Securing Vehicle Diagnostics in Repair Shops

Paper in proceeding, 2014

Diagnostics over IP (DoIP) is a new ISO standard for transmitting diagnostics messages, such as ISO 14229 Unified Diagnostic Services (UDS), over IP-based networks. The standard specifies the communication architecture needed for diagnostics communication and defines an application layer protocol for exchanging management and diagnostics messages between DoIP-enabled devices. However, DoIP relies on the insecure network protocols used in today's Internet and no additional security was added in the standard to tackle this. Thus, to prevent malicious manipulations of vehicle diagnostics sessions in repair shops, appropriate security mechanisms need to be in place. In this paper, we analyse possible approaches to find the most suitable security architecture for diagnostics communication in repair shop networks. First, an evaluation of possible approaches is conducted. These are then analysed with respect to a set of security requirements and implementation challenges. Finally, we present the approach that best meets the requirements for a secure diagnostics architecture in repair shops.