Skip to content

Abs449/SecureEV-OTA

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SecureEV-OTA: Secure Over-the-Air Update Framework

A production-ready, hybrid ECC-based security framework enhancing the Uptane standard for Electric Vehicles.

Python 3.10+ License: MIT Docker Tests


⚡ Overview

SecureEV-OTA is a next-generation software framework designed to secure Over-the-Air (OTA) updates for Electric Vehicles (EVs). Building upon the industry-standard Uptane framework, it addresses critical security gaps by implementing Hybrid Elliptic Curve Cryptography (ECC), mandatory end-to-end encryption, and post-quantum resistance.

🚀 Quick Start (Docker)

Get the full system running in 2 minutes:

# 1. Start the stack
docker compose up --build -d

# 2. View the Fleet Simulation Dashboard
docker attach ota-simulation

# (To detach without stopping: Press Ctrl+P, then Ctrl+Q)

See DEPLOYMENT.md for detailed cloud/local setup instructions.

This project addresses 6 key weaknesses in the original Uptane reference implementation:

  1. Confidentiality: End-to-End Encryption (ECDH + AES-256-GCM) ensures firmware privacy.
  2. DoS Resilience: Adaptive multi-layer protection against attacks.
  3. Memory Optimization: 50% reduction for constrained ECUs.
  4. Scalability: Batch verification for fleet management.
  5. Quantum Resistance: Hybrid ECDSA + ML-DSA signatures.
  6. Formal Verification: Mathematically proven security properties.

🏗️ Architecture

The system follows a multi-repository architecture separating the Image Repository (firmware storage) from the Director Repository (vehicle targeting).

graph TB
    subgraph Cloud["OEM Cloud Backend"]
        Director["Director Repo<br>(Targeting & Metadata)"]
        Image["Image Repo<br>(Encrypted Firmware)"]
        DoS["DoS Protection Layer"]
    end

    subgraph Vehicle["Electric Vehicle"]
        Primary["Primary ECU<br>(Uptane Client)"]
        Secondary["Secondary ECUs"]
    end

    Director -->|Signed Metadata| DoS
    DoS -->|JSON| Primary
    Image -->|E2E Encrypted Blob| Primary
    Primary -->|Decrypted Firmware| Secondary

    style Cloud fill:#e1f5fe,stroke:#01579b
    style Vehicle fill:#fff3e0,stroke:#e65100
Loading

🚀 Features & Implementation

Component Status Description
Crypto Core ECDSA (P-256), ECDH, AES-256-GCM
Security Layer Token Bucket rate limiting, E2E Encryption
Protocol Uptane Metadata (Root, Targets, Snapshot, Timestamp)
Backend Director (:8000), Image Repo (:8001)
Client PrimaryECU simulation with verify/install logic
Simulation Fleet Manager simulating 50+ concurrent vehicles

💻 Getting Started

Prerequisites

  • Python 3.10+
  • pip
  • Docker (optional, for containerized deployment)

🔧 Local Installation

  1. Clone the repository:

    git clone https://github.com/Abs449/SecureEV-OTA.git
    cd SecureEV-OTA
  2. Install dependencies:

    pip install -r requirements.txt
  3. Start Backend Services:

    # Windows PowerShell
    ./start_servers.ps1

    Or manually:

    uvicorn src.server.director:app --port 8000
    uvicorn src.server.image_repo:app --port 8001
  4. Run Verification:

    python tests/verify_all.py

🐳 Docker Deployment

See the Quick Start section above or DEPLOYMENT.md for full details.

To restart the simulation if it stops:

docker start -i ota-simulation

🎮 Fleet Simulation

The project includes a massive fleet simulation (simulation.py) that demonstrates:

  • 50+ Vehicles connecting simultaneously.
  • Real-time Dashboard (using rich TUI).
  • Full Lifecycle: Registration -> Update Check -> Download -> Decrypt -> Install.
  • Error Handling: Resilient to network issues and backend failures.

Run Simulation Locally:

python simulation.py

📚 API Documentation

Director Repository (http://localhost:8000)

  • GET /: Health check & Public Key.
  • POST /register: Register a new vehicle ECU.
  • GET /manifest/{vehicle_id}: Get signed update instructions.
  • POST /check_updates: Client compatibility endpoint.

Image Repository (http://localhost:8001)

  • GET /: Health check.
  • GET /targets/{filename}: Download E2E encrypted firmware (requires vehicle_pub_key).
  • POST /upload: Upload new firmware images (Admin).

📂 Project Structure

SecureEV-OTA/
├── src/
│   ├── client/          # Vehicle ECU implementation
│   ├── crypto/          # ECC & Cryptographic primitives
│   ├── security/        # E2E Encryption & DoS Protection
│   ├── server/          # Backend FastAPI services
│   ├── simulation/      # Fleet simulation logic
│   └── uptane/          # Uptane metadata management
├── tests/               # Integration & Unit tests
├── Dockerfile           # Container definition
├── docker-compose.yml   # Orchestration
├── requirements.txt     # Python dependencies
├── simulation.py        # Main simulation entry point
└── README.md            # Documentation

📜 License

This project is licensed under the MIT License - see the LICENSE file for details.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages