{"title":"车辆诊断协议的正式安全性分析","authors":"Timm Lauser, C. Krauß","doi":"10.1145/3600160.3600184","DOIUrl":null,"url":null,"abstract":"Diagnostic protocols for vehicles are important for maintenance, updates, etc. However, if they are not secure, an attacker can use them as an entry point to the vehicle or even directly access critical functionality. In this paper, we discuss the security of the vehicle diagnostics protocols Diagnostics over IP (DoIP) and Unified Diagnostic Services (UDS). For UDS, we provide a formal analysis of the included security protocols SecurityAccess service and the different variants of the new Authentication service introduced in the year 2020. We present two new vulnerabilities, we identified in our analyses, describe how they can be mitigated and formally verify our mitigations. Furthermore, we give recommendations on how to securely implement UDS and how future standards can be improved.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Formal Security Analysis of Vehicle Diagnostic Protocols\",\"authors\":\"Timm Lauser, C. Krauß\",\"doi\":\"10.1145/3600160.3600184\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Diagnostic protocols for vehicles are important for maintenance, updates, etc. However, if they are not secure, an attacker can use them as an entry point to the vehicle or even directly access critical functionality. In this paper, we discuss the security of the vehicle diagnostics protocols Diagnostics over IP (DoIP) and Unified Diagnostic Services (UDS). For UDS, we provide a formal analysis of the included security protocols SecurityAccess service and the different variants of the new Authentication service introduced in the year 2020. We present two new vulnerabilities, we identified in our analyses, describe how they can be mitigated and formally verify our mitigations. Furthermore, we give recommendations on how to securely implement UDS and how future standards can be improved.\",\"PeriodicalId\":107145,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3600160.3600184\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3600184","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
车辆的诊断协议对于维护、更新等非常重要。但是,如果它们不安全,攻击者可以使用它们作为车辆的入口点,甚至直接访问关键功能。本文讨论了车辆诊断协议DoIP (diagnostics over IP)和UDS (Unified Diagnostic Services)的安全性问题。对于UDS,我们对其包含的安全协议SecurityAccess service和2020年推出的新鉴权服务的不同变体进行了形式化分析。我们提出了在分析中发现的两个新漏洞,描述了如何缓解它们,并正式验证了我们的缓解措施。此外,我们还就如何安全实施UDS以及如何改进未来的标准提出了建议。
Formal Security Analysis of Vehicle Diagnostic Protocols
Diagnostic protocols for vehicles are important for maintenance, updates, etc. However, if they are not secure, an attacker can use them as an entry point to the vehicle or even directly access critical functionality. In this paper, we discuss the security of the vehicle diagnostics protocols Diagnostics over IP (DoIP) and Unified Diagnostic Services (UDS). For UDS, we provide a formal analysis of the included security protocols SecurityAccess service and the different variants of the new Authentication service introduced in the year 2020. We present two new vulnerabilities, we identified in our analyses, describe how they can be mitigated and formally verify our mitigations. Furthermore, we give recommendations on how to securely implement UDS and how future standards can be improved.