Analysis of the DoIP Protocol for Security Vulnerabilities

DoIP, which is defined in ISO 13400, is a transport protocol stack for diagnostic data. Diagnostic data is a potential attack vector at vehicles, so secure transmission must be guaranteed to protect sensitive data and the vehicle. Previous work analyzed a draft version and earlier versions of the DoIP protocol without Transport Layer Security (TLS). No formal analysis exists for the DoIP protocol. The goal of this work is to investigate the DoIP protocol for design flaws that may lead to security vulnerabilities and possible attacks to exploit them. For this purpose, we deductively analyze the DoIP protocol in a first step and subsequently confirm our conclusions formally. For the formal analysis, we use the prover Tamarin. Based on the results, we propose countermeasures to improve the DoIP's security. We show that the DoIP protocol cannot be considered secure mainly because the security mechanisms TLS and client authentication in the DoIP protocol are not mandatory. We propose measures to mitigate the vulnerabilities that we confirm to remain after activating TLS. These require only a minor redesign of the protocol.