Security Improvements in Connected Cars - Case Study: CEVT Connected Cars

Abstract

The Connected Car brings a fast development of intelligent and better driving experiences by realizing more functions and providing more services. Connected Cars usually contain a number of electronic control units (ECUs), which are small computer modules providing different functions. ECUs are connected by different automotive buses, which forms the vehicle system. The rapid development of the technologies brings a lot of advantages such as safety, convenience, sustainability and a better user experience. However, lots of security problems with the vehicle system also occur. The modern vehicle systems is no longer only formed by the hardware and wires. Instead, software is installed in each ECU, which gives chances to attackers to hack the car. For the importance of car security, we need to find a way to evaluate the potential vulnerabilities. This master thesis is a case study on the connectivity vehicle system of CEVT, which is focused on the on-board connectivity system of the in-vehicle network. We have studied and compared some fuzzing tools. Among these tools, a suitable fuzzing tool has been selected and modified to be implemented on the current vehicle system in order to investigate how well fuzzing can be used to find the potential vulnerabilities on the vehicle system. In this work, we choose an interesting private protocol of CEVT as the test target. In this thesis, we call the protocol the Internal Communication Protocol (ICP). The results of the test are discussed.