Uptane is the first compromise-resilient software update security system for the automotive industry.
Unlike other software update security systems (e.g., SSL / TLS, or signing updates with a single offline GPG / RSA key), it addresses a comprehensive threat model. It is designed to make it extremely difficult for attackers to be able to install malware on all vehicles maintained by a manufacturer, even if attackers have compromised some keys used to sign updates.
At the same time, Uptane has been designed to be extremely flexible, so as to accommodate a wide variety of deployment scenarios, and allows on-demand customization of updates installed on vehicles.
Uptane is already being adopted by several suppliers. Among the public adopters are Lear Corporation and Advanced Telematic Systems / HERE Technologies. It was designed in collaboration with major vehicle manufacturers and suppliers responsible for 78% of vehicles on U.S. roads, as well as government regulators. It was developed by the New York University Tandon School of Engineering (NYU), the University of Michigan Transportation Research Institute (UMTRI), and the Southwest Research Institute (SWRI).
Open call for security review
We invite all security researchers and academics to perform a security review of Uptane.
We want to hear from you about ways that you could exploit Uptane. For instance, you may find a way that an attacker could replay old images to ECUs because the message signature doesn’t cover the right content. You can help to fix security issues before hackers use them to exploit millions of cars!
Please send your questions, comments, and findings to the mailing list. If necessary, sensitive communications can be sent encrypted to the maintainers listed here.
We are also interested in hearing about security problems in our Reference Implementation. While cars are unlikely to use the reference code directly, reporting any problems users identify in the code can help prevent their duplications in production implementations. Please report such issues using our GitHub issue tracker.
- June 13 2017: ATS is integrating the Uptane security framework for over-the-air software updates to connected vehicles
- October 17 2017: Popular Science selects Uptane as one of the top security innovations of 2017
- Uptane: Securing Software Updates for Automobiles (PDF / Video / Slides). Published in the proceedings of the 14th escar europe (2016).
Technical documents and source code
- Design Overview
- Implementation Specification
- Deployment Considerations
- Reference Implementation and Demonstration Code
Slides from last workshop
Participation and Advisement
- Please send questions or requests to firstname.lastname@example.org
- Private discussion forum for OEMs and suppliers (by invitation only)
- Pull Requests to the repository for the reference implementation and demo code are appreciated.
- Industry insiders have stepped up to serve as advisors for Uptane.
Acknowledgments and disclaimers
Uptane is supported by U.S. Department of Homeland Security grants D15PC00239 and D15PC00302. The views and conclusions contained herein are the authors’ and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the U.S. Department of Homeland Security (DHS) or the U.S. government.