Abstract
Diagnostics over IP (DoIP) is a new ISO standard for transmitting diagnostics messages, such as ISO 14229 Unified Diagnostic Services (UDS), over IP-based networks. The standard specifies the communication architecture needed for diagnostics communication and defines an application layer protocol for exchanging management and diagnostics messages between DoIP-enabled devices. However, DoIP relies on the insecure network protocols used in today’s Internet and no additional security was added in the standard to tackle this. Thus, to prevent malicious manipulations of vehicle diagnostics sessions in repair shops, appropriate security mechanisms need to be in place.
In this paper, we analyse possible approaches to find the most suitable security architecture for diagnostics communication in repair shop networks. First, an evaluation of possible approaches is conducted. These are then analysed with respect to a set of security requirements and implementation challenges. Finally, we present the approach that best meets the requirements for a secure diagnostics architecture in repair shops.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., et al.: Experimental Security Analysis of a Modern Automobile. In: 2010 IEEE Symposium on Security and Privacy, SP, pp. 447–462 (2010)
Rouf, I., Miller, R., Mustafa, H., Taylor, T., Oh, S., Xu, W., Gruteser, M., Trappe, W., Seskar, I.: Security and Privacy Vulnerabilities of In-car Wireless Networks: A Tire Pressure Monitoring System Case Study. In: Proceedings of the 19th USENIX Conference on Security. USENIX Security 2010, Berkeley, CA, USA, p. 21 (2010) (visited on December 18, 2013)
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive Experimental Analyses of Automotive Attack Surfaces. In: Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, USA, pp. 77–92 (August 2011)
ISO 14229-1:2013: Road vehicles — Unified diagnostic services (UDS) — Part 1: Specification and requirements. ISO (2013)
ISO 13400-1:2011: Road vehicles — Diagnostic communication over Internet Protocol (DoIP) — Part 1: General information and use case definition. ISO (2011)
Lindberg, J.: Security Analysis of Vehicle Diagnostics using DoIP. Master Thesis. Chalmers University of Technology. Gothenburg (2011)
Altunbasak, H., Krasser, S., Owen, H., Sokol, J., Grimminger, J.: Addressing the Weak Link Between Layer 2 and Layer 3 in the Internet Architecture. In: 29th Annual IEEE International Conference on Local Computer Networks, pp. 417–418 (2004)
ISO 27145-3:2012: Road vehicles — Implementation of World-Wide Harmonized On-Board Diagnostics (WWH-OBD) communication requirements — Part 3: Common message dictionary. ISO (2012)
ISO 13400-2:2012: Road vehicles — Diagnostic communication over Internet Protocol (DoIP) — Part 2: Transport protocol and network layer services. ISO (2012)
ISO 15764:2004: Road vehicles — Extended data link security. ISO (2004)
Howard, J.D., Longstaff, T.A.: A Common Language for Computer Security Incidents. In: Sandia Report: SAND98-8667 (1998)
Kleberger, P., Olovsson, T.: Protecting Vehicles Against Unauthorised Diagnostics Sessions Using Trusted Third Parties. In: Bitsch, F., Guiochet, J., Kaâniche, M. (eds.) SAFECOMP. LNCS, vol. 8153, pp. 70–81. Springer, Heidelberg (2013)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard). IETF (August 2008)
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2. RFC 6347 (Proposed Standard). IETF (January 2012)
Völker, L., Schöller, M.: Secure TLS: Preventing DoS Attacks with Lower Layer Authentication. en. In: Kommunikation in Verteilten Systemen (KiVS), pp. 237–248. Informatik aktuell (2007)
Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC 4301 (Proposed Standard). IETF (December 2005)
Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (Proposed Standard). IETF (September 2010)
Jerschow, Y.I., Lochert, C., Scheuermann, B., Mauve, M.: CLL: A Cryptographic Link Layer for Local Area Networks. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 21–38. Springer, Heidelberg (2008)
Kiravuo, T., Sarela, M., Manner, J.: A Survey of Ethernet LAN Security. IEEE Communications Surveys Tutorials 15(3), 1477–1491 (2013) ISSN: 1553-877X
IEEE 802.1AE-2006: IEEE Standard for Local and metropolitan area networks: Media Access Control (MAC) Security. IEEE (2006)
Kleberger, P., Olovsson, T., Jonsson, E.: An In-Depth Analysis of the Security of the Connected Repair Shop. In: Proceedings of the Seventh International Conference on Systems and Networks Communications, ICSNC 2012, Lisbon, Portugal, pp. 99–107 (November 2012)
Kleberger, P., Moulin, G.: Short Paper: Formal Verification of an Authorization Protocol for Remote Vehicle Diagnostics. In: IEEE Vehicular Network Conference, VNC, Boston, USA (December 2013)
Mahmud, S.M., Shanker, S., Hossain, I.: Secure Software Upload in an Intelligent Vehicle via Wireless Communication Links. In: Proceedings of the 2005 IEEE Intelligent Vehicles Symposium, pp. 588–593 (2005)
Hossain, I., Mahmud, S.M.: Secure Multicast Protocol for Remote Software Upload in Intelligent Vehicles. In: Proc. of the 5th Ann. Intel. Vehicle Systems Symp. of National Defense Industries Association (NDIA), pp. 145–155. Traverse City, Michigan (June 2005)
Nilsson, D.K., Larson, U.E.: Secure Firmware Updates over the Air in Intelligent Vehicles. In: IEEE International Conference on Communications Workshops, ICC Workshops 2008, pp. 380–384 (May 2008)
Idrees, M.S., Schweppe, H., Roudier, Y., Wolf, M., Scheuermann, D., Henniger, O.: Secure Automotive On-Board Protocols: A Case of Over-the-Air Firmware Updates. In: Strang, T., Festag, A., Vinel, A., Mehmood, R., Rico Garcia, C., Röckl, M. (eds.) Nets4Cars/Nets4Trains 2011. LNCS, vol. 6596, pp. 224–238. Springer, Heidelberg (2011)
Johanson, M., Dahle, P., Soderberg, A.: Remote Vehicle Diagnostics over the Internet using the DoIP Protocol. In: Proceedings of the Sixth International Conference on Systems and Networks Communications, ICSNC 2011, Barcelona, Spain, pp. 226–231 (October 2011)
Nilsson, D.K., Larson, U.E., Jonsson, E.: Creating a Secure Infrastructure for Wireless Diagnostics and Software Updates in Vehicles. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 207–220. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kleberger, P., Olovsson, T. (2014). Securing Vehicle Diagnostics in Repair Shops. In: Bondavalli, A., Di Giandomenico, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science, vol 8666. Springer, Cham. https://doi.org/10.1007/978-3-319-10506-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-10506-2_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10505-5
Online ISBN: 978-3-319-10506-2
eBook Packages: Computer ScienceComputer Science (R0)