Visible to the public On In-Vehicle Network Security Testing Methodologies in Construction Machinery

TitleOn In-Vehicle Network Security Testing Methodologies in Construction Machinery
Publication TypeConference Paper
Year of Publication2022
AuthorsHariharan, Sheela, Papadopoulos, Alessandro V., Nolte, Thomas
Conference Name2022 IEEE 27th International Conference on Emerging Technologies and Factory Automation (ETFA)
Date Publishedsep
Keywordsconstruction machinery, controller area network, fuzzing, Human Behavior, human factors, Internet of Vehicles, pen testing, product development, Productivity, Protocols, pubcrawl, resilience, Resiliency, SAE J1939, security, security testing, Software, Wireless communication
Abstract

In construction machinery, connectivity delivers higher advantages in terms of higher productivity, lower costs, and most importantly safer work environment. As the machinery grows more dependent on internet-connected technologies, data security and product cybersecurity become more critical than ever. These machines have more cyber risks compared to other automotive segments since there are more complexities in software, larger after-market options, use more standardized SAE J1939 protocol, and connectivity through long-distance wireless communication channels (LTE interfaces for fleet management systems). Construction machinery also operates throughout the day, which means connected and monitored endlessly. Till today, construction machinery manufacturers are investigating the product cybersecurity challenges in threat monitoring, security testing, and establishing security governance and policies. There are limited security testing methodologies on SAE J1939 CAN protocols. There are several testing frameworks proposed for fuzz testing CAN networks according to [1]. This paper proposes security testing methods (Fuzzing, Pen testing) for in-vehicle communication protocols in construction machinery.

DOI10.1109/ETFA52439.2022.9921551
Citation Keyhariharan_-vehicle_2022