https://www.nationalacademies.org/trb/events

Guiding Electronic Control Unit (ECU) Firmware Fuzzing with Hardware-Level Side-Channel

This project develops a novel electromagnetic (EM) side-channel-guided fuzzing framework for automotive Electronic Control Unit (ECU) firmware security testing. The approach addresses key challenges in ECU security research, namely that firmware is often encrypted, proprietary, and tightly coupled to hardware, making traditional instrumentation-based fuzzing impractical. By capturing and analyzing EM emanations from ECUs during execution, the framework estimates code coverage without requiring firmware modification, instrumentation, or rehosting. The system integrates this EM-based coverage feedback into a fuzzer to guide test case generation via Controller Area Network (CAN) bus communication. The project will conduct extensive fuzzing campaigns on real automotive ECUs from various manufacturers to discover zero-day vulnerabilities and enhance vehicle cybersecurity.

Record URL:
- https://www.clemson.edu/cecas/tracr/research/projects/#guidingelectroniccontrolunitecufirmwarefuzzingwithhardwarelevelsidechannel

Language

English

Project

Status: Active
Funding: $247,084.00
Contract Numbers:
69A3552344812

69A3552348317
Sponsor Organizations:
Office of the Assistant Secretary for Research and Technology

University Transportation Centers Program
Department of Transportation
Washington, DC United States 20590

Clemson University

216 Lowry Hall
Clemson, SC, SC United States 29634

Benedict College

1600 Harden Street
Columbia, South Carolina United States 29204
Managing Organizations:
National Center for Transportation Cybersecurity and Resiliency (TraCR)

Clemson University
Clemson, SC United States

Clemson University

216 Lowry Hall
Clemson, SC, SC United States 29634
Project Managers:
Chowdhury, Mashrur

Clemson University

864-656-3313

mac@clemson.edu
Performing Organizations:
Clemson University

216 Lowry Hall
Clemson, SC, SC United States 29634

Benedict College

1600 Harden Street
Columbia, South Carolina United States 29204
Principal Investigators:
Zhang, Zhenkai

zhenkai@clemson.edu

Iyangar, Balaji

balaji.iyangar@benedict.edu
Start Date: 20260401
Expected Completion Date: 20270331
Actual Completion Date: 0
USDOT Program: University Transportation Centers

Subject/Index Terms

TRT Terms: Computer security; Connected vehicles; Electromagnetism; Electronic controllers; System design
Subject Areas: Data and Information Technology; Highways; Security and Emergencies; Vehicles and Equipment;

Filing Info

Accession Number: 01988393
Record Type: Research project
Source Agency: National Center for Transportation Cybersecurity and Resiliency (TraCR)
Contract Numbers: 69A3552344812, 69A3552348317
Files: UTC, RIP
Created Date: Apr 29 2026 4:47PM