Security Evaluation of the Electronic Control Unit Software Update Process

Abstract: A modern vehicle is controlled by a distributed network of embedded devices - Electronic Control Units. The software of these devices is updated over an easily accessible and standardised diagnostic interface. Their hardware capabilities are very low, and thereby the security implementations are fairly minimalistic. This thesis analyses the Electronic Control Units used in the heavy-duty vehicle company Scania for security vulnerabilities. First, a list of security requirements was compiled. The implementation of these requirements was verified on several Electronic Control Units by the application of software testing methods. Testing identified two potentially dangerous shortfalls: short encryption seeds used in the authentication challenge, and a lack of reliable software source verification. These vulnerabilities were validated by performing experimental attacks. A brute-force attack was performed on a device with 2-byte seeds and keys. Next, an active man-in-the-middle attack was successfuly carried out to bypass authentication and ash the Electronic Control Unit with arbitrary software. Additionally, a passive man-in-the-middle attack was performed to sniff and store software files. The final attack was a combination: a valid seed and authentication code pair was sniffed over a flashing session, followed by using the pair to gain access later. To mitigate these attacks, it is most important to use long authentication seeds and keys, and implement all security standards. Public-key cryptography may also be an alternative for authentication. Software data encryption could be considered for integrity and confidentiality. A less computation-intense solution would be adding cryptographic signatures to messages.