{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T02:06:01Z","timestamp":1776132361632,"version":"3.50.1"},"reference-count":66,"publisher":"IGI Global","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,4]]},"abstract":"<jats:p>Over-the-air (OTA) update is a method for vehicle manufacturers to remotely distribute maintenance updates, performance, and feature enhancements through the vehicle's lifespan. Recalls of vehicles cost the manufactures a lot of money. OTA solves the recall issue, while allowing consumers to pay for services and features via an update. The OTA ecosystem includes the coders who first developed the firmware, the 1st Tier suppliers, the vehicle manufacturers, and the vehicle itself. Currently, manufacturers designed the networks for speed and responsiveness, and not security. This article examines these elements and drills into the security available for each. The slowest and one of the most vulnerable parts of the system is the communications within the vehicle. The vehicle networks must ensure the integrity and authenticity of messages transmitted to guarantee software programmed onto ECUs are authorized and tamper-free. Specialist hardware within the vehicle makes this possible in an operation environment, such as hardware security modules.<\/jats:p>","DOI":"10.4018\/ijcwt.2020040104","type":"journal-article","created":{"date-parts":[[2020,3,6]],"date-time":"2020-03-06T15:56:47Z","timestamp":1583510207000},"page":"64-81","source":"Crossref","is-referenced-by-count":13,"title":["The Security Aspects of Automotive Over-the-Air Updates"],"prefix":"10.4018","volume":"10","author":[{"given":"James","family":"Howden","sequence":"first","affiliation":[{"name":"De Montfort University, Leicester, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5360-9782","authenticated-orcid":true,"given":"Leandros","family":"Maglaras","sequence":"additional","affiliation":[{"name":"De Montfort University, Leicester, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0632-3172","authenticated-orcid":true,"given":"Mohamed Amine","family":"Ferrag","sequence":"additional","affiliation":[{"name":"Guelma University, Guelma, Algeria"}]}],"member":"2432","reference":[{"key":"IJCWT.2020040104-0","unstructured":"2019). Vodafone 4G Coverage and Network Review. 4G.co.uk. Retrieved from https:\/\/www.4g.co.uk\/vodafone-4g-network-summary\/"},{"key":"IJCWT.2020040104-1","doi-asserted-by":"publisher","DOI":"10.4271\/2017-01-1613"},{"key":"IJCWT.2020040104-2","unstructured":"Brirus. (2017). Example Seed and Key Algorithm. StackExchange. Retrieved from https:\/\/security.stackexchange.com\/questions\/152270\/example-seed-and-key-algorithm"},{"key":"IJCWT.2020040104-3","doi-asserted-by":"crossref","unstructured":"Chowdhury, T., Lesiuta, E., Rikley, K., Lin, C.W., Kang, E., Kim, B., Shiraishi, S., Lawford, M., & Wassyng, A. (2017). Safe and Secure Automotive Over-The-Air Updates.","DOI":"10.1007\/978-3-319-99130-6_12"},{"key":"IJCWT.2020040104-4","unstructured":"Continental. (2019). Over-the-air Updates. Continental AG. Retrieved from https:\/\/www.continental-automotive.com\/en-gl\/Passenger-Cars\/Interior\/Software-Solutions-and-Services\/Over-the-air-Updates-for-multiple-electronic-contr"},{"key":"IJCWT.2020040104-5","unstructured":"Continental. (2019). Gateways. Continental AG. Retrieved from https:\/\/www.continental-automotive.com\/en-gl\/Passenger-Cars\/Interior\/Control-Units\/Gateways"},{"key":"IJCWT.2020040104-6","doi-asserted-by":"crossref","unstructured":"Doddapananeni, K., Lakkundi, R., Rao, S., Kulkarni, S., & Bhat, B. (2017). Secure FoTA object