Key management system secures car software updates

February 27, 2014 // By Christoph Hammerschmidt
Carmakers are increasingly seeking for ways how they can update the software of vehicles after they have been delivered to the customer. Security expert company Escrypt, a subsidiary of tool vendor ETAS, itself spin-off of Robert Bosch GmbH, has developed a key management system that secures software updates for automotive control units.

The system administers the cryptographic keys and access rights centrally. Authorized software developers have to identify themselves with a smart card before they get the permission to release a new version of an ECU software module. The process of releasing the software version is secured through multiple cryptographic signatures, the company says.

Once deployed in an authorised workshop or garage, the ECU in question verifies if the software update is indeed generated by the correct provider by applying the signature to the software. By the same token, the ECU verifies that the software has not been altered in any way. This procedure rules out any manipulation of the software installed in the car, believes Escrypt general manager Thomas Wollinger. Since all keys and access rights are stored cenrally, the customer - typically an automotive OEM or tier one - can change or recall the developer's authorisation across the internet. An optional offline version enables using the system in cases when no internet access is available, enabling ad-hoc test drives.

The key management solution can be operated by the customer or, if desired, as a managed service, by Escrypt. While it has been developed for automotive customers in the first place - and is used in this industry by at least one major OEM - it can also be adapted to many other user environments. Escrypt believes that in particular applications in the 'Internet of Things' can benefit from the key management solution.

Related articles:

"Future automotive applications need incredibly more computing power"

Auto hack: What the industry says

Escrypt takeover bolsters ETAS' standing in safety and security applications

Data encryption for embedded vehicle systems