Addressing Vehicle Security Vulnerabilities With Structure-Aware CAN Fuzzing System


New technical paper titled “Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing” from researchers at Soongsil University, Korea University, and Hansung University with funding from the Korean government.

“Modern vehicles are equipped with a number of electronic control units (ECUs), which control vehicles efficiently by communicating with each other through the controller area network (CAN). However, the CAN is known to be vulnerable to cyber attacks because it does not have any security mechanisms. To find vulnerable CAN messages that can control safety-critical functions in ECUs, researchers have studied CAN fuzzing methods. In existing CAN fuzzing methods, fuzzing input values are generally generated at random without considering the structure of CAN messages, resulting in non-negligible CAN fuzzing time. In addition, existing fuzzing solutions have limited monitoring capabilities of the fuzzing results. In this paper, we propose a Structure-aware CAN Fuzzing protocol, in which the structure of CAN messages is considered and fuzzing input values are systematically generated to locate vulnerable functions in ECUs. Our proposed Structure-aware CAN Fuzzing system takes less time to run than existing solutions, meaning that problematic CAN messages that may have originated from SW implementation errors or CAN DBC (database CAN) design errors can be found quickly and, subsequently, appropriate action can be taken. Finally, we evaluated the performance of our Structure-aware CAN Fuzzing system on two real vehicles. We proved that our proposed method can find CAN messages that control safety-critical functions in ECUs faster than existing fuzzing solutions.”

Find the open access technical paper here. Published Feb 2022.

H. Kim, Y. Jeong, W. Choi, D. H. Lee and H. J. Jo, “Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing,” in IEEE Access, vol. 10, pp. 23259-23271, 2022, doi: 10.1109/ACCESS.2022.3151358.

Visit Semiconductor Engineering’s Technical Paper library here and discover many more chip industry academic papers.

Leave a Reply

(Note: This name will be displayed publicly)