Secure Boot Revisited
- Secure boot, although known for more than 20 years, frequent attacks from hackers shows numerous ways to bypass the security mechanism, including ECUs of the automotive industry. This paper investigates the major causes for security weaknesses of secure boot implementations. Based on penetration test experiences, we start from an attacker perspective to identify and outline common implementation weaknesses. Then, from a Tier-One perspective, we analyze challenges in the research and development process of ECUs between OEMs and suppliers which amplify the probability of such weakness. The paper provides recommendations to increase the understanding of implementing secure boot securely on both sides and derives a set of reference requirements as starting point for secure boot ECU requirements.
| Author: | Steffen SanwaldGND, Liron KanetiGND, Marc StöttingerGND, Martin BöhnerGND |
|---|---|
| URN: | urn:nbn:de:hbz:294-66621 |
| DOI: | https://doi.org/10.13154/294-6662 |
| Parent Title (English): | 17\(^{th}\) escar Europe : embedded security in cars (Konferenzveröffentlichung) |
| Subtitle (German): | challenges for secure implementations in the automotive domain |
| Document Type: | Part of a Book |
| Language: | English |
| Date of Publication (online): | 2019/10/30 |
| Date of first Publication: | 2019/10/30 |
| Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
| Tag: | Requirements Automotive Domain; ECU; Penetration Test; Secure Boot; Weaknesses |
| First Page: | 113 |
| Last Page: | 127 |
| Dewey Decimal Classification: | Allgemeines, Informatik, Informationswissenschaft / Informatik |
| open_access (DINI-Set): | open_access |
| Konferenz-/Sammelbände: | 17th escar Europe : embedded security in cars |
| Licence (German): |  Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht |
