交介紹 58 5.2.2 二階段提交應用於車輛更新流程 59 5.2.3 區域控制器軟體更新原子性 64 5.2.4 電子控制單元韌體更新原子性 71 5.3 車載元件在 OTA 中的安全需求規格 76 5.3.1 車載資通訊控制單元安全需求規格 76 5.3.2 車用電腦安全需求規格 78 5.3.3 區域控制器安全需求規格 80 5.3.4 診斷系統安全需求規格 81 5.3.5 車用資訊娛樂系統安全需求規格 81 5.3.6 電子控制單元安全需求規格 82 第六章 安全框架實現與評估 83 6.1 系統環境 83 6.2 實驗範圍 85 6.3 實驗結果 86 6.3.1 下載更新包之實驗 86 6.3.2 區域控制器軟體更新原子性之實驗 89 第七章 結論與未來展望 92 7.1 結論 92 7.2 研究限制 92 7.3 未來展望 93 參考文獻 94

    [1] C. Hammerschmidt, “Number of automotive ECUs continues to rise,” eeNews
    Europe, May 15, 2019. https://www.eenewseurope.com/en/number-ofautomotive-ecus-continues-to-rise/ (accessed Jun. 09, 2023).
    [2] “The Rise of Automotive ECU: Indispensable Automation Worthy of all the
    Hype.” https://www.fortunebusinessinsights.com/blog/automotive-electroniccontrol-unit-ecu-market-10200 (accessed Jun. 09, 2023).
    [3] “Search AUTOSAR.” https://www.autosar.org/search?tx_solr%5Bq%5D=FOTA
    (accessed Jul. 13, 2023).
    [4] “Search AUTOSAR.”
    https://www.autosar.org/search?tx_solr%5Bq%5D=Requirements+on+Firmware
    +Over-The-Air (accessed Jul. 23, 2023).
    [5] “Search AUTOSAR.” https://www.autosar.org/search?tx_solr%5Bq%5D=UCM
    (accessed Jul. 13, 2023).
    [6] “UN Regulation No. 156 - Software update and software update management
    system | UNECE.” https://unece.org/transport/documents/2021/03/standards/unregulation-no-156-software-update-and-software-update (accessed Aug. 06,
    2023).
    [7] 14:00-17:00, “ISO 24089:2023,” ISO. https://www.iso.org/standard/77796.html
    (accessed Aug. 06, 2023).
    [8] “Over-the-Air Software Updates – Reaping Benefits for the Automotive Industry,”
    FutureBridge, Jan. 22, 2020. https://www.futurebridge.com/blog/over-the-airsoftware-updates-reaping-benefits-for-the-automotive-industry/ (accessed Jun. 09,
    2023).
    [9] M. Rohith and K. Sreelakshmi, “Design and Integration of Gateway Electronic
    Control Unit (ECU) for Automotive Electronics Applications,” in 2021 Asian
    Conference on Innovation in Technology (ASIANCON), Aug. 2021, pp. 1–4. doi:
    10.1109/ASIANCON51346.2021.9545049.
    [10] “What is the ideal Ethernet choice for automotive applications?”
    https://www.microcontrollertips.com/what-is-the-ideal-ethernet-choice-forautomotive-applications-faq/ (accessed Jun. 18, 2023).
    [11] AutoPi.io, “Automotive Ethernet Changes the Automotive Industry (2021),”
    AutoPi.io. https://www.autopi.io/blog/automotive-ethernet-changes-automotiveindustry/ (accessed Jun. 09, 2023).
    [12] “Reverse Engineering Tesla Hardware | Pen Test Partners.”
    https://www.pentestpartners.com/security-blog/reverse-engineering-teslahardware/ (accessed Apr. 14, 2023).
    [13] Teleport, “What is the difference between HSM and TSM?”
    https://goteleport.com/blog/tpm-vs-hsm-difference/ (accessed Jun. 10, 2023).
    [14] I. T. AG, “e-learning - Infineon Technologies.”
    https://www.infineon.com/cms/media/eLearning/Automotive/OPTIGA_TPM_Se
    curity/ (accessed Jun. 10, 2023).
    [15] I. T. AG, “Automotive telematics control unit (TCU) architecture - Infineon
    Technologies.”
    https://www.infineon.com/cms/en/applications/automotive/automotivesecurity/telematics-control-unit/ (accessed Jun. 10, 2023).
