Comparing Open-Source UDS Implementations Through Fuzz Testing

2024-01-2799

04/09/2024

Features
Event
WCX SAE World Congress Experience
Authors Abstract
Content
In the ever-evolving landscape of automotive technology, the need for robust security measures and dependable vehicle performance has become paramount with connected vehicles and autonomous driving. The Unified Diagnostic Services (UDS) protocol is the diagnostic communication layer between various vehicle components which serves as a critical interface for vehicle servicing and for software updates. Fuzz testing is a dynamic software testing technique that involves the barrage of unexpected and invalid inputs to uncover vulnerabilities and erratic behavior. This paper presents the implementation of fuzz testing methodologies on the UDS layer, revealing the potential vulnerabilities that could be exploited by malicious entities.
By employing both open-source and commercial fuzzing tools and techniques, this paper simulates real-world scenarios to assess the UDS layer’s resilience against anomalous data inputs. Specifically, we deploy several open-source UDS implementations on a Controller Area Network (CAN) testbed and use them as a target for the aforementioned fuzzing tools. The outcomes of the fuzzing campaigns provide both automakers and researchers with insights about the completeness of open-source UDS implementations, as well as existing vulnerabilities. Our recommendations are intended to inform researchers and developers about the current state of these implementations, especially if they consider integrating them into their products. Ultimately, the use of open-source implementations in the automotive domain promises a more secure, easier to maintain, safer, and cheaper development process.
This paper underscores the significance of continuous testing and fortification in ensuring the integrity of automotive systems with a particular focus on UDS, offering a valuable contribution to the advancement of secure vehicular technology.
Meta TagsDetails
DOI
https://doi.org/10.4271/2024-01-2799
Pages
10
Citation
Çelik, L., McShane, J., Scott, C., Aideyan, I. et al., "Comparing Open-Source UDS Implementations Through Fuzz Testing," SAE Technical Paper 2024-01-2799, 2024, https://doi.org/10.4271/2024-01-2799.
Additional Details
Publisher
Published
Apr 09
Product Code
2024-01-2799
Content Type
Technical Paper
Language
English