Diagnostic protocols in automotive systems can offer a huge attack surface with
devastating impacts if vulnerabilities are present. This paper shows the application of active
automata learning techniques for reverse engineering system state machines of automotive
systems. The developed black-box testing strategy is based on diagnostic protocol communi-
cation. Through this approach, it is possible to automatically investigate a highly increased
attack surface. Based on a new metric, introduced in this paper, we are able to rate the pos-
sible attack surface of an entire vehicle or a single Electronic Control Unit (ECU). A novel
attack surface metric allows comparisons of different ECUs from different Original Equip-
ment Manufacturers (OEMs), even between different diagnostic protocols. Additionally, we
demonstrate the analysis capabilities of our graph-based model to evaluate an ECUs possible
attack surface over a lifetime
%0 Conference Paper
%1 weiss2021automated
%A Weiss, Nils
%A Renner, Sebastian
%A Mottok, Jürgen
%A Vaclav, Matousek
%B 8th Embedded Security in Cars Conference (ESCAR USA)
%D 2021
%K srenn
%T Automated Threat Evaluation of Automotive Diagnostic Protocols
%X Diagnostic protocols in automotive systems can offer a huge attack surface with
devastating impacts if vulnerabilities are present. This paper shows the application of active
automata learning techniques for reverse engineering system state machines of automotive
systems. The developed black-box testing strategy is based on diagnostic protocol communi-
cation. Through this approach, it is possible to automatically investigate a highly increased
attack surface. Based on a new metric, introduced in this paper, we are able to rate the pos-
sible attack surface of an entire vehicle or a single Electronic Control Unit (ECU). A novel
attack surface metric allows comparisons of different ECUs from different Original Equip-
ment Manufacturers (OEMs), even between different diagnostic protocols. Additionally, we
demonstrate the analysis capabilities of our graph-based model to evaluate an ECUs possible
attack surface over a lifetime
@inproceedings{weiss2021automated,
abstract = {Diagnostic protocols in automotive systems can offer a huge attack surface with
devastating impacts if vulnerabilities are present. This paper shows the application of active
automata learning techniques for reverse engineering system state machines of automotive
systems. The developed black-box testing strategy is based on diagnostic protocol communi-
cation. Through this approach, it is possible to automatically investigate a highly increased
attack surface. Based on a new metric, introduced in this paper, we are able to rate the pos-
sible attack surface of an entire vehicle or a single Electronic Control Unit (ECU). A novel
attack surface metric allows comparisons of different ECUs from different Original Equip-
ment Manufacturers (OEMs), even between different diagnostic protocols. Additionally, we
demonstrate the analysis capabilities of our graph-based model to evaluate an ECUs possible
attack surface over a lifetime},
added-at = {2021-12-08T08:07:22.000+0100},
author = {Weiss, Nils and Renner, Sebastian and Mottok, Jürgen and Vaclav, Matousek},
biburl = {https://www.bibsonomy.org/bibtex/2225459f742f717695a97bb6158ba560a/baywiss1},
booktitle = {8th Embedded Security in Cars Conference (ESCAR USA)},
interhash = {8285f6fa84a1d93e07be2d631c0a75e6},
intrahash = {225459f742f717695a97bb6158ba560a},
keywords = {srenn},
timestamp = {2021-12-08T08:07:22.000+0100},
title = {Automated Threat Evaluation of Automotive Diagnostic Protocols},
year = 2021
}