Abstract
The escalating advancement in Software-Defined Vehicles (SDVs) necessitates a formidable strategy for firmware updates, where traditional methods often fall short of guaranteeing absolute integrity. Although decentralization has been explored in studies for firmware integrity verification using blockchain technology, it lacks comprehensive validation in the context of automotive over-the-air (OTA) updates. By recognizing the limitations of current practices and the partial validation of decentralized approaches, such as blockchain, in the automotive sector, our study introduces a novel mechanism for firmware over-the-air (FOTA) updates. This mechanism is grounded in the widely adopted message queuing telemetry transport (MQTT) protocol, integral to the Internet of Things (IoT) domain, and leverages Merkle tree-based blockchain verification to fortify the fidelity and efficiency of firmware updates. Our proposed solution not only prioritizes the stability crucial to automotive OTA updates but also ensures that performance is not compromised. This dual focus on reliability and efficiency represents a significant stride forward in the development of secure, scalable SDV firmware update protocols.