Formal Verification of an Authorization Protocol for Remote Vehicle Diagnostics
Report, 2013

Remote diagnostics protocols have generally only considered correct authentication to be enough to grant access to vehicles. However, as diagnostics equipment or their keys can be stolen or copied, these devices can not be trusted. Thus, authentication alone is not enough to prevent unauthorized access to vehicles. In previous work, we proposed an authorization protocol to prevent unauthorized access to vehicles. In the automotive industry where lives are at risk and a certain liability is exacted on the manufacturer, their vehicles and its software, it is critical that such a protocol has no flaws. Thus, using formal methods to prove the correctness of protocol designs is an important step. In this paper, we formally prove that the proposed authorization protocol provides mutual authentication between the diagnostics equipment and the vehicle, and that it guarantees both secrecy of the distributed session key and freshness of the distributed authorization information. Our formal analysis is conducted using both the Burrows-Abadi-Needham (BAN) Logic and the ProVerif automated verification tool. To the authors' best knowledge, this is the first formally verified authorization protocol for remote vehicular diagnostics.


Pierre Kleberger

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Guilhem Moulin

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

Areas of Advance


Subject Categories

Computer and Information Science

Technical report - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University

More information