Abstract
<div class="section abstract"><div class="htmlview paragraph">Robust communications are crucial for autonomous military fleets. Ground vehicles function as mobile local area networks utilizing Controller Area Network (CAN) backbones. Fleet coordination between autonomous platforms relies on the Robot Operating System (ROS) publish/subscribe robotic middleware for effective operation. To bridge communications between the CAN and ROS network segments, the CAN2ROS bridge software supports bidirectional data flow with message mapping and node translation.</div><div class="htmlview paragraph">Fuzzing, a software testing technique, involves injecting randomized data inputs into the target system. This method plays a pivotal role in identifying vulnerabilities. It has proven effective in discovering vulnerabilities in online systems, such as the integrated CAN/ROS system. In our study, we consider ROS implementing zero-trust access control policies, running on a Gazebo test-bed connected to a CAN bus. Our objective is to evaluate system security using fuzzers in three scenarios: (i) fuzzing the CAN bus alone, (ii) fuzzing the CAN bus with a ROS Fuzzer, and (iii) fuzzing both systems simultaneously using the CAN2ROS bridge.</div><div class="htmlview paragraph">This paper poses the question: is fuzzing the unified system more effective than fuzzing individual components. By analyzing interactions between the bridge and the military fleets’ CAN systems, we identify and address flaws potentially introduced in the software, or data leakage between communication segments. Our analysis employs experimental design and statistical analysis to shed light on the bridge’s security robustness and its potential implications for the overall system’s integrity.</div><div class="htmlview paragraph">This research holds significant implications for both industry and academia. Stakeholders involved in the development of autonomous military and civilian fleets can leverage our findings to enhance system security and reliability. Ultimately, the identification and mitigation of vulnerabilities contribute to safer and more resilient military operations.</div></div>
Reference18 articles.
1. Plot , J.A. Red team in a Box (RTIB): Developing Automated Tools to Identify, Assess, and Expose Cybersecurity Vulnerabilities in Department of The Navy Systems 2019
2. Riebe , T. , Schmid , S. , and Reuter , C. Meaningful Human Control of Lethal Autonomous Weapon Systems: The CCW-Debate and Its Implications for VSD IEEE Technology and Society Magazine 39 4 2020 36 51
3. Sommer , F. , Dürrwang , J. , and Kriesten , R. Survey and Classification of Automotive Security Attacks Information 10 4 2019 148
4. Mehr , G. , Ghorai , P. , Zhang , C. et al. X-Car: An Experimental Vehicle Platform for Connected Autonomy Research IEEE Intelligent Transportation Systems Magazine 15 2 2023 41 57 10.1109/MITS.2022.3168801
5. Fowler , D.S. , Bryans , J. , Shaikh , S.A. , and Wooderson , P. Fuzz Testing for Automotive Cyber-Security 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W) 2018 239 246 10.1109/DSN-W.2018.00070