Research On Cybersecurity Testing Of Intelligent Connected Vehicles

Intelligent Connected Vehicles(ICVs)are faced more and more cybersecurity threats while improving traffic efficiency because of much electronic devices.Testing whether ICVs have cybersecurity vulneribilities is of great significance to ensure safety of vehicles and personnel.The complex architecture of ICV makes traditional cybersecurity testing technology connot be directly reused in ICVs.Based on penetration testing and fuzzing testing technology,the thesis conducts research on cybersecurity testing of ICVs,aiming to establish a systematic cybersecurity testing framework that can be used to discover potential cybersecurity vulnerabilities in ICVs and the components.The specific research contents are as follows:First,the penetration testing framework for ICVs is researched.Aiming at the lack of standardized penetration testing process and framework for ICVs,the thesis innovatively proposes a threat-based hierarchical penetration testing framework.On the one hand,the framework clarifies the three-stage penetration testing process,which includes defining the scope of penetration testing and collecting information;analyzing cybersecurity threats and formulating penetration testing plans;performing penetration testing and assessing cybersecurity risks.On the other hand,the framework for the first time divides the penetration testing cases for ICVs into ten levels.As long as the automobile module has the functions,hardware,and software components of the corresponding level,the penetration testing cases of the corresponding level will be conducted,which makes the penetration testing standardized.Based on the standardized penetration testing process and cases,testers with different professional knowledge can carry out standardized penetration testing of,greatly improving the efficiency of penetration testing.Secondly,the fuzzing technology of CAN bus and TPMS is researched.Aiming at the problem of mining unknown malicious instructions on the vehicle CAN bus,the thesis innovatively proposes a fuzzing method based on WGAN-GP and Ada Boost.The method uses the WGAN-GP model to generate fuzzing data whose data characteristics are close to the real CAN bus data.And the method uses the Ada Boost model to filter suspicious fuzzing data that causes potential CAN bus anomalies.The method not only avoids data explosion and protocol inversion problems,but also avoids a large number of manual anomalies verification,improving the efficiency and automation of fuzzing testing.Aiming at the problem of mining unknown malicious vulnerabilities in tire pressure monitoring sensors,the thesis innovatively proposes a fuzzing method based on reverse analysis.The method uses radio signal analysis technology to realize the data frame transmission.And on this basis,the method uses the protocol reverse analysis technology to determine the temperature,pressure and check code fields,which lays the foundation for the rapid generation of fuzzing test data.Finally,the cybersecurity testing about ICVs is researched.Without dismantling the vehicle,the thesis carries out multiple levels of penetration testing with the help of penetration testing framework on the target vehicle.Supplemented by fuzz testing,the thesis found the remote vehicle control verification code brute force cracking,CAN bus abnormal control instructions,global positioning system Spoofing,ultrasonic ranging jamming,traffic sign recognition spoofing,passive keyless entry system relay attack and other cybersecurity vulnerabilities.The thesis proposes a threat-based hierarchical penetration testing framework and a fuzzing testing method for CAN bus and tire pressure monitoring system in view of the challenges faced by the cybersecurity testing of ICVs.Security test case.The research results of vehicle cybersecurity testing show that penetration testing and fuzzing testing play an important role in mining cybersecurity vulnerabilities of ICVs,which has important application value.