Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing

Modern vehicles are equipped with a number of electronic control units (ECUs), which control vehicles efficiently by communicating with each other through the controller area network (CAN). However, the CAN is known to be vulnerable to cyber attacks because it does not have any security mechanisms....

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2022, Vol.10, p.23259-23271
Hauptverfasser:	Kim, Hyunghoon, Jeong, Yeonseon, Choi, Wonsuk, Lee, Doon Hoon, Jo, Hyo Jin
Format:	Artikel
Sprache:	eng
Schlagworte:	CAN CAN fuzzing Codes Communication Control equipment Controller area network Cybersecurity ECU Electronic control Engines Errors Fuzzing Messages Microprogramming Monitoring Reverse engineering Safety critical structure-aware CAN fuzzing Technology assessment vehicle hacking Vehicles
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	23271
container_issue
container_start_page	23259
container_title	IEEE access
container_volume	10
creator	Kim, Hyunghoon Jeong, Yeonseon Choi, Wonsuk Lee, Doon Hoon Jo, Hyo Jin
description	Modern vehicles are equipped with a number of electronic control units (ECUs), which control vehicles efficiently by communicating with each other through the controller area network (CAN). However, the CAN is known to be vulnerable to cyber attacks because it does not have any security mechanisms. To find vulnerable CAN messages that can control safety-critical functions in ECUs, researchers have studied CAN fuzzing methods. In existing CAN fuzzing methods, fuzzing input values are generally generated at random without considering the structure of CAN messages, resulting in non-negligible CAN fuzzing time. In addition, existing fuzzing solutions have limited monitoring capabilities of the fuzzing results. In this paper, we propose a Structure-aware CAN Fuzzing protocol, in which the structure of CAN messages is considered and fuzzing input values are systematically generated to locate vulnerable functions in ECUs. Our proposed Structure-aware CAN Fuzzing system takes less time to run than existing solutions, meaning that problematic CAN messages that may have originated from SW implementation errors or CAN DBC (database CAN) design errors can be found quickly and, subsequently, appropriate action can be taken. Finally, we evaluated the performance of our Structure-aware CAN Fuzzing system on two real vehicles. We proved that our proposed method can find CAN messages that control safety-critical functions in ECUs faster than existing fuzzing solutions.
doi_str_mv	10.1109/ACCESS.2022.3151358
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2637438343</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9713864</ieee_id><doaj_id>oai_doaj_org_article_14ebb9a7abfb4aed85a4a4b8570e6385</doaj_id><sourcerecordid>2637438343</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-e1ff8c9b192a1d52c493e82aedf1c8e73456b1285b5d3990514e93045135fbc43</originalsourceid><addsrcrecordid>eNpNUE1LxDAQLaKgqL_AS8Fz1ySTtMmxlKoLooddzyHJTna7rBtNWmT99XatiHOZ4fE-mJdlN5TMKCXqrm6adrGYMcLYDKigIORJdsFoqQoQUJ7-u8-z65S2ZBw5QqK6yNrW-851uO_ztnnN673ZHVKX8iW6zT7swvqQLzcxDOtNvujj4PohYlF_moh5Uz_n98PXV7dfX2Vn3uwSXv_uy-z1vl02j8XTy8O8qZ8Kx4nsC6TeS6csVczQlWCOK0DJDK48dRIr4KK0lElhxQqUIoJyVED48SdvHYfLbD75roLZ6vfYvZl40MF0-gcIca1N7Du3Qz1KrVWmMtZbPiZIYbjhVoqKYAlSjF63k9d7DB8Dpl5vwxDH_5NmJVQcJHAYWTCxXAwpRfR_qZToY_16ql8f69e_9Y-qm0nVIeKfQlUUZMnhGwtOf1o</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2637438343</pqid></control><display><type>article</type><title>Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Kim, Hyunghoon ; Jeong, Yeonseon ; Choi, Wonsuk ; Lee, Doon Hoon ; Jo, Hyo Jin</creator><creatorcontrib>Kim, Hyunghoon ; Jeong, Yeonseon ; Choi, Wonsuk ; Lee, Doon Hoon ; Jo, Hyo Jin</creatorcontrib><description>Modern vehicles are equipped with a number of electronic control units (ECUs), which control vehicles efficiently by communicating with each other through the controller area network (CAN). However, the CAN is known to be vulnerable to cyber attacks because it does not have any security mechanisms. To find vulnerable CAN messages that can control safety-critical functions in ECUs, researchers have studied CAN fuzzing methods. In existing CAN fuzzing methods, fuzzing input values are generally generated at random without considering the structure of CAN messages, resulting in non-negligible CAN fuzzing time. In addition, existing fuzzing solutions have limited monitoring capabilities of the fuzzing results. In this paper, we propose a Structure-aware CAN Fuzzing protocol, in which the structure of CAN messages is considered and fuzzing input values are systematically generated to locate vulnerable functions in ECUs. Our proposed Structure-aware CAN Fuzzing system takes less time to run than existing solutions, meaning that problematic CAN messages that may have originated from SW implementation errors or CAN DBC (database CAN) design errors can be found quickly and, subsequently, appropriate action can be taken. Finally, we evaluated the performance of our Structure-aware CAN Fuzzing system on two real vehicles. We proved that our proposed method can find CAN messages that control safety-critical functions in ECUs faster than existing fuzzing solutions.