Research On Data Confidentiality Of In-vehicle Network Based On ECU Functional Attributes Under Intelligent Connected Vehicle Environment

Recently,with the rapid convergence of Internet technology and the automotive industry,Intelligent Connected Vehicle(ICV)has become a major trend in the development of the automotive industry,which provides people with comfortable and enjoyable driving experiences.At the same time,it is facing with unprecedented information security threats.Attackers illegally control the Electronic Control Unit(ECU)through the remote interface of in-vehicle network,and then they will utilize the security loopholes existing in the communication mechanism of ECU nodes to access in-vehicle data.Ultimately,attackers achieve unauthorized manipulation of the vehicle.Therefore,it is a very challenging task to study and design a secure and efficient communication protection method of ICV in-vehicle network to ensure its data confidentiality.Currently,existing security communication protection mechanisms of ICV invehicle network follow that of the information system to protect in-vehicle data.However,attackers can still bypass these mechanisms to perform unauthorized operation on the ICV.In addition,the above mechanisms use data encryption,authentication and other methods to ensure data security in ECU node communication.The bandwidth required by above methods exceeds the resources provided by ICV,hence it is difficult to be applied to the resource-constrained in-vehicle network.In view of these difficulties,this thesis divides the functional attributes of ECU nodes according to the functional characteristics of ICV itself,and it also designs an attribute-isolated communication data protection architecture of in-vehicle network.The main work of this thesis is as follows:(1)A data access' s strategy of in-vehicle network based on ECU functional attributes is designed.According to the impact of passenger's functional requirements and the traffic environment on vehicles under ICV environment,functional attributes of ECUs are divided into five classifications: perception,intelligent decision,collaborative control,secure execution and service.Based on ECU functional attributes and Ciphertext-Policy Attribute-Based Encryption(CP-ABE)mechanism,the access strategy is designed for in-vehicle data,which ensures that ECU nodes with corresponding functional attributes can obtain the right to access in-vehicle data.Performance analysis results show that the ECU functional attributes' classification is scalable and the data access' s strategy of the in-vehicle network is efficient.(2)Based on the above access strategy,this thesis designs an attribute-isolated communication data's protection architecture of in-vehicle network.In this architecture,the Gateway Electronic Control Unit(GECU)generates and distributes partial parameters of the attribute private key for legal ECU nodes.Then legal ECU nodes generate the complete attribute private keys according to partial parameters and their functional attributes,thereby avoiding leakage of the attribute private key.On this basis,legal ECU nodes perform attribute-isolated communication,and only ECU nodes containing the same functional attribute can access in-vehicle data,thereby achieving the purpose of access control and reducing the bus load.The security analysis results show that the proposed architecture achieves the security of indistinguishable against adaptive chosen-ciphertext attack(IND-CCA2),meets the requirement of in-vehicle data confidentiality,and it can also resist collusion attack,counterfeit attack and attribute private key leakage attack.(3)To evaluate the performance of the proposed architecture,the hardware platform is built based on STM32H743 development board and the proposed architecture is evaluated on In-Vehicle Network Simulator(IVNS).The evaluation results show that the average memory usage with 100 ECUs and 200 messages is below 90 MB and the bus load rate can be reduced to 29.16% after using the proposed architecture compared with existing in-vehicle secure communication architectures.Therefore,the proposed architecture can not only ensure the in-vehicle data confidentiality,but also reduce the bus load,and it can be well applied to the in-vehicle real-time communication environment.