Research On Fuzzing Technology For Connected Vehicle Protocol LTE-V2X

LTE-V2X is an emerging connected vehicle protocol.It is designed to solve the problems of traffic safety,traffic jam,environmental pollution through over-the-air communication among traffic participants,vehicles,road sides and clouds.Since directly associated with the safety of traffic participants,real time performance and security are of great importance to connected vehicle protocols.Under this scenario,however,if developers misunderstand the protocol standard or have bad programming habits,the poor implementations and flaws will cause serious security problems.Therefore,before large-scale deployment,it is necessary to conduct security testing systematically and automatically.Fuzz testing is one of the most efficient program analysis methods,but there are no related work on LTE-V2X fuzzing.In resent protocol fuzzing works based on ASN.1,the state-of-the-art method generates tons of malformed ASN.1 schema before compiling,and then constructs messages based on different ASN.1 schema and tests the target implementation.However,this approach is simple,and it suffers from inefficient seed constructing problem.And these will eliminate the effectiveness and efficiency of fuzz testing.Recently,AST fuzzing method has drawn attention,mutating on the intermediate representation can help trigger deeper bugs.Inspired by this,we conduct seed construction after ASN.1 compiling procedure and extract an ASN.1 tree.In this way we can not only cut down time and space consumption,but more fields can be covered while mutating.Besides,there are some problems in building a fuzzing framework towards LTE-V2X protocol implementation.Firstly,since there are not any concrete implementations of LTE-V2X we can directly use,we made a lot of efforts dealing with the underlying protocol stack problems.The ability of over-the-air communication is the basis of fuzz testing.Secondly,to automatically fuzzing the implementation of LTE-V2X protocol based on ASN.1.how to construct tons of unexpected inputs effectively is another problem.In this thesis,we design V2XFuzzer,the first systematical fuzzing tool for LTE-V2X protocol upper layer implementation.To address the problems mentioned above,we build a fuzzing framework based on software defined radio,and proposed an effective method of seed construction by extracting ASN.1 tree,which is an intermediate representation structure of ASN.1.V2XFuzzer has been used to test several commercial LTE-V2X devices from different vendors,and 2 vulnerabilities were successfully uncovered after false positives analysis.