The background description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent it is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure.
Vehicles include various vehicle control modules, such as an engine control module, a transmission control module, a climate control module, an infotainment control module, a body control module, etc. The vehicle control modules execute software and/or firmware files in order to perform respective functions.
The automobile industry is continually adding features with increased conveniences to vehicles and thus vehicle control modules. Mobile devices are connected to vehicle systems to transfer various types of audio and video data, as well as vehicle diagnostic and status data. Features within the vehicle may be controlled remotely via the mobile devices. As a result, there is an increased threat for the download of malicious software into the vehicle control modules. As vehicles become more digitally connected to external computing devices, exposure to an attack is increased. Examples of types of attacks may include attacks that infiltrate vehicle electronic and/or software systems, reprogram vehicle control modules, include unauthorized exfiltration of vehicle data, and/or involve unauthorized vehicle tracking.
Authentication of a file may be performed to validate a source and/or content of the file prior to execution. Authentication is performed to prevent download and/or execution of a malicious file and/or to prevent malicious and/or unauthorized alteration of a file. Consequences of executing an invalidated file can include unintended vehicle system behavior, decreased life of vehicle components, loss of vehicle anti-theft features, potential tampering with vehicle components, alteration of vehicle files, and/or loss of vehicle features and/or functions. Execution of an invalidated file can also result in a vehicle warranty being voided.
One secure technique for preventing execution of invalidated files is referred to as asymmetric key cryptography. Asymmetric key cryptography includes using digital signatures to authenticate files, which are to be programmed into a control module. A pair of keys including a private key and a public key is used to encrypt and decrypt a digital signature. The private key is available only to a source of the file to be transferred. The source of a file may encrypt the digital signature using the private key. The encrypted digital signature may be transferred from the source to a control module. The control module may then decrypt the encrypted digital signature using the public key. The control module may verify the signature and based on this verification, for example, download, store, and/or execute the file.