Security Engineering — ECU Firmware

Embedded Secure Boot
& OTA Update Verifier

A Rust simulation of a vehicle ECU bootloader that cryptographically authenticates firmware before execution — defending against physical, network, and downgrade attacks.

Rust Ed25519 SHA-256 Embedded / ECU OTA Security Anti-Rollback 2 Crates · 1 Workspace
0
Signature bytes
(Ed25519)
0
Hash bits
(SHA-256)
0
Threats
mitigated
0
Integration
test scenarios
02 / 10
Problem Statement

Why does firmware authenticity matter?

Modern vehicles run 100+ ECUs with millions of lines of firmware. A single unsigned update path is a critical attack surface.

🔌

Physical Access

Malicious firmware loaded via OBD-II / USB diagnostic port during servicing or theft.

📡

OTA Tampering

Man-in-the-middle attack corrupts or replaces a genuine firmware image in transit.

Downgrade Attack

Attacker re-flashes an older signed image that contains known, exploitable vulnerabilities.

Live Threat Feed Simulation

ANIMATED
// Press "Start Feed" to simulate incoming attack attempts...
03 / 10
Architecture

Two-component secure boot pipeline

Host-side signer packages firmware; device-side bootloader verifies before any code runs.

🔑
OEM Keys
Ed25519 keygen
🛠️
firmware_signer
Host / CI
📦
Signed Image
.signed.bin
📡
OTA / USB
Delivery
🔒
secure_bootloader
Device / ECU
Boot / Halt
Execute or reject

OTA Packet Transmission & Verification

INTERACTIVE
// Choose a transmission scenario above...
04 / 10
Image Format

Custom binary firmware header

Parsed byte-by-byte. All multi-byte fields are little-endian.

OffsetFieldSizeDescription
0x00MAGIC_WORD4 B0x53 0x42 0x4F 0x54 "SBOT" — fast-fail guard
0x04VERSION4 Buint32 monotonic. Anti-rollback counter.
0x08PAYLOAD_SIZE4 Buint32 byte length of payload.
0x0CSIGNATURE64 BEd25519 signature over SHA-256(payload).
0x4CPAYLOADvarExecutable firmware binary.
MAGIC
VER
SIZE
SIGNATURE (64 bytes)
PAYLOAD — variable length firmware binary

Header Hex Inspector

INTERACTIVE

Set VERSION and hover a field to decode it.

05 / 10
Cryptographic Design

Algorithm choices & performance

Every choice is motivated by embedded constraints: small code size, fast verification, side-channel resistance.

Ed25519 — Signature size64 B
SHA-256 — Digest size32 B
Ed25519 — Verify speed~100k ops/s
RSA-2048 — Verify speed (ref)~10k ops/s
Side-channel resistance100%

Ed25519

EdDSA over Curve25519. Constant-time signing & verification. 64-byte signatures.

SHA-256

Payload hash. Any single-bit flip changes the 32-byte digest entirely.

Rust

Memory-safe header parsing. No buffer overflows by construction.

ed25519-dalek

ZIP-215 point validation. Returns Result, never panics.

SHA-256 Avalanche Effect Visualizer

INTERACTIVE

Edit the payload — even one character change completely rewrites the hash. This is what makes signature forgery impossible.

SHA-256 DIGEST (hex)
BIT CHANGE HEATMAP
06 / 10
Live Simulation

Interactive boot sequence simulation

Step through exactly what the secure_bootloader executes. Choose a scenario to see how each attack is stopped.

Boot Scenario

STEP-BY-STEP

Bootloader Output

IDLE
// Select a scenario on the left to run the simulation...
07 / 10
Security Dashboard

ECU boot metrics & threat analytics

Live simulated telemetry — what an OEM security operations center would monitor across a fleet.

tick: 0

Boot Verification Results

Success 0
Sig Fail 0
Downgrade 0
Bad Magic 0

Verification Events / Tick

Total events: 0 Attack rate: 0%

Threat Category Breakdown

Signature Mismatch0
Downgrade Attempts0
Invalid Magic0
Successful Boots0

Recent Event Log

// Waiting for telemetry...
08 / 10
Threat Model

Three attack vectors — one defence each

Run each attack live and observe the bootloader's response.

🔌

Malicious USB Flash

Custom firmware via OBD-II diagnostic port

BLOCKED
📡

OTA Tampering

MitM corrupts payload in transit

BLOCKED

Version Downgrade

Re-flash older signed image (CVEs)

BLOCKED

Attack Replay

INTERACTIVE

Bootloader Response

// Waiting for attack simulation...
ThreatVectorDetection PointMitigationStatus
Malicious USB Flash Physical port Ed25519 signature check No OEM private key → can't forge signature ✓ BLOCKED
OTA Tampering Network / MitM SHA-256 hash mismatch Any 1-bit change invalidates signature ✓ BLOCKED
Version Downgrade Replay signed image VERSION vs stored counter Monotonic counter rejects older versions ✓ BLOCKED
09 / 10
Quality Assurance

Test runner — all four scenarios

All integration tests run via cargo test --workspace. Click to replay each test in the terminal.

#Test NameScenarioExpectedResult
1 golden_path Valid binary, correct key, version ≥ stored EXIT 0
2 tamper One bit flipped in payload at 0x4C EXIT 1 / FATAL
3 key_mismatch Signed with Key A, verified with Key B EXIT 1 / FATAL
4 downgrade stored_version=2, image VERSION=1 EXIT 1 / FATAL

Test Output

IDLE
// Press "Run All Tests" or click a row...
10 / 10
Summary

Secure. Verifiable. Production-Ready Pattern.

A complete end-to-end automotive secure boot chain — from signing at build time to verification at boot time — with interactive simulations, live telemetry, and full test coverage.

Ed25519
64-byte sigs
constant-time
SHA-256
32-byte digest
avalanche effect
3
threats mitigated
USB · OTA · Rollback
4
integration tests
all scenarios covered
cargo build --workspace cargo test --workspace firmware_signer keygen firmware_signer sign --version N secure_bootloader --image