for IoT. Wireless Innovation Networking Group. In Proceedings of the 2017 IEEE 42 Conference on Local Computer Networks Workshops. IEEE Press.","DOI":"10.1109\/LCN.Workshops.2017.78"},{"key":"IJCWT.2020040104-7","unstructured":"Embitel. (n.d.). Decoding the \u201cComponent Concept\u201d of the Application Layer in AUTOSAR. Embitel.com. Retrieved from https:\/\/www.embitel.com\/blog\/embedded-blog\/decoding-the-component-concept-of-the-application-layer-in-autosar"},{"key":"IJCWT.2020040104-8","unstructured":"Embitel. (n.d.). Understanding What is a Flash Bootloader and the Nuances of an Automotive ECU Re-programming. Embitel.com. Retrieved from https:\/\/www.embitel.com\/blog\/embedded-blog\/what-is-flash-bootloader-and-nuances-of-an-automotive-ecu-re-programming"},{"key":"IJCWT.2020040104-9","doi-asserted-by":"publisher","DOI":"10.2824\/17802"},{"key":"IJCWT.2020040104-10","unstructured":"Evita. (2008). Objectives. EVITA Fraunhofer SIT. Retrieved from https:\/\/www.evita-project.org\/objectives.html"},{"key":"IJCWT.2020040104-11","doi-asserted-by":"publisher","DOI":"10.1145\/3368235.3368842"},{"key":"IJCWT.2020040104-12","unstructured":"Flashrouters. (2017). What is the difference between firmware and software. FlashRouters LLC. Retrieved from https:\/\/www.flashrouters.com\/blog\/2011\/11\/01\/what-is-the-difference-between-firmware-and-software\/"},{"key":"IJCWT.2020040104-13","unstructured":"Fujitsu. (2012). SHE Secure Hardware Extension. Data Security for Automotive Embedded Systems. In Proceedings of the Workshop on Cryptography and Embedded Security Embedded World. Academic Press."},{"key":"IJCWT.2020040104-14","unstructured":"GDS. (2016). Guidance: Using Transport Layer Security (TLS) in your organisation. Government Digital Service GOV.UK. Retrieved from https:\/\/www.gov.uk\/government\/publications\/email-security-standards\/transport-layer-security-tls"},{"key":"IJCWT.2020040104-15","unstructured":"Gibson, D. (2015). TPM and HSM Hardware Encryption Devices. Get Certified Get Ahead. Retrieved from https:\/\/blogs.getcertifiedgetahead.com\/tpm-hsm-hardware-encryption-devices\/"},{"key":"IJCWT.2020040104-16","unstructured":"Golson, J. (2016). Many Lexus navigation systems bricked by over-the-air software update. The Verge. Retrieved from https:\/\/www.theverge.com\/2016\/6\/7\/11879860\/lexus-navigation-broken-software-update-bug"},{"key":"IJCWT.2020040104-17","article-title":"Secure OTA Software Updates in Connected Vehicles","author":"S.Halder","year":"2019","journal-title":"Survey (London, England)"},{"key":"IJCWT.2020040104-18","unstructured":"Hellgren, H. (2018). Adaptive AUTOSAR in a nutshell. Hackernoon. Retrieved from https:\/\/hackernoon.com\/adaptive-autosar-in-a-nutshell-1cc609c1c5f5"},{"key":"IJCWT.2020040104-19","unstructured":"Hill, S. (2019). 5G vs Wi-Fi: How they\u2019re different and why you\u2019ll need both. Digital Trends. Retrieved from https:\/\/www.digitaltrends.com\/mobile\/5g-vs-wi-fi\/"},{"key":"IJCWT.2020040104-20","unstructured":"Holmes, F. (2018). Over-the-air update moving from \u2018nice to have\u2019 to \u2018vital.