Uptane is a Linux Foundation / Joint Development Foundation hosted software framework designed to ensure that valid, current software updates are installed in adversarial environments.[1][2] It establishes a process of checks and balances on these electronic control units (ECUs) that can ensure the authenticity of incoming software updates.[3] Uptane is designed for "compromise-resilience," or to limit the impact of a compromised repository, an insider attack, a leaked signing key, or similar attacks.[4][5] It can be incorporated into most existing software update technologies, but offers particular support for over-the-air programming or OTA programming strategies originating from The Update Framework.[6]
History
editUptane was developed by a team of engineers at New York University Tandon School of Engineering in Brooklyn, NY, the University of Michigan Transportation Research Institute in Ann Arbor, MI, and the Southwest Research Institute in San Antonio, TX.[7][8] It was developed as open source software under a grant from the U.S. Department of Homeland Security.[9]
In 2018, the Uptane Alliance, a non-profit organization, was formed under the aegis of IEEE-ISTO[10][11] to oversee the first formal release of a standard. The first standard volume, entitled IEEE-ISTO 6100.1.0.0 Uptane Standard for Design and Implementation, was released on July 31, 2019.[12] Uptane was recognized in 2017 by Popular Science as one of that year’s top security innovations.[13]
As of 2020, multiple implementations of Uptane are available, both through open source projects such as the Linux Foundation’s Automotive Grade Linux,[14][15] and through third party commercial suppliers, such as Advanced Telematic Systems (ATS), now part of Here Technologies,[16][17] and Airbiquity.[18][19] There is also a reference implementation meant to aid adopters implementing Uptane.[20]
References
edit- ^ Detsch, Jack (18 January 2017). "Are Software Updates Key to Stopping Criminal Car Hacks?". Christian Science Monitor. Retrieved 1 May 2020.
- ^ Matthews, Lee (19 January 2017). "Uptane will Protect Your Connected Car from Hackers". Forbes. Retrieved 1 May 2020.
- ^ Kuppusamy, Trishank Karthik; Brown, Akan; Awwad, Sebastien; McCoy, Damon; Bielawski, Russ; Mott, Cameron; Lauzon, Sam; Weimerskirch, Andre; Cappos, Justin (November 2016). "Uptane: Securing Software Updates for Automobiles" (PDF). escar2016.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Kerner, Sean Michael (24 April 2017). "How The Update Framework Improves Security of Software Updates". eWeek. Retrieved 1 May 2020.
- ^ Kuppusamy, Trishank Karthik; Torres-Arias, Santiago; Diaz, Vladimir; Cappos, Justin (March 2016). "Diplomat: Using Delegations to Protect Community Repositories" (PDF). NSDI 2016.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ "Uptane Design". uptane.github.io. April 1, 2022. Retrieved 2023-08-18.
- ^ Woods, Tyler (19 January 2017). "NYU Tandon Prof Unveils Homeland Security-funded Framework for Software Security in Cars". Technical.ly. Retrieved 4 January 2019.
- ^ Flahive, Paul (26 January 2017). "A Future Car May Be Protected From Hacking By Software Developed In San Antonio". All Things Considered-Texas Public Radio. Retrieved 4 January 2019.
- ^ "Cyber Security Division Technology Guide 2018" (PDF). US Department of Homeland Security: 9. Retrieved 4 January 2019.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ "Uptane Alliance". IEEE/ISTO. 31 July 2018. Retrieved 8 January 2020.
- ^ Frost, Adam (29 May 2019). "Here Technologies joins the Uptane Alliance for highly-secure software updates". TrafficTechnologyToday.com. Retrieved 8 January 2020.
- ^ "IEEE-ISTO 6100.1.0.0 Uptane Standard for Design and Implementation" (PDF). IEEE/ISTO. 31 July 2019. Retrieved 8 January 2020.
- ^ Atherton, Kelsey D.; Feltman, Rachel (17 October 2017). "The year's most important innovations in security". Popular Science. Retrieved 1 May 2020.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ "About Automotive Grade Linux". AGL. Retrieved 8 January 2020.
- ^ "Linux Foundation's Open Source Automotive Software Project Takes Off". Xconomy.com. 7 May 2019. Retrieved 8 January 2020.
- ^ "ATS integrates Uptane security framework for OTA updates". IHS Markit/Autotechinsight. 19 June 2017. Retrieved 1 May 2020.
- ^ Rajan, Piyush (15 June 2017). "ATS integrates the Uptane security framework for OTA updates". Telematics Wire. Retrieved 1 May 2020.
- ^ D’Mello, Anasia (14 December 2018). "Airbiquity reinforces the security and data analysis features of OTAmatic". IoT Now. Retrieved 1 May 2019.
- ^ "Airbiquity to showcase latest version of OTAmatic™ over-the-air software and data management offering at CES 2019". Automotive World. 18 December 2018. Retrieved 1 May 2020.
- ^ "Uptane: Secure Framework for Automotive Software Updates—Reference Implementation and Demonstration code". GitHub. 23 September 2019. Retrieved 29 April 2020.
External links
editFurther reading
edit- Proceedings of 14th Embedded Security in Cars Conference (16-17 November 2016) Kuppusamy,T.K., Brown, A., Awwad, S., McCoy, D., Bielawski,R., Mott, C., Lauzon, S., Weimerskirch, A., and Cappos, J."Uptane: Securing Software Updates for Automobiles".
- ;login: (Summer 2017) Kuppusamy,T.K., DeLong, L.A., and Cappos, J. "Securing Software Updates for Automotives Using Uptane".
- IEEE Vehicular Technology Magazine (March 2018) Kuppusamy,T.K., DeLong, L.A. and Cappos, J. "Uptane: Security and Customizability of Software Updates for Vehicles"
- ESCAR USA 2020 Special Issue (24 August 2020) Moore, M., McDonald, I., Weimerskirch, A., Awwad, S., DeLong, L.A., and Cappos, J.[1]