CN110635893B - Vehicle-mounted Ethernet information security protection method - Google Patents

Vehicle-mounted Ethernet information security protection method Download PDF

Info

Publication number
CN110635893B
CN110635893B CN201910896749.1A CN201910896749A CN110635893B CN 110635893 B CN110635893 B CN 110635893B CN 201910896749 A CN201910896749 A CN 201910896749A CN 110635893 B CN110635893 B CN 110635893B
Authority
CN
China
Prior art keywords
ecu
key
message
mac
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910896749.1A
Other languages
Chinese (zh)
Other versions
CN110635893A (en
Inventor
王楚婷
秦贵和
赵睿
成一铭
高天宇
宋世民
纪辰瑾
赵俊法
董晓慧
师雅迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jilin University
Original Assignee
Jilin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jilin University filed Critical Jilin University
Priority to CN201910896749.1A priority Critical patent/CN110635893B/en
Publication of CN110635893A publication Critical patent/CN110635893A/en
Application granted granted Critical
Publication of CN110635893B publication Critical patent/CN110635893B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)

Abstract

The invention relates to a vehicle-mounted Ethernet information security protection method, belonging to the Ethernet information security protection method. The method comprises the steps that secret key distribution is carried out, a gateway ECU has a set of digital certificates, wherein the digital certificates comprise identification, public keys and private keys of each legal ECU in a network, meanwhile, the gateway ECU has an encryption key EK and an authentication key AK which are required by communication, and the gateway ECU distributes the encryption key and the authentication key for each legal ECU in the network in sequence in a starting stage; and after the key distribution process in the starting stage is finished, each legal ECU in the network already has an encryption key and an authentication key, so that the encryption, decryption and authentication operations can be performed on the messages in the normal running process of the vehicle. The method has the advantages that safe and stable protection measures are provided for the vehicle from the starting stage to the communication stage, favorable conditions are provided for safety communication among the ECUs, the method is practical, has stronger real-time performance compared with the existing information safety protection method, and can meet the requirements of the vehicle-mounted Ethernet on real-time performance and safety.

Description

Vehicle-mounted Ethernet information security protection method
Technical Field
The invention relates to an Ethernet information security protection method, which is used for ensuring the security and stability of a key distribution process in a starting stage and the confidentiality, authenticity and freshness of information in a communication stage.
Background
With the continuous development of science and technology, the appearance of intelligent vehicles changes the awareness of people on vehicles and the life style. The development of vehicle-mounted information systems and the promotion of people to vehicle function demands make more and more Electronic Control Units (ECU) need to be applied to the automobile, the integral structure of the automobile is more and more huge, the in-automobile lines are more and more complex, and the required cost is more and more high. Meanwhile, the vehicle-mounted Ethernet is regarded as a future in-vehicle backbone network by virtue of the advantages of high throughput, high bandwidth, high standardization, low cost and the like. Compared with the traditional buses such as CAN, FlexRay and the like, the data length which CAN be transmitted by the vehicle-mounted Ethernet CAN reach dozens of times or even hundreds of times of the transmission bus. Therefore, the vehicle-mounted Ethernet can be used for transmitting data with richer contents and stronger functionality, such as audio and video, and the communication quality between the nodes is enhanced.
Under the rapid development of the internet-connected automobile, the vehicle-mounted ethernet needs to communicate with the outside through more and more interfaces. An attacker can attack the intelligent vehicle through interfaces such as physical access (OBD-II, USB and charging pile), short-distance wireless access (Bluetooth, WiFi and vehicle-mounted radar) and long-distance wireless access (radio, GPS and 3G/4G/5G) to realize remote control of the vehicle, and the consequence is dangerous and even fatal. Because the existing vehicle-mounted Ethernet protocol lacks an information security protection mechanism, whether the ECU in the network is a trusted ECU cannot be determined, and meanwhile, data in the communication process cannot be encrypted. With the continuous development of the internet-connected automobile, the number of interfaces for the vehicle-mounted ethernet to communicate with the outside is required to be continuously increased. Although the vehicle-mounted ethernet has the advantage of efficient communication between ECUs, it lacks a reliable security guarantee.