\u2019 Automotive World. Retrieved from https:\/\/www.automotiveworld.com\/articles\/over-the-air-updates-moving-from-nice-to-have-to-vital\/"},{"key":"IJCWT.2020040104-21","unstructured":"Holmes, F. (2019). Premium connected car services must be secured. The automotive industry\u2019s innovate or die attitude to in-vehicle technology has cyber security experts worried, writes Freddie Holmes. Automotive World. Retrieved from https:\/\/www.automotiveworld.com\/articles\/premium-connected-car-services-must-be-secured-2\/"},{"key":"IJCWT.2020040104-22","unstructured":"Instantssl. (n.d.). What is a Digital Signature? instantSSL. Retrieved from https:\/\/www.instantssl.com\/digital-signature"},{"key":"IJCWT.2020040104-23","unstructured":"Islinger, T., Mori, Y., Neumuller, J., Prisching, M., & Schmdit, R. (n.d.) AutosarSecOC for CAN-FD. DENSO AUTO. Retrieved from https:\/\/can-newsletter.org\/uploads\/media\/raw\/d904c90ba599c668e9758ae558dcb845.pdf"},{"key":"IJCWT.2020040104-24","unstructured":"ISO. (2012). Road Vehicles \u2013 Unified Diagnostic Services (UDS) \u2013 Part 4: Unified diagnostic services on FlexRay implementation (UDSonFR). Organisation Internationale de Normalisation. Retrieved from https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso:14229:-4:ed-1:v1:en"},{"key":"IJCWT.2020040104-25","unstructured":"Jackson, B. (2018). An overview of TLS 1.3 \u2013 Faster and more secure. Kinsta.com. Retrieved from https:\/\/kinsta.com\/blog\/tls-1-3\/"},{"key":"IJCWT.2020040104-26","unstructured":"Jackson, M. (2018). Ofcom 2018 Study \u2013 Average Home Broadband Speeds Hit 46.2Mbps. ISPReview. Retrieved from https:\/\/www.ispreview.co.uk\/index.php\/2018\/05\/ofcom-2018-study-average-home-broadband-speeds-hit-46-2mbps.html"},{"key":"IJCWT.2020040104-27","unstructured":"Jordan, T. (2018). How hardware security modules enable AUTOSAR. Embedded.com. Retrieved from https:\/\/www.embedded.com\/design\/safety-and-security\/4460819\/How-hardware-security-modules-enable-AUTOSAR"},{"key":"IJCWT.2020040104-28","doi-asserted-by":"publisher","DOI":"10.1109\/ICCVE.2016.5"},{"key":"IJCWT.2020040104-29","doi-asserted-by":"crossref","unstructured":"Kim, B., & Park, S. (2018). ECU Software Updating Scenario Using OTA Technology through Mobile Communication Network. In Proceedings of the 2018 IEEE 3rd International Conference on Communication and Information Systems. IEEE Press.","DOI":"10.1109\/ICOMIS.2018.8645019"},{"issue":"4","key":"IJCWT.2020040104-30","first-page":"101","article-title":"A novel distributed intrusion detection system for vehicular ad hoc networks.","volume":"6","author":"L. A.Maglaras","year":"2015","journal-title":"International Journal of Advanced Computer Science and Applications"},{"key":"IJCWT.2020040104-31","unstructured":"Neiger, C. (2016). Carmakers Could Save $35 Billion in 2022 by Doing This. The Motley Fool. Retrieved from https:\/\/www.fool.com\/investing\/general\/2016\/04\/30\/carmakers-could-save-35-billion-in-2022-by-doing-t.aspx"},{"key":"IJCWT.2020040104-32","unstructured":"NIST. (2015). Recommendation for Key Management. Part 3: Application-Specific Key Management Guidance."},{"key":"IJCWT.2020040104-33","unstructured":"OMA. (2009). Firmware Update Management Object version 1.0.2 28 Aug 2009. Open Mobile Alliance. Retrieved from http:\/\/www.openmobilealliance.org\/release\/FUMO\/V1_0_4-20090828-A\/OMA-TS-DM_FUMO-V1_0_2-20090828-A.pdf"},{"key":"IJCWT.2020040104-34","unstructured":"OMA. (2015). OMA Device Management Protocol. Open Mobile Alliance. Retrieved from http:\/\/www.openmobilealliance.org\/release\/DM\/V2_0-20150122-C\/OMA-TS-DM_Protocol-V2_0-20150122-C.pdf"},{"key":"IJCWT.2020040104-35","first-page":"1","article-title":"A formal methodology applied to secure over-the-air automotive applications.","author":"G.Pedroza","year":"2011","journal-title":"Proceedings of the 2011 IEEE Vehicular technology conference (VTC Fall)"},{"key":"IJCWT.2020040104-36","unstructured":"Petri, R., Springer, M., Zelle, D., McDonald, I., Fuchs, A., & Krau\u00df, C. (2016). Evaluation of lightweight TPMs for automotive software updates over the air."