New UDS Authentication: Enhanced Security, Familiar Challenges
November 01, 2024
Blog
In the fast-paced world of automotive technology, securing communication between electronic control units (ECUs) and diagnostic tools is no longer nice to have, it's urgent. The Unified Diagnostic Services (UDS) protocol, the industry standard for vehicle diagnostics, has taken a critical step forward with the introduction of the Authentication Service (0x29) in its 2020 update.
As we are now starting to see production ready ECUs with this new service, it caught our attention. This new service addresses the limitations of the existing Security Access Service (0x27) and elevates its security to a whole new level. In this blog post, we will explore the key features of the recent UDS Authentication Service, its security improvements over the Security Access Service, and delve into potential challenges that both services share.
Understanding the UDS Authentication Service (0x29):
The primary objective of the UDS Authentication Service is to establish a secure means for a client to prove its identity, enabling access to restricted data and diagnostic services. Another optional objective is to derive session keys for further secure communication (e.g. SecuredDataTransmission Service 0x84).
The service supports two security concepts:
- Authentication with PKI Certificate Exchange (APCE): This method leverages asymmetric cryptography and Public Key Infrastructure (PKI) certificates to establish a trusted relationship between the tester and ECU. During authentication, the tester presents its signed certificate to the ECU, who in turn optionally sends its own certificate. Certificates are verified using the CA's public key, ensuring authenticity and validity. There are challenges in managing certificates, it requires infrastructure for issuing, distributing, and verifying them. This concept is more dynamic as only root certificates should be pre-installed. Concerns like revocation procedures and certificate expiration still need to be addressed.
- Authentication with Challenge-Response (ACR): This method simplifies authentication by utilizing pre-shared keys or pre-installed public keys eliminating the need for PKI infrastructure. It supports both asymmetric and symmetric cryptography for increased flexibility. This approach eliminates the need for public key exchange but raises concerns about private key leakage or revocation. Both the APCE and ACR systems are available in two types. The first is Unidirectional Authentication, where the ECU is responsible for verifying the identity of the tester to ensure the tester is recognized and authorized by the system. The second type is Bidirectional Authentication, which enhances security further. In this approach, both the tester and the ECU actively participate in validating each other's credentials, establishing a stronger wall of defense and enhancing the system's overall security.
The Authentication Service Security Improvements:
The UDS Authentication Service represents a substantial leap forward in fortifying diagnostic communication systems. The known limitations of the Security Access mechanism is that it didn’t allow bidirectional authentication and it didn’t authenticate a session between the Tester and the ECU, once the ECU was unlocked any unauthorized entity could send sensitive commands.
Another common pitfall is not using modern cryptography as it wasn't augmented to the service features.
Authentication service distinguishes itself from the traditional Security Access Service by incorporating advanced security measures:
- Integration of Public Key Infrastructure (PKI): Unlike its predecessor, the UDS Authentication Service integrates Public Key Infrastructure (PKI) which is vital for establishing and maintaining a reliable and secure communication environment. This allows for the verification of the authenticity of digital certificates, ensuring secure exchanges between parties.
- Support for Robust Cryptographic Algorithms: The service is engineered to support modern cryptographic algorithms. These algorithms are essential in safeguarding data integrity and confidentiality, providing a more robust defense against cyber threats compared to older systems.
- Bidirectional Authentication: A key feature of the UDS Authentication Service is its ability to perform bidirectional authentication. This means that both parties in a communication exchange must prove their identity to each other, adding an extra layer of security. This method is crucial in preventing unauthorized access and ensuring that the entities involved in communication are legitimate.
- Session Key Derivation: The service includes the capability for session key derivation. This feature is critical for establishing a temporary and unique encryption key for each session. It plays a significant role in preventing unauthorized data interception and ensuring the privacy of communications.
With these enhanced features the UDS Authentication Service effectively mitigates the risk of Man-in-the-Middle (MitM) attacks. These attacks, where an attacker intercepts or inject and possibly alters the communication between two parties, are a significant threat in diagnostic communications. By using bidirectional authentication and session keys in conjunction with the SecuredDataTransmission Service, the UDS Authentication Service can prevent attackers from successfully executing these types of attacks.
Shared Security Challenges:
While the UDS Authentication Service presents notable improvements, certain security challenges remain consistent with its predecessor:
- Challenge Quality: Both services are susceptible to challenges with inadequate randomness or insufficient length. Ensuring a strong random source for challenges is crucial to prevent vulnerabilities.
- Timing Attacks: Timing attacks, a well-known security concern, can still be relevant in both services. Proper implementation and countermeasures are essential to thwart potential threats.
- Implementation vulnerabilities like memory corruption (e.g. buffer overflow, integer overflow) can of course compromise the target in both cases, and even more in the case of the Authentication Service in which complex structures of certificates are analyzed. Secure programming approach and penetration testing are still crucial.
- Underutilization of features: Given that various features of the Authentication Service are optional, such as bidirectional authentication and session key derivation, there's a risk that certain implementations or configurations might inadvertently replicate the same security issues that were previously identified in the Security Access Service.
Code Contribution to python-udsoncan:
To facilitate easy integration and utilization of the UDS Authentication Service, we contribute code to the "python-udsoncan" repository. This open-source Python library for UDS now includes an implementation of the new service, empowering developers and security professionals to work seamlessly with the enhanced security features.
This integration enabled us to add more security tests regarding Authentication service to PlaxidityX’ interface fuzzing and dynamic security testing kit. Every new ECU that goes through our penetration testing service will now also automatically be tested for issues in the UDS Authentication service.
Conclusion
The introduction of the UDS Authentication Service marks a commendable stride toward bolstering security in vehicle diagnostics. While addressing known limitations of the Security Access Service, it is crucial to remain vigilant about shared challenges. With open-source contributions like the one made to "python-udsoncan," the automotive community gains access to a powerful toolset for implementing and testing the new UDS Authentication Service, fostering a more secure automotive ecosystem.