Secure Firmware over the Air Updates for Vehicles using Blockchain, Signcryption, and Proxy Re-encryption

Rachana Y. Patil; Yogesh H. Patil; Deepali Naik; Rupali Gangarde; Aparna Joshi; Aparna Bannore

doi:10.54392/irjmt25327

Authors

Rachana Y. Patil Department of Computer Engineering, Pimpri Chinchwad College of Engineering, Pune, Maharashtra, India. Author https://orcid.org/0000-0001-9973-6998
Yogesh H. Patil D. Y. Patil College of Engineering, Akurdi, Pune, Maharashtra, India. Author
Deepali Naik Department of Computer Engineering, Pimpri Chinchwad College of Engineering, Pune, Maharashtra, India. Author
Rupali Gangarde Symbiosis Institute of Technology, Pune, Symbiosis International (Deemed) University, Pune, India. Author
Aparna Joshi Department of Computer Engineering, Pimpri Chinchwad College of Engineering, Pune, Maharashtra, India. Author
Aparna Bannore SIES Graduate School of Technology, Nerul, Navi Mumbai, India. Author

DOI:

https://doi.org/10.54392/irjmt25327

Keywords:

Firmware Over-The-Air Updates, Signcryption, Blockchain, Re-Encryption, AVISPA

Abstract

Modern electric cars with upgraded passenger vehicles experience security risks from wireless firmware updates that allow attackers to threaten the safety of drivers and their passengers. This research develops a distinctive technique that unites blockchain technology with signcryption and proxy re-encryption to ensure vehicle-manufacturer communication and resolve this problem. Through IPFS (Inter Planetary File System) firmware updates can be safely distributed to permissioned vehicles. The proposed method implements identity-based cryptography as a fusion of signcryption with proxy re-encryption to enhance air-based firmware update security. The security evaluation of this method provides evidence about how well the cryptographic update operations function within the firmware procedure. The study performs a simulation investigation with AVISPA through the implementation of OFMC and Cl-AtSe models. The simulation study results demonstrate that the proposed security techniques prove their resistance to both man in the middle and replay attacks. The study investigates vehicle firmware update security weaknesses to develop a framework which protects firmware update integrity and confidentiality.

References

P. Dakić, I. Stupavský, V. Todorović, The effects of global market changes on automotive manufacturing and embedded software. Sustainability, 16(12), (2024) 4926. https://doi.org/10.3390/su16124926

F. Vapiwala, D. Pandita, H. Choudhury, (2023) Strategies for digital innovation in talent management of Automotive Industry 4.0. 2023 8th International Conference on Business and Industrial Research (ICBIR), 200-205, IEEE, Thailand. https://doi.org/10.1109/ICBIR57571.2023.10147499

V. Agarwal, A. Z. Hameed, S. Malhotra, K. Mathiyazhagan, S. Alathur, A. Appolloni, Role of Industry 4.0 in agile manufacturing to achieve sustainable development. Business Strategy and the Environment, 32(6), (2023) 3671-3688. https://doi.org/10.1002/bse.3321

S. Wasnik, R. Venkatesh, (2022) Understanding usage of IoT applications and its impact on consumer decision-making in Indian automobile industry. 2022 International Conference on Decision Aid Sciences and Applications (DASA), IEEE, Thailand. https://doi.org/10.1109/DASA54658.2022.9765216

A.N. Brooks, (2002) Vehicle-to-grid demonstration project: Grid regulation ancillary service with a battery electric vehicle.

S. Jafarnejad, L. Codeca, W. Bronzi, R. Frank, T. Engel, (2015) A car hacking experiment: When connectivity meets vulnerability. 2015 IEEE Globecom Workshops (GC Wkshps). IEEE, USA. https://doi.org/10.1109/GLOCOMW.2015.7413993

J. Eriksson, H. Balakrishnan, S. Madden, Cabernet: Vehicular content delivery using WiFi. Proceedings of the 14th ACM International Conference on Mobile Computing and Networking, (2008) 199-210. https://doi.org/10.1145/1409944.1409968

G. Shi, Z. Ke, F. Yan, J. Hu, W. Yin, Y. Jin, (2015) A vehicle electric control unit over-the-air reprogramming system. 2015 International Conference on Connected Vehicles and Expo (ICCVE), IEEE, China. https://doi.org/10.1109/ICCVE.2015.21

S. Acharya, Y. Dvorkin, H. Pandžić, R. Karri, Cybersecurity of smart electric vehicle charging: A power grid perspective. IEEE Access, 8, (2020) 214434-214453. https://doi.org/10.1109/ACCESS.2020.3041074