},{"key":"IJCWT.2020040104-37","unstructured":"Quain, J. (2018). With benefits \u2013 and risk \u2013 software updates are coming to the car. Digital Trends. Retrieved from https:\/\/www.digitaltrends.com\/cars\/over-the-air-software-updates-cars-pros-cons\/"},{"issue":"1","key":"IJCWT.2020040104-38","article-title":"A Survey on Connected Vehicles Vulnerabilities and Countermeasures.","volume":"6","author":"C.Riggs","year":"2018","journal-title":"Journal of Traffic and Logistics Engineering"},{"issue":"1","key":"IJCWT.2020040104-39","article-title":"A Survey on Connected Vehicles Vulnerabilities and Countermeasures.","volume":"6","author":"C.Riggs","year":"2018","journal-title":"Journal of Traffic and Logistics Engineering"},{"key":"IJCWT.2020040104-40","article-title":"Evaluation of Vehicle Diagnostic Security \u2013 Implementation of a Reproducible Security Access.","author":"M.Ring","year":"2014","journal-title":"SECUREWARE 2014: The Eight International Conference on Emerging Security Information, Systems and Technologies. Academic Press."},{"key":"IJCWT.2020040104-41","unstructured":"Rouse, M. (2018). OTA update (over-the-air update). TechTarget. Retrieved from https:\/\/searchmobilecomputing.techtarget.com\/definition\/OTA-update-over-the-air-update"},{"key":"IJCWT.2020040104-42","doi-asserted-by":"crossref","unstructured":"Ryu, H. K., Cho, S. R., & Piao, S. (2008). The design of remote vehicle management system based on OMA DM Protocol and AUTOSAR S\/W Architecture. In Proceedings of the International Conference on Advanced Language Processing and Web Information Technology 2008. Academic Press.","DOI":"10.1109\/ALPIT.2008.18"},{"key":"IJCWT.2020040104-43","unstructured":"Schmitt, B. (2019). Why Haven\u2019t Over-The-Air Updates Taken Over The Auto Industry? TheDrive.com. Retrieved from https:\/\/www.thedrive.com\/tech\/26679\/why-havent-over-the-air-updates-taken-over-the-auto-industry"},{"key":"IJCWT.2020040104-44","doi-asserted-by":"publisher","DOI":"10.1109\/ICCVE.2015.21"},{"key":"IJCWT.2020040104-45","unstructured":"Soja, R. (2014). Automotive Security: From Standard to Implementation. NXP Semiconductors. Retrieved from https:\/\/www.nxp.com\/docs\/en\/white-paper\/AUTOSECURITYWP.pdf"},{"key":"IJCWT.2020040104-46","unstructured":"Squemish ossirage (SO). (2018). How effective is quantum computing against elliptic curve cryptography? CRYPTOGRAPHY StackExchange. Retrieved from https:\/\/crypto.stackexchange.com\/questions\/59770\/how-effective-is-quantum-computing-against-elliptic-curve-cryptography"},{"key":"IJCWT.2020040104-47","unstructured":"SSL2BUY. (n.d.). Symmetric vs Asymmetric Encryption \u2013 What is the differences? SSL2BUY. Retrieved from https:\/\/www.ssl2buy.com\/wiki\/symmetric-vs-asymmetric-encryption-what-are-differences"},{"key":"IJCWT.2020040104-48","first-page":"1","article-title":"IoT-based Software Update Proposal for Next Generation Automotive Middleware Stacks.","author":"S.Stevi\u0107","year":"2018","journal-title":"Proceedings of the 2018 IEEE 8th International Conference on Consumer Electronics-Berlin (ICCE-Berlin)"},{"key":"IJCWT.2020040104-49","unstructured":"Trusted Computer Group (TCG). (2015, June 29). Trusted Computing Group TPM 2.0 Library Specification Approved as an ISO\/IEC International Standard. Retrieved from https:\/\/trustedcomputinggroup.org\/trusted-computing-group-tpm-2-0-library-specification-approved-isoiec-international-standard-date-published-june-29-2015\/"},{"key":"IJCWT.2020040104-50","doi-asserted-by":"crossref","unstructured":"Teraoka, H., Nakahara, F., & Kurosawa, K. (2016). Incremental