Uptane logo

Description

Uptane is the first compromise-resilient software update security system for automotives.

Unlike other software update security systems (e.g., SSL / TLS, or signing updates with a single offline GPG / RSA key), it addresses a comprehensive threat model. It is designed to make it extremely difficult for attackers to be able to install malware on all vehicles maintained by a manufacturer, even if attackers have compromised some keys used to sign updates.

At the same time, Uptane has been designed to be extremely flexible, so as to accommodate a wide variety of deployment scenarios, and allows on-demand customization of updates installed on vehicles.

Uptane is already being adopted by several tier-1 suppliers. It was designed in collaboration with major vehicle manufacturers and suppliers responsible for 78% of vehicles on U.S. roads, as well as government regulators. It was developed by the New York University Tandon School of Engineering (NYU), the University of Michigan Transportation Research Institute (UMTRI), and the Southwest Research Institute (SWRI).

Open call for security review

We invite all security researchers and academics to perform a security review of Uptane.

We want to hear from you about ways that you could exploit Uptane. For instance, you may find a way that an attacker could replay old images to ECUs because the message signature doesn’t cover the right content. You can help to fix security issues before hackers use them to exploit millions of cars!

Please send us your questions, comments, and findings to the public mailing list.

We are also interested in hearing about security problems in our Reference Implementation. While we do not expect cars to use this code directly, errors in this software may be duplicated by production implementations. Please report these using our GitHub issue tracker.

News

Press

Academic publications

Technical documents and source code

Slides from last workshop

Participation

Acknowledgements and disclaimers

Uptane is supported by U.S. Department of Homeland Security grants D15PC00239 and D15PC00302. The views and conclusions contained herein are the authors’ and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the U.S. Department of Homeland Security (DHS) or the U.S. government.