A Fuzz Testing Method for Information Security of Intelligent Connected Vehicles

A Fuzz Testing Method for Information Security of Intelligent Connected Vehicles

연구 분야: Strategies

학회: International Conference on Network Simulation and Evaluation

In intelligent connected vehicles, the in-vehicle ECUs (Electronic Control Units) are essentially embedded systems. Existing vulnerability discovery methods for embedded electronic devices mainly include fuzz testing, static analysis, and firmware reverse engineering, and so on. Fuzz testing, in particular, is a promising approach to uncover undisclosed or unknown vulnerabilities by sending randomized data to the target and observing abnormal responses, making it an effective method to discover security vulnerabilities in automotive control networks. CAN (Control Area Network) bus fuzz testing, as a kind of fuzz testing technology, has the advantages like high automation, low overhead, and without modifications to the electronic control units. By conducting fuzz testing on CAN buses and monitoring anomalies in vehicle networks, hidden vulnerabilities can be detected, such that potential security risks can be avoided. Research on fuzz testing for vehicle CAN network is in its very beginning for recent years. Most existing fuzz testing methods are based on random or exhaustive generation approaches, leading to a large number of invalid test cases, which negatively impacts the efficiency of fuzz testing. Addressing these challenges, this paper proposes a syntax-aware “canfuzz” approach, which generates syntax trees based on Unified Diagnostic Services (UDS) data packets in vehicle CAN buses, and mutates these trees to create test cases that comply with the syntax specifications of the UDS protocol. Experiments are designed to compare the method of this paper with some similar fuzzing tools, which reveals that our method has a relative higher performance.