Update Method for Resource-Constrained In-vehicle ECUs. In Proceedings of the 2016 IEEE 5th Global Conference on Consumer Electronics. IEEE Press.","DOI":"10.1109\/GCCE.2016.7800507"},{"key":"IJCWT.2020040104-51","unstructured":"Tutorialpoints. (n.d.). Message Authentication Codes (MAC). Tutorials Point. Retrieved from https:\/\/www.tutorialspoint.com\/cryptography\/message_authentication.htm"},{"key":"IJCWT.2020040104-52","unstructured":"UN Secretariat. (2016). Relations between Type Approval and post-sale over-the-air software updates for automotive related systems. Document No. ITS\/AD-10-13 10th ITS\/AD 16 November 2016."},{"key":"IJCWT.2020040104-53","unstructured":"UNECEWP29. (2018). Draft Recommendation on Software Updates of the Task Force on Cyber Security and Over-the-air issues of UNECE WP.29 GRVA. Informal Document GRVA-01-18 1st GRVA session, 25-28 September 2018 Agenda item 6(b)."},{"key":"IJCWT.2020040104-54","unstructured":"Vehicle Certification Agency (VCA). (2019). Type Approval for Cars. UK GOV. Retrieved from https:\/\/www.vehicle-certification-agency.gov.uk\/vehicletype\/type-approval-for-ca.asp"},{"key":"IJCWT.2020040104-55","unstructured":"Vector. (2015). AUTOSAR Security Modules \u2013 current status VECTOR 2015-05-27 v1.00."},{"key":"IJCWT.2020040104-56","unstructured":"Verma, A. (2018). Securing Automotive Software Over the air updates. Excelfore.com. Retrieved from https:\/\/excelfore.com\/blog\/securing-automotive-software-air-updates\/"},{"key":"IJCWT.2020040104-57","doi-asserted-by":"crossref","unstructured":"Vesenev, A., Stahl, F., Hamazayan, H., Ma, Z., Shan, L., Kemmerich, J., & Loiseaux, C. (2019). Practical security and privacy threat analysis in the automotive domain: Long term support scenario for over-the-air updates.","DOI":"10.5220\/0007764205500555"},{"key":"IJCWT.2020040104-58","article-title":"Warwick Control Technologies ("},{"key":"IJCWT.2020040104-59","unstructured":"Wind River. (2011) Wind River Platform for Android."},{"key":"IJCWT.2020040104-60","unstructured":"Wind River. (2017). Implementing Over-the-Air Software Updates for Automotive Applications."},{"key":"IJCWT.2020040104-61","unstructured":"Wind River. (2018). Keeping Pace with the Software-Driven Car."},{"key":"IJCWT.2020040104-62","unstructured":"Wind River. (2019). Wind River Automotive Solutions."},{"key":"IJCWT.2020040104-63","unstructured":"Wind River. (2019). Wind River Edge Sync. Delivering comprehensive software, Firmware, and Data Management technologies."},{"issue":"5","key":"IJCWT.2020040104-64","article-title":"Research on Automotive UDS Diagnostic Protocol Stack Test System.","volume":"4","author":"J.Yu","year":"2016","journal-title":"Journal of Automation and Control Engineering"},{"key":"IJCWT.2020040104-65","first-page":"109","article-title":"Secure software updates for intelligent connected vehicles.","volume":"3","author":"Y.Zhou","year":"2019","journal-title":"Electrical Engineering and Computer Science"}],"container-title":["International Journal of Cyber Warfare and Terrorism"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=250906","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T00:12:04Z","timestamp":1651795924000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJCWT.2020040104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2020,4]]},"references-count":66,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.4018\/ijcwt.2020040104","relation":{},"ISSN":["1947-3435","1947-3443"],"issn-type":[{"value":"1947-3435","type":"print"},{"value":"1947-3443","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,4]]}}}