| In recent years,with the promotion of national policies and the support of relevant enterprises,the focus of R&D in the automotive industry has begun to tilt toward new energy vehicles,and the trend of vehicle intelligence and network connectivity has gradually emerged.The increase of electronic devices in the vehicle has made the electrical architecture in the vehicle increasingly complex,which has brought huge communication pressure to the traditional in-vehicle bus.In addition,the process of networked cars also brings security threats from the Internet into the car:attackers will be able to remotely tap the security vulnerabilities of the in-vehicle bus through the Internet and invade into the vehicle’s internal network.In-vehicle network security is an important part of the Telematics security system,and the frequent cases of in-vehicle network attacks in the last decade or so have attracted the attention of researchers.The CAN bus protocol mainly used in the in-vehicle network is very vulnerable in terms of security,and the attacker can send and receive data arbitrarily after accessing the bus network,which brings great security threat to the normal operation of the vehicle.Most of the existing CAN bus network security communication solutions are based on the traditional in-vehicle network with bus-type topology,which cannot adapt to the current network structure after the division of functional domains in the vehicle.In view of the above problems,this paper mainly focuses on the following points:(1)Research on the changing trend of in-vehicle electrical architecture,abstract the model of modern in-vehicle network from the existing in-vehicle network functional domain division model;study the in-vehicle network node authentication and key exchange protocol,and propose a lightweight security scheme for the performance limitation in invehicle bus network.(2)Research on bus message authentication scheme.Aiming at the problem that the CAN protocol cannot verify the source and freshness of messages,a MAC-based message source and integrity verification scheme is proposed,which ensures the compatibility of the scheme with different versions of CAN protocols by replacing the original CRC fields in CAN frames,while avoiding additional communication overhead in the network.(3)Experimental validation of the proposed protocol and scheme from a functional and performance perspective.The functional verification experiments are simulated in CANoe software,which is recognized in the automotive industry;the performance testing experiments are performed on an stm32 embedded development board with similar performance to the ECU nodes in the vehicle.Finally,the experimental results are analyzed to demonstrate the feasibility of the proposed scheme in a real in-vehicle network environment. |
PDF Full Text Request