欢迎光临第五届中国汽车网络信息安全峰会2020!

目前最全的汽车信息安全攻防工具和资料清单

发布日期:2020-09-07

点击上方蓝色字体,关注我们


GRCC IoVSecurity 昨天 

手机阅读





GRCC IoVSecurity 昨天 

手机阅读




随着联网汽车、汽车数字化和自动驾驶等智能汽车的超速发展,相对滞后的智能汽车的信息安全技术、标准、政策、方法和实践已经成为消费者、汽车制造商、零部件供应商和政府监管部门关注的话题。Peerlyst最近制作了一个汽车安全攻防工具资源清单,方便汽车安全领域专业人士参考备用,转载如下:

一、汽车黑客攻击工具

CANbadger – 机动车逆向工程和渗透测试工具

CANToolz CANbus网络与设备分析工具
https://github.com/eik00d/CANToolz

Open Sesame (车库门开启工具).
http://samy.pl/opensesame/

CANiBUS – CAN设备研究服务器

CANdiy-Shield MCP2515 CAN controller with two RJ45 con-nectors and a protoarea
ChuangZhou CAN-Bus Shield MCP2515 CAN controller with a D-sub connector and screw terminals
DFRobot CAN-Bus Shield STM32 controller with a D-sub con-nector
SeeedStudio SLD01105P CAN-Bus Shield MCP2515 CAN con-troller with a D-sub connector
SparkFun SFE CAN-Bus Shield MCP2515 CAN controller with a D-sub connector and an SD card holder; has connectors for an LCD and GPS module

Freematics OBD-II Telematics Kit

CANtact 用计算机USB接口访问CAN的开源软件
http://linklayer.github.io/cantact/

Canberry MCP2515 CAN controller with screw terminals only (no D-sub connector; $23)
Carberry Two CAN bus lines and two GMLAN lines, LIN, and infrared (doesn’t appear to be an open source shield; $81)
PICAN CAN-Bus Board MCP2515 CAN controller with D-sub connector and screw terminals ($40 to $50)

ChipKit Max32 Development Board and NetworkShield

ELM327 Chipset

GoodThopter Board – 一个开源低成本的CAN接口开发板

Kayak – 分析CAN流量的Java GUI
http://kayak.2codeornot2code.org/

O2OO is an open source OBD-II data logger that works with ELM327 to record data to a SQLite database for graphing purposes. It also supports reading GPS data in NMEA for-mat.
http://www.vanheusden.com/O2OO/

CAN of Fingers (c0f)is an open source tool for fingerprinting CAN bus systems
https://github.com/zombieCraig/c0f/

UDSim ECU Simulator UDSim is a GUI tool that can monitor a CAN bus and automatically learn the devices attached to it by watching communications
https://github.com/zombieCraig/UDSim/

Octane CAN Bus Sniffer – Octane is an open source CAN bus sniffer and injector with a very nice interface for sending and receiving CAN packets, including an XML trigger system
http://octane.gmu.edu/

CANSPY: CAN设备监控审计平台
https://www.blackhat.com/docs/us-16/materials/us-16-Demay-CANSPY-A-Platorm-For-Auditing-CAN-Devices-wp.pdf

CARduino – a highly functional, low-cost entrant for Cloud to Car mirroring.
http://www.carknow.me/carduino/

CANcrusher – Future home of the CANcrusher Ultimate CAN Tool!
http://www.cancrushers.net/

BusMaster – BUSMASTER is an open source PC software for the design, monitoring, analysis, and simulation of CAN networks

caringcaribouA friendly car security exploration tool

二、 汽车安全防御工具

CanSee: 一个基于机器学习的汽车IDS系统,可以侦测CANBUS的异常流量
http://conference.hitb.org/hitbsecconf2016ams/materials/D2T1%20-%20Jun%20Li%20-%20CANSsee%20-%20An%20Automobile%20Intrusion%20Detection%20System.pdf

基于时钟的汽车IDS系统:CIDS
https://kabru.eecs.umich.edu/wordpress/wp-content/uploads/sec16-final165_final.pdf

Argus Security推出的汽车 IPS 系统
https://argus-sec.com/

哈曼国际集团推出的ECUSHIELD‍ 安全威胁监控方案:by HARMAN International Industries working with Airbiquity’s Choreo platform and Software & Data Management solution: ECUSHIELD does continuous security threat monitoring and identification for internal vehicle networks–detects and logs security intrusions locally. Once logged, Airbiquity’s Choreo platform and Software & Data Management solution collects the ECUSHIELD intrusion information from the vehicle, aggregates it in the cloud, and automates alerts and reports so automotive customers can quickly assess and execute security-centric actions–including the secure transmission and installation of vehicle software updates from the cloud to mitigate future threats and restore impacted systems and components.

三、汽车信息安全相关资源

ENISA智能汽车网络安全**实践研究报告

CSA云安全联盟联网汽车安全分析与**实践指南

机动车安全**实践 Automotive Cybersecurity Best Practices, Auto ISAC, 2016
https://www.automotiveisac.com/best-practices/

车辆漏洞共性研究Commonalities in Vehicle Vulnerabilities, Corey Thuen, 2016
http://www.ioactive.com/pdfs/Commonalities_in_Vehicle_Vulnerabilities_WP.pdf

机动车网络安全 Vehicle Cybersecurity, a report by Gao, 2016
http://www.gao.gov/products/GAO-16-350

机动车数字-物理系统安全指南 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE J3061 (Cybersecurity Safety Engineering Framework), 2016 by SAE
http://standards.sae.org/j3061_201601/

CAN消息注入DEFCON 24 paper by Chris Valasek and Charlie Miller: CAN Message Injection
http://illmatics.com/can%20message%20injection.pdf

UPV远程攻击 DEFCON 23 paper by Chris Valasek and Charlie Miller: Remote Exploitation of an Unaltered Passenger Vehicle
http://illmatics.com/Remote%20Car%20Hacking.pdf

机动车NCU安全探索 Adventures in Automotive Networksand Control Units. Paper by Chris Valasek and Charlie Miller 2013
http://www.ioactive.com/pdfs/IOActive_Adventures_in_Automotive_Networks_and_Control_Units.pdf

机动车攻击面全面实验性分析 Comprehensive Experimental Analyses of Automotive Attack Surfaces UseNix Sec 2011
http://www.autosec.org/pubs/cars-usenixsec2011.pdf

五**机动车网络空间安全项目 Five Star Automotive Cyber Safety Program, I am the Cavalry, 2015
https://www.iamthecavalry.org/domains/automotive/5star/

联网汽车内部网络安全面面观 Security Aspects of the In-Vehicle Network in the Connected Car by Pierre Kleberger, Tomas Olovsson, and Erland Jonsson, 2011 from IEEE Intelligent Vehicles Symposium (IV).
http://www.syssec-project.eu/m/page-media/3/connectedcar-iv-2011.pdf

机动车安全**实践 Automotive Security Best Practices by David A Brown, Geoffrey Cooper, 2014
http://www.mcafee.com/de/resources/white-papers/wp-automotive-security.pdf

汽车黑客手册 Car Hacker’s Handbook by Opengarages
http://opengarages.org/handbook/

本清单来自:Peerlyst.com

转载自: IT 经理网




相关文章

Awesome Hacking:一份完整的黑客技术成长清单 (1)
Awesome Hacking:一份完整的黑客技术成长清单 (2)
汽车网络安全之——工具汇总
ATG,一种用于车载CAN总线安全测试的攻击流量生成工具




SELECTED EVENTS






 

长按二维码识别关注





我就知道你“在看”



  • 电话咨询
  • 15021948198
  • 021-22306692
None