TY - GEN
T1 - Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols
AU - Yu, Le
AU - Liu, Yangyang
AU - Jing, Pengfei
AU - Luo, Xiapu
AU - Xue, Lei
AU - Zhao, Kaifa
AU - Zhou, Yajin
AU - Wang, Ting
AU - Gu, Guofei
AU - Nie, Sen
AU - Wu, Shi
N1 - Publisher Copyright:
© USENIX Security Symposium, Security 2022.All rights reserved.
PY - 2022
Y1 - 2022
N2 - In-vehicle protocols are very important to the security assessment and protection of modern vehicles since they are used in communicating with, accessing, and even manipulating ECUs (Electronic Control Units) that control various vehicle components. Unfortunately, the majority of in-vehicle protocols are proprietary without publicly available documents. Although recent studies proposed methods to reverse engineer the CAN protocol used in the communication among ECUs, they cannot be applied to vehicle diagnostics protocols, which have been widely exploited by attackers to launch remote attacks. In this paper, we propose a novel framework for automatically reverse engineering the diagnostic protocols of vehicles by leveraging professional diagnostic tools. Specifically, we design and develop a new cyber-physical system that uses a set of algorithms to control a programmable robotics arm with the aid of cameras to automatically trigger and capture the messages of diagnostics protocols as well as reverse engineer their formats, semantic meanings, and proprietary formulas required for processing the response messages. We perform a large-scale experiment to evaluate our prototype using 18 real vehicles. It successfully reverse engineers 570 messages (446 for reading sensor values and 124 for controlling components). The experimental results show that our framework achieves high precision in reverse engineering proprietary formulas and obtains much more messages than the prior approach based on app analysis.
AB - In-vehicle protocols are very important to the security assessment and protection of modern vehicles since they are used in communicating with, accessing, and even manipulating ECUs (Electronic Control Units) that control various vehicle components. Unfortunately, the majority of in-vehicle protocols are proprietary without publicly available documents. Although recent studies proposed methods to reverse engineer the CAN protocol used in the communication among ECUs, they cannot be applied to vehicle diagnostics protocols, which have been widely exploited by attackers to launch remote attacks. In this paper, we propose a novel framework for automatically reverse engineering the diagnostic protocols of vehicles by leveraging professional diagnostic tools. Specifically, we design and develop a new cyber-physical system that uses a set of algorithms to control a programmable robotics arm with the aid of cameras to automatically trigger and capture the messages of diagnostics protocols as well as reverse engineer their formats, semantic meanings, and proprietary formulas required for processing the response messages. We perform a large-scale experiment to evaluate our prototype using 18 real vehicles. It successfully reverse engineers 570 messages (446 for reading sensor values and 124 for controlling components). The experimental results show that our framework achieves high precision in reverse engineering proprietary formulas and obtains much more messages than the prior approach based on app analysis.
UR - http://www.scopus.com/inward/record.url?scp=85131282315&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85131282315&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85131282315
T3 - Proceedings of the 31st USENIX Security Symposium, Security 2022
SP - 1939
EP - 1956
BT - Proceedings of the 31st USENIX Security Symposium, Security 2022
PB - USENIX Association
T2 - 31st USENIX Security Symposium, Security 2022
Y2 - 10 August 2022 through 12 August 2022
ER -