Skip to main content

Beneath the Bonnet: A Breakdown of Diagnostic Security

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11098)

Abstract

An Electronic Control Unit (ECU) is an automotive computer essential to the operation of a modern car. Diagnostic protocols running on these ECUs are often too powerful, giving an adversary full access to the ECU if they can bypass the diagnostic authentication mechanism. Firstly, we present three ciphers used in the diagnostic access control, which we reverse engineered from the ECU firmware of four major automotive manufacturers. Next, we identify practical security vulnerabilities in all three ciphers, which use proprietary cryptographic primitives and a small internal state. Subsequently, we propose a generic method to remotely execute code on an ECU over CAN exclusively through diagnostic functions, which we have tested on units of three major automotive manufacturers. Once authenticated, an adversary with access to the CAN network can download binary code to the RAM of the microcontroller and execute it, giving them full access to the ECU and its peripherals, including the ability to read/write firmware at will. Finally, we conclude with recommendations to improve the diagnostic security of ECUs.

Keywords

  • Diagnostic Security
  • Electronic Control Unit (ECU)
  • Cipher
  • Firmware
  • Challenge-response Pairs

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This work was partly funded by EPSRC Fellowship EP/R008000/1.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-99073-6_15
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   79.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-99073-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   99.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

References

  1. The Universal Measurement and Calibration Protocol Family. Standard, Association of Standardisation and Automation and Measuring Systems (2016)

    Google Scholar 

  2. Bogdanov, A.: Linear slide attacks on the KeeLoq block cipher. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 66–80. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79499-8_7

    CrossRef  Google Scholar 

  3. Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A.D., Szydlo, M.: Security analysis of a cryptographically-enabled RFID device. In: Proceedings of the 14th USENIX Security Symposium (USENIX Security 2005), pp. 1–16. USENIX Association (2005)

    Google Scholar 

  4. Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: 20th USENIX Security Symposium (USENIX Security 2011). USENIX Association (2011)

    Google Scholar 

  5. European Directive: 98/69/EC of the European Parliament and of the Council of 13 October 1998 relating to measures to be taken against air pollution by emissions from motor vehicles and amending Council Directive 70/220/EEC. Official J. Eur. Communities L 350(28), 12 (1998)

    Google Scholar 

  6. Foster, I., Prudhomme, A., Koscher, K., Savage, S.: Fast and vulnerable: a story of telematic failures. In: Proceedings of the 9th USENIX Conference on Offensive Technologies, WOOT 2015 (2015)

    Google Scholar 

  7. Garcia, F.D., Oswald, D., Kasper, T., Pavlidès, P.: Lock it and still lose it-on the (in) security of automotive remote keyless entry systems. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 929–944. USENIX Association (2016)

    Google Scholar 

  8. Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_9

    CrossRef  MATH  Google Scholar 

  9. Indesteege, S., Keller, N., Dunkelman, O., Biham, E., Preneel, B.: A practical attack on KeeLoq. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 1–18. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_1

    CrossRef  Google Scholar 

  10. Road vehicles - controller area network (CAN) - part 1: data link layer and physical signalling. Standard, International Organization for Standardization, Geneva, CH (2015)

    Google Scholar 

  11. Road vehicles unified diagnostic services (UDS) specification and requirements. Standard, International Organization for Standardization, Geneva, CH (2006)

    Google Scholar 

  12. Road vehicles diagnostic systems keyword protocol 2000 part 3: application layer. Standard, International Organization for Standardization, Geneva, CH (1999)

    Google Scholar 

  13. Diagnostic Connector Equivalent to ISO/DIS 15031–3. Standard, SAE, International (2012)

    Google Scholar 

  14. Kasper, M., Kasper, T., Moradi, A., Paar, C.: Breaking KeeLoq in a flash: on extracting keys at lightning speed. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 403–420. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02384-2_25

    CrossRef  Google Scholar 

  15. Khan, J.: ADvanced Encryption STAndard (ADESTA) for diagnostics over CAN. SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 8(2), 296–305 (2015)

    Google Scholar 

  16. Kleinknecht, H.: Can calibration protocol version 2.1. Germany: ASAM eV, pp. 2–18 (1999)

    Google Scholar 

  17. Koscher, K., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462. Institute of Electrical and Electronics Engineers (2010)

    Google Scholar 

  18. Miller, C., Valasek, C.: Adventures in automotive networks and control units. Def. Con. 21, 260–264 (2013)

    Google Scholar 

  19. Miller, C., Valasek, C.: Car hacking: for poories. Technical report, IOActive Report (2015)

    Google Scholar 

  20. Nolte, T., Hansson, H., Norström, C., Punnekkat, S.: Using bit-stuffing distributions in can analysis. In: IEEE Real-Time Embedded Systems Workshop at the Real-Time Systems Symposium (2001)

    Google Scholar 

  21. Pornin, T.: Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). RFC 6979 (2013)

    Google Scholar 

  22. Radu, A.-I., Garcia, F.D.: LeiA: a lightweight authenticatiton protocol for CAN. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 283–300. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_15

    CrossRef  Google Scholar 

  23. Rouf, I., et al.: Security and privacy vulnerabilities of in-car wireless networks: a tire pressure monitoring system case study. In: 19th USENIX Security Symposium (USENIX Security 2010). USENIX Association (2010)

    Google Scholar 

  24. Valasek, C., Miller, C.: Remote exploitation of an unaltered passenger vehicle. Technical report, Illmatics (2015)

    Google Scholar 

  25. Vector Informatik: Product Catalog 5 (2010)

    Google Scholar 

  26. Verdult, R., Garcia, F.D.: Cryptanalysis of the megamos crypto automotive immobilizer. USENIX; login, pp. 17–22 (2015)

    Google Scholar 

  27. Verdult, R., Garcia, F.D., Balasch, J.: Gone in 360 s: hijacking with Hitag2. In: 21st USENIX Security Symposium (USENIX Security 2012), pp. 237–252. USENIX Association (2012)

    Google Scholar 

  28. Verdult, R., Garcia, F.D., Ege, B.: Dismantling megamos crypto: wirelessly lockpicking a vehicle immobilizer. In: 22nd USENIX Security Symposium (USENIX Security 2013), pp. 703–718. USENIX Association (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jan Van den Herrewegen .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Van den Herrewegen, J., Garcia, F.D. (2018). Beneath the Bonnet: A Breakdown of Diagnostic Security. In: Lopez, J., Zhou, J., Soriano, M. (eds) Computer Security. ESORICS 2018. Lecture Notes in Computer Science(), vol 11098. Springer, Cham. https://doi.org/10.1007/978-3-319-99073-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99073-6_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99072-9

  • Online ISBN: 978-3-319-99073-6

  • eBook Packages: Computer ScienceComputer Science (R0)