Research Article
Open access
Published on 17 March 2025
Download pdf
Xu,N.;Luo,F. (2025). Automotive DoIP Cybersecurity analysis. Advances in Engineering Innovation,16(2),37-43.
Export citation

Automotive DoIP Cybersecurity analysis

Ning Xu *,1, Feng Luo 2
  • 1 Tongji University
  • 2 Tongji University

* Author to whom correspondence should be addressed.

https://doi.org/10.54254/2977-3903/2025.21619

Abstract

The paradigm shifts from a closed system to an always-on and fully connected vehicle leads to a largely increased risk to the automotive in-vehicle domain. Thereby, important automotive-specific protocols, which must be protected from a security point of view. This paper focuses on security aspects of Automotive Ethernet to address security challenges of the DoIP. First, it starts with an overview description of DoIP. Then, based on an exemplary in-vehicle network architecture, diagnostic via automotive ethernet by using DoIP are analyzed under security aspects with the help of Microsoft’s threat model. We identify the assets and attack surface of DoIP End Nodes and DoIP data flow, and risk assessment is carried out for DoIP data flow. Finally, the DoIP Cybersecurity goals and risk treatments are proposed to tackle the identified DoIP attacks.

Keywords

Automotive Ethernet, DoIP, Cybersecurity

View pdf
References

[1]. Wachter, P., & Kleber, S. (2022). Analysis of the DoIP Protocol for Security Vulnerabilities. Proceedings of the 6th ACM Computer Science in Cars Symposium, Article 9. Association for Computing Machinery, Ingolstadt, Germany.

[2]. ISO. (2022). Road vehicles — Unified diagnostic services (UDS) — Part 5: Unified diagnostic services on Internet Protocol implementation (UDSonIP), pp. 1-26.

[3]. Luo, F., Wang, J., Li, Z., & Zhang, X. (2024). Vulnerability analysis of DoIP implementation based on model learning. SAE Technical Paper 2024-01-2807.

[4]. ISO. (2019). BS ISO 13400-2. Road vehicles. Diagnostic communication over Internet Protocol (DoIP). Part 2. Transport protocol and network layer services, pp. 1-94.

[5]. Microsoft. (2002). The STRIDE threat model. Commerce Server 2002. Retrieved from https://learn.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)?redirectedfrom=MSDN

[6]. Matsubayashi, M., Koyama, T., Okano, Y., Tanaka, M., Miyajima, A., Oshima, Y., Ukai, S., Wakatsuki, T., Sugashima, T., & Nakamura, T. (2021). Attacks Against UDS on DoIP by Exploiting Diagnostic Communications and Their Countermeasures. 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring). https://doi.org/10.1109/VTC2021-Spring51267.2021.9448963

[7]. Lauser, & Krauß, T. (2023). Formal Security Analysis of Vehicle Diagnostic Protocols. Proceedings of the 18th International Conference on Availability, Reliability and Security, 1-11. https://doi.org/10.1145/3600160.3600184

[8]. Lindberg, J. (2011). Security Analysis of Vehicle Diagnostics using DoIP (Master's thesis, Chalmers University of Technology). Retrieved from https://odr.chalmers.se/items/9d6c756c-1d74-48c2-957f-fea957462dc2

[9]. ISO/SAE. (2021). ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering [International standard]. International Organization for Standardization; SAE International. Retrieved from https://cdn.standards.iteh.ai/samples/70918/9c85ee86ba1945fe845ac38711773665/ISO-SAE-21434-2021.pdf

Cite this article

Xu,N.;Luo,F. (2025). Automotive DoIP Cybersecurity analysis. Advances in Engineering Innovation,16(2),37-43.

Data availability

The datasets used and/or analyzed during the current study will be available from the authors upon reasonable request.

Disclaimer/Publisher's Note

The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of EWA Publishing and/or the editor(s). EWA Publishing and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

About volume

Volume title:

Conference website:
ISBN:(Print) / (Online)
Conference date: 1 January 0001
Editor:
Series: Advances in Engineering Innovation
Volume number: Vol.16
ISSN:2977-3903(Print) / 2977-3911(Online)

© 2024 by the author(s). Licensee EWA Publishing, Oxford, UK. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license. Authors who publish this series agree to the following terms:
1. Authors retain copyright and grant the series right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this series.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the series's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this series.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See Open access policy for details).

For authors
Guide for authors Policies for authors Aims and scope Subscription Open access policy
For editors
Policies for editors Editorial board
For reviewers
Policies for reviewers Privacy policy

Cookies are used by this site.
Copyright © 2024 EWA Publishing, its licensors, and contributors. All rights reserved, including text and data mining, AI training, and similar technologies.