    [16] S. Lu, N. Ammar, A. Ganlath, H. Wang, and W. Shi, “A Comparison of End-toEnd Architectures for Connected Vehicles,” in 2022 Fifth International
    Conference on Connected and Autonomous Driving (MetroCAD), Apr. 2022, pp.
    72–80. doi: 10.1109/MetroCAD56305.2022.00015.
    [17] AG I. T., “Automotive connected gateways - Infineon Technologies.”
    https://www.infineon.com/cms/en/applications/automotive/body-electronicsand-lighting/gateway/ (accessed Jun. 10, 2023).
    [18] T. Häckel, A. Schmidt, P. Meyer, F. Korf, and T. C. Schmidt, “Strategies for
    Integrating Control Flows in Software-Defined In-Vehicle Networks and Their
    Impact on Network Security,” in 2020 IEEE Vehicular Networking Conference
    (VNC), Feb. 2020, pp. 1–8. doi: 10.1109/VNC51378.2020.9318372.
    [19] A. B.-N. Edelhaus John Heinlein, Simon, “Software-Defined Networking for the
    Software-Defined Vehicle,” Marvell Blog | We’re Building the Future of Data
    Infrastructure, Jan. 04, 2023. https://blogs.marvell.com/2023/01/softwaredefined-networking-for-the-software-defined-vehicle/ (accessed May 02, 2023).
    [20] Automotive SDN Prototype and Use Cases, (Jan. 07, 2023). Accessed: May 02,
    2023. [Online Video]. Available:
    https://www.youtube.com/watch?v=iFYJqUeP3zg
    [21] “How Zonal E/E Architectures with Ethernet Are Enabling Software-Defined
    Vehicles.” http://www.nxp.com/company/blog/how-zonal-ee-architectures-areenabling-software-defined-vehicles:BL-HOW-ZONAL-EE-ARCHITECTURES
    (accessed Apr. 27, 2023).
    [22] “Zone Control.” https://www.nxp.com/applications/automotive/vehiclenetworking/automotive-zone-control:AUTOMOTIVE-ZONE-CONTROLLER
    (accessed Apr. 27, 2023).
    [23] S. Munoz, “Automotive Architectures: Domain, Zonal and the Rise of Central,”
    EE Times, Feb. 16, 2022. https://www.eetimes.com/automotive-architecturesdomain-zonal-and-the-rise-of-central/ (accessed Apr. 27, 2023).
    [24] “Zonal 架構:車輛設計的 5 項革命,” 電子工程專輯, Nov. 15, 2022.
    https://www.eettaiwan.com/20221115ta71-zonal-architecture-five-revolutionsin-vehicle-design/ (accessed Apr. 27, 2023).
    [25] W. G. Wong, “What’s the Difference Between Domain and Zonal Automotive
    Architectures?,” Electronic Design, Jun. 2021.
    https://www.electronicdesign.com/markets/automotive/article/21166567/electron
    ic-design-whats-the-difference-between-domain-and-zonal-automotivearchitectures (accessed Apr. 27, 2023).
    [26] “Automotive Zonal Architecture | Guardknox,” Sep. 02, 2020.
    https://www.guardknox.com/automotive-zonal-architecture/ (accessed Apr. 27,
    2023).
    [27] “The E/E architecture of the future.” https://www.bosch-mobilitysolutions.com/en/mobility-topics/ee-architecture/ (accessed Jun. 06, 2023).
    [28] “Processing the advantages of zone architecture in automotive - Automotive -
    Technical articles - TI E2E support forums,” Apr. 21, 2023.
    https://e2e.ti.com/blogs_/b/behind_the_wheel/posts/processing-the-advantagesof-zone-architecture-in-automotive (accessed Jun. 10, 2023).
    [29] “The Evolution of E/E Architecture and Software Platform for R-Car/RH850 |
    Renesas.” https://www.renesas.com/us/en/blogs/evolution-ee-architecture-andsoftware-platform-r-carrh850 (accessed Jul. 07, 2023).
    [30] MIH, “MIH.” https://www.mih-ev.org/tw/index/ (accessed Jul. 07, 2023).
    [31] “AUTOSAR,” Wikipedia. Mar. 13, 2023. Accessed: Jun. 11, 2023. [Online].
    Available:
    https://en.wikipedia.org/w/index.php?title=AUTOSAR&oldid=1144451954
    [32] “Scalable service-Oriented MiddlewarE over IP (SOME/IP).” https://someip.com/index.shtml (accessed Jun. 11, 2023).
