| Autor: |
Sunil B. Mane, Pranav Patki, Ajey Gotkhindikar |
| Rok vydání: |
2018 |
| Předmět: |
|
| Zdroj: |
2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA). |
| DOI: |
10.1109/iccubea.2018.8697438 |
| Popis: |
Penetration Testing (pentesting) is most popular and effective method for finding vulnerabilities in the enterprise network and also in the automotive networks. It is used to find and patch loopholes in the systems. There are few pentesting methods based on knowledge of the system viz. white-box testing, black box testing and grey box testing. Among all these techniques Black-box testing is one of the most challenging attack scenario as there is a lack of information available about the system to an attacker as well as tester. To find out system loopholes adequately, pentesting is necessary. Fuzzing method is used to find the defects in the system i.e. unexpected behavior of the server. It is carried out by giving large invalid input data called as Fuzz. Fuzzing method can be applied for many interfaces on automotive systems like Bluetooth, Wi-Fi, Ethernet, USB and CAN. Many Fuzzing techniques are available and can be used to develop Fuzzer according to the requirements. Vehicle networks which work on Unified Diagnostic Service (UDS) protocol are vulnerable and hence vulnerabilities can be exploited by an attacker. Proposed solution introduces a framework to find the hidden vulnerabilities in automotive environment. A fuzzing tool which is specifically used for automotive systems is designed and developed. It uses mutation based approach for invalid input creation. Comparing relative merits of the existing systems is also a crucial task. In spite of having different protocol descriptions for the existing systems, proposed system can be compared to some extent but not completely with the existing systems. |
| Databáze: |
OpenAIRE |
| Externí odkaz: |
|
