NYU Tandon Joins Top Open-Source Initiative for Automotive Software and Cybersecurity


Automotive devices such as the ones above can be hijacked by hackers. Uptane, an open-source software developed by researchers at NYU Tandon, is part of the over-the-air cybersecurity toolkit for a growing number of automakers and suppliers.

BROOKLYN, New York, Thursday, August 16, 2018 – Automobiles, like laptops, can be hacked by malefactors seeking to remotely steal information, damage or hijack a vehicle, or even injure or kill its occupants. One means of incursion is to target over-the-air (OTA) software upgrades for on-board telematics systems or the electronic control units (ECU) for brakes, the engine, airbags and more. The risk of such attacks will only increase, as analysts predict that by 2022, 203 million OTA-enabled cars will roll into dealerships.

Open-source systems, which improve through open security reviews, are an increasingly popular approach to securing OTA updates via Wi-Fi or cellular connections that eliminate the need for drivers to return to dealerships for upgrades.

One such framework, Uptane, developed by researchers at the NYU Tandon School of Engineering, is part of the OTA cybersecurity toolkit for a growing number of automakers and suppliers. Because of this, as well as the increasing collaboration with Automotive Grade Linux (AGL), NYU Tandon has joined The Linux Foundation and Automotive Grade Linux (AGL) as an Associate Member. 

The AGL project has over 120 members and is on track to be the leading shared software platform across the industry for in-vehicle applications including infotainment, instrument cluster, heads-up-display (HUD), telematics, autonomous driving, safety, and advanced driver assistance.

Developed by Justin Cappos, professor of computer science and engineering at NYU Tandon, along with industry, academic and government collaborators, Uptane is helping to secure the OTA software updates for vehicles manufactured by one of the three major U.S. automakers, and is available to many others, including AGL members.

Based upon Cappos’ widely-used TUF (The Update Framework), and developed with funding by the U.S. Department of Homeland Security, Uptane can prevent attacks during software updates by storing the correct encryption keys with the automaker, offline. It allows automakers and suppliers not only to secure major software updates to automotive infotainment and telematics units, it also makes possible remote, inexpensive updates to the “edge” — the dozens of in-vehicle ECUs controlling numerous functions in today’s vehicles. It also supports deployment of secure fixes for vulnerabilities exploited in an attack and allows automakers to completely control critical software and share that control when appropriate. 

“Uptane helps Linux secure updates at places where Linux can’t run, since many ECUs, such as brake controllers, have tiny Flash memories. While we are essentially an encryption algorithm independent of Linux, we are part of Linux’ high-end expansion out to smaller devices,” said Cappos. 

The platform’s code is posted on Github for anyone to see, test, or use. When the NYU Tandon team unveiled Uptane last year, they did so with a challenge to security experts everywhere to try to find vulnerabilities before its adoption by the automotive industry. According to Cappos, the effort led to clarifications with Uptane’s reference implementation. 

“We are a good example of the tools Linux is encouraging,” said Cappos. “Since we are collaborating closely with AGL, it makes sense for NYU Tandon to be a member of the Linux Foundation. We think it’s the right way to move forward and we are proud to be working with AGL and Linux Foundation.” 

NYU Tandon’s membership in AGL gives students opportunities for a full range of technical training classes, including basic and embedded Linux, device drivers and kernel internals, and Linux system and network administration; as well as hot topics like Kubernetes and blockchain. 

Dan Cauchy, Executive Director of Automotive Grade Linux, The Linux Foundation, said “We are excited to welcome NYU Tandon School of Engineering to The Linux Foundation and Automotive Grade Linux. We are thankful for the opportunity to collaborate with the Uptane community and look forward to further leveraging the capabilities of the platform to improve the security of connected vehicles.”

 “The NYU Tandon School of Engineering is proud to join the Automotive Grade Linux community, whose members share the deeply held belief of our Uptane researchers that the free and open exchange of knowledge will strengthen our transportation system and protect all drivers and their passengers,” said NYU Tandon Dean Katipalli Streenivasan. “Our school and the University-wide Center for Cybersecurity look forward to productive collaborations that will benefit our mobile society.”

Images available at http://dam.engineering.nyu.edu/?c=1991&k=57087062c0

About the New York University Tandon School of Engineering

The NYU Tandon School of Engineering dates to 1854, the founding date for both the New York University School of Civil Engineering and Architecture and the Brooklyn Collegiate and Polytechnic Institute (widely known as Brooklyn Poly). A January 2014 merger created a comprehensive school of education and research in engineering and applied sciences, rooted in a tradition of invention and entrepreneurship and dedicated to furthering technology in service to society. In addition to its main location in Brooklyn, NYU Tandon collaborates with other schools within NYU, one of the country’s foremost private research universities, and is closely connected to engineering programs at NYU Abu Dhabi and NYU Shanghai. It operates Future Labs focused on start-up businesses in downtown Manhattan and Brooklyn and an award-winning online graduate program. For more information, visit engineering.nyu.edu.