Vehicles are vulnerable to many types of attacks that result from deficiencies in the security aspects of on-board information systems. In many applications, a large number of safety critical messages are transmitted between ECUs. An attacker can monitor the vehicle-mounted Ethernet data frames and analyze the related data frames to acquire important information. Therefore, data needs to be encrypted, the real content of the data frame is only visible to the legal ECU, and the personal and property safety injury of a driver caused by message leakage is avoided. In addition, message authentication is very important for many applications in vehicular networks, and an attacker can easily forge a message which will affect the system function and send it to a receiver, thereby causing the system to fail, so the receiver needs to ensure that the data used in any decision comes from a legitimate sender. Meanwhile, time-varying data are transmitted in the vehicle-mounted network, so that each message in the network is required to be fresh, namely the data is latest, and the threat of an attacker on the safety of the automobile caused by message replay is avoided.
A series of research projects are started by a plurality of organizations at home and abroad aiming at the safety of a vehicle-mounted network, and a plurality of scholars also carry out related research on the projects, and provide some information safety protection methods facing to traditional buses such as CAN, FlexRay and the like. However, these methods only consider the limited data load of the data frame, and do not consider the real-time performance of the protection mechanism, so they are not suitable for being directly applied to the vehicle ethernet with long transmission data and high real-time requirement. Aiming at the information security problem of the vehicle-mounted Ethernet, an effective solution does not exist at present.
Disclosure of Invention
The invention provides a vehicle-mounted Ethernet information safety protection method, which aims to solve the problems that the vehicle-mounted Ethernet information safety cannot be guaranteed, communication information is easy to leak, system functions are easy to influence and the like.
The technical scheme adopted by the invention is that the method comprises the following steps:
a first part: the method comprises the steps that secret keys are distributed, a gateway ECU has a set of digital certificates, wherein the digital certificates comprise identification, public keys and private keys of each legal ECU in a network, meanwhile, the gateway ECU has encryption keys EK and authentication keys AK required by communication, and the gateway ECU distributes the encryption keys and the authentication keys for each legal ECU in the network in sequence in a starting stage;
a second part: the method comprises the steps of safe communication, wherein after a key distribution process in a starting stage is finished, each legal ECU in a network already has an encryption key and an authentication key, so that encryption, decryption and authentication operations can be performed on messages in a normal driving process of a vehicle;
the gateway ECU in the first part distributes a key for the HECU, the HECU represents any legal ECU in the network, and the method comprises the following steps:
(1) and the gateway ECU generates a random number R1An encryption key EK and an authentication key AK and a random number R1Encrypting by using the public key P of the HECU together to obtain a ciphertext C1And sending to the HECU:
C1=ENP(EK||AK||R1) (1)
wherein ENPAn asymmetric cryptographic function representing the use of a key P;
(2) and the HECU decrypts the ciphertext C by using the private key S after receiving the message1Obtaining an encryption key EK, an authentication key AK and a random number R1
EK||AK||R1=DES(C1) (2)
Wherein DESAn asymmetric decryption function representing the use of a secret key S;
(3) HECU identifies the ID of the HECU by using the authentication key AK1And a random number R1Calculating to obtain message authentication code MAC1Will ID1And MAC1Jointly sending the data to a gateway ECU;
MAC1=HAAK(ID1||R1) (3)
wherein, HAAKA keyed hash function representing the use of a key AK;
(4) HECU will MAC1Identification ID stored in HECU1Then forming a message D and sending the message D to a gateway ECU;
D=ID1||MAC1(4)
(5) the gateway ECU extracts the identification ID of the HECU from the received message1With message authentication code MAC1Identification ID of HECU by using authentication key AK1And a random number R1Calculating to obtain message authentication code MACG
MACG=HAAK(ID1||R1) (5)
