Abstract
Modern vehicles are equipped with a number of electronic control units (ECUs), which control vehicles efficiently by communicating with each other through the controller area network (CAN). However, the CAN is known to be vulnerable to cyber attacks because it does not have any security mechanisms. To find vulnerable CAN messages that can control safety-critical functions in ECUs, researchers have studied CAN fuzzing methods. In existing CAN fuzzing methods, fuzzing input values are generally generated at random without considering the structure of CAN messages, resulting in non-negligible CAN fuzzing time. In addition, existing fuzzing solutions have limited monitoring capabilities of the fuzzing results. In this paper, we propose a Structure-aware CAN Fuzzing protocol, in which the structure of CAN messages is considered and fuzzing input values are systematically generated to locate vulnerable functions in ECUs. Our proposed Structure-aware CAN Fuzzing system takes less time to run than existing solutions, meaning that problematic CAN messages that may have originated from SW implementation errors or CAN DBC (database CAN) design errors can be found quickly and, subsequently, appropriate action can be taken. Finally, we evaluated the performance of our Structure-aware CAN Fuzzing system on two real vehicles. We proved that our proposed method can find CAN messages that control safety-critical functions in ECUs faster than existing fuzzing solutions.
Highlights
Modern vehicles are equipped with a number of electronic control units (ECUs) that control electronic systems such as the engine, airbags, brake, and so on
THE PROPOSED SYSTEM: STRUCTURE-AWARE controller area network (CAN) FUZZING we introduce our proposed system that can systematically generate fuzzing input values and automatically monitor responses triggered by fuzzing input values
Field violation: Field violations generate fuzzing input values that are set to the same value at each byte position of the data field to observe misbehavior caused by the abnormal structure of a CAN message that has not been inferred by bit-flip rates
Summary
Modern vehicles are equipped with a number of electronic control units (ECUs) that control electronic systems such as the engine, airbags, brake, and so on. It is difficult to monitor the responses corresponding to brute force fuzzing input values because CAN DBC (database CAN) is securely managed and undisclosed, so there is a limit to how much the meaning of CAN messages can be analyzed. To overcome these limitations in analysis methods for invehicle networks, we propose a Structure-aware CAN Fuzzing system as a protocol that minimizes fuzzing time by considering the structure of a CAN message.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
