Research And Implementation Of Vulnerability Mining Technology For In-vehicle Network Based On Fuzzing

With the deep integration of the IOT and automotive electronics,more and more automobiles have begun to access the Internet.The in-vehicle network,which also considered as a complex embedded network,has caused significant security issues pertaining to related design and implementation.How to carry out security test on it to uncover its potential vulnerabilities has become a very important topic,and fuzzing as an important security testing method,it can easily and efficiently uncover a variety of security vulnerabilities by injecting a large number of random and abnormal data to a network.However,using fuzzing to uncover vulnerabilities of in-vehicle network requires a detailed understanding of the protocols about it.In order to solve the above problems,by studying vulnerability mining technology based on fuzzing and in-vehicle network in depth,this paper proposed and verified the program to uncover vulnerabilities about in-vehicle network based on fuzzing.The main research work is as follows:1.Various bus technologies and most important protocols of the in-vehicle network are studied.The traditional vulnerability mining technology is classified and compared with advantages and disadvantages.Fuzzing technology is studied,the advantages and disadvantages of various fuzzing technologies are summarized,and the existing open-source fuzzing frameworks are analyzed.Threat modeling technology is used to model the threats faced by the in-vehicle network from both the source of data input and the attackers.The security status of the in-vehicle network is analyzed in depth,and a vulnerability mining scheme is proposed based on fuzzing.In addition,a feasibility analysis about it was conducted.2.Designed and implemented a fuzzer for UDS protocol,including three modules: target analysis,fuzzing engine,and fault recording.The engine implemented a block-based data generator,multiple hardware support,and cross-platform universal I/O module and a monitor for dectecting fault,the monitor can effectively detect the active state of the ECU,and also have the ability to restore the status of ECU.3.The vulnerabilities mining experiment was implemented by using the fuzzer.The vulnerabilities in the ECU used in the experiments were successfully discovered,and the capability of the system to uncover vulnerabilities were verified.The vulnerability rating system was used to evaluate the vulnerabilities.According to above work and result of the experiment,it can be seen that the vulnerability mining technology based-on fuzzing can discover potential safety hazards of in-vehicle network,and provide effective help for solving the safety problems of it.