Jeremy Daily, David Nnaji, and Ben Ettlinger (Colorado State University)

Diagnostics and maintenance systems create frequent, legitimate, and intermittent connections to a vehicle’s communication network. These connections are typically made with a vehicle diagnostics adapter (VDA), which serves to translate vehicle network communications to a Windows based service computer running diagnostics software. With heavy vehicles, the diagnostic systems are written and maintained by the supplier of the electronic control units. This means there may be multiple different software packages needed to maintain a heavy vehicle. However, all of these software systems use an interface defined by the American Trucking Association (ATA) through their Technology and Maintenance Council (TMC) using Recommended Practice (RP) number 1210, the Windows API for vehicle diagnostics. Therefore, most diagnostics and maintenance communications on a heavy vehicles utilize a thirdparty VDA with little to no cybersecurity controls. The firmware and drivers for the VDA can be entry points for cyber attacks. In this demonstration, a vehicle diagnostics session is attacked using the VDA firmware, VDA PC driver, and a middle-person attack. A proposed secure diagnostics gateway is demonstrated to secure the diagnostics communications between the heavy vehicle network and the diagnostics application, thus defending against attacks on vulnerable VDA components. Furthermore, the maintenance operations are often trusted and an attacker gains physical access to the vehicle with the unknowing technician. Since these diagnostic systems are connected to the Internet and run Windows, the traditional security issues associated with Windows PCs are now part of the heavy vehicle.

View More Papers

From Library Portability to Para-rehosting: Natively Executing Microcontroller Software...

Wenqiang Li (State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences; Department of Computer Science, the University of Georgia, USA; School of Cyber Security, University of Chinese Academy of Sciences; Department of Electrical Engineering and Computer Science, the University of Kansas, USA), Le Guan (Department of Computer Science, the University…

Read More

DOVE: A Data-Oblivious Virtual Environment

Hyun Bin Lee (University of Illinois at Urbana-Champaign), Tushar M. Jois (Johns Hopkins University), Christopher W. Fletcher (University of Illinois at Urbana-Champaign), Carl A. Gunter (University of Illinois at Urbana-Champaign)

Read More

Improving Signal's Sealed Sender

Ian Martiny (University of Colorado Boulder), Gabriel Kaptchuk (Boston University), Adam Aviv (The George Washington University), Dan Roche (U.S. Naval Avademy), Eric Wustrow (University of Colorado Boulder)

Read More

Demo #2: Sequential Attacks on Kalman Filter-Based Forward Collision...

Yuzhe Ma, Jon Sharp, Ruizhe Wang, Earlence Fernandes, and Jerry Zhu (University of Wisconsin–Madison)

Read More