Research of generate a test case to verify the possibility of external threat of the automotive ECU

이혜련; 김경진; Jung，Ki-Hyun; Choi  Kyung  Hee

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2013, 18(9), pp.21-31
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

이혜련 ¹, 김경진 ², Jung，Ki-Hyun ³, Choi Kyung Hee ⁴

¹아주대학교 컴퓨터공학과
²아주대학교 전자공학과
³아주대학교
⁴아주대학교

ABSTRACT

ECU(Electric Control Unit) on the important features of the vehicle is equipped, ECU between sending and receiving messages is connected to one of the internal network(CAN BUS), but this network easily accessible from the outside and not intended to be able to receive attacks from an attacker, In this regard, the development of tools that can be used in order to verify the possibility of attacks on attacks from outside, However, the time costs incurred for developing tools and time to analyze from actual car for CAN messages to be used in the attack to find. In this paper, we want to solve it, propose a method to generate test cases required for the attack is publicly available tool called Sulley and it explains how to find the CAN messages to be used in the attack. Sulley add the CAN messages data generated library files in provided library file and than Sulley execute that make define and execute file conform to the CAN communication preferences and create message rules. Experiments performed by the proposed methodology is applied to the actual car and result, test cases generated by the CAN messages fuzzing through Sulley send in the car and as a result without a separate tool developed was operating the car.
KEYWORDS

ECU, security, attack, fuzzing Algorithm, sulley
REFERENCES (13)

[confproc] Phung, Phu H / 2010 / A model for safe and secure execution of downloaded vehicle applications / Road Transport Information and Control Conference and the ITS United Kingdom Members' Conference (RTIC 2010) : 1~6

[confproc] Nilsson, D.K / 2008 / Efficient In-Vehicle Delayed Data Authentication Based on Compound Message Authentication Codes / Proceedings of IEEE 68th Vehicular Technology Conference, 2008. VTC 2008-Fall : 1~5

[confproc] Muter, M. / 2010 / A structured approach to anomaly detection for in-vehicle networks / Information Assurance and Security (IAS), 2010 Sixth International Conference on : 92~98

[confproc] Marko Wolf / 2004 / security in automotive bus systems / In Proceedings of the Workshop on Embedded Security in Cars 2004 : 1~13

[confproc] Xiao Ni / 2007 / AES Security Protocol Implementation for Automobile Remote Keyless System / Proceedings of IEEE 65th Vehicular Technology Conference, 2007. VTC2007-Spring : 2526~2529

[thesis] Gang-seok Kim / 2011 / Vehicle ECU through CAN communication from eavesdropping and manipulation of the analysis of the possibility of external threats / Korea University

[confproc] Karl Koscher / 2010 / Experimental Security Analysis of a Modern Automobile / IEEE Symposium on Security and Privacy : 447~462

[confproc] T. Hoppe / 2007 / Exemplary Automotive Attack Scenarios: Trojan horses for Electronic Throttle Control System (ETC) and replay attacks on the power window system / Proceedings of 23th VDI/VW Gemeinschaftstagung Automotive Security : 165~183

[confproc] Nilsson, Dennis K / 2008 / Vehicle ECU classification based on safety-security characteristics / Road Transport Information and Control - RTIC 2008 and ITS United Kingdom Members' Conference, IET : 1~7

[book] Aditya P. Mathur / 2008 / Foundations of Software Testing / Pearson Education : 193~278

[book] M. Sutton / 2007 / Fuzzing: Brute Force Vulnerability Discovery / Addison-Wesley : 386~417

[journal] G. Devarajan / 2007 / Unraveling SCADA Protocols: Using Sulley Fuzzer / DEFCON 15

[confproc] Hye-ryun Lee / 2011 / Detecting the vulnerability of software with cyclic behavior using Sulley / Proceedings of the Advanced Information Management and Service (ICIPM), 2011 7th International Conference on : 83~88
KCI Citation (1)

KJC Korea
Journal Central

Statistics

Tools