DoIP, which is defined in ISO 13400, is a transport protocol stack for diagnostic data. Diagnostic data is a potential attack vector at vehicles, so secure transmission must be guaranteed to protect sensitive data and the vehicle. Previous work analyzed a draft version and earlier versions of the DoIP protocol without Transport Layer Security (TLS). No formal analysis exists for the DoIP protocol. The goal of this work is to investigate the DoIP protocol for design flaws that may lead to security vulnerabilities and possible attacks to exploit them. For this purpose, we deductively analyze the DoIP protocol in a first step and subsequently confirm our conclusions formally. For the formal analysis, we use the prover Tamarin. Based on the results, we propose countermeasures to improve the DoIP's security.We showthat the DoIP protocol cannot be considered secure mainly because the security mechanisms TLS and client authentication in the DoIP protocol are not mandatory. We propose measures to mitigate the vulnerabilities thatwe confirm to remain after activating TLS. These require only a minor redesign of the protocol.
翻译:ISO 13400中定义的DoIP是诊断数据的一个运输协议堆,诊断数据是车辆上潜在的攻击矢量,因此必须保证安全传输以保护敏感数据和车辆。以前的工作分析了DoIP协议的草案版本和早期版本,没有运输层安全。没有正式分析DoIP协议。这项工作的目的是调查DoIP协议的设计缺陷,这些缺陷可能导致安全脆弱性和可能的攻击加以利用。为此目的,我们首先对DoIP协议进行分解分析,然后正式确认我们的结论。对于正式分析,我们使用证明程序Tamarin。根据结果,我们建议采取对策改进DoIP的安全性。我们表明,DoIP协议不能被视为安全性,主要是因为DoIP协议中的安全机制TLS和客户验证不是强制性的。我们建议采取措施,减轻在激活TLS之后我们确认的弱点。这些只需要对协议进行轻微的重新设计。