目前最全的汽车信息安全攻防工具和资料清单

随着联网汽车、汽车数字化和自动驾驶等智能汽车的超速发展，相对滞后的智能汽车的信息安全技术、标准、政策、方法和实践已经成为消费者、汽车制造商、零部件供应商和政府监管部门关注的话题。Peerlyst最近制作了一个汽车安全攻防工具资源清单，方便汽车安全领域专业人士参考备用，转载如下：

一、汽车黑客攻击工具

CANbadger – 机动车逆向工程和渗透测试工具

CANToolz CANbus网络与设备分析工具
https://github.com/eik00d/CANToolz

Open Sesame (车库门开启工具).
http://samy.pl/opensesame/

CANiBUS – CAN设备研究服务器

CANdiy-Shield MCP2515 CAN controller with two RJ45 con-nectors and a protoarea
ChuangZhou CAN-Bus Shield MCP2515 CAN controller with a D-sub connector and screw terminals
DFRobot CAN-Bus Shield STM32 controller with a D-sub con-nector
SeeedStudio SLD01105P CAN-Bus Shield MCP2515 CAN con-troller with a D-sub connector
SparkFun SFE CAN-Bus Shield MCP2515 CAN controller with a D-sub connector and an SD card holder; has connectors for an LCD and GPS module

Freematics OBD-II Telematics Kit

CANtact 用计算机USB接口访问CAN的开源软件
http://linklayer.github.io/cantact/

Canberry MCP2515 CAN controller with screw terminals only (no D-sub connector; $23)
Carberry Two CAN bus lines and two GMLAN lines, LIN, and infrared (doesn’t appear to be an open source shield; $81)
PICAN CAN-Bus Board MCP2515 CAN controller with D-sub connector and screw terminals ($40 to $50)

ChipKit Max32 Development Board and NetworkShield

ELM327 Chipset

GoodThopter Board – 一个开源低成本的CAN接口开发板

Kayak – 分析CAN流量的Java GUI
http://kayak.2codeornot2code.org/

O2OO is an open source OBD-II data logger that works with ELM327 to record data to a SQLite database for graphing purposes. It also supports reading GPS data in NMEA for-mat.
http://www.vanheusden.com/O2OO/

CAN of Fingers (c0f)is an open source tool for fingerprinting CAN bus systems
https://github.com/zombieCraig/c0f/

UDSim ECU Simulator UDSim is a GUI tool that can monitor a CAN bus and automatically learn the devices attached to it by watching communications
https://github.com/zombieCraig/UDSim/

Octane CAN Bus Sniffer – Octane is an open source CAN bus sniffer and injector with a very nice interface for sending and receiving CAN packets, including an XML trigger system
http://octane.gmu.edu/

CANSPY: CAN设备监控审计平台
https://www.blackhat.com/docs/us-16/materials/us-16-Demay-CANSPY-A-Platorm-For-Auditing-CAN-Devices-wp.pdf

CARduino – a highly functional, low-cost entrant for Cloud to Car mirroring.
http://www.carknow.me/carduino/

CANcrusher – Future home of the CANcrusher Ultimate CAN Tool!
http://www.cancrushers.net/

BusMaster – BUSMASTER is an open source PC software for the design, monitoring, analysis, and simulation of CAN networks

caringcaribou–A friendly car security exploration tool

二、 汽车安全防御工具

CanSee: 一个基于机器学习的汽车IDS系统，可以侦测CANBUS的异常流量
http://conference.hitb.org/hitbsecconf2016ams/materials/D2T1%20-%20Jun%20Li%20-%20CANSsee%20-%20An%20Automobile%20Intrusion%20Detection%20System.pdf

基于时钟的汽车IDS系统：CIDS
https://kabru.eecs.umich.edu/wordpress/wp-content/uploads/sec16-final165_final.pdf

Argus Security推出的汽车 IPS 系统
https://argus-sec.com/

哈曼国际集团推出的ECUSHIELD‍ 安全威胁监控方案：by HARMAN International Industries working with Airbiquity’s Choreo platform and Software & Data Management solution: ECUSHIELD does continuous security threat monitoring and identification for internal vehicle networks–detects and logs security intrusions locally. Once logged, Airbiquity’s Choreo platform and Software & Data Management solution collects the ECUSHIELD intrusion information from the vehicle, aggregates it in the cloud, and automates alerts and reports so automotive customers can quickly assess and execute security-centric actions–including the secure transmission and installation of vehicle software updates from the cloud to mitigate future threats and restore impacted systems and components.

三、汽车信息安全相关资源

ENISA智能汽车网络安全最佳实践研究报告

CSA云安全联盟联网汽车安全分析与最佳实践指南

机动车安全最佳实践 Automotive Cybersecurity Best Practices, Auto ISAC, 2016
https://www.automotiveisac.com/best-practices/

车辆漏洞共性研究Commonalities in Vehicle Vulnerabilities, Corey Thuen, 2016
http://www.ioactive.com/pdfs/Commonalities_in_Vehicle_Vulnerabilities_WP.pdf

机动车网络安全 Vehicle Cybersecurity, a report by Gao, 2016
http://www.gao.gov/products/GAO-16-350

机动车数字-物理系统安全指南 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, SAE J3061 (Cybersecurity Safety Engineering Framework), 2016 by SAE
http://standards.sae.org/j3061_201601/

CAN消息注入DEFCON 24 paper by Chris Valasek and Charlie Miller: CAN Message Injection
http://illmatics.com/can%20message%20injection.pdf

UPV远程攻击 DEFCON 23 paper by Chris Valasek and Charlie Miller: Remote Exploitation of an Unaltered Passenger Vehicle
http://illmatics.com/Remote%20Car%20Hacking.pdf

机动车NCU安全探索 Adventures in Automotive Networksand Control Units. Paper by Chris Valasek and Charlie Miller 2013
http://www.ioactive.com/pdfs/IOActive_Adventures_in_Automotive_Networks_and_Control_Units.pdf

机动车攻击面全面实验性分析 Comprehensive Experimental Analyses of Automotive Attack Surfaces UseNix Sec 2011
http://www.autosec.org/pubs/cars-usenixsec2011.pdf

五星级机动车网络空间安全项目 Five Star Automotive Cyber Safety Program, I am the Cavalry, 2015
https://www.iamthecavalry.org/domains/automotive/5star/

联网汽车内部网络安全面面观 Security Aspects of the In-Vehicle Network in the Connected Car by Pierre Kleberger, Tomas Olovsson, and Erland Jonsson, 2011 from IEEE Intelligent Vehicles Symposium (IV).
http://www.syssec-project.eu/m/page-media/3/connectedcar-iv-2011.pdf

机动车安全最佳实践 Automotive Security Best Practices by David A Brown, Geoffrey Cooper, 2014
http://www.mcafee.com/de/resources/white-papers/wp-automotive-security.pdf

汽车黑客手册 Car Hacker’s Handbook by Opengarages
http://opengarages.org/handbook/

 

本清单来自：Peerlyst.com