Security Controls
From this post, we will take a closer look at car diagnostic security features. The diagnostic security function plays an important role when performing diagnostic tasks using the vehicle’s ‘Diagnostics CAN network’. This feature is broadly divided into three types:
- Security Control: Ensures network safety through OBD security certification applied to CGW/CCU.
- Access Restrictions: Checks the diagnostic equipment’s access to the ECU.
- Security Update: Verifies that the ECU’s firmware update is valid.
Among these, today I will focus on security control. Security controls ensure that all diagnostic equipment we use is properly authenticated and has secure access to the network. This is an important first step in protecting your network from unauthorized access and potential risks.
Security controls manage secure access to the vehicle’s diagnostic network and are implemented specifically in the Central Gateway (CGW) or Central Control Unit (CCU). Because these devices serve as a central conduit for diagnostic data, security is critical. This security feature ensures that all communications between the diagnostic equipment and the vehicle are secure.
Key features of security controls
1. Certificate-based electronic signature verification:
- The core of the security control function is certificate-based electronic signature verification. This verifies that equipment attempting to access the vehicle’s diagnostic system from outside is legitimate.
- A digital signature ensures that the request sent by the diagnostic device has not been altered and that the device came from a trusted source.
2. Access Control:
- The CGW or CCU allows access to the internal Electronic Control Unit (ECU) only after verifying that the diagnostic request is provided with a valid electronic signature.
- This access control is an important device that protects the vehicle’s critical systems from unauthorized access or malicious manipulation.
The technology is called Secure Unlock by some OEMs.
The following Sequence Diagram shows the overall flow of security control.
- A diagnostic device that wishes to access the vehicle’s CGW/CCU to request related diagnostic services such as “forced drive” or “reprogramming” to a specific controller through the OBD port requests the OEM authentication server to issue a certificate for the diagnostic equipment. At this time, the diagnostic equipment transmits its public key to the OEM authentication server. (User authentication may occur during this process.)
- The OEM authentication server issues a certificate for the diagnostic device using the server’s private key, and this certificate includes the public key of the diagnostic device.
- The issued certificate is sent from the OEM authentication server to the diagnostic device.
- The diagnostic equipment sends the received certificate to CGW and requests random number generation.
- CGW verifies the certificate delivered by the diagnostic equipment with the public key of the server pre-stored during the production stage, and through this, verifies whether the diagnostic equipment has been properly authenticated by the OEM certification server. If there are no problems, proceed to the next step.
- CGW generates random numbers through TRNG.
- The generated random numbers are sent from the CGW to the diagnostic equipment.
- The diagnostic equipment creates an electronic signature using the received random number as its own private key.
- The generated electronic signature is transmitted from the diagnostic equipment to the CGW.
- CGW decrypts the received electronic signature with the public key included in the diagnostic equipment certificate and verifies that it matches the generated random number. This verification verifies that the diagnostic device currently communicating is the same diagnostic device that has been properly authenticated by the OEM authentication server.
- If verification is completed without problems, CGW will finally certify the diagnostic equipment and allow the diagnostic port.
This concludes the explanation of the diagnostic security function – security control.
In the next post, I will explain the diagnostic security function – access control.
If you are interested in other articles about Cyber Security Series, please refer to the links below!
[Cyber Security] 1. ISO/SAE 21434 Basic
[Cyber Security] 3. cyber security cryptography technology
[Cyber Security] 4. External, internal communication security and GATEWAY security
[Cyber Security] 6. Access Control : Diagnostic Security Features
[Cyber Security] 7. Security Updates : Diagnostic Security Features
[Cyber Security] 8. Secure Boot, Secure Debug, Secure Storage