    [33] “ 一 文 搞 懂 车 载 以 太 网 之 SOME/IP- 电子工程专辑 .” https://www.eetchina.com/mp/a119757.html (accessed Jun. 11, 2023).
    [34] “Search AUTOSAR.”
    https://www.autosar.org/search?tx_solr%5Bq%5D=SOME%2FIP+Protocol+Spe
    cification (accessed Jul. 14, 2023).
    [35] “CAN in Automation (CiA): History of the CAN technology.” https://www.cancia.org/can-knowledge/can/can-history/ (accessed Jul. 02, 2023).
    [36] “CAN Protocols,” Bosch semiconductors for Automotive. https://www.boschsemiconductors.com/ip-modules/can-protocols/ (accessed Jul. 02, 2023).
    [37] “Overview of the CAN Bus Protocol,” Electronic Component and Engineering
    Solution Forum - TechForum │ Digi-Key, Mar. 25, 2022.
    https://forum.digikey.com/t/overview-of-the-can-bus-protocol/21170 (accessed
    Jul. 02, 2023).
    [38] “Wiki - CAN.” http://wiki.csie.ncku.edu.tw/embedded/CAN (accessed Jul. 02,
    2023).
    [39] “ISO-TP — Knowledgebase.” https://dissec.to/kb/chapters/isotp/isotp.html
    (accessed Jul. 03, 2023).
    [40] “UDS Explained - A Simple Intro (Unified Diagnostic Services),” CSS
    Electronics. https://www.csselectronics.com/pages/uds-protocol-tutorial-unifieddiagnostic-services (accessed Jul. 04, 2023).
    [41] “Bootloader firmware update: Benefits and description of implementation in
    practice | PCB master.” https://www.pcbmaster.eu/bootloader-firmware-updatebenefits-and-description-implementation-practice (accessed Jun. 22, 2023).
    [42] “Bootloader | Arduino Documentation.”
    https://docs.arduino.cc/hacking/software/Bootloader (accessed Jun. 23, 2023).
    [43] M. Henson, “17 Essential Steps In The Software Upgrade Process,” eLearning
    Industry, Mar. 16, 2018. https://elearningindustry.com/software-upgrade-processessential-steps (accessed Jun. 23, 2023).
    [44] A. Murray, “Learn How To Update Docker Images Easily and Quickly,” Mend,
    Jul. 18, 2022. https://www.mend.io/free-developer-tools/blog/update-dockerimages/ (accessed Jun. 23, 2023).
    [45] S. Halder, A. Ghosal, and M. Conti, “Secure Over-The-Air Software Updates in
    Connected Vehicles: A Survey,” Comput. Netw., vol. 178, p. 107343, Jun. 2020,
    doi: 10.1016/j.comnet.2020.107343.
    [46] G. Carter, “OTA Challenges for Automakers.”
    https://blog.securityinnovation.com/ota-challenges-for-automakers (accessed Jun.
    10, 2023).
    [47] S. M. Group, “OTA Reflashing: The Challenges and Solutions,” Feb. 21, 2016.
    https://www.mobilityengineeringtech.com/component/content/article/ae/pub/reg
    ulars/technology-reports/42438 (accessed Jun. 10, 2023).
    [48]J. Koon, “Cybersecurity Risks Of Automotive OTA,” Semiconductor Engineering,
    Dec. 01, 2022. https://semiengineering.com/cybersecurity-risks-of-automotiveota/ (accessed Jun. 10, 2023).
    [49] “OEMs Need to Know About China’s Cybersecurity Regulations,” Sibros, Jan.
    21, 2022. https://www.sibros.com/post/what-oems-need-to-know-about-chinascybersecurity-regulations (accessed Apr. 15, 2023).
    [50] I. Rouf et al., “Security and Privacy Vulnerabilities of In-Car Wireless Networks:
    A Tire Pressure Monitoring System Case Study”.
    [51] S. Checkoway et al., “Comprehensive experimental analyses of automotive attack
    surfaces,” in Proceedings of the 20th USENIX conference on Security, in SEC’11.
    USA: USENIX Association, Aug. 2011, p. 6.
    [52] N. Asselin-Miller et al., “Study on the Deployment of C-ITS in Europe: Final
    Report,” no. 1.
    [53] Kovacs E., “Tesla Car Hacked Remotely From Drone via Zero-Click Exploit,”
    SecurityWeek, May 03, 2021. https://www.securityweek.com/tesla-car-hackedremotely-drone-zero-click-exploit/ (accessed Feb. 27, 2023).
