Vulnerability analysis of DoIP implementation based on model learning 2024-01-2807

The software installed in Electronic Control Units (ECUs) has witnessed a significant scale expansion as the functionality of Intelligent Connected Vehicles (ICVs) has become more sophisticated. To seek convenient long-term functional maintenance, stakeholders want to access ECUs data or update software from anywhere via diagnostic. Accordingly, as one of the external interfaces, Diagnostics over Internet Protocol (DoIP) is inevitably prone to malicious attacks. It is essential to note that cybersecurity threats not only arise from inherent protocol defects but also consider software implementation vulnerabilities. When implementing a specification, developers have considerable freedom to decide how to proceed. Differences between protocol specifications and implementations are often unavoidable, which can result in security vulnerabilities and potential attacks exploiting them. Considering the security risks and technology trends of vehicles, this paper uses model learning for the first time to infer the protocol implementation state model against DoIP and aims to explore the unexpected state transitions that may occur during the interaction of diagnostic services. This is an automated black-box technique that provides the possibility to obtain a corresponding model of the observed implementation behavior. To achieve this, we construct a framework for applying model learning against DoIP implementation and utilize it to learn the state model. The experimental results demonstrate that the proposed vulnerability analysis method can effectively and accurately obtain the state model of specific protocol implementation. Software developers can visually spot the presence of such superfluous states or transitions by examining the obtained state model, further avoiding potential attacks that could exploit these vulnerabilities.