Fuzz Testing for Automotive Cyber-Security

There is increasing computational complexity within the connected car, and with the advent of autonomous vehicles, how do manufacturers test for cyber-security assurance? The fuzz test is a successful black box testing method that hackers have used to find security weaknesses in various domains. Therefore, should the fuzz test, mentioned (without any details) in SAE J3061, be applied more widely into the vehicle systems development process to help reduce vulnerabilities? To investigate this question a custom fuzzer was developed to allow for experimentation against a target vehicle's CAN bus (used as the data interconnect for the vehicle's ECUs). The results demonstrate that the fuzz test has a part to play as one of the many security tests that a vehicle's systems need to undergo before being made ready for series production. However, previous problems raised when cyber testing a vehicle were confirmed. Thus, in adding the fuzz test to the automotive engineering tool box some issues are raised that need addressing in future research.