    [54] Weise E., “Chinese group hacks a Tesla for the second year in a row,” USA
    TODAY. https://www.usatoday.com/story/tech/2017/07/28/chinese-group-hackstesla-second-year-row/518430001/ (accessed Feb. 27, 2023).
    [55] A. Greenberg, “Hackers Remotely Kill a Jeep on the Highway—With Me in It,”
    Wired. Accessed: Feb. 27, 2023. [Online]. Available:
    https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
    [56] S. Nie, L. Liu, and Y. Du, “free-fall-hacking-tesla-from-wireless-to-can-bus”.
    [57] T. Kim and S. Park, “Compare of Vehicle Management over the Air and On-Board
    Diagnostics,” in 2019 International Symposium on Intelligent Signal Processing
    and Communication Systems (ISPACS), Feb. 2019, pp. 1–2. doi:
    10.1109/ISPACS48206.2019.8986260.
    [58] A. Nasr, M. Ghoneima, and B. A. Abdullah, “Automotive Software Self
    Reprogramming OTA,” in 2022 13th International Conference on Electrical
    Engineering (ICEENG), Mar. 2022, pp. 76–80. doi:
    10.1109/ICEENG49683.2022.9781935.
    [59] R. Petri, M. Springer, D. Zelle, I. McDonald, A. Fuchs, and C. Krauß, “Evaluation
    of Lightweight TPMs for Automotive Software Updates over the Air,” Jun. 2016.
    [60] H. Kexun, W. Changyuan, H. Yanyan, and F. Xiyu, “Research on cyber security
    Technology and Test Method of OTA for Intelligent Connected Vehicle,” in 2020
    International Conference on Big Data, Artificial Intelligence and Internet of
    Things Engineering (ICBAIE), Jun. 2020, pp. 194–198. doi:
    10.1109/ICBAIE49996.2020.00048.
    [61] M. Khatun, M. Glaß, and R. Jung, “An Approach of Scenario-Based Threat
    Analysis and Risk Assessment Over-the-Air updates for an Autonomous Vehicle,”
    in 2021 7th International Conference on Automation, Robotics and Applications
    (ICARA), Feb. 2021, pp. 122–127. doi: 10.1109/ICARA51699.2021.9376542.
    [62] S. Yeasmin and A. Haque, “A Multi-Factor Authenticated Blockchain-Based
    OTA Update Framework for Connected Autonomous Vehicles,” in 2021 IEEE
    94th Vehicular Technology Conference (VTC2021-Fall), Sep. 2021, pp. 1–6. doi:
    10.1109/VTC2021-Fall52928.2021.9625372.
    [63] M. Steger, A. Dorri, S. Kanhere, K. Römer, R. Jurdak, and M. Karner, “Secure
    Wireless Automotive Software Up-dates using Blockchains – A Proof of Concept,”
    Apr. 2017.
    [64] “Experimental Security Analysis of a Modern Automobile | IEEE Conference
    Publication | IEEE Xplore.” https://ieeexplore-ieeeorg.ezproxy.lib.ntust.edu.tw/document/5504804 (accessed Jul. 27, 2023).
    [65] S. Mahmood, H. N. Nguyen, and S. A. Shaikh, “Systematic threat assessment and
    security testing of automotive over-the-air (OTA) updates,” Veh. Commun., vol.
    35, p. 100468, Jun. 2022, doi: 10.1016/j.vehcom.2022.100468.
    [66] A. Qureshi, M. Marvi, J. A. Shamsi, and A. Aijaz, “eUF: A framework for
    detecting over-the-air malicious updates in autonomous vehicles,” J. King Saud
    Univ. - Comput. Inf. Sci., vol. 34, no. 8, Part A, pp. 5456–5467, Sep. 2022, doi:
    10.1016/j.jksuci.2021.05.005.
    [67] N. Suzuki, T. Hayashi, and R. Kiyohara, “Data Compression for Software
    Updating of ECUs,” in 2019 IEEE 23rd International Symposium on Consumer
    Technologies (ISCT), Jun. 2019, pp. 304–307. doi: 10.1109/ISCE.2019.8901008.
    [68] Y. Jia, X. Shao, S. Wang, R. Zhai, Q. Li, and Y. Wang, “Research on Vehicle
    OTA Upgrade Technology Based on BSDIFF Difference Algorithm,” in 2021
    IEEE International Conference on Advances in Electrical Engineering and
    Computer Applications (AEECA), Aug. 2021, pp. 1113–1117. doi:
    10.1109/AEECA52519.2021.9574325.

    QR CODE