G. Kim, I.Y. Jung, Integrity assurance of OTA software update in smart vehicles. International Journal on Smart Sensing and Intelligent Systems, 12(1), (2019) 1-8. https://doi.org/10.21307/ijssis-2019-011

L.B. Othmane, H. Weffers, M.M. Mohamad, M. Wolf, A survey of security and privacy in connected vehicles. Wireless Sensor and Mobile Ad-Hoc Networks: Vehicular and Space Applications, (2015) 217-247. https://doi.org/10.1007/978-1-4939-2468-4_10

T. Mirfakhraie, G. Vitor, K. Grogan, (2018) Applicable protocol for updating firmware of automotive HVAC electronic control units (ECUs) over the air. 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), IEEE, Canada. https://doi.org/10.1109/Cybermatics_2018.2018.00038

B.A. Mohammed, M.A. Al-Shareeda, S. Manickam, Z.G. Al-Mekhlafi, A. Alreshidi, M. Alazmi, J. S. Alshudukhi, M. Alsaffar, FC-PA: Fog computing-based pseudonym authentication scheme in 5G-enabled vehicular networks. IEEE Access, 11, (2023) 18571-18581. https://doi.org/10.1109/ACCESS.2023.3247222

Z.G. Al-Mekhlafi, M.A. Al-Shareeda, S. Manickam, B.A. Mohammed, A. Qtaish, Lattice-based lightweight quantum-resistant scheme in 5G-enabled vehicular networks. Mathematics, 11(2), (2023) 399. https://doi.org/10.3390/math11020399

A.S. Thangarajan, M. Ammar, B. Crispo, D. Hughes, (2019) Towards bridging the gap between modern and legacy automotive ECUs: A software-based security framework for legacy ECUs. 2019 IEEE 2nd Connected and Automated Vehicles Symposium (CAVS), IEEE, USA. https://doi.org/10.1109/CAVS.2019.8887788

J. Deng, L. Yu, Y. Fu, O. Hambolu, R.R. Brooks, Security and data privacy of modern automobiles. Data Analytics for Intelligent Transportation Systems, (2017) 131-163. https://doi.org/10.1016/B978-0-12-809715-1.00006-7

T. Karthik, A. Brown, S. Awwad, D. McCoy, R. Bielawski, C. Mott, S. Lauzon, A. Weimerskirch, J. Cappos, Uptane: Securing software updates for automobiles. International Conference on Embedded Security in Car, (2016) 1-11.

M. Baza, M. Nabil, N. Lasla, K. Fidan, M. Mahmoud, M. Abdallah, (2019) Blockchain-based firmware update scheme tailored for autonomous vehicles. IEEE Wireless Communications and Networking Conference (WCNC), IEEE, Morocco. https://doi.org/10.1109/WCNC.2019.8885769

D.K. Nilsson, U.E. Larson, (2008) Secure firmware updates over the air in intelligent vehicles. ICC Workshops - 2008 IEEE International Conference on Communications Workshops, IEEE, China. https://doi.org/10.1109/ICCW.2008.78

Z.G. Al-Mekhlafi, M.A. Al-Shareeda, S. Manickam, B.A. Mohammed, A. Alreshidi, M. Alazmi, J. S. Alshudukhi, M. Alsaffar, A. Alsewari, Chebyshev polynomial-based fog computing scheme supporting pseudonym revocation for 5G-enabled vehicular networks. Electronics, 12(4), (2023) 872. https://doi.org/10.3390/electronics12040872

M.A. Al-Shareeda, S. Manickam, COVID-19 vehicle based on an efficient mutual authentication scheme for 5G-enabled vehicular fog computing. International Journal of Environmental Research and Public Health, 19(23), (2022) 15618. https://doi.org/10.3390/ijerph192315618

B.A. Mohammed, M.A. Al-Shareeda, S. Manickam, Z.G. Al-Mekhlafi, A.M. Alayba, A.A. Sallam, Anaa-Fog: A novel anonymous authentication scheme for 5G-enabled vehicular fog computing. Mathematics, 11(6), (2023) 1446. https://doi.org/10.3390/math11061446

M. Steger, A. Dorri, S. S. Kanhere, K. Römer, R. Jurdak, M. Karner, Secure wireless automotive software updates using blockchains: A proof of concept. Advanced Microsystems for Automotive Applications 2017: Smart Systems Transforming the Automobile, Springer International Publishing, (2018) 137-149. https://doi.org/10.1007/978-3-319-66972-4_12

