CAN Vehicle Communication Bus Security Research And Message Authentication System Design And Implementation Of Key Modules

The CAN bus is the most widely used internal control network in vehicles.For a long time,the on-board CAN bus communication network has been regarded as a relatively safe closed network system.However,with the development of the networked autos and autopilot technology,the closedness of the vehicle's internal control network is gradually being broken,and its safety problems are also being exposed gradually.There has been a huge amount of research showing that the large number of micro-control units in modern cars can be easily exploited by attackers.To solve these security problems,on the one hand,it is necessary to improve the security of communication between the internal components of the car and the external network.On the other hand,what is more important is to ensure the safety of the internal control network communication in car.The article analyzes the principle of the CAN bus communication protocol and the existing attack method for the CAN vehicle communication bus,defines the main security vulnerabilities of the CAN vehicle communication bus,and then designs a message authentication system based on this.The CAN vehicle communication bus message authentication system uses two messages for message authentication to ensure that messages performed by key components on the CAN vehicle communication bus are from actual senders.The entire system minimizes the load and system delay of the bus while ensuring that it can resist existing common attack methods.The hardware-implemented HMAC calculation module is the key to reducing system latency in this system.In this design,the SHA-3 algorithm is used as an embedded hash function of the HMAC calculation module,and five kinds of message authentication codes such as 64 bits,224 bits,256 bits,384 bits,and 512 bits are output,and this module can calculate both Hash Value and message authentication.The 64-bit message authentication code can meet the requirements of the CAN bus communication protocol,and can be applied to the CAN vehicle communication bus message authentication system.On this basis,in order to reduce the computational clock cycle and improve the throughput of the entire module,two SHA-3 computing units are used to work together to optimize the design.After optimization,when calculates the message authentication code with a length of 224 bits,the HMAC calculation module uses only 52 clock cycles.The throughput reaches 2.3 Gbps.Finally,the main software functions in the CAN vehicle communication bus message authentication system and the modules for information exchange between the HMAC computing module and the MCU are designed and implemented.Based on the implementation of CAN bus communication between two nodes,the functions of comparison of two messages,sender identifier monitoring and message authentication timeout alarm are realized.The information interaction module realizes the cooperation between the HMAC calculation module and the MCU,including sending the message,the random number,and the identifier to the HMAC calculation module and the MCU to receive the message authentication code.The calculation and data transmission time for the entire system to implement one-time message authentication is 0.14 ms,and the system delay only increases by 40%.