LigSecOTA: Lightweight Over-the-Air (OTA) Software Updates With Integrated Security
Summary
This research proposes LigSecOTA, a lightweight system for securely updating automotive software remotely without being hacked. Unlike existing systems that rely on digital certificates (cryptographic credentials identifying devices) based on physical identifiers that can be forged, LigSecOTA creates unique certificates based on timing information instead, and provides integrated security across authentication (verifying identity), confidentiality (keeping data private), integrity (ensuring data isn't tampered with), access control (limiting who can do what), and data freshness (confirming updates are current).
Solution / Mitigation
The source describes LigSecOTA itself as the proposed solution: a one-machine-one-certificate digital identity management system that issues unique digital certificates for each ECU (Electronic Control Unit, the computer in a vehicle) based on bit time information instead of physical identifiers. LigSecOTA ensures integrated security through three processes: authentication, authorization, and package distribution, with authorization dynamically providing keys for package distribution to enhance security.
Classification
Original source: http://ieeexplore.ieee.org/document/11303932
First tracked: May 9, 2026 at 02:01 AM
Classified by LLM (prompt v3) · confidence: 95%