Fuzzing mit ESCRYPT CycurFUZZ

Fuzzing with ESCRYPT CycurFUZZ

Conforming with ISO/SAE 21434 and UN R-155

The growing intricacy of automotive systems, combined with the implementation of international regulations such as ISO/SAE 21434 and UN R-155, has made cybersecurity testing an essential component of the development and validation process. One of the recommended testing methods outlined in ISO/SAE 21434 is fuzzing, which is particularly effective in evaluating the robustness and cyberresilience of automotive systems, as well as identifying potential vulnerabilities at an early stage.

The integration of a sophisticated automotive fuzzer tool can significantly enhance the testing process by allowing for customization, automation, and acceleration. This tool can be seamlessly embedded into the development process, ensuring continuous improvement and efficiency.

Fuzzing in communication

Improve automotive software quality

ESCRYPT CycurFUZZ is a cutting-edge fuzz testing solution that helps you comply with regulations and standards. With built-in automotive cybersecurity expertise, it assesses the security maturity of your systems and improves software quality throughout development and validation.

Unique combination of high defect detection rates and fast execution speed

ESCRYPT CycurFUZZ supports key automotive protocols and accommodates customer-specific requirements, such as ARXML files. Its dynamic timing feature enables exceptional test performance, delivering a high defect detection rate at unprecedented speed.

Use cases

When it comes to identifying weaknesses or vulnerabilities in a physical or virtual Electronic Control Unit (ECU), there are several testing options available. One approach is to conduct system or integration tests, which can help uncover potential issues.

Alternatively, single ECU tests can be performed with a simple setup consisting of an ECU, a hardware connector, and a PC. There are several test setup possibilities, including:

  • A Software-in-the-Loop (SiL) setup on a component level, which can be done on a single virtual ECU at level 3.
  • A SiL setup on a system level, which involves multiple ECUs on a PC.
  • A Hardware-in-the-Loop (HiL) setup, which can be integrated with ESCRYPT CycurFUZZ to accelerate fuzz testing.

For those who require more comprehensive support, professional fuzz testing services are available as well. These services include fuzz testing, result reports, analysis and interpretation of findings, and proposals for remediation.

Features and protocols

Full coverage of automotive protocols:

  • CAN
  • CAN-FD
  • ISO-TP
  • J1939
  • UDS
  • SOME/IP
  • DoIP (upcoming)

The fuzz testing solution offers support for a range of fuzzing modes, including:

  • UDS (Unified Diagnostic Services)
  • Inverse UDS
  • ISO-TP (ISO 15765-2 Transport Protocol)
  • ARXML (AUTOSAR XML)
  • DBC (Database Container)
  • Random mode
  • Monitor mode

One of the key features of this solution is its ability to perform vehicle-level fuzz testing. This allows for the simultaneous fuzzing of multiple Electronic Control Unit (ECU) targets via a single communication bus.

Additionally, the solution offers a full-headless mode, which provides flexibility and ease of integration. This mode supports all common tools for bus access, such as DB9 and USB connectors, and also features a REST API for technical integration into other solutions.