Automated Fuzzing of Automotive Control Units
Autor: | Timothy Werquin, Mathijs Hubrechtsen, Ashok Thangarajan, Frank Piessens, Jan Tobias Muhlberg |
---|---|
Přispěvatelé: | Chiroiu, M |
Rok vydání: | 2019 |
Předmět: |
FOS: Computer and information sciences
Computer Science - Cryptography and Security FOS: Electrical engineering electronic engineering information engineering ComputerApplications_COMPUTERSINOTHERSYSTEMS Systems and Control (eess.SY) Electrical Engineering and Systems Science - Systems and Control Cryptography and Security (cs.CR) |
Zdroj: | 2019 International Workshop on Secure Internet of Things (SIOT). |
DOI: | 10.1109/siot48044.2019.9637090 |
Popis: | Modern vehicles are governed by a network of Electronic Control Units (ECUs), which are programmed to sense inputs from the driver and the environment, to process these inputs, and to control actuators that, e.g., regulate the engine or even control the steering system. ECUs within a vehicle communicate via automotive bus systems such as the Controller Area Network (CAN), and beyond the vehicles boundaries through upcoming vehicle-to-vehicle and vehicle-to-infrastructure channels. Approaches to manipulate the communication between ECUs for the purpose of security testing and reverse-engineering of vehicular functions have been presented in the past, all of which struggle with automating the detection of system change in response to message injection. In this paper we present our findings with fuzzing CAN networks, in particular while observing individual ECUs with a sensor harness. The harness detects physical responses, which we then use in a oracle functions to inform the fuzzing process. We systematically define fuzzers, fuzzing configurations and oracle functions for testing ECUs. We evaluate our approach based on case studies of commercial instrument clusters and with an experimental framework for CAN authentication. Our results show that the approach is capable of identifying interesting ECU states with a high level of automation. Our approach is applicable in distributed cyber-physical systems beyond automotive computing. Comment: Appeared in 2019 International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT) / International Workshop on the Secure Internet of Things (SIoT) |
Databáze: | OpenAIRE |
Externí odkaz: |