[Cyber Security] 6. Access Control : Diagnostic Security Features

Access Control

In this post, we will take a closer look at ‘Access Control’, one of the vehicle diagnostic security functions. This feature requires external diagnostic equipment to undergo mandatory security verification before accessing the vehicle’s controls. Access control is especially important for diagnostics via the OBD (On-Board Diagnostics) port, and controls access to the controller after passing security control authentication at the vehicle’s Central Gateway (CGW) or Central Control Unit (CCU).

Some OEMs call the technology Secure Access.

I will explain the sequence for access control.

This image shows sequence of Access Control
  1. The diagnostic equipment requests authentication (seed) to gain access to the controller.
  2. The controller generates random numbers using TRNG.
  3. Transmit the generated random number (seed) to the diagnostic equipment.
  4. The controller calculates and stores Key_ECU using a predefined OEM proprietary algorithm (Hash or encryption algorithm possible).
  5. The diagnostic equipment also uses the received Seed value to calculate Key_Diag using the same OEM proprietary algorithm.
  6. The diagnostic equipment transmits the calculated Key_Diag to the controller.
  7. The controller compares Key_ECU and Key_Diag to determine whether they match.
  8. If they match, controller access is granted.


[Cyber Security] 1. ISO/SAE 21434 Basic

[Cyber Security] 2. TARA

[Cyber Security] 3. cyber security cryptography technology

[Cyber Security] 4. External, internal communication security and GATEWAY security

[Cyber Security] 5. Security Controls : Diagnostic Security Features

[Cyber Security] 7. Security Updates : Diagnostic Security Features

[Cyber Security] 8. Secure Boot, Secure Debug, Secure Storage

[Cyber Security] 9. Other application security

[Cyber Security] 10. Common Security Requirements

Leave a Comment