From ECU to VSOC: UDS Security Monitoring Strategies

TL;DR

This paper proposes security monitoring strategies for the UDS protocol in vehicles, utilizing in-vehicle logging and remote analysis to detect cyberattacks, and evaluates the adequacy of current standards.

Contribution

It introduces novel security monitoring strategies for UDS, including event logging, data collection, and attack detection, and assesses standard gaps in automotive cybersecurity.

Findings

Detection strategies cover a wide range of UDS attack vectors.

Current AUTOSAR security events are insufficient for comprehensive attack detection.

The approach enhances vehicle cybersecurity monitoring capabilities.

Abstract

Increasing complexity and connectivity of modern vehicles have heightened their vulnerability to cyberattacks. This paper addresses security challenges associated with the Unified Diagnostic Services (UDS) protocol, a critical communication framework for vehicle diagnostics in the automotive industry. We present security monitoring strategies for the UDS protocol that leverage in-vehicle logging and remote analysis through a Vehicle Security Operations Center (VSOC). Our approach involves specifying security event logging requirements, contextual data collection, and the development of detection strategies aimed at identifying UDS attack scenarios. By applying these strategies to a comprehensive taxonomy of UDS attack techniques, we demonstrate that our detection methods cover a wide range of potential attack vectors. Furthermore, we assess the adequacy of current AUTOSAR standardized security events in supporting UDS attack detection, identifying gaps in the current standard. This work enhances the understanding of vehicle security monitoring and provides an example for developing robust cybersecurity measures in automotive communication protocols.