Security Analysis of Vehicle Diagnostics using DoIP

Abstract: An upcoming trend in the automotive industry is to enable remote access to vehicles. This access opens up for many new applications, such as the possibility to perform vehicle diagnostics over the air. There are obvious benefits in being able to diagnose a vehicle remotely; a driver that experiences a problem with the car can just pull over to the side and call the workshop, which may perform diagnosis of the vehicle over the air.

So far, diagnostics have been performed using brand-specific protocols, but as the car is getting connected, IP-based networks may be used when communicating with the vehicle. The documents in ISO 13400 DIS (Draft International Standard), Diagnostics over IP (DoIP), describe a protocol for this type of interaction. The protocol may be used in environments with varying security characteristics. For example, a vehicle might be parked in a workshop and have a direct connection to the test equipment. The other extreme is a car at an arbitrary distance from the workshop, communicating over the Internet.

This work composes a security analysis of a DoIP system. An examination of the security environment is one part of this work. Furthermore, when connecting the car, new security issues must be considered. To ensure the continuous operation of safety-critical systems within the car, the vehicle along with its communication has to be protected. Therefore, this work contains a thorough investigation of the DoIP protocol. The report describes a set of required security attributes derived from safety aspects and discusses what is satisfied by the protocol. Since DoIP runs on top of TCP/IP, the inherited security issues are also taken into account.