Browse > Article
http://dx.doi.org/10.9708/jksci.2013.18.9.021

Research of generate a test case to verify the possibility of external threat of the automotive ECU  

Lee, Hye-Ryun (Dept. of Computer Science, Ajou University)
Kim, Kyoung-Jin (Dept. of Electronic Science, Ajou University)
Jung, Gi-Hyun (Dept. of Electronic Science, Ajou University)
Choi, Kyung-Hee (Dept. of Computer Science, Ajou University)
Abstract
ECU(Electric Control Unit) on the important features of the vehicle is equipped, ECU between sending and receiving messages is connected to one of the internal network(CAN BUS), but this network easily accessible from the outside and not intended to be able to receive attacks from an attacker, In this regard, the development of tools that can be used in order to verify the possibility of attacks on attacks from outside, However, the time costs incurred for developing tools and time to analyze from actual car for CAN messages to be used in the attack to find. In this paper, we want to solve it, propose a method to generate test cases required for the attack is publicly available tool called Sulley and it explains how to find the CAN messages to be used in the attack. Sulley add the CAN messages data generated library files in provided library file and than Sulley execute that make define and execute file conform to the CAN communication preferences and create message rules. Experiments performed by the proposed methodology is applied to the actual car and result, test cases generated by the CAN messages fuzzing through Sulley send in the car and as a result without a separate tool developed was operating the car.
Keywords
ECU; security; attack; fuzzing Algorithm; sulley;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Karl Koscher, Alexei Czeskis, Franziska Roesner, "Experimental Security Analysis of a Modern Automobile," IEEE Symposium on Security and Privacy, pp. 447 - 462, 2010. May
2 T. Hoppe, S. Kiltz, A. Lang, and J. Dittmann. "Exemplary Automotive Attack Scenarios: Trojan horses for Electronic Throttle Control System (ETC) and replay attacks on the power window system," in Proceedings of 23th VDI/VW Gemeinschaftstagung Automotive Security, pp. 165-183, 2007.
3 Nilsson, Dennis K., "Vehicle ECU classification based on safety-security characteristics," Road Transport Information and Control - RTIC 2008 and ITS United Kingdom Members' Conference, IET, pp.1-7, May. 2008.
4 Aditya P. Mathur, "Foundations of Software Testing", Pearson Education, pp.193-278, 2008.
5 M. Sutton, A. Greene, P. Amini, "Fuzzing: Brute Force Vulnerability Discovery," Addison-Wesley, pp. 386-417, 2007
6 G. Devarajan, "Unraveling SCADA Protocols: Using Sulley Fuzzer", DEFCON 15, Aug 2007
7 Hye-ryun Lee, Seung-hun Shin, Kyung-hee Choi, Ki-hyun Chung, Seung-kyu Park, Jun-yong Choi, "Detecting the vulnerability of software with cyclic behavior using Sulley," in Proceedings of the Advanced Information Management and Service (ICIPM), 2011 7th International Conference on, pp. 83-88, Dec. 2011.
8 Phung, Phu H. "A model for safe and secure execution of downloaded vehicle applications," Road Transport Information and Control Conference and the ITS United Kingdom Members' Conference (RTIC 2010), pp.1-6, May. 2010.
9 Muter, M., "A structured approach to anomaly detection for in-vehicle networks," Information Assurance and Security (IAS), 2010 Sixth International Conference on, pp.92-98, Aug. 2010
10 Nilsson, D.K., "Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes," in Proceedings of IEEE 68th Vehicular Technology Conference, 2008. VTC 2008-Fall. pp.1-5, Sep. 2008.
11 Marko Wolf, Andre Weimerskirch, Christof Paar, "security in automotive bus systems," In Proceedings of the Workshop on Embedded Security in Cars 2004, pp.1-13, 2004.
12 Xiao Ni, "AES Security Protocol Implementation for Automobile Remote Keyless System," in Proceedings of IEEE 65th Vehicular Technology Conference, 2007. VTC2007-Spring. pp. 2526-2529, April 2007
13 Gang-seok Kim, "Vehicle ECU through CAN communication from eavesdropping and manipulation of the analysis of the possibility of external threats", Korea University, 2011