(6) And the gateway ECU compares the MAC bit by bit1And MACGJudging whether the confirmation messages are equal, if so, judging that the confirmation messages are valid, namely the key distribution of the HECU is successful, and if not, judging that the confirmation messages are sent by an illegal ECU and discarding the messages; if the gateway ECU does not receive a valid confirmation message within 2ms, the steps are repeated to distribute the HECU againA secret key;
after the key distribution process is completed, all legal ECUs successfully obtain an encryption key EK and an authentication key AK, the encryption key EK and the authentication key AK are regularly updated by a gateway ECU, the encryption key EK and the authentication key AK are effective only after the vehicle is started, the encryption key EK and the authentication key AK are automatically emptied after the vehicle is shut down, and the key distribution process from the step (1) to the step (5) needs to be executed again when the ignition is started next time;
the sender ECU in the second partiAnd the receiver ECUjPerforms communication with an ECUiAnd ECUjThe method represents two independent legal ECUs in a network, the total number of the ECUs except a gateway ECU in the network is n, and i and j are all unequal positive integers less than or equal to n, and the method comprises the following steps:
and sending a message:
(1)、ECUiencrypting the communication data M with the encryption key EK to obtain a ciphertext C2
C2=FEK(M) (6)
Wherein, FEKA symmetric encryption/decryption function representing the use of the key EK;
(2)、ECUiusing authentication key AK to cipher text C2And ECUiMaintained sequence number CTRiCalculating to obtain message authentication code MACi
MACi=HAAK(C2||CTRi) (7)
(3)、ECUiMAC message authentication codeiStored in ciphertext C2Then form the ciphertext C3Is sent to ECUj
C3=C2||MACi(8)
(4)、ECUiSequence number CTR to be maintainedi Adding 1;
CTRi’=CTRi+1 (9)
receiving a message:
(1)、ECUjextracting ciphertext C from a received message2Using authentication key AK to C2And ECUjMaintained serial number CTRjCalculating to obtain message authentication code MACj
MACj=HAAK(C2||CTRj) (10)
(2)、ECUjExtracting a message authentication code MAC from a received messageiComparing MAC bit by bitiAnd MACjIf yes, judging the message as legal one, continuing to execute step three, otherwise discarding the message and sending out attack alarm
(3)、ECUjDecrypting ciphertext C with encryption Key EK2Obtaining communication data M;
M=FEK(C2) (11)
(4)、ECUjsequence number CTR to be maintainedjPlus 1
CTRj’=CTRj+1 (12)
In the safe communication method, legal ECUs use encryption keys to encrypt and decrypt messages, and use authentication keys to calculate message authentication codes, each legal ECU in a network maintains an independent serial number, the serial numbers before communication are all zero, the serial numbers are increased progressively after each use to ensure the freshness of the messages, each communication message in the network comprises a string of message authentication codes obtained by jointly calculating the serial numbers maintained by the ECU of a sender and communication data encrypted by using an EK, and a receiver judges whether the message is legal or not by comparing the message authentication codes contained in the message with the message authentication codes obtained by self calculation after receiving the communication message.
The invention makes a specific design for the safety communication framework of the ECU in the vehicle, introduces a key distribution mechanism at the vehicle starting stage, manages the key required by communication by the gateway ECU and distributes the key to each legal ECU in the network in sequence, provides conditions for the safety communication among the ECUs, realizes the real-time encryption and decryption of the communication messages among the vehicle-mounted Ethernet ECUs, carries out safety isolation protection, authenticates the real-time messages, and thus only the messages passing the authentication can influence the system function.
The vehicle-mounted Ethernet information safety protection method provided by the invention comprises two parts: key distribution and secure communication. The key distribution method is applied to the starting stage, mutual identity verification and implicit key distribution between the gateway ECU and all legal ECUs in the network are realized on the basis of an asymmetric encryption algorithm RSA and a dynamic password mechanism, and the safety and stability of the key distribution process are guaranteed. The safety communication method is applied to the communication stage, the confidentiality of the message is guaranteed through a symmetric encryption algorithm DES, the authenticity of the message is guaranteed through a message authentication code, and the freshness of the message is guaranteed through the maintenance of a serial number.
