Real-time Security Strategy Research On In-vehicle Hybrid Network

With the rapid development of in-vehicle network technology,there has been an explosive growth in the scale of communication data and control functions in the vehicle network.In addition,the remote connection function has become more common.Thus,the in-vehicle network gradually forms a variety of bus coexistence and carries a variety of wireless access to the hybrid network.However,at the same time,the in-vehicle control network is also facing the threat of cyber attacks.In order to mitigate network security vulnerabilities,multiple network security strategies have proposed.At present,research in this field is still at the initial stage both at home and abroad,multiple hybrid network security strategies are still in the stage of framework design.Based on the research of hybrid networks and research progress of in-vehicle network security,to meet the requirements of real-time control of networks,lightweight crypto mechanism is deploied on vehicle network for the first time.Besides,a real-time intrusion detection system strategy is designed to build a hybrid security strategy.By referring to the real vehicle network topology,a secure hybrid gateway supporting CAN/CAN-FD bus is designed.The main research and design content of this thesis are as follows:1.Reviewing the status of in-vehicle hybrid network technologies and introducing the applications of CAN and CAN-FD bus.Then the common in-vehicle network security research and strategies are summarized.Meanwhile,combining the feature of hybrid network communication,an in-vehicle hybrid network delay model is built.2.Designing a new lightweight authenticated encryption based secure transmission strategy for CAN-FD bus.the faster lightweight authenticated encryption algorithm is emploied to ensure the confidentiality and trusted authentication while satisfying the allowable delay range of control network.Using the group key management to reduce the number of encryption and decryption in the secure forwarding transmission to 1 time.3.Designing an intrusion detection system for CAN bus.This detection method does not affect the normal communication and has the feature of simple design,easy deployment,convenient parameter configuration,strong real-time performance,and effective to the known attack methods.After completing the design of the above research content,to test the performance of strategis,a mixed network test platform integrated with CAN/CAN-FD bus which meets the real application scenario is set up to implement lightweight crypto approach and intrusion detection system.The real-time performance of secure communication is thoroughly tested and analysed.Then a CAN bus attack generator is designed to perform an attack generator targets on the intrusion detection system.Through the analysis of test result,secure forwarding delay is less than 1.5 ms that is 30% faster by comparing with AES algorithm;and the intrusion detection response time is less than 5ms which is under minimum message period 10 ms.Thus,the in-vehicle hybrid real-time security countermeasures designed in this thesis can effectively protect the in-vehicle network communication and ensure a real-time performance.