What is OTA Plus?
OTA Plus: Maximum security and flexibility.
OTA Plus is a highly secure full-stack OTA solution that is dynamically scalable and quick to deploy. It is the first enterprise solution on the market to come reinforced by Uptane, the new OTA security framework being developed and supported by the U.S. Department of Homeland Security. Developed in Germany by the brightest minds in the automotive technology field, OTA Plus is built around a microservice architecture with concise, flexible APIs. For our customers, that means rapid scalability, minimal downtime, and the flexibility to integrate with existing or future-planned IT infrastructure. OTA Plus is based on open standards and an open source core, so ATS partners can flex to meet changing business and technological needs, instead of being hindered by vendor lock-in.
Automotive-grade technology, right from the start.
In 2015, a European OEM contracted ATS to develop the core components the GENIVI platform would use for OTA updating. OTA Plus was born out of that project, adding customization, flexibility, and enterprise-grade security to the open source core. ATS still leads OTA development within GENIVI and, since 2016, also within Automotive Grade Linux (AGL). ATS then began implementing (and contributing to) Uptane, a new security framework for safe OTA updates for safety-critical vehicle components, becoming the first provider of an Uptane-integrated OTA solution. Following this success, ATS also made Uptane available in ATS Garage, allowing early-development and prototype projects access to next-generation security inside a simple SaaS product. Throughout all of this, ATS has been actively engaged with GENIVI, AGL, and the VDA.
Prepared for the future of connected cars.
A complete, feature-rich platform.
OTA Plus is a trusted solution for simultaneous updates of the entire ecosystem of ECUs inside a vehicle, ensuring ECUs are always current, as well as intercompatible. A versatile solution for OEMs, OTA Plus delivers many different kinds of software and other updates, including delta-compressed binaries, full disk image updates, map packs, and firmware install packages with special install instructions. With an accurate, up-to-date database of the installed software across an entire fleet, OTA Plus makes it quick and easy for OEMs to determine their fleet's exposure in the event of a new 0-day vulnerability, allowing a rapid, targeted campaign to deploy a fix.
What is ATS Garage?
ATS Garage: OTA made easy for prototyping and development.
ATS Garage is a complete SaaS OTA solution, providing an open-source in-vehicle client optimized for embedded, complex campaign management, and out-of-the-box Uptane support. This allows R&D divisions and OEM labs to build a secure and flexible foundation at a very early stage in their projects, without having to invest in a big-budget OTA server infrastructure deployment. It’s as simple as registering at www.atsgarage.com, and then following the download and integration prompts. Free for small-scale prototyping and scalable for large fleets, ATS Garage allows OEMs and Tier1s to integrate OTA into their development processes at an early stage without needing to go through a big-budget approval processes. ATS Garage is a great starting point, no matter the project's end goal.
From enterprise to SaaS.
ATS Garage was born of OTA Plus and the drive to make a professional OTA solution conveniently accessible for early development. It is a complete automotive-grade SaaS that start-ups, research labs and OEMs can download and install quickly and easily. Free for the first 20 devices, while testing and developing, the highly secure ATS Garage platform grows and flexes with all project budgets, making its advanced, scalable technology a cost-effective solution to OTA-enable mobility PoCs. As prototype turns into production, ATS Garage users are able to able to seamlessly transfer across to ATS's enterprise solution for large-scale campaigns and manufacturers. OTA Plus is the fully customizable product for bigger fleets, while ATS Garage is the solution to kick-start any Yocto project on its way to being the next big thing.
Fully secure OTA solution for prototyping, small fleets and PoCs.
ATS Garage is a feature-rich OTA SaaS Platform for the automotive industry or for IoT projects and products. The quick-start platform includes essential features like campaign management and reporting, automatic provisioning, device management, impact analysis, full filesystem image updates, and an open source client with Yocto recipes optimized for embedded. Just like ATS’s enterprise solution OTA Plus, ATS Garage offers state-of-the art integrated security with the Uptane framework, with all the features of this next-generation update security framework except for supplier key delegation. When you're in need of that feature, come talk to us about OTA Plus.
Our security approach, for now and the future.
ATS products stand out in a marketplace full of closed-source OTA products, as OTA Plus and other ATS solutions are built according to open standards. Core to the ATS philosophy is driving forward towards an open automotive industry, and security lies at the very heart. This is why ATS partners with standards organizations and automotive associations, to develop solutions that respond to current challenges and future needs in the connected car industry. In close cooperation with automotive alliance GENIVI and Toyota-backed Automotive Grade Linux (AGL), ATS works on turning best practices into industry standards. Underpinning its OTA solutions is the Uptane OTA security framework, a research project funded by the U.S. Department of Homeland Security.
Shortcomings of existing OTA security solutions.
During our time in the industry, we have seen update systems protected by nothing more than transport-layer security, update systems that rely on offline keys and human processes to maintain security, and PKI systems with delegation between a series of online keys to allow for fast, flexible updates. All of these approaches have shortcomings, are either not compromise-resilient, not flexible enough to address imminent update needs, exclude secondary ECUs from secure update mechanisms or do not integrate suppliers into the overall concept. That is why ATS has adopted Uptane in both OTA Plus and ATS Garage. Flexibility and compromise-resilience don't have to be mutually exclusive goals. ATS OTA security is world class, and ready for the future.
Uptane, setting new standards for OTA security.
Funded by the U.S. Department of Homeland Security, Uptane is a joint research initiative between NYU, the Southwest Research Institute, and the University of Michigan, working to develop a common standard for automotive software update security. It was designed in consultation with government regulators, OEMs and suppliers responsible for 78% of vehicles on U.S. roads. Uptane includes researchers from The Update Framework (TUF) and builds on that effort. The aim is to mitigate all common attacks on software updaters, with an absolute premium placed on update package authenticity.
Uptane, mitigating attacks successfully.
To mitigate attacks that compromise ECUs, updates and servers, ATS integrated the Uptane OTA security framework into its products. Automotive fleets remain safe even if the update repositories or delivery servers are completely compromised, and individual vehicles remain safe even if some local ECUs get compromised. Under Uptane, an attacker needs to have simultaneous control of a large number of keys, servers, and actual vehicle hardware to execute a truly damaging attack. Built into that compromise-resilient security framework is an unprecedented level of flexibility and control for OEMs to manage suppliers effectively.
Compromise resilience and flexible updates.
Supplier integration into security framework.
The Uptane security framework allows for granular integration of external software vendors, departments and even individuals into the overall security framework. The OEM decides how much delegating authority to give to suppliers, and how many signatures are required--for example, requiring sign-off from key teams before an update package is trusted as valid, or allowing a particularly trusted vendor to be the final authority on the security of their packages. Via the Director Repository, OEMs retain total control over the actual installation of trusted updates. Apart from the flexibility, this means that with a compromised Director Repository, an attacker can only install trusted updates, and a compromised Image repository or supplier key doesn't enable malicious update installation.
Top security, even for resource-constrained ECUs.
Uptane supports a high level of security for all ECUs – even resource-constrained secondary ECUs. The primary and all safety-critical ECUs must complete a full verification to check the information of both the Director and Image Repository. ECUs that are not safety-critical, and which have hardware constraints preventing them from performing full verification, may instead only perform partial verification, checking only the metadata from the Director Repository. The result is a system that is as robust as possible, while still flexing to meet needs of different ECUs and OEMs.