The invention has the advantages that: the invention specifically designs the frame of the ECU safety communication in the vehicle, and provides safe and stable protective measures for the vehicle from the starting stage to the communication stage. Secondly, a key distribution mechanism is introduced in the vehicle starting stage, and favorable conditions are provided for the safe communication between the ECUs. The invention adopts a dynamic password mechanism to ensure that the key distribution process is safer, and solves the defect that the password is easy to leak in the traditional static password mechanism. The invention provides a response mechanism for the key distribution process, so that the gateway ECU can distribute the key to the next legal ECU only after receiving the confirmation message of the previous legal ECU, thereby avoiding the confusion of the key distribution process. The invention uses the message authentication code obtained by the common calculation of the serial number and the data to authenticate the message, thereby avoiding the forgery attack and the replay attack and ensuring the authenticity and the freshness of the message in the communication process. The vehicle-mounted Ethernet information security protection method has practicability, has stronger real-time performance compared with the existing information security protection method, and can meet the requirements of the vehicle-mounted Ethernet on real-time performance and security.
Drawings
FIG. 1 is an implementation of a key distribution method;
fig. 2 is an implementation process of the secure communication method.
Detailed Description
The technical scheme adopted by the invention is that the method comprises the following steps:
a first part: the method comprises the steps that secret keys are distributed, a gateway ECU has a set of digital certificates, wherein the digital certificates comprise identification, public keys and private keys of each legal ECU in a network, meanwhile, the gateway ECU has encryption keys EK and authentication keys AK required by communication, and the gateway ECU distributes the encryption keys and the authentication keys for each legal ECU in the network in sequence in a starting stage;
a second part: the method comprises the steps of safe communication, wherein after a key distribution process in a starting stage is finished, each legal ECU in a network already has an encryption key and an authentication key, so that encryption, decryption and authentication operations can be performed on messages in a normal driving process of a vehicle;
in the first part, the gateway ECU allocates a key to the HECU, and the HECU represents any legal ECU in the network, as shown in fig. 1, including the following steps:
(1) and the gateway ECU generates a random number R1An encryption key EK, an authentication key AK and a random number R1Encrypting by using the public key P of the HECU together to obtain a ciphertext C1And sending to the HECU:
C1=ENP(EK||AK||R1) (1)
wherein ENPAn asymmetric cryptographic function representing the use of a key P;
(2) and the HECU decrypts the ciphertext C by using the private key S after receiving the message1Obtaining an encryption key EK, an authentication key AK and a random number R1
EK||AK||R1=DES(C1) (2)
Wherein DESAn asymmetric decryption function representing the use of a secret key S;
(3) HECU identifies the ID of the HECU by using the authentication key AK1And a random number R1Calculating to obtain message authentication code MAC1Will ID1And MAC1Jointly sending the data to a gateway ECU;
MAC1=HAAK(ID1||R1) (3)
wherein, HAAKA keyed hash function representing the use of a key AK;
(4) HECU will MAC1Identification ID stored in HECU1Then forming a message D and sending the message D to a gateway ECU;
D=ID1||MAC1(4)
(5) the gateway ECU extracts the identification ID of the HECU from the received message1With message authentication code MAC1Identification ID of HECU by using authentication key AK1And a random number R1Calculating to obtain message authentication code MACG
MACG=HAAK(ID1||R1) (5)
(6) And the gateway ECU compares the MAC bit by bit1And MACGJudging whether the confirmation messages are equal, if so, judging that the confirmation messages are valid, namely the key distribution of the HECU is successful, and if not, judging that the confirmation messages are sent by an illegal ECU and discarding the messages; if the gateway ECU does not receive the valid confirmation message within 2ms, repeating the steps and distributing the key for the HECU again;
after the key distribution process is completed, all legal ECUs successfully obtain an encryption key EK and an authentication key AK, the encryption key EK and the authentication key AK are regularly updated by a gateway ECU, the encryption key EK and the authentication key AK are valid only after the vehicle is started, the encryption key EK and the authentication key AK are automatically emptied after the vehicle is shut down, and the key distribution process from the first step to the fifth step needs to be executed again when the next ignition is started;
in the key distribution process, the gateway ECU uses the public key of the ECU to be distributed to encrypt the key distribution message to be sent, and the ECU receiving the key distribution message uses the private key thereof to decrypt the key distribution message. Although an attacker can capture the message of key distribution of the gateway ECU to each legal ECU, the attacker does not possess the private key of the legal ECU, so that the attacker cannot decrypt the message containing the key, and cannot obtain the encryption key and the authentication key required by the communication process. Meanwhile, in the whole network, the public key is only shared between all legal ECUs and the gateway ECU, and an attacker does not have the public key of the legal ECU and cannot pretend to be a gateway ECU key distribution starting process. Therefore, if there is no legal public key and private key, an attacker cannot obtain the encryption key and the authentication key, and cannot influence the normal key distribution process.
