基于CAN-FD总线的车载网络安全通信
CSTR:
作者:
作者单位:

同济大学汽车学院

中图分类号:

U463.67

基金项目:

中央高校基本科研业务费专项资金(22120170265)


Secure Communication Method for In-Vehicle Network Based on CAN-FD Bus
Author:
  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [13]
  • |
  • 相似文献 [20]
  • | | |
  • 文章评论
    摘要:

    以数据加密和入侵检测为基础,建立了一种基于灵活数据速率控制器局域网络的汽车通信网络信息安全方法.提出了包括安全传输、安全启动、时间同步与密钥分配的汽车网络安全通信协议,并通过建立网络仿真模型验证安全协议的有效性.搭建了基于硬件实例的安全通信节点,测试硬件节点的实际通信性能和加密性能.最后针对汽车通信网络潜在的攻击方式,以Dolev-Yao入侵模型攻击和拒绝服务攻击为测试方法,对安全通信模型进行了安全性攻击测试和入侵检测功能验证,确定了网络入侵检测的判定指标.测试结果验证了该方法的安全性和可用性.

    Abstract:

    A security method for vehicle communication network based on controller area network with flexible data-rate (CAN-FD) was established with data encryption and intrusion detection. Secure communication protocols for vehicle network including secure transmission, secure boot, time synchronization, and key distribution were proposed, and a network simulation model was established to verify the validity of the secure protocols. Secure communication nodes based on hardware instance were established to test the actual communication performance and encryption performance of the hardware nodes. Aiming at the potential attack modes of the vehicle communication network, the Dolev-Yao intruder model attack and the denial of service attack were used as the test methods to test the security of communication model and verify the intrusion detection function. And the judgment index of the network intrusion detection was determined. The experimental results had confirmed the security and usability of the method.

    参考文献
    [1] Koscher K, Czeskis A, Roesner F, et al. Experimental Security Analysis of a Modern Automobile[C]//IEEE Symposium on Security and Privacy. Oakland CA: IEEE, 2010: 447-462.
    [2] Van Herrewege A, Singelee D, Verbauwhede I. CANAuth - A Simple, Backward Compatible Broadcast Authentication Protocol for CAN Bus[C]//ECRYPT Workshop on Lightweight Cryptography. Louvain-la-Neuve: ECRYPT, 2011.
    [3] Hartkopp O, Reuber C, Schilling R. Message Authenticated CAN[C]//Embedded Security in Cars Conference. Berlin: ESCAR, 2012.
    [4] Woo S, Jo H J, Kim I S, et al. A Practical Security Architecture for In-Vehicle CAN-FD[J]. IEEE Transactions on Intelligent Transportation Systems, 2016, 17(8): 2248~2261.
    [5] Ruddle A, Ward D, Weyl B, et al. Deliverable D2. 3: Security requirements for automotive on-board networks based on dark-side scenarios[R]. EVITA, 2009.
    [6] Hartwich F. CAN with flexible data-rate[C]//iCC 2012. CAN in Automation, 2012.
    [7] NIST. Advanced Encryption Standard (AES): FIPS PUB 197[S]. NIST, 2001.
    [8] IEEE SA. IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems: 1588-2008[S]. IEEE SA, 2008.
    [9] HIS AK Security. SHE – Secure Hardware Extension Functional Specification[S]. HIS AK Security, 2009.
    [10] Dolev D, Yao A. On the Security of Public Key Protocols[J]. IEEE Transactions on Information Theory, 1983, 29(2) : 198-208.
    Woo S, Jo H J, Lee D H. A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN [J]. IEEE Transactions on Intelligent Transportation Systems, 2015, 16(2): 993–1006.
    吴尚泽,秦贵和,刘毅等. 车载控制器局域网络总线的动态口令身份认证方法[J]. 西安交通大学学报, 2017, 51(6). DOI: 10.7652/xjtuxb201706016. WU Shangze, QIN Guihe, LIU Yi et al. A Method for Identifying Authentication of Dynamic Passwords for In-vehicle Controller Area Networks Buses[J]. Journal of Xi’an Jiaotong University, 2017, 51(6). DOI: 10.7652/xjtuxb201706016.
    于赫. 网联汽车信息安全问题及CAN总线异常检测技术研究[D]. 长春: 吉林大学, 2016. YU He. Research on Connected Vehicle Cyber Security and Anomaly Detection Technology for In-vehicle CAN bus[D]. Changchun: Jilin University. 2016.
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

罗峰,胡强,刘宇.基于CAN-FD总线的车载网络安全通信[J].同济大学学报(自然科学版),2019,47(03):0386~0391

复制
分享
文章指标
  • 点击次数:1876
  • 下载次数: 1130
  • HTML阅读次数: 2287
  • 引用次数: 0
历史
  • 收稿日期:2017-10-27
  • 最后修改日期:2019-01-02
  • 录用日期:2018-12-13
  • 在线发布日期: 2019-04-03
文章二维码