Abstract: Systems and methods for performing vehicle software attestation. One system includes an electronic control unit (ECU) master included in a vehicle and a verifier system. The ECU master receives a digital shadow request generated by the verifier system and generates a digital shadow. The digital shadow is based on a unique, one-way identifier of a program memory space of the ECU master and a unique, one-way identifier of a program memory space of each of a plurality of other ECUs included in the vehicle. The ECU master transmits the digital shadow to the verifier system. The verifier system receives the digital shadow from the ECU master as a first digital shadow, receives a second digital shadow from a digital twin representing software installed in the ECU master and each of the plurality of other ECUs, and determines whether the first digital shadow matches the second digital shadow.

Abstract: Systems and methods for performing vehicle software attestation. One system includes an electronic control unit (ECU) master included in a vehicle and a verifier system. The ECU master receives a digital shadow request generated by the verifier system and generates a digital shadow. The digital shadow is based on a unique, one-way identifier of a program memory space of the ECU master and a unique, one-way identifier of a program memory space of each of a plurality of other ECUs included in the vehicle. The ECU master transmits the digital shadow to the verifier system. The verifier system receives the digital shadow from the ECU master as a first digital shadow, receives a second digital shadow from a digital twin representing software installed in the ECU master and each of the plurality of other ECUs, and determines whether the first digital shadow matches the second digital shadow.

Abstract: Systems and methods for performing vehicle software attestation. One system includes an electronic control unit (ECU) master included in a vehicle and a verifier system. The ECU master receives a digital shadow request generated by the verifier system and generates a digital shadow. The digital shadow is based on a unique, one-way identifier of a program memory space of the ECU master and a unique, one-way identifier of a program memory space of each of a plurality of other ECUs included in the vehicle. The ECU master transmits the digital shadow to the verifier system. The verifier system receives the digital shadow from the ECU master as a first digital shadow, receives a second digital shadow from a digital twin representing software installed in the ECU master and each of the plurality of other ECUs, and determines whether the first digital shadow matches the second digital shadow.

Abstract: Systems, methods, and vehicles for verifying integrity of automotive software. In one implementation, an electronic processor is configured to receive a power-up signal and randomly select one of a plurality of fingerprints. The electronic processor is also configured to retrieve a set of data stored in the memory cells of the selected fingerprint. The electronic processor is further configured to calculate a pre-boot verification value for the selected fingerprint using a one-way cryptographic function with a secret key and the retrieved set of data. The electronic processor is also configured to compare the pre-boot verification value to a reference verification value for the selected fingerprint. The electronic processor is further configured to release a security halt on the software image when the pre-boot verification value matches the reference verification value for the selected fingerprint.

Abstract: Systems, methods, and vehicles for verifying integrity of automotive software. In one implementation, an electronic processor is configured to receive a power-up signal and randomly select one of a plurality of fingerprints. The electronic processor is also configured to retrieve a set of data stored in the memory cells of the selected fingerprint. The electronic processor is further configured to calculate a pre-boot verification value for the selected fingerprint using a one-way cryptographic function with a secret key and the retrieved set of data. The electronic processor is also configured to compare the pre-boot verification value to a reference verification value for the selected fingerprint. The electronic processor is further configured to release a security halt on the software image when the pre-boot verification value matches the reference verification value for the selected fingerprint.

Abstract: Systems and methods for confirming a cryptographic key. The system includes an electronic controller configured to generate an electronic message in response to an installation of a secret key on the electronic controller, the electronic message comprising information about the installation of the secret key, digitally sign the electronic message using a manufacturer private key, encrypt the electronic message, store the electronic message in a memory, access the stored electronic message in response to a request by a user, decrypt the electronic message, confirm a digital signature of the electronic message using a manufacturer public key, generate a confirmation message, and send the confirmation message to a user.

Abstract: Systems and methods for confirming a cryptographic key. The system includes an electronic controller configured to generate an electronic message in response to an installation of a secret key on the electronic controller, the electronic message comprising information about the installation of the secret key, digitally sign the electronic message using a manufacturer private key, encrypt the electronic message, store the electronic message in a memory, access the stored electronic message in response to a request by a user, decrypt the electronic message, confirm a digital signature of the electronic message using a manufacturer public key, generate a confirmation message, and send the confirmation message to a user.

Abstract: Systems and methods for detecting unintended acceleration of a vehicle. One system includes a first sensor that provides information on a brake booster vacuum. The vacuum is provided by the vehicle's engine and the brake booster multiplies a braking force initiated by a driver. A second sensor provides information on the vehicle's speed, and a third sensor provides information on the braking force initiated by the driver. The system also includes a controller configured to receive the information from the first sensor, second sensor, and third sensor and initiate corrective action if the brake booster vacuum is less than a predetermined threshold, the vehicle's speed is greater than a predetermined threshold, and the braking force initiated by the driver is greater than a predetermined threshold.

Abstract: Systems and methods for detecting unintended acceleration of a vehicle. One system includes a first sensor that provides information on a brake booster vacuum. The vacuum is provided by the vehicle's engine and the brake booster multiplies a braking force initiated by a driver. A second sensor provides information on the vehicle's speed, and a third sensor provides information on the braking force initiated by the driver. The system also includes a controller configured to receive the information from the first sensor, second sensor, and third sensor and initiate corrective action if the brake booster vacuum is less than a predetermined threshold, the vehicle's speed is greater than a predetermined threshold, and the braking force initiated by the driver is greater than a predetermined threshold.