The sender ECU in the second partiAnd receivingSquare ECUjPerforms communication with an ECUiAnd ECUjRepresenting two independent legal ECUs in the network, the total number of ECUs in the network except for the gateway ECU is n, and i and j are all unequal positive integers less than or equal to n, as shown in fig. 2, comprising the following steps:
and sending a message:
(1)、ECUiencrypting the communication data M with the encryption key EK to obtain a ciphertext C2
C2=FEK(M) (6)
Wherein, FEKA symmetric encryption/decryption function representing the use of the key EK;
(2)、ECUiusing authentication key AK to cipher text C2And ECUiMaintained sequence number CTRiCalculating to obtain message authentication code MACi
MACi=HAAK(C2||CTRi) (7)
(3)、ECUiMAC message authentication codeiStored in ciphertext C2Then form the ciphertext C3Is sent to ECUj
C3=C2||MACi(8)
(4)、ECUiSequence number CTR to be maintainediAdding 1;
CTRi’=CTRi+1 (9)
receiving a message:
(1)、ECUjextracting ciphertext C from a received message2Using authentication key AK to C2And ECUjMaintained sequence number CTRjCalculating to obtain message authentication code MACj
MACj=HAAK(C2||CTRj) (10)
(2)、ECUjExtracting a message authentication code MAC from a received messageiComparing MAC bit by bitiAnd MACjIf yes, judging the message as legal one, continuing to execute step three, otherwise discarding the message and sending out attack alarm
(3)、ECUjDecrypting ciphertext C with encryption Key EK2Obtaining communication data M;
M=FEK(C2) (11)
(4)、ECUjsequence number CTR to be maintainedjPlus 1
CTRj’=CTRj+1 (12)
In the safe communication method, legal ECUs use encryption keys to encrypt and decrypt messages, and use authentication keys to calculate message authentication codes, each legal ECU in a network maintains an independent serial number, the serial numbers before communication are all zero, the serial numbers are increased progressively after each use to ensure the freshness of the messages, each communication message in the network comprises a string of message authentication codes obtained by jointly calculating the serial numbers maintained by the ECU of a sender and communication data encrypted by using an EK, and a receiver judges whether the message is legal or not by comparing the message authentication codes contained in the message with the message authentication codes obtained by self calculation after receiving the communication message.
In the communication stage, the sender encrypts communication data by using the encryption key EK, and the receiver decrypts the received ciphertext by using the same encryption key EK. Although an attacker can capture messages of legitimate inter-ECU communication, it is not assigned the encryption key EK, and thus cannot decrypt the captured messages, and hence cannot obtain real communication data. The secure communication method adopts 128-bit MAC generated by an HMAC-MD5 message digest algorithm to guarantee the authenticity of the message in the communication process. The sender and the receiver ensure that the message is sent latest by commonly maintaining the serial number, the sender uses the authentication key AK to calculate MAC for the communication data encrypted by the encryption key EK and the serial number maintained by the sender, the receiver also uses the authentication key AK to calculate MAC for the received encrypted communication data and the serial number maintained by the receiver, and whether the received message is legal or not is judged by comparing MAC. An attacker can launch a fake attack by forging the MAC, but the attacker does not obtain the authentication key AK assigned by the gateway ECU to all legitimate ECUs, and thus cannot generate the MAC corresponding to the forged data without knowing the authentication key. AttackThe only way for hitters to forge MACs is at 2128A 128-bit string is selected from the possible MACs. Transmission 2 although in the vehicle system the transmission time interval of the message is short and any attacker in the network can forge a 128-bit MAC in a short time128The time spent by each data frame is still immeasurable, which is very costly, and the probability of success of attack by an attacker through a way of forging the MAC is almost zero. Therefore, if the encryption key EK and the authentication key AK are not available, an attacker cannot crack the content of the message and cannot pretend to be a legal ECU to participate in the communication process.
