Solving vehicle security vulnerabilities with structure-aware CAN fuzzing system

0

New technical paper titled “Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing” authored by researchers from Soongsil University, Korea University and Hansung University with funding from the Korean government.

Summary
“Modern vehicles are equipped with a number of Electronic Control Units (ECUs), which effectively control vehicles by communicating with each other via the Controller Area Network (CAN). However, CAN is known to be vulnerable to cyberattacks because it has no fail-safe mechanism.To find vulnerable CAN messages that can control safety-critical functions in ECUs, researchers investigated CAN fuzzing methods.In existing CAN fuzzing methods, the values fuzzing inputs are usually randomly generated without regard to CAN message structure, resulting in significant CAN fuzzing time, and existing fuzzing solutions have limited monitoring capabilities of fuzzing results In this paper, we propose a structure-aware CAN fuzzing protocol, in which the structure of CAN messages is taken into account and the fuzzing input values ​​are systematically generated to locate vulnerable functions in ECUs. Our proposed structure-aware CAN fuzzing system takes less time to execute than existing solutions, which means that problematic CAN messages that may arise from SW implementation errors or CAN DBC design errors (CAN database) can be found quickly and, subsequently, appropriate action can be taken. Finally, we evaluated the performance of our structure-aware CAN Fuzzing system on two real vehicles. We proved that our proposed method can find CAN messages that control safety-critical functions in ECUs faster than existing fuzzing solutions.

Find the technical document in free access here. Published in February 2022.

H. Kim, Y. Jeong, W. Choi, DH Lee, and HJ Jo, “Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing”, in IEEE Access, vol. 10, pages 23259-23271, 2022, doi: 10.1109/ACCESS.2022.3151358.

Visit the Semiconductor Engineering Technical Article Library here and discover many more academic articles about the chip industry.

Share.

About Author

Comments are closed.