Research And Implementation Of Vehicle Terminal Monitoring Protocol Security Testing System

With the development of automotive intelligence,vehicle terminals have been widely used.The vehicle terminals modernization manages vehicles through the network,which greatly enriches the functions of the vehicles.The monitoring service of the vehicle terminal is inseparable from the communication with the remote monitoring platform.During the communication process,the monitoring communication protocol is responsible for timely uploading of vehicle information and issuing commands from the remote platform to provide guarantee for vehicle supervision and safe driving.If the monitoring service has network vulnerabilities and defects,it will seriously affect the driver's driving safety and the normal operation of the supervision service.It is very important how to conduct security testing to discover potential security vulnerabilities.As an important safety detection technology,fuzz testing can effectively detect potential vulnerabilities by sending a large amount of unexpected data to the target and monitoring the target's exceptions and errors.At present,the research on vehicle network fuzzing is mostly focused on in-vehicle protocols,and there are few studies on vehicle terminal monitoring protocols.There is no unified fuzzy testing scheme for different monitoring protocols.At the same time,the traditional fuzzing technology still has deficiencies.If it is directly applied to the testing of monitoring protocol,the testing efficiency will be low because of the authentication characteristics of the protocol;the lack of consideration of the status of monitoring protocol will lead to low test coverage.In addition,in many security studies on vehicle networks,researchers conduct targeted security attack testings on targets to discover security vulnerabilities.However,at present,there is a lack of research on security attack testing of monitoring protocols,and there is also a lack of systematic and process-based security attack testing solutions.In response to these problems,this paper studies the communication security of the monitoring protocol and designs and implements a security testing system for the monitoring protocol of the vehicle terminal.The main work of this paper is as follows:1)In order to provide a unified test solution for the monitoring protocol,the fuzz testing in this paper combines the design of the protocol rule database to support the testing of multiple monitoring protocols,including the ability to analyze and test private protocols.In order to solve the problems of low efficiency and low test coverage of the existing fuzzy tests,this paper aims at the characteristics of the monitoring protocol.In the fuzz testing design,this paper proposes a use case construction method through authentication information replacement,combined with the finite state machine idea,based on the protocol state to fuzz the monitoring protocol.2)In order to carry out special security testing on the monitoring protocol,to make up for the randomness and blindness of fuzzy testing.This paper summarizes the existing security attack methods for network protocol communications.Based on the characteristics of the monitoring protocol,it designs a security attack test for the monitoring protocol and proposes a systematic testing plan.3)Collect and acquire the flow required by the security testing system.The communication authentication information needed in the fuzz testing exists in the actual communication flow.In addition,in order to support the test of private monitoring protocol,the security testing system also needs to obtain the relevant communication flow for analysis.Therefore,combined with the characteristics of the vehicle terminal communication architecture,a traffic capture technology for multiple communication methods is designed in this paper.In view of the technical difficulties in obtaining traffic under the mobile communication network,the existing traffic extraction methods are optimized.The system implemented in this paper has conducted security testing on a variety of monitoring protocols,and successfully found multiple vulnerabilities in the corresponding monitoring services,and compared with the Boofuzz fuzzing framework to verify the effectiveness and efficiency of the system.