D.K. Nilsson, L. Sun, T. Nakajima, (2008) A framework for self-verification of firmware updates over the air in vehicle ECUs. IEEE Globecom Workshops, IEEE, USA. https://doi.org/10.1109/GLOCOMW.2008.ECP.56

A.A. Almazroi, M. A. Alqarni, M.A. Al-Shareeda, M.H. Alkinani, A.A. Almazroey, T. Gaber, FCA-VBN: Fog computing-based authentication scheme for 5G-assisted vehicular blockchain network. Internet of Things, 25, (2024)101096. https://doi.org/10.1016/j.iot.2024.101096

A.A. Almazroi, E.A. Aldhahri, M.A. Al-Shareeda, S. Manickam, ECA-VFog: An efficient certificateless authentication scheme for 5G-assisted vehicular fog computing. PLoS One, 18(6), (2023) e0287291. https://doi.org/10.1371/journal.pone.0287291

V. Kirtane, C.P. Rangan, RSA-TBOS signcryption with proxy re-encryption. Proceedings of the 8th ACM Workshop on Digital Rights Management, (2008) 59-66. https://doi.org/10.1145/1456520.1456531

E. Ahene, J. Walker, R.M.O.M. Gyening, G. Abdul-Salaam, J.B. Hayfron-Acquah, Heterogeneous signcryption with proxy re-encryption and its application in EHR systems. Telecommunication Systems, 80(1), (2022) 59-75. https://doi.org/10.1007/s11235-022-00886-2

B.S. Rawal, G. Manogaran, M. Hamdi, Multi-tier stack of blockchain with proxy re-encryption method scheme on the Internet of Things platform. ACM Transactions on Internet Technology (TOIT), 22(2), (2021) 1-20. https://doi.org/10.1145/3421508

S. Hussain, I. Ullah, H. Khattak, M. Adnan, S. Kumari, S.S. Ullah, M.A. Khan, S.J. Khattak, A lightweight and formally secure certificate-based signcryption with proxy re-encryption (CBSRE) for Internet of Things enabled smart grid. IEEE Access, 8, (2020) 93230-93248. https://doi.org/10.1109/ACCESS.2020.2994988

A. Manzoor, M. Liyanage, A. Braeke, S.S. Kanhere, M. Ylianttila, (2019) Blockchain-based proxy re-encryption scheme for secure IoT data sharing. 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), IEEE, Korea (South). https://doi.org/10.1109/BLOC.2019.8751336

P.R. Yogesh, R. Devane Satish, Formal verification of secure evidence collection protocol using BAN logic and AVISPA. Procedia Computer Science, 167, (2020) 1334-1344. https://doi.org/10.1016/j.procs.2020.03.449

R.Y. Patil, S.R. Devane, Network forensic investigation protocol to identify true origin of cyber crime. Journal of King Saud University-Computer and Information Sciences, 34(5), (2022) 2031-2044. https://doi.org/10.1016/j.jksuci.2019.11.016

P.R. Yogesh, Backtracking tool root-tracker to identify true source of cyber crime. Procedia Computer Science, 171, (2020) 1120-1128. https://doi.org/10.1016/j.procs.2020.04.120

Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuéllar, P. H. Drielsma, P. C. Héam, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, L. Vigneron, The AVISPA tool for the automated validation of internet security protocols and applications. Computer Aided Verification 17th International Conference, CAV 2005, 17, (2005) 281-285. https://doi.org/10.1007/11513988_27

Y. Belfaik, Y. Lotfi, Y. Sadqi, S. Safi, A comparative study of protocols’ security verification tools: AVISPA, Scyther, ProVerif, and Tamarin. International Conference on Digital Technologies and Applications, (2024) 118-128. https://doi.org/10.1007/978-3-031-68653-5_12

S. Chandrasekar, K. Ambika, C. P. Rangan, Signcryption with proxy re-encryption. IACR Cryptol. ePrint Archive, (2008) 276.

F. Li, B. Liu, J. Hong, An efficient signcryption for data access control in cloud computing. Computing. Computing, 99(5), (2017) 465. https://doi.org/10.1007/s00607-017-0548-7

A. Obiri, A.A. Addobea, E. Affum, J. Ankamah, A.K. Kwansah Ansah, A certificateless signcryption with proxy-encryption for securing agricultural data in the cloud. Journal of Computer Security, 32(2), (2024) 77-115. https://doi.org/10.3233/JCS-220107

P.N. Bathula, M. Sreenivasulu, A blockchain enabled proxy re-encryption framework for secure and low latency data sharing in fog based IoT networks. Journal of Information Systems Engineering and Management, 10(13s), (2025). https://doi.org/10.52783/jisem.v10i13s.2059