Access Control
In this post, we will take a closer look at ‘Access Control’, one of the vehicle diagnostic security functions. This feature requires external diagnostic equipment to undergo mandatory security verification before accessing the vehicle’s controls. Access control is especially important for diagnostics via the OBD (On-Board Diagnostics) port, and controls access to the controller after passing security control authentication at the vehicle’s Central Gateway (CGW) or Central Control Unit (CCU).
Some OEMs call the technology Secure Access.
I will explain the sequence for access control.
- The diagnostic equipment requests authentication (seed) to gain access to the controller.
- The controller generates random numbers using TRNG.
- Transmit the generated random number (seed) to the diagnostic equipment.
- The controller calculates and stores Key_ECU using a predefined OEM proprietary algorithm (Hash or encryption algorithm possible).
- The diagnostic equipment also uses the received Seed value to calculate Key_Diag using the same OEM proprietary algorithm.
- The diagnostic equipment transmits the calculated Key_Diag to the controller.
- The controller compares Key_ECU and Key_Diag to determine whether they match.
- If they match, controller access is granted.
If you are interested in other articles about Cyber Security Series, please refer to the links below!
[Cyber Security] 1. ISO/SAE 21434 Basic
[Cyber Security] 3. cyber security cryptography technology
[Cyber Security] 4. External, internal communication security and GATEWAY security
[Cyber Security] 5. Security Controls : Diagnostic Security Features
[Cyber Security] 7. Security Updates : Diagnostic Security Features
[Cyber Security] 8. Secure Boot, Secure Debug, Secure Storage