Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Formal Security Analysis of Vehicle Diagnostic Protocols

Timm Lauser, Christoph Krauß
2023 Proceedings of the 18th International Conference on Availability, Reliability and Security  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (747.5 kB)
https://web.archive.org/web/20231021144224/https://dl.acm.org/doi/pdf/10.1145/3600160.3600184

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2023; you can also visit the original URL. The file type is application/pdf.

Diagnostic protocols for vehicles are important for maintenance, updates, etc. However, if they are not secure, an attacker can use them as an entry point to the vehicle or even directly access critical functionality. In this paper, we discuss the security of the vehicle diagnostics protocols Diagnostics over IP (DoIP) and Unified Diagnostic Services (UDS). For UDS, we provide a formal analysis of the included security protocols SecurityAccess service and the different variants of the new
more » ... tication service introduced in the year 2020. We present two new vulnerabilities, we identified in our analyses, describe how they can be mitigated and formally verify our mitigations. Furthermore, we give recommendations on how to securely implement UDS and how future standards can be improved. CCS CONCEPTS • Security and privacy → Security protocols; Embedded systems security; Formal security models.
doi:10.1145/3600160.3600184 fatcat:5ucaxhlilvdpzgcrb6pnb23ywq
Citation

Timm Lauser, Christoph Krauß. "Formal Security Analysis of Vehicle Diagnostic Protocols." Proceedings of the 18th International Conference on Availability, Reliability and Security (2023)