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2022.3151358</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>CAN ; CAN fuzzing ; Codes ; Communication ; Control equipment ; Controller area network ; Cybersecurity ; ECU ; Electronic control ; Engines ; Errors ; Fuzzing ; Messages ; Microprogramming ; Monitoring ; Reverse engineering ; Safety critical ; structure-aware CAN fuzzing ; Technology assessment ; vehicle hacking ; Vehicles</subject><ispartof>IEEE access, 2022, Vol.10, p.23259-23271</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-e1ff8c9b192a1d52c493e82aedf1c8e73456b1285b5d3990514e93045135fbc43</citedby><cites>FETCH-LOGICAL-c408t-e1ff8c9b192a1d52c493e82aedf1c8e73456b1285b5d3990514e93045135fbc43</cites><orcidid>0000-0002-5069-195X ; 0000-0002-3496-7899 ; 0000-0003-2138-7227 ; 0000-0003-0692-2543</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9713864$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2102,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Kim, Hyunghoon</creatorcontrib><creatorcontrib>Jeong, Yeonseon</creatorcontrib><creatorcontrib>Choi, Wonsuk</creatorcontrib><creatorcontrib>Lee, Doon Hoon</creatorcontrib><creatorcontrib>Jo, Hyo Jin</creatorcontrib><title>Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing</title><title>IEEE access</title><addtitle>Access</addtitle><description>Modern vehicles are equipped with a number of electronic control units (ECUs), which control vehicles efficiently by communicating with each other through the controller area network (CAN). However, the CAN is known to be vulnerable to cyber attacks because it does not have any security mechanisms. To find vulnerable CAN messages that can control safety-critical functions in ECUs, researchers have studied CAN fuzzing methods. In existing CAN fuzzing methods, fuzzing input values are generally generated at random without considering the structure of CAN messages, resulting in non-negligible CAN fuzzing time. In addition, existing fuzzing solutions have limited monitoring capabilities of the fuzzing results. In this paper, we propose a Structure-aware CAN Fuzzing protocol, in which the structure of CAN messages is considered and fuzzing input values are systematically generated to locate vulnerable functions in ECUs. Our proposed Structure-aware CAN Fuzzing system takes less time to run than existing solutions, meaning that problematic CAN messages that may have originated from SW implementation errors or CAN DBC (database CAN) design errors can be found quickly and, subsequently, appropriate action can be taken. Finally, we evaluated the performance of our Structure-aware CAN Fuzzing system on two real vehicles. We proved that our proposed method can find CAN messages that control safety-critical functions in ECUs faster than existing fuzzing solutions.</description><subject>CAN</subject><subject>CAN fuzzing</subject><subject>Codes</subject><subject>Communication</subject><subject>Control equipment</subject><subject>Controller area network</subject><subject>Cybersecurity</subject><subject>ECU</subject><subject>Electronic control</subject><subject>Engines</subject><subject>Errors</subject><subject>Fuzzing</subject><subject>Messages</subject><subject>Microprogramming</subject><subject>Monitoring</subject><subject>Reverse engineering</subject><subject>Safety critical</subject><subject>structure-aware CAN fuzzing</subject><subject>Technology assessment</subject><subject>vehicle hacking</subject><subject>Vehicles</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUE1LxDAQLaKgqL_AS8Fz1ySTtMmxlKoLooddzyHJTna7rBtNWmT99XatiHOZ4fE-mJdlN5TMKCXqrm6adrGYMcLYDKigIORJdsFoqQoQUJ7-u8-z65S2ZBw5QqK6yNrW-851uO_ztnnN673ZHVKX8iW6zT7swvqQLzcxDOtNvujj4PohYlF_moh5Uz_n98PXV7dfX2Vn3uwSXv_uy-z1vl02j8XTy8O8qZ8Kx4nsC6TeS6csVczQlWCOK0DJDK48dRIr4KK0lElhxQqUIoJyVED48SdvHYfLbD75roLZ6vfYvZl40MF0-gcIca1N7Du3Qz1KrVWmMtZbPiZIYbjhVoqKYAlSjF63k9d7DB8Dpl5vwxDH_5NmJVQcJHAYWTCxXAwpRfR_qZToY_16ql8f69e_9Y-qm0nVIeKfQlUUZMnhGwtOf1o</recordid><startdate>2022</startdate><enddate>2022</enddate><creator>Kim, Hyunghoon</creator><creator>Jeong, Yeonseon</creator><creator>Choi, Wonsuk</creator><creator>Lee, Doon Hoon</creator><creator>Jo, Hyo