The Pivotal Secure Technology Of In-vehicle Network Oriented To The Internet Of Vehicles

The development of IoV(Internet of Vehicles)and intelligent interconnected vehicles has enhanced the functions of vehicles and brought many conveniences to people.However,due to the interconnection of IoV,the in-vehicle network is no longer an independent system and is vulnerable to various security threats and attacks.Moreover,some potential problems in traditional automotive electronic systems are exposed at the same time.The in-vehicle network is one of the core components of the IoV system.In the in-vehicle network,CAN bus is the most widely used on-board bus,where the data transmission and interaction between different unit modules is executed.In this thesis,the research is focused on the in-vehicle CAN bus network.By analyzing the security problems in the in-vehicle network,a complete and efficient security protection mechanism can be established,which provides a powerful guarantee for vehicle security.The research in this thesis includes the following aspects:(1)On the basis of summarizing and analyzing the current research on the security of IoV and in-vehicle network,the structure,functions,and characteristics of the IoV system as well as the in-vehicle system are studied and analyzed.And then the data transmission mode,arbitration mechanism,network structure and data frame format of the CAN bus protocol are analyzed.(2)Aiming at the security problems confronted by the interconnected cars under the IoV environment and the security defects in the CAN bus protocol,the security threats to be prevented and security needs to be satisfied in the vehicle network system are analyzed.And then the framework of security protection system is proposed to provide comprehensive security for the in-vehicle network system.(3)The research on key distribution methods applicable to in-vehicle network systems is conducted.Based on the requirements and limitations to security mechanisms under the in-vehicle network environment,the advantages and disadvantages of several commonly used key distribution methods are compared,such as symmetric key distribution,digital certificates,and matrix key distribution.Based on the original matrix key distribution method,transformation and improvement are performed to generate a symmetric polynomial to generate a key.Between each ECU node,a key can be generated based on this polynomial and the public serial number.(4)The research on the security authentication methods and secure communication methods applicable to in-vehicle networks is conducted.The security authentication includes the integrity verification of each ECU,the security authentication protocol between the gateway and the ECU,and the authentication between ECU and TSP when the vehicle is updated and maintained.The confidentiality,integrity and authenticity of data in the communication between ECUs are protected by encrypted communications,and the specific application situations when using CAN 2.0 data frames and CAN-FD data frames are given respectively.(5)The research on the intrusion detection method of on-board CAN network is conducted.Using intrusion detection based on anomaly detection,the anomaly detection algorithm based on relative entropy is improved,and the detection granularity and detection speed are improved.An additional anomaly detection algorithm based on whitelists and time intervals was designed.Through the combination of the two detection methods,the intrusion detection method of the on-board CAN bus network is designed so as to achieve a better detection effect.Finally,the feasibility of this method was verified by experimental tests.The security method studied and designed in this thesis is not aimed at a particular vehicle model or a particular network architecture.It is a general-purpose universal technology research.The key management and security authentication methods are applicable not only to the on-board CAN bus network but also to the wireless sensor networks and embedded networks.Secure communication and intrusion detection methods are applicable to both vehicle-mounted networks and industrial networks based on CAN buses with strong requirements on real-time and regularity.