Automotive Electronic Control Unit On-Board Diagnostics system security
The modern combustion engines must implement complex on-board diagnostic (OBD) procedures inside their electronic control units (ECU) to recognize the malfunctions impacting the emissions. Car manufacturers extend the OBD systems with additional functionalities such as calibration and programming to meet their internal needs beyond emission-related monitors. The authors of this paper analyze the OBD protocols and functions with special attention to the security measures during the authorization process of different diagnostic users (production, dealer, independent workshop). Threat Analysis and Risk Assessment (TARA) on the example diagnostic model was performed to identify the security risks. The article illustrates the significance of UDS/OBD security services in the context of the UN R155 cybersecurity regulation and the European Regulation EU 2018/858 on the approval and market surveillance of motor vehicles. Additionally, in the research, several security vulnerabilities in the OBD system are identified that may impact the emissions and safety of a vehicle in relation to the data bus topology. The authors performed penetration testing on OBD Services $27 Security Access and $29 Authentication.
Topic: Other
Author: Piotr PEŁECHAT
Co-authors: Łukasz KONIECZNY
