Abstract

Abstract

Abstract
The fast global expansion of online public services has transformed how governments interact with citizens, offering convenience and efficiency. However, this digital transformation also introduces significant security risks, as sensitive data exchanged between users and service providers over public networks are exposed to cyber threats. Thus, ensuring the security and trustworthiness of these services is critical to the success of Electronic Government (EGOV) initiatives. This study evaluates the information security posture of 3068 public service platforms across all 193 UN Member States through non-intrusive assessments conducted in 2023 and 2024. The evaluation focuses on three key dimensions: (i) the adoption of secure end-to-end communication protocols, (ii) the trustworthiness of digital certificate chains, and (iii) the exposure of hosting servers to known vulnerabilities. The findings reveal that while some progress has been made in securing online public services, substantial gaps remain in the implementation of international security standards and best practices. Many platforms continue to rely on outdated cryptographic protocols, misconfigured certificates, and unpatched vulnerabilities, leaving citizens and services vulnerable to cyber threats due to weaknesses that malicious actors can easily and inconspicuously identify. These insights emphasize the need for effective implementation of more comprehensive cybersecurity policies, proactive security assessments, and improved regulatory compliance checks. Additionally, this work provides actionable guidance for governments and system administrators to enhance the security of EGOV infrastructures by addressing persistent vulnerabilities and adopting robust cybersecurity practices.

Abstract
Electronic Control Units are embedded devices that control various critical features of an automobile. Consequently, it is crucial to develop tools that enable penetration testers to identify security vulnerabilities within these ECUs as efficiently as possible. Fuzzing, a widely-used technique, can help uncover vulnerabilities in various types of applications. Fuzzing can then be applied to test ECUs through their communication protocols, the most common being the Controller Area Network (CAN). We present oCANada, a generation-based fuzzer which can be utilized in order to craft CAN messages for fuzzing. Many existing CAN fuzzers rely on simple mutation-based fuzzing, which involves randomly changing bits in the CAN payload. This paper introduces a novel generation-based fuzzing approach that leverages CAN database files (DBCs) in order to craft syntactically correct messages. oCANada also incorporates State-of-the-Art CAN reverse engineering techniques in order to enable syntax-aware fuzzing even when DBCs are not available. Additionally, this paper discusses test oracle techniques employed for fuzzing ECUs over CAN in both greybox and blackbox environments. Finally, we present our results while running the tool which we used two CANoe simulations, a Gateway ECU, and a modified version of the instrument cluster simulator ICSim. In these results, we also compare our fuzzer to the well-known CaringCaribou fuzzer.

Abstract

Abstract