Automotive Cybersecurity: Risk-driven Testing Requirements
Project Abstract
Car manufacturers are increasingly focusing their efforts on designing and producing electric vehicles. These developments are based on software integrated into Electronic Control Units (ECUs), which act as a central control centre for all vehicle systems. The Control Area Network (CAN) is a vital serial communication protocol that allows for efficient, real-time distribution control of ECUs in cars. As modern cars rely more on computer systems and communication, safeguarding their security from potential cyberattacks becomes critical. To address this issue, substantial research has been performed to identify vulnerabilities in automotive infrastructure, provide potential mitigation strategies, and highlight associated breaches. Penetration testing has emerged as the most widely suggested method for analysing device security and discovering weaknesses. While penetration testing provides several advantages for finding vulnerabilities in ECUs, the testing technique could be improved. Numerous studies recommend integrating automated penetration testing with automated fuzzers to detect vulnerabilities however, no research has addressed this subject to my knowledge. The project will develop an automated penetration and fuzzing strategy for Py-CAN, allowing us to directly access and control the CAN bus while also monitoring the activities of the ECUs. The goal is to conduct several experimental attacks on the ECU, identify potential security issues, and create and implement corrective procedures for any vulnerabilities discovered.
Keywords: Penetration Testing, Electronic Control Unit, Control Unit Area Network
Conference Details
Session: Presentation Stream 17 at Presentation Slot 5
Location: GH011 at Wednesday 8th 09:00 – 12:30
Markers: Arnold Beckmann, Alex Warren (GTA)
Course: MSc Advanced Computer Science, Masters PG
Future Plans: I’m looking for work