You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
It highlights that an adversary can block an ECU's access to the current time by dropping the message containing the latest time, either between the external source of time and the Primary ECU. or between the Primary and Secondary ECUs.
There is also no indication to abort the update process if the latest time attestation is absent or invalid. This could be interpreted as that the verification process can continue without the ECU updating its clock, so the most recent securely attested time would be the same as the previous update cycle, keeping the door open for a freeze attack.
The text was updated successfully, but these errors were encountered:
This vulnerability was highlighted in the University of Iowa report on Uptane's vulnerabilities.
Description
It highlights that an adversary can block an ECU's access to the current time by dropping the message containing the latest time, either between the external source of time and the Primary ECU. or between the Primary and Secondary ECUs.
There is also no indication to abort the update process if the latest time attestation is absent or invalid. This could be interpreted as that the verification process can continue without the ECU updating its clock, so the most recent securely attested time would be the same as the previous update cycle, keeping the door open for a freeze attack.
The text was updated successfully, but these errors were encountered: