Formal Verification of an Authorization Protocol for Remote Vehicle Diagnostics

Report, 2013

Remote diagnostics protocols have generally only considered correct authentication to be enough to grant access to vehicles. However, as diagnostics equipment or their keys can be stolen or copied, these devices can not be trusted. Thus, authentication alone is not enough to prevent unauthorized access to vehicles. In previous work, we proposed an authorization protocol to prevent unauthorized access to vehicles. In the automotive industry where lives are at risk and a certain liability is exacted on the manufacturer, their vehicles and its software, it is critical that such a protocol has no flaws. Thus, using formal methods to prove the correctness of protocol designs is an important step. In this paper, we formally prove that the proposed authorization protocol provides mutual authentication between the diagnostics equipment and the vehicle, and that it guarantees both secrecy of the distributed session key and freshness of the distributed authorization information. Our formal analysis is conducted using both the Burrows-Abadi-Needham (BAN) Logic and the ProVerif automated verification tool. To the authors' best knowledge, this is the first formally verified authorization protocol for remote vehicular diagnostics.