Diagnostics Over Internet Protocol: Security Issues

Deep-Dive-into-OBD2-and-UDS-Protocols

Share This Post

Closing the year 2023, a significant portion of new vehicles this year have incorporated DoIP, enabling seamless remote access to onboard diagnostics data

DoIP, an acronym for “Diagnostics Over Internet Protocol,” is a transformative communication protocol designed primarily for remote vehicle diagnostics, with the potential for broader applications. As the Internet of Things (IoT) continues to expand, DoIP emerges as a critical protocol facilitating remote diagnostics and repairs.

The engine, gearbox, or brakes, DOIP proves invaluable in providing real-time diagnostics. By leveraging this protocol, mechanics and technicians can use remote Vehicle IT Specialists spot issues promptly, enabling swift and targeted interventions remotely to ensure the optimal performance and safety of the vehicle.

The transition from traditional Controller Area Network (CAN) systems to Ethernet-based DOIP represents a significant leap in data transfer capabilities within the automotive realm. With transfer rates reaching up to 100 megabits per second (mbps), DOIP far surpasses the limitations of CAN systems, which typically operate at a modest 500 kilobits per second (kbps). This substantial improvement in speed not only enhances diagnostic processes but also supports the growing complexity of modern vehicles including cybersecurity threats.

Manipulation of data on the vehicle network through a man-in-the-middle attack is increasingly common. Manipulating data can be done for various purposes, such as altering forensic evidence in car crashes or taking control of the vehicle, making it behave in unexpected ways. Detecting and preventing such intrusions require robust security measures and protocols. However, security features, such as Transport Layer Security (TLS) and client authentication, are not mandatory in the DoIP protocol.

What is DoIP?

At its core, DoIP serves as a bridge between external diagnostic tools and a vehicle’s electronic control units (ECUs). This enables access to a car’s onboard diagnostic data, even when the vehicle is located miles away. This capability proves invaluable for identifying issues with crucial components such as the engine, gearbox, or brakes, allowing for strategic repairs without physical proximity to the vehicle. Reprogramming the ADA system no longer needs a specialist on-side to get the job done. But also other more dynamic data can be found through DoIP such as gas pedal position, steering wheel position and sensory data from the vehicle’s surroundings and used by DoIP tools for diagnosis and repair.

DoIP’s Security Concerns

While DoIP’s roots can be traced back to the ISO 13400 standards, recent analyses have highlighted certain security concerns. Some security features, such as Transport Layer Security (TLS) and client authentication, are not mandatory in the DoIP protocol. In other cases, we have seen that they are poorly implemented and easily circumvented. However, measures can be implemented to address these vulnerabilities and ensure a secure user experience, and aftermarket hardware manufacturers often contact us to assist them with these Security Assessments.

Collaborations with entities with experience in Vehicle Cyber Security become essential to fortify DoIP implementations against potential threats. As a testament to the severity of these concerns, aftermarket hardware manufacturers frequently seek assistance to ensure their solutions align with the best practices in cybersecurity.

UDS Protocol and DoIP: Harmonizing Vehicle Diagnostics
UDS on IP vs. UDS on CAN

Unified Diagnostics Services (UDS), outlined in the ISO 14229 standard, serves as a foundational protocol empowering diagnostic systems to interface seamlessly with vehicle ECUs. DoIP enhances UDS with specialized features, fostering connections between external testing equipment and DoIP gateways inside vehicles.

UDS on IP operates using the ISO 14229-5 standard, implementing the DoIP transport layer (ISO 13400-2) and Ethernet physical layer (IEEE 802.3). In contrast, UDS on CAN relies on ISO 14229-3, ISO 15765-2, and ISO 11898 for CAN network communication. Distinctions include faster data transmission, handling larger data volumes, and a flexible communication platform with UDS on IP.

DoIP’s Enhanced Performance on Ethernet Networks

Automotive Ethernet, a cornerstone for local area networks (LANs) in vehicles, facilitates interconnected devices within confined automotive environments. DoIP’s versatility extends beyond automotive Ethernet, encompassing other mediums like WLAN and UMTS. This versatility makes it a key player in flash cycles for ECUs, shortening production line and repair facility flash cycles.

Conclusion:

As vehicles evolve with enhanced connectivity and telematics services, DoIP emerges as a pivotal player in creating smarter vehicles. Its integration with IoT platforms and the potential for remote diagnostics position DoIP as a driving force in the automotive industry.

Contact us for a free consult to discuss secure DoIP integration and your integration needs further.

Subscribe To Our Newsletter

Get updates and learn from the best

Loading

Subscribe To Our Newsletter Get Updates And Learn From The Best

Loading
Scroll to Top