Research On CAN Bus Replay Attack And Defense Strategy For Highway Tunnel Intelligent Lighting System

With the rapid development of science and technology,highway tunnel intelligent lighting system in the realization of a single lighting function,based on the integration of a variety of sensors and high-speed bus network connection equipment,according to the tunnel external natural environment and internal lighting brightness,adaptive driver visual system "lag effect" to meet the safety and stability of tunnel passage.At present,the network transmission method of highway tunnel intelligent lighting system,mainly RS485 network and CAN bus communication,among which CAN bus with flexible networking,high-speed communication,long-distance transmission,strong anti-interference ability and data error correction ability and other advantages,become the preferred system networking scheme.However,the CAN bus protocol only specifies the format of communication between nodes at the beginning of design,and the data is transmitted in plaintext,lacking authentication mechanism,which has serious security problems.Attackers can use low-cost devices to access the CAN bus,listen to the network,and send malicious data frames to implement a variety of attacks.Therefore,the CAN bus security research based on the intelligent lighting system of road tunnels is an urgent scientific problem in the field of intelligent transportation in the future,and has high engineering application value.The research in this paper comprehensively analyzes the security vulnerabilities of CAN bus,successfully implements CAN bus replay attack in the laboratory simulation of tunnel lighting control system environment,realizes the lighting node attack control of the tunnel,and at the same time,proposes the defense strategy based on AES encryption algorithm for the replay attack model,enhances the data confidentiality and data freshness of CAN protocol,and designs and implements the CAN bus security communication for highway tunnel secure communication method for intelligent lighting CAN bus.The specific research in this paper is as follows:(1)a comprehensive analysis of CAN bus security vulnerabilities,specifically from four perspectives of network listening,information replay,intrusion attacks,bus blocking analysis of risk hazards,for easy to implement in the tunnel intelligent lighting system and the threat of replay attacks,put forward an effective defense strategy;(2)According to the security risks of CAN bus lack of authentication and data transmission in clear text,put forward CAN bus security requirements,and study CAN bus defense strategy,and select the encryption algorithm applicable to the CAN communication security requirements in the highway tunnel intelligent lighting system;(3)summarize CAN bus replay attack methods,reverse analyze CAN bus communication data,construct replay attack model,design AES encryption algorithm to encrypt network communication,specifically implement adding random numbers to network transmission data,comparing with the receiver’s locally stored data,guaranteeing the freshness of data,and warning whether replay attack occurs based on the results;(4)Implement the defense strategy proposed in this paper in FPGA chip,test and verify the feasibility of preventing reverse analysis and replay attack,and verify the proposed method in the laboratory simulation environment,the experimental results show that the authentication protocol proposed in this paper based on AES encryption algorithm and adding random numbers can effectively identify the data and can better secure the communication of the implemented tunnel intelligent lighting system.