An increasing number of vehicular electronic control units (ECU) are equipped with reprogrammable flash memory. The software program in the flash memory determines the behavior of the ECU. The program code usually can be updated via a bootloader, e.g., for a firmware update, a bug fix, or an update enabling additional functionality. The download might be performed over a diagnostic channel or in the future increasingly through wireless channels, e.g. Bluetooth or GSM connection. Once such communication channels are opened to the outside world for downloading software, the authenticity of the software must be ensured. An example of a malicious software download is the replacement of firmware by an unauthorized party, e.g., as is done on a large scale through chip tuning in vehicles. In order to control software updates, digital signatures play a central role. Here, a digital signature is generated in a secure back end, e.g. by the automobile manufacturer, and then attached to the new firmware as a cryptographic checksum. The ECU is now able to verify the authenticity of the new firmware by checking the authenticity of the signature. Only if the verification is successful is the new firmware actually run by the device. A proper signature verification algorithm is RSA with a short exponent that can be executed in a few milliseconds on an ARM-class CPU if implemented carefully. Provision of a digital signature algorithm itself is often not the main problem, but its integration into the ECU and adapting the organizational processes are. Certainly a secure software download is only useful if there are neither hidden access points to the firmware (e.g., an enabled debug interface) nor a flawed implementation that allows illegal access. Hence a very careful design and implementation phase has to be performed in addition to the secure software download to make sure that only the defined access path is given. INTRODUCTION Today's vehicles have several dozen electronic control units (ECUs) that control almost everything, such as air conditioning, electric windows, the engine, and the brake system. Several of these ECUs allow downloading of updated program and data code via a boot loader. Such software might be a control unit firmware update for fixing bugs, for improving features, or for downloading data such as additional multimedia files. The first case is also called a software download or simply flashing (since flash memory is updated). The download might be performed over a diagnostic channel or another available communication channel such as Bluetooth and GSM. Once such vehicle communication channels are opened to the outside world for downloading software, their integrity must be ensured. An example of a malicious software download is the replacement of firmware by an unauthorized party, e.g., as done for chip tuning. The main security objective is as follows: 1. Only original software must be accepted by the vehicle: No manipulated or malicious software may be downloaded to the ECU. In particular, software must not be successfully downloaded to the ECU that alters the defined behavior of the vehicle. 2. Only authenticated parties may alter data, e.g., parameters, stored in the ECU. Furthermore, the following is desired for an actual security design: The compromise of a single control unit does not affect the entire system, i.e., a successful attack does not scale. The required computational performance on the control unit side shall be minimal.