Talk Title:
Getting Started with Automotive Ethernet Security Testing
Abstract:
Testing Automotive Electronic Control Units (ECUs) for security involves several key steps and tools. First, IP addresses can be obtained using ARP, ICMP, DoIP announcements or by analyzing default communication protocols, with tools like tcpdump, Wireshark, and Scapy proving essential for capturing and analyzing this data.
Virtual Local Area Networks (VLANs) also need to be configured, and tools like tcpdump and Wireshark can monitor and troubleshoot VLAN configurations. For a thorough examination of open ports and their security, TCP port scans followed by Transport Layer Security (TLS) scans are performed using nmap and testssl.sh, helping to identify potential vulnerabilities in the system.
TLS certificates play a critical role in ensuring secure communication, and Frankencert is a tool used to test the robustness of these certificates against various attacks. DoIP communication, essential for modern automotive diagnostics, can be analyzed to ensure that data exchange between ECUs and diagnostic tools is secure. Unified Diagnostic Services (UDS), another key protocol in automotive diagnostics, can also be tested using Scapy, which allows for the creation and analysis of custom diagnostic messages. Maintaining the integrity of Some/IP across different AutoSAR Protocol Data Units (PDUs) is crucial, and Scapy facilitates this by enabling detailed network traffic analysis and manipulation. Ensuring these protocols and configurations are secure helps protect against unauthorized access and potential cyber threats, which is vital for the safety and reliability of modern vehicles. Through these testing methodologies, automotive security professionals can identify and mitigate vulnerabilities, enhancing the overall security of the vehicle's electronic systems.
Speaker Bio:
Enrico Pozzobon worked since 2016 in the field of automotive security. He obtained his PhD while working in the Laboratory for Safe and Secure Systems in the OTH Regensburg. Together with Nils Weiss and Alexander Meisel, he founded dissecto GmbH which provides automotive penetration testing tools, services, and trainings.
