A practical evaluation of ota-community-edition cybersecurity posture

Abstract

This study conducts a practical experiment to extend previous pentesting work done on the open-source implementation of the Uptane standard. The objective was to observe whether the security posture improved compared to the initial (now obsolete) reference implementation and to explore other potential cases that were maybe overlooked during previous penetration tests.The test results are relevant since the implementation tested throughout the study, ota-community-edition, is the only open-source alternative that researchers can use to test the Over-The-Air Update processes in the context of automotive vehicles.The current study is the first approach to employ Assumed-Breach scenarios in practical tests against the given infrastructure and shows the importance of software security assurance practices in the field of Automotive Vehicles.