Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.1115

An Efficient ECU Analysis Technology through Non-Random CAN Fuzzing  

Kim, Hyunghoon (Soongsil University)
Jeong, Yeonseon (Hallym University)
Choi, Wonsuk (Hansung University)
Jo, Hyo Jin (Soongsil University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 1115-1130 More about this Journal
Abstract
Modern vehicles are equipped with a number of ECUs(Electronic Control Units), and ECUs can control vehicles efficiently by communicating each other through CAN(Controller Area Network). However, CAN bus is known to be vulnerable to cyber attacks because of the lack of message authentication and message encryption, and access control. To find these security issues related to vehicle hacking, CAN Fuzzing methods, that analyze the vulnerabilities of ECUs, have been studied. In the existing CAN Fuzzing methods, fuzzing inputs are randomly generated without considering the structure of CAN messages transmitted by ECUs, which results in the non-negligible fuzzing time. In addition, the existing fuzzing solutions have limitations in how to monitor fuzzing results. To deal with the limitations of CAN Fuzzing, in this paper, we propose a Non-Random CAN Fuzzing, which consider the structure of CAN messages and systematically generates fuzzing input values that can cause malfunctions to ECUs. The proposed Non-Random CAN Fuzzing takes less time than the existing CAN Fuzzing solutions, so it can quickly find CAN messages related to malfunctions of ECUs that could be originated from SW implementation errors or CAN DBC(Database CAN) design errors. We evaluated the performance of Non-Random CAN Fuzzing by conducting an experiment in a real vehicle, and proved that the proposed method can find CAN messages related to malfunctions faster than the existing fuzzing solutions.
Keywords
ECU; CAN; Vehicle Hacking; CAN Fuzzing; Non-Random CAN Fuzzing;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Pierre Kleberger, Tomas Olovsson, and Erland Jonsson, "Security Aspects of the In-Vehicle Network in the Connected Car," IEEE intelligent Vehicles Symposium, June 2011
2 ISO 11898-1:2015, "Road Vehicles - Controller Area Network (CAN)," 2015
3 Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Tadayoshi Kohno, "Experimental Security Analysis of a Modern Automobile," in Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 447-462, May 2010
4 Charlie Miller and Chris Valasek, "Remote Exploitation of an Unaltered Passenger Vehicle," Black Hat USA, Aug. 2015
5 Dan Klinedinst and Christopher King, "On Board Diagnostics: Risks and Vulnerabilities of the Connected Vehicle", Software Engineering Institute Carnegie Mellon University, Mar. 2016
6 https://nmap.org/
7 http://ubertooth.sourceforge.net/
8 Charlie Miller and Chris Valasek, "Adventures in automotive networks and control units," Defcon, 2013
9 Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno, "Comprehensive Experimental Analyses of Automotive Attack Surfaces," in Proceedings of the 20th USENIX conferences on Security, pp. 447-462, Aug. 2011
10 https://github.com/CANToolz/CANToolz
11 https://github.com/TianTianlove/ATG-python
12 https://github.com/bhass1/pyfuzz_can
13 https://github.com/zombieCraig/UDSim
14 https://github.com/CaringCaribou/caringcaribou
15 Robert Bosch GmbH, "CAN Specification Version 2.0," 1991
16 https://en.wikipedia.org/wiki/OBD-II_PIDs
17 Tae Un Kang, Hyun Min Song, Seonghoon Jeong, and Huy Kang Kim, "Automated Reverse Engineering and Attack for CAN using OBD-II," 2018 IEEE 88th Vehicular Technology Conference, pp.1-7, Aug. 2018
18 Mirco Marchetti and Dario Stabili, "READ: Reverse Engineering of Automotive Data Frames," IEEE Transactions on Information Forensics and Security, April 2019
19 Mert D.Pese, Troy Stacer, C. Andres Campos, Eric Newberry, Dongyao Chen and Kang G. Shin, "LibreCAN: Automated CAN Message Translator," in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, Nov. 2019
20 Sekar Kulandaivel, Tushar Goyal, Arnav Kumar Agrawal and Vyas Sekar, "CANvas: Fast and Inexpensive Automotive Network Mapping," in Proceedings of the 28th USENIX Conference on Security Symposium, pp. 389-405, Aug. 2019
21 https://github.com/rhyttr/SocketCAN
22 Geoffrey Hinton, Li Deng, et al, "Deep Neural Networks for Acoustic Modeling in Speech Recognition: The Shared Views of Four Research Groups," IEEE Signal Processing Magazine, pp. 82-97, Nov. 2012
23 http://skpang.co.uk/catalog/pican-canbus-board-retired-replacement-available-p-1196.html
24 https://github.com/commaai/opendbc
25 Hyun Min Song and Huy Kang Kim, "Discovering CAN specification using On-Board Diagnostics", IEEE Design and Test, July 2020