Design and Development of a Structured and Accessible Penetration Testing Environment for Automotive Applications.

Modern vehicles rely on an important network of interconnected Electronic Control Units (ECU) to manage critical functionalities from engine control and braking to steering and active aerodynamics. As those subsystems become more intricate software-defined structures, they have become more interesting targets to the cybercriminal world. The increasing connectivity is making the management of such systems more concentrated on the security aspect of the implementation. Ensuring the integrity, confidentiality, and availability of ECU communications, as one of the most important components in the vehicle information flow, is essential for both the vehicle's performance and the driver's safety. The risk landscape has motivated researchers to study the automotive communication protocols and diagnostic services for potential vulnerabilities that could be exploited for any possible malicious use. This thesis, carried out at Bylogix, a specialist in embedded systems and automotive software solutions, is aimed at presenting the theory needed to understand the ECU communications and then establishing the extent to which the UDS services can be powerful in a real rear wing ECU. The study was based on white-box penetration testing methods, which helped in guiding the test logic and testing vulnerabilities under realistic and controlled environments because the protocol settings and security measures enforced are known. The objective was also to detect the vulnerabilities by conducting some attacks, such as unauthorized access, data modification, and denial of service. This method will facilitate understanding the behavior of the ECU, the operation of its communication protocol, and how it has been developed to resist intrusions from the outside world. The communication is centered around not only Unified Diagnostic Services (UDS) over Controller Area Network (CAN) but also ISO-TP utilized for multi-frame messages over CAN. On this matter, Python scripts were created to execute several kinds of requests, such as seed harvesting, write actions following authentication, and session control manipulation. The solution also provides logging, scheduling, and fuzzing. To facilitate the tests application, an automation master script was written for Security Access and Read Data by Identifier services. This way, Bylogix will be able to use this test framework to assess the security level of other ECUs, the subject of future projects. This thesis contributes to research involving automotive ECU security by demonstrating actual vulnerabilities and limitations in a real-world UDS implementation. Key results such as duplicated seed values, unprotected clearing, and poor session management show what the manufacturers can focus on in terms of design and configuration for a better level of security. The white-box approach plays an important role and provides a valuable baseline for identifying poor implementation choices and evaluating the ECU's responses against unauthorized diagnostics. Finally, the conclusion that there is a significant demand for secure-by-design principles in the automotive ECUs is drawn, and several desired improvements are provided for the diagnostic service protection. It also provides a baseline for future research like advanced fuzzing and anomaly-based systems to be examined within the automotive field.