Abstract

Diagnostic communication is an attractive entry point for attackers because of its accessibility and degree of standardization. The prevalent diagnostic protocol used in modern vehicles is Unified Diagnostic Services (UDS). To prevent misuse of diagnostic functions, UDS provides the Authentication Service to authenticate diagnostic testers securely. A previous study [15] revealed two vulnerabilities in the Authentication Service by theoretically analyzing its specification. By leveraging the identified vulnerabilities, a Manin-
the-Middle (MitM) attacker could theoretically manipulate the communication between a diagnostic tester and an Electronic Control Unit (ECU), with the tester believing that the communication is securely authenticated and encrypted. In this work, we examine the
practical applicability of these vulnerabilities and the proposed mitigations. By implementing the MitM attacker against a diagnostic tester and ECU, simulated by a state-of-the-art industrial tool, we show that standard-conform diagnostic clients and servers cannot detect the described attacks and the manipulation can be successfully applied. Based on this practical evaluation, we derive realistic estimates for attack feasibility and impact, which can be used in a Threat and Risk Analysis (TARA) according to ISO/SAE 21434. In addition, we evaluate the performance of the proposed mitigations and show that their overhead is comparable low.

Link: TBA

Citation: Timm Lauser, Gideon Munoz Molto, and Christoph Krauß. (Un)authenticated Diagnostic Services: A Practical Evaluation of Vulnerabilities in the UDS Authentication Service. In Proceedings of the 1st Cyber Security in Cars Workshop (CSCS). ACM. 2024.