Jin</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-5069-195X</orcidid><orcidid>https://orcid.org/0000-0002-3496-7899</orcidid><orcidid>https://orcid.org/0000-0003-2138-7227</orcidid><orcidid>https://orcid.org/0000-0003-0692-2543</orcidid></search><sort><creationdate>2022</creationdate><title>Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing</title><author>Kim, Hyunghoon ; Jeong, Yeonseon ; Choi, Wonsuk ; Lee, Doon Hoon ; Jo, Hyo Jin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-e1ff8c9b192a1d52c493e82aedf1c8e73456b1285b5d3990514e93045135fbc43</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>CAN</topic><topic>CAN fuzzing</topic><topic>Codes</topic><topic>Communication</topic><topic>Control equipment</topic><topic>Controller area network</topic><topic>Cybersecurity</topic><topic>ECU</topic><topic>Electronic control</topic><topic>Engines</topic><topic>Errors</topic><topic>Fuzzing</topic><topic>Messages</topic><topic>Microprogramming</topic><topic>Monitoring</topic><topic>Reverse engineering</topic><topic>Safety critical</topic><topic>structure-aware CAN fuzzing</topic><topic>Technology assessment</topic><topic>vehicle hacking</topic><topic>Vehicles</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Kim, Hyunghoon</creatorcontrib><creatorcontrib>Jeong, Yeonseon</creatorcontrib><creatorcontrib>Choi, Wonsuk</creatorcontrib><creatorcontrib>Lee, Doon Hoon</creatorcontrib><creatorcontrib>Jo, Hyo Jin</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kim, Hyunghoon</au><au>Jeong, Yeonseon</au><au>Choi, Wonsuk</au><au>Lee, Doon Hoon</au><au>Jo, Hyo Jin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2022</date><risdate>2022</risdate><volume>10</volume><spage>23259</spage><epage>23271</epage><pages>23259-23271</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Modern vehicles are equipped with a number of electronic control units (ECUs), which control vehicles efficiently by communicating with each other through the controller area network (CAN). However, the CAN is known to be vulnerable to cyber attacks because it does not have any security mechanisms. To find vulnerable CAN messages that can control safety-critical functions in ECUs, researchers have studied CAN fuzzing methods. In existing CAN fuzzing methods, fuzzing input values are generally generated at random without considering the structure of CAN messages, resulting in non-negligible CAN fuzzing time. In addition, existing fuzzing solutions have limited monitoring capabilities of the fuzzing results. In this paper, we propose a Structure-aware CAN Fuzzing protocol, in which the structure of CAN messages is considered and fuzzing input values are systematically generated to locate vulnerable functions in ECUs. Our proposed Structure-aware CAN Fuzzing system takes less time to run than existing solutions, meaning that problematic CAN messages that may have originated from SW implementation errors or CAN DBC (database CAN) design errors can be found quickly and, subsequently, appropriate action can be taken. Finally, we evaluated the performance of our Structure-aware CAN Fuzzing system on two real vehicles. We proved that our proposed method can find CAN messages that control safety-critical functions in ECUs faster than existing fuzzing solutions.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2022.3151358</doi><tpages>13</tpages><orcidid>https://orcid.org/0000-0002-5069-195X</orcidid><orcidid>https://orcid.org/0000-0002-3496-7899</orcidid><orcidid>https://orcid.org/0000-0003-2138-7227</orcidid><orcidid>https://orcid.org/0000-0003-0692-2543</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2022, Vol.10, p.23259-23271
issn	2169-3536 2169-3536
language	eng
recordid	cdi_proquest_journals_2637438343
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; EZB-FREE-00999 freely available EZB journals
subjects	CAN CAN fuzzing Codes Communication Control equipment Controller area network Cybersecurity ECU Electronic control Engines Errors Fuzzing Messages Microprogramming Monitoring Reverse engineering Safety critical structure-aware CAN fuzzing Technology assessment vehicle hacking Vehicles
title	Efficient ECU Analysis Technology Through Structure-Aware CAN Fuzzing
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-30T22%3A18%3A19IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Efficient%20ECU%20Analysis%20Technology%20Through%20Structure-Aware%20CAN%20Fuzzing&rft.jtitle=IEEE%20access&rft.au=Kim,%20Hyunghoon&rft.date=2022&rft.volume=10&rft.spage=23259&rft.epage=23271&rft.pages=23259-23271&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2022.3151358&rft_dat=%3Cproquest_cross%3E2637438343%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2637438343&rft_id=info:pmid/&rft_ieee_id=9713864&rft_doaj_id=oai_doaj_org_article_14ebb9a7abfb4aed85a4a4b8570e6385&rfr_iscdi=true