| In recent years,the development of automobiles has shown a trend of networking and intelligence,and automobiles are changing from information isolated islands to vehicle-road intercommunication,vehicle-vehicle intercommunication,and humanvehicle intercommunication.However,the traditional closed network inside the car has become more and more serious information security problems,especially after the car joins the Internet,cases of hackers invading and controlling the car continue to emerge.The in-vehicle communication network is the last barrier for the car to resist attackers,so the research on the in-vehicle safety communication mechanism is particularly important.Based on SecOC,this paper designs and implements the security communication software of CAN bus in the car,which provides protection against replay attacks and forged messages for CAN bus.This paper firstly analyzes the communication characteristics and security defects of the vehicle CAN bus,and establishes the functional requirements and non-functional requirements of security protection from the analysis of the needs of solving bus attacks.System functions include generating sync messages,generating secure data messages,validating sync messages,and validating secure data messages.Non-functional requirements are constrained from portability,system performance and security.Secondly,this paper designs the system interaction mode and system architecture,and uses the SecOC specification for vehicle CAN network security communication in the AUTOSAR standard as a reference to design the CAN bus fresh value management scheme.The information synchronization and encryption mechanism are used to solve the problems of inability to identify the source and the timeliness of the bus message.At the same time,a freshness value strategy based on the security level is proposed to improve the message security.Finally,using description tools such as sequence diagrams,the system is designed in detail and the CAN bus safety communication software is implemented.By building two sets of different hardware environments(STM32,NXP5748G),the authentication and verification of data packets by the secure communication software,and the protection effects against threats such as replay attacks and forged messages are tested in turn.The test results show that the system can identify and protect the bus message threats,the system is portable and can run normally in different hardware environments,and the system performance meets the needs of the actual environment.At the same time,the use of the national secret SM4 and security hardware modules can further improve the system security. |