Implementing Secure Over-the-Air Updates in an Automotive ECU
Over-the-air updates are common in consumer products where the consequences of failure are low, but can they also be used in a high-reliability, safety-critical environment asks Osvaldo Romero, System and Architecture Engineer for Automotive Microcontrollers at NXP Semiconductors. Read More
To avoid bricking a device with a failed OTA update, engineers need to identify potential points of failure and create a system-level architecture to mitigate against them. This architecture’s key components will comprise a telematics unit, which is in communication with the server that will be delivering the update; a gateway, or manager, which handles the local reception and distribution of the update; and a client, which is the device receiving the update.
The automotive industry is an excellent example of a high-reliability application that must adhere to a strict process when implementing OTA updates. There can be no scenario where an ECU could be allowed to brick either during or after an OTA update. Security is critical here. At every stage in the process, security needs to be observed. This typically means using encryption and authentication with keys and certificates stored in a secure, tamper-proof way.
Disclaimer: by clicking on this button, you accept that your data might be communicated to this company. If you do not want us to communicate your data, please update your details on your profileDownload White Paper