UDS Security Access for highly-constrained ECUs
2022-01-0152
03/29/2022
- Event
- Content
- Legacy electronic control units are, nowadays, required to implement cybersecurity measures, but they often do not have all the facilities that are necessary to realise industry-standard cybersecurity controls. Such systems must still be protected with a sufficient level of rigor against attackers who wish to modify their operation or extract confidential information from them. Due to cost constraints, it is desirable that such systems can be used in vehicles across the fleets of many different manufacturers without software changes. A critical interface to defend is the Unified Diagnostics Service (UDS) interface which is used in so many areas across the whole vehicle lifecycle. While the classic UDS service $27 (Security Access) has a reputation for poor cybersecurity, there is nothing inherent in the way it operates which prevents a secure access-control from being implemented. Indeed a number of very different implementations exist across the industry, but all have slightly different trade-offs, levels of real security, and many are tied to a specific manufacturer. This paper describes an approach to providing UDS Security Access within very constrained systems which can be applied to multiple vehicles across many manufacturers. It describes, in detail, methods for generating UDS-Seeds and UDS-Keys in the absence of an HSM and true-random number generator, and without access to IT-infrastructure by the user who is requesting access. In addition the problem of key-management and distribution is tackled head-on and not left as an implementation detail. A detailed threat analysis has been performed (according to ISO/SAE 21434) using model-based tools, and is also presented within this paper. The constraints (some of which make it difficult to properly secure certain key material) result in risks which become clear in the threat analysis. Potential future users of this scheme will be able to make use of this to assess the residual risks in their own applications.
- Citation
- Thompson, M., "UDS Security Access for highly-constrained ECUs," SAE Technical Paper 2022-01-0152, 2022, .