ITS (UK) member HERE Technologies has joined the Uptane Alliance, further strengthening its commitment to ensuring the highest standards of automotive and IoT security.
The Uptane Alliance is a non-profit consortium of automotive companies, security researchers from academia, and government agencies working to standardise Uptane open-source software for the security of over-the-air software updates for vehicles and other edge devices and infrastructure.
“The automotive industry has realised that OTA updates are necessary for safety, security, and to reduce costs,” said Justin Cappos, member of the Board of Directors of Uptane Alliance and professor at New York University’s Tandon School of Engineering. “Unfortunately, if not appropriately secured, software update systems are an attack vector that attackers can exploit. The Uptane Alliance brings together academic expertise about securing update systems and automotive industry domain knowledge to create a standard that will keep cars and other connected edge devices safe. Engineers from HERE Technologies’ OTA team have been working with the Uptane Alliance for a number of years, and we’re happy to welcome them as an official member.”
HERE provides its Uptane-based OTA software management technology, HERE OTA Connect, to OEMs to enable the highly-secure remote exchange of software and data between cloud and cars. HERE OTA Connect is part of the HERE Open Location Platform and is designed to also support other organisations, such as those managing industrial machinery or smart home IoT, to thwart attacks by malicious actors.
“The systems enabling software and data updates for cars, IoT and robotics need to be much more secure than they are today,” said Jon Oster, Lead Architect at HERE Technologies. “In the auto industry, for example, national lawmakers and global organisations like the UN are obliging carmakers to maintain the highest levels of security and ensure that their vehicles are always running the best code. And it’s not just software: to move safely and efficiently, increasingly automated cars need frequently updated firmware, configuration files and map data. Uptane-based security approaches are a key part of the required data infrastructure and we look forward to continuing to support and further the goals of the Uptane Alliance.”
HERE introduced HERE OTA Connect in 2018 following its acquisition of Advanced Telematic Systems (ATS), a Berlin-based software company specialising in connected car software. HERE OTA Connect is used by OEMs to update vehicles in the field and to maintain on-demand mobility cars. Uptane is integrated in all deployments of OTA Connect, whether on-premise or SaaS-based.
How Uptane works
Uptane is the first open software update security system for the automotive industry capable of resisting even attacks by nation-state level actors. It is designed in such a manner that the security of software updates does not degrade all at once, but follows a hierarchy in which different levels of access to vehicles or the automaker’s infrastructure must be gained. By building these levels into the security system, even if an attacker compromises servers, bribes operators, or gains access to vehicular networks, he or she is prevented from causing many types of harm to the vehicle.
The Uptane Alliance, a non-profit under IEEE Industry Standards and Technology Organization (IEEE/ISTO), was formed to lead the future direction of Uptane research, development and deployment, and its members include Toyota. Uptane is the only security framework discussed at a UNECE level.