As an Automotive Security Professional, my state of the art approach to implement a Secure Access would be to have an ECU generate a challenge (nonce + ID), forward it to the tester who can pass the challenge to the backend system which signs it with a private key. The ECU can then use the public key to verify that the access request is authentic.
However, what seems to be more widely used is the Seed-And-Key Algorithm which basically works like this:
- Both ECU and tester share a secret key derivation function
- The ECU generates a nonce and sends nonce and ID to the tester
- The tester seeds the KDF with the nonce and forwards the key back to the ECU
- Since the ECU can perform the same KDF with the same seed, it will obtain the same key
- If keys are identical, the ECU can allow access
This Seed-And-Key method seems to have no real theoretical background or RFC. Was it ever proven to be secure? To me the concept of keeping the algorithm confidential as opposed to the key seems counterintuitive.