Uptane

Uptane is a Linux Foundation / Joint Development Foundation hosted software framework designed to ensure that valid, current software updates are installed in adversarial environments. It establishes a process of checks and balances on these electronic control units (ECUs) that can ensure the authenticity of incoming software updates. Uptane is designed for "compromise-resilience," or to limit the impact of a compromised repository, an insider attack, a leaked signing key, or similar attacks. It can be incorporated into most existing software update technologies, but offers particular support for over-the-air programming or OTA programming strategies originating from The Update Framework.

History
Uptane was developed by a team of engineers at New York University Tandon School of Engineering in Brooklyn, NY, the University of Michigan Transportation Research Institute in Ann Arbor, MI, and the Southwest Research Institute in San Antonio, TX. It was developed as open source software under a grant from the U.S. Department of Homeland Security.

In 2018, the Uptane Alliance, a non-profit organization, was formed under the aegis of IEEE-ISTO to oversee the first formal release of a standard. The first standard volume, entitled IEEE-ISTO 6100.1.0.0 Uptane Standard for Design and Implementation, was released on July 31, 2019. Uptane was recognized in 2017 by Popular Science as one of that year’s top security innovations.

As of 2020, multiple implementations of Uptane are available, both through open source projects such as the Linux Foundation’s Automotive Grade Linux, and through third party commercial suppliers, such as Advanced Telematic Systems (ATS), now part of Here Technologies,  and Airbiquity. There is also a reference implementation meant to aid adopters implementing Uptane.