Fuzzing Tool Puts Automotive Security to the Test

| Environmental Testing

Open source penetration testing software is an essential element in producing software defined vehicles

Open source penetration software added to automotive cybersecurity test platform

Keysight Technologies and ETAS are partnering to provide car manufacturers and suppliers with a comprehensive automotive cybersecurity system to ensure vehicles are protected when they hit the road. Through this arrangement, the ESCRYPT CycurFUZZ smart automotive fuzzer tool from ETAS will be integrated into Keysight’s Automotive Cybersecurity Test Platform.

The growing connectivity of automotive systems exposes connected vehicles to cybersecurity risks that must be mitigated to ensure the development of safe and secure vehicles. One component of an effective, comprehensive security testing is “fuzzing”, a test automation method that injects invalid, malformed or unexpected inputs into a device to reveal defects and vulnerabilities.

Embedded Fuzz Tester

By embedding ESCRYPT CycurFUZZ into Keysight’s test system, users can rapidly fuzz test targets via controller area network (CAN) interfaces. Fully integrated, the CycurFUZZ tool provides smart software to do CAN bus fuzzing at the module or system level. This offers an effective way to automatically scan the device under test’s automotive CAN bus for unknown vulnerabilities and uncover software weaknesses. The integration of ESCRYPT CycurFUZZ ensures that the cybersecurity risks associated with the CAN bus are effectively mitigated.

The cybersecurity test system enables automated testing of all layers of the open systems intercommunication (OSI) stack for in-vehicle interfaces including Wi-Fi, cellular, Bluetooth, CAN and automotive Ethernet to validate the robustness of electronic control unit (ECU) and telematic control unit (TCU) subcomponents, or the entire vehicle. In addition, it enables users to comply with international cybersecurity regulations, such as UN R-155 and ISO / SAE 21434.

Thomas Goetzl, Vice President and General Manager of Keysight’s Automotive and Energy Solutions, said: “Future-proof testing is vital to mitigating the risks of evolving automotive cyberattacks. Working with ETAS to incorporate this fast fuzzing test into our automotive cybersecurity testing system will help end-users meet industry standards while growing their threats database knowledge.”

Open Source Test Automation Framework

ETAS is also currently developing an open-source-based test automation framework for automotive systems. The “Eclipse openDuT” (Device under Test) project is being developed under the umbrella of the Eclipse Software-defined Vehicle Working Group, the aim of which is to create a product that enables automated, flexible automotive testing without great expenditure of time and money.

The framework will provide the basic and necessary infrastructure for testing automotive systems and will, with its modular structure, support as many test applications as possible: security testing as well as safety and functional tests for individual automotive components as well as for systems in a network or for homologation purposes (e.g., for type approval in accordance with UN-R155).

Within the test automation framework, users can continue to resort to proprietary test applications available on the market and define and integrate the individual test methods according to their individual requirements – for example, as black or grey box tests or across geographically dispersed test benches.

Following acceptance by the Eclipse Foundation, the implementation of the open-source-based test automation framework is now progressing well, with ETAS and other partners already providing code (GitHub repository).

According to Thomas Irmscher, Product Manager Security Testing Services at ETAS, Automotive testing has to become faster, more efficient, and easier to integrate into existing landscapes.

“In view of the cybersecurity and functional safety requirements of future software-defined vehicles, automotive testing has to become faster, more efficient and easier to integrate into existing landscapes,” he concludes.

Jonathan Newell
Latest posts by Jonathan Newell (see all)

Related news

Read More News From Unspecified Company: