Affiliation:
1. Clemson University
2. Eastern Michigan University
Abstract
<div class="section abstract"><div class="htmlview paragraph">In the ever-evolving landscape of automotive technology, the need for robust security measures and dependable vehicle performance has become paramount with connected vehicles and autonomous driving. The Unified Diagnostic Services (UDS) protocol is the diagnostic communication layer between various vehicle components which serves as a critical interface for vehicle servicing and for software updates. Fuzz testing is a dynamic software testing technique that involves the barrage of unexpected and invalid inputs to uncover vulnerabilities and erratic behavior. This paper presents the implementation of fuzz testing methodologies on the UDS layer, revealing the potential vulnerabilities that could be exploited by malicious entities.</div><div class="htmlview paragraph">By employing both open-source and commercial fuzzing tools and techniques, this paper simulates real-world scenarios to assess the UDS layer’s resilience against anomalous data inputs. Specifically, we deploy several open-source UDS implementations on a Controller Area Network (CAN) testbed and use them as a target for the aforementioned fuzzing tools. The outcomes of the fuzzing campaigns provide both automakers and researchers with insights about the completeness of open-source UDS implementations, as well as existing vulnerabilities. Our recommendations are intended to inform researchers and developers about the current state of these implementations, especially if they consider integrating them into their products. Ultimately, the use of open-source implementations in the automotive domain promises a more secure, easier to maintain, safer, and cheaper development process.</div><div class="htmlview paragraph">This paper underscores the significance of continuous testing and fortification in ensuring the integrity of automotive systems with a particular focus on UDS, offering a valuable contribution to the advancement of secure vehicular technology.</div></div>
Reference38 articles.
1. Sermpinis , T. Uds Fuzzing and the Path to Game Over Heidelberg, Germany Presented at the Troopers 2022
2. Van den Herrewegen , J. , and Garcia , F. Beneath the Bonnet: A Breakdown of Diagnostic Security 23rd European Symposium on Research in Computer Security, Esorics 2018 Barcelona, Spain 2018 305 324 doi 10.1007/978-3-319-99073-6_15
3. Liis , J. Security Evaluation of the Electronic Control Unit Software Update Process 2014
4. Lauser , T. , and Kraus , C. Formal Security Analysis of Vehicle Diagnostic Protocols Proceedings of the 18th International Conference on Availability, Reliability and Security Benevento Italy ACM 2023 1 11 10.1145/3600160.3600184
5. Greenberg , A. Hackers Remotely Kill a Jeep on the Highway—With Me in It 2015 https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/