Secure Boot Revisited

  • Secure boot, although known for more than 20 years, frequent attacks from hackers shows numerous ways to bypass the security mechanism, including ECUs of the automotive industry. This paper investigates the major causes for security weaknesses of secure boot implementations. Based on penetration test experiences, we start from an attacker perspective to identify and outline common implementation weaknesses. Then, from a Tier-One perspective, we analyze challenges in the research and development process of ECUs between OEMs and suppliers which amplify the probability of such weakness. The paper provides recommendations to increase the understanding of implementing secure boot securely on both sides and derives a set of reference requirements as starting point for secure boot ECU requirements.

Download full text files

Export metadata

Additional Services

Share in Twitter Search Google Scholar
Author:Steffen SanwaldGND, Liron KanetiGND, Marc StöttingerGND, Martin BöhnerGND
Parent Title (English):17\(^{th}\) escar Europe : embedded security in cars (Konferenzveröffentlichung)
Subtitle (German):challenges for secure implementations in the automotive domain
Document Type:Part of a Book
Date of Publication (online):2019/10/30
Date of first Publication:2019/10/30
Publishing Institution:Ruhr-Universität Bochum, Universitätsbibliothek
Automotive Domain; ECU; Penetration Test; Secure Boot; Weaknesses
First Page:113
Last Page:127
Dewey Decimal Classification:Allgemeines, Informatik, Informationswissenschaft / Informatik
open_access (DINI-Set):open_access
Konferenz-/Sammelbände:17th escar Europe : embedded security in cars
Licence (German):License LogoKeine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht