Driving Forward. How a Big Idea Begins its Journey Towards Marketplace Acceptance
2017-04-04 · Posted by: Lois Anne DeLong · Categories: Uptane · CommentsSo, you’ve come up with a really cool idea, discussed it with some knowledgeable people in order to frame that idea for a specific market, and written a program that is now attracting attention both within the designated industry and among the public at large. You’ve demonstrated and discussed the project with a broader representation from the target audience and used their feedback to make sure your proposed solution will work within the unique parameters of that industry. Finally, you have thoroughly documented the design of the project, along with detailed guidance for implementation and deployment. And, you’ve managed to do all of this in just about a year’s time.
The above offers a rough description of the evolution of a project called Uptane, a secure system that borrows state of the art technology from software repositories and applies it to reducing the risk of updating software on automobiles. In January of this year, a research team from the Secure Systems Laboratory, along with their colleagues from the University of Michigan Transportation Research Institute (UMTRI) and the Southwest Research Institute, announced the arrival of Uptane, and it did not go unnoticed. The open source software project gained a fair amount of media attention since its launch, including placements in such high-profile outlets as Forbes, Christian Science Monitor, Reuters, and National Public Radio .
Now, three months after all the hoopla, the Uptane research team is focused on moving the technology from a cool idea on paper to a strategy that can be widely accepted in an industry that can be cautious about change. This hesitation is completely understandable. A car is an expensive proposition, and the cost does not stop at the cost of manufacture, nor at the consumer price tag. Because cars and trucks are used by millions of people in almost every corner of the world on a daily basis, the industry is very aware of the lives that could be lost if a malicious program was to negatively alter the operation of one or more of its moving parts.
So, what will it take to take Uptane into the mainstream? We had a conversation with a few members of the research team, and based on their comments, here are few anticipated next steps to move the project forward. We’re posting this blog now in recognition that the status of this project has changed, in SSL’s view, from one that is “sprouting” to one that has had some adoption.
Step 1: Open the code to the community The day Uptane was formally introduced in New York City, its developers also issued a challenge to the security community: take our code and do your best to break it. While this might seem the exact opposite of what you would anticipate at a product launch, it does reflect a commitment to transparency that has been a hallmark of Uptane from the start.
“There are no secrets here,” observes Trishank Karthik Kuppusamy, a Ph.D. candidate and the SSL team member who lead the specification for Uptane. “That has been the plan from day one,” he asserts, adding that every stage of the program’s development has been open to the scrutiny of workshop participants, or the industry representatives who participated in an online discussion forum. Releasing the code for further examination through its web site, and encouraging any and all interested parties to put it to the test, was merely the next logical step.
Beyond just continuing the pattern of transparency, Kuppusamy also sees three distinct benefits to be reaped from this call to white hat hackers. “First,” he says, “it assures the auto industry that, in developing our design, we are not favoring one particular manufacturer or supplier. Second, we believe that all scientific knowledge is actually improved by criticism. And, lastly, by offering our code now, it gives the community a chance to break the design, rather than just one implementation of that design. This allows for feedback on a much deeper level, and can help us identify flaws at the design level.”
While there have been some questions and suggestions to date, no serious design flaws have been found. Submissions are still being welcomed by members of the white hat hacking community.
Step 2: Promote use of Uptane’s inherent flexibility as a path to adoption Uptane was designed to meet the unique needs of the auto industry, one of which is being able customize vehicle designs to meet specific end uses. How manufacturers and suppliers work with that flexibility, and whether the current design resources provided by the Uptane team will be sufficient for the demands of customization, will probably be major influences on how the project proceeds.
So far, two suppliers for the auto industry have adopted and adapted Uptane technology for use in commercial applications. One of these suppliers, Kuppusamy observes, “came to us through the forum,” and, “without a lot of direct communication with us” was able to integrate Uptane into its own technology. “I would say this shows we are at the point where people can build their own version of Uptane,” he asserts.
Though “build your own Uptane” is a legitimate way to grow support for the technology, Dr. Andre Weimerskirch, vice president in charge of cyber security for e-systems at Lear Corporation, thinks acceptance of the technology lies in the hands of the major manufacturers. Moving forward, he observes, will require “having at least one car maker behind us…one major manufacturer to say ‘yes.’” Dr. Weimerskirch is in a unique position to make such a judgement, since he served as Uptane’s principal investigator at UMTRI during the early days of the project and now participates from the industrial side. As such, he also points to another key step to acceptance, creating “a mindset of everyone using a well understood and superior security framework” to software update security on vehicles.
Step 3: Position the technology towards standardization This idea of a shared mindset could ultimately lead to standardization, and Dr. Weimerskirch acknowledges that the Uptane team would ultimately like to see this occur. However, he cautions that approaching a standards organization, such as SAE, IEEE, or ISO, should not be done prematurely. First, he suggests, the research group needs to understand the proper scope, community, and objective to approach the right organization. Second, he believes that what is presented to the organization must be stable and unlikely to change. “Right now, he notes, Uptane is working on such a specification and, once it is at a stable stage, so we are basically handing them a finished product,” then the time will be right. But, even then, he notes that, “it would be good to include someone who has a history of specifying standards, and is known for being reliable and reasonable.”
Ultimately, Uptane will continue to move forward because the need for such a secure software update system will only grow. “We are in a race to see if we can secure the software update process for cars before hackers break in,” says Justin Cappos, principal investigator for Uptane at NYU’s Tandon School of Engineering. “We’re not resting on our laurels with this project, because we can’t.”