Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
CastSan: Efficient Detection of Polymorphic C++ Object Type Confusions with LLVM Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

Beneath the Bonnet: A Breakdown of Diagnostic Security

verfasst von : Jan Van den Herrewegen, Flavio D. Garcia

Erschienen in: Computer Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

An Electronic Control Unit (ECU) is an automotive computer essential to the operation of a modern car. Diagnostic protocols running on these ECUs are often too powerful, giving an adversary full access to the ECU if they can bypass the diagnostic authentication mechanism. Firstly, we present three ciphers used in the diagnostic access control, which we reverse engineered from the ECU firmware of four major automotive manufacturers. Next, we identify practical security vulnerabilities in all three ciphers, which use proprietary cryptographic primitives and a small internal state. Subsequently, we propose a generic method to remotely execute code on an ECU over CAN exclusively through diagnostic functions, which we have tested on units of three major automotive manufacturers. Once authenticated, an adversary with access to the CAN network can download binary code to the RAM of the microcontroller and execute it, giving them full access to the ECU and its peripherals, including the ability to read/write firmware at will. Finally, we conclude with recommendations to improve the diagnostic security of ECUs.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel A Formal Approach to Analyzing Cyber-Forensics Evidence
Nächstes Kapitel Extending Automated Protocol State Learning for the 802.11 4-Way Handshake
Literatur
1.
The Universal Measurement and Calibration Protocol Family. Standard, Association of Standardisation and Automation and Measuring Systems (2016)
2.
3.
Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A.D., Szydlo, M.: Security analysis of a cryptographically-enabled RFID device. In: Proceedings of the 14th USENIX Security Symposium (USENIX Security 2005), pp. 1–16. USENIX Association (2005)
4.
Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: 20th USENIX Security Symposium (USENIX Security 2011). USENIX Association (2011)
5.
European Directive: 98/69/EC of the European Parliament and of the Council of 13 October 1998 relating to measures to be taken against air pollution by emissions from motor vehicles and amending Council Directive 70/220/EEC. Official J. Eur. Communities L 350(28), 12 (1998)
6.
Foster, I., Prudhomme, A., Koscher, K., Savage, S.: Fast and vulnerable: a story of telematic failures. In: Proceedings of the 9th USENIX Conference on Offensive Technologies, WOOT 2015 (2015)
7.
Garcia, F.D., Oswald, D., Kasper, T., Pavlidès, P.: Lock it and still lose it-on the (in) security of automotive remote keyless entry systems. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 929–944. USENIX Association (2016)
8.
9.
10.
Road vehicles - controller area network (CAN) - part 1: data link layer and physical signalling. Standard, International Organization for Standardization, Geneva, CH (2015)
11.
Road vehicles unified diagnostic services (UDS) specification and requirements. Standard, International Organization for Standardization, Geneva, CH (2006)
12.
Road vehicles diagnostic systems keyword protocol 2000 part 3: application layer. Standard, International Organization for Standardization, Geneva, CH (1999)
13.
Diagnostic Connector Equivalent to ISO/DIS 15031–3. Standard, SAE, International (2012)
14.
15.
Khan, J.: ADvanced Encryption STAndard (ADESTA) for diagnostics over CAN. SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 8(2), 296–305 (2015)
16.
Kleinknecht, H.: Can calibration protocol version 2.1. Germany: ASAM eV, pp. 2–18 (1999)
17.
Koscher, K., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462. Institute of Electrical and Electronics Engineers (2010)
18.
Miller, C., Valasek, C.: Adventures in automotive networks and control units. Def. Con. 21, 260–264 (2013)
19.
Miller, C., Valasek, C.: Car hacking: for poories. Technical report, IOActive Report (2015)
20.
Nolte, T., Hansson, H., Norström, C., Punnekkat, S.: Using bit-stuffing distributions in can analysis. In: IEEE Real-Time Embedded Systems Workshop at the Real-Time Systems Symposium (2001)
21.
Pornin, T.: Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). RFC 6979 (2013)
22.
23.
Rouf, I., et al.: Security and privacy vulnerabilities of in-car wireless networks: a tire pressure monitoring system case study. In: 19th USENIX Security Symposium (USENIX Security 2010). USENIX Association (2010)
24.
Valasek, C., Miller, C.: Remote exploitation of an unaltered passenger vehicle. Technical report, Illmatics (2015)
25.
Vector Informatik: Product Catalog 5 (2010)
26.
Verdult, R., Garcia, F.D.: Cryptanalysis of the megamos crypto automotive immobilizer. USENIX; login, pp. 17–22 (2015)
27.
Verdult, R., Garcia, F.D., Balasch, J.: Gone in 360 s: hijacking with Hitag2. In: 21st USENIX Security Symposium (USENIX Security 2012), pp. 237–252. USENIX Association (2012)
28.
Verdult, R., Garcia, F.D., Ege, B.: Dismantling megamos crypto: wirelessly lockpicking a vehicle immobilizer. In: 22nd USENIX Security Symposium (USENIX Security 2013), pp. 703–718. USENIX Association (2013)
Metadaten
Titel
Beneath the Bonnet: A Breakdown of Diagnostic Security
verfasst von
Jan Van den Herrewegen
Flavio D. Garcia
Copyright-Jahr
2018
Buch
Computer Security

Print ISBN: 978-3-319-99072-9

Electronic ISBN: 978-3-319-99073-6

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-99073-6_15

Premium Partner

    Bildnachweise