The invention is further illustrated below by validity, real-time assessment.
(I) evaluation of effectiveness
In order to verify the effectiveness of the vehicle-mounted Ethernet information safety protection method provided by the invention in a vehicle-mounted environment, a vehicle-mounted Ethernet experiment platform based on a Feichal MPC5646C development board is built, and the vehicle-mounted Ethernet experiment platform comprises a gateway ECU and nine common ECUs, wherein the ECUs1、ECU2、ECU3、ECU4、ECU5、ECU6、ECU7、ECU8Is a legal ECU9Is an attacker, i.e. an illegal ECU. The hardware development board MPC5646C was code written, program debugged, and programmed using CodeWarrior. An ethernet tester is used to read data transmitted in the network. Observing experimental phenomena and analyzing whether the proposed method is effective or not.
(1) Key distribution method validity evaluation
In the evaluation experiment, the gateway ECU is respectively the ECU in sequence1、ECU2、ECU3、ECU4、ECU5、ECU6、ECU7、ECU8An encryption key EK and an authentication key AK are distributed. As shown in table 1, the messages from serial number 1 to serial number 5 and from serial number 7 to serial number 17 are the process of the gateway ECU distributing the keys for all the above-mentioned legitimate ECUs.
Illegal ECU9Attacks are launched on the gateway ECU in two cases:
1)ECU9attempt toPretending to be a legitimate ECU to obtain the key. ECU (electronic control Unit)9Capturing the sequence number 1 message, i.e. the gateway ECU sending to the ECU1The key distribution message is passed through the ECU1The public key of (1), the ECU9The private key corresponding to the public key is not owned, and therefore, even if the private key is captured in the key distribution message, the private key cannot be decrypted, and thus, the true key information, that is, the encryption key EK and the authentication key AK cannot be obtained.
2)ECU9Attempting to capture a confirmation message sent back to the gateway ECU by a legitimate ECU transmitting in the network causes confusion in the key distribution process. As shown in the serial number 6 message in table 1, the ECU9Capture ECU2An acknowledgement message is returned to the gateway ECU and the message is sent to the gateway ECU without any modification. Because the message authentication code in each confirmation message is obtained by jointly calculating the identifier of the legal ECU sending the confirmation message and the random number sent to the legal ECU by the gateway ECU, and the random number of the gateway ECU is updated at the moment, the gateway ECU can judge that the confirmation message is from an illegal ECU according to the inconsistency of the message authentication codes.
(2) Security communication method validity assessment
In the evaluation experiment, the ECU is instructed1、ECU2、ECU3、ECU4、ECU5、ECU6、ECU7、ECU8And (4) normal communication. As shown in table 2, the messages from sequence number 1 to sequence number 16 are the normal communication procedures of all the above-mentioned legal ECUs.
Illegal ECU9To the ECU under the following three conditions1Attack launching:
the message is intercepted. ECU (electronic control Unit)9The important information is obtained by eavesdropping on the information in the network, but because each legal ECU in the network possesses the encryption key EK, and each information is encrypted by using the encryption key EK before being sent. Thus, the ECU9Even if the message is listened to, the true message content cannot be obtained through decryption.
(ii) forgery of the message. ECU (electronic control Unit)9By disguising a legitimate ECU attempt to communicate with the ECU1Communication is performed. As shown in the sequence of Table 2Shown in messages No. 17 to No. 18, ECU9The correct message authentication code cannot be calculated due to lack of the authentication key, and then the ECU is informed1Sending a message without a message authentication code, ECU1After receiving the message, calculating and comparing the message authentication code, if the message authentication code and the message authentication code are not consistent, discarding the message and sending an attack alarm.
TABLE 1 evaluation of Experimental data for Key distribution methods
Figure GDA0002255810520000091
TABLE 2 evaluation of Experimental data for secure communication methods
Figure GDA0002255810520000101
-replaying the message. ECU (electronic control Unit)9By resending to the ECU, without any modification, messages that have already been transmitted in the network1In an attempt to disable the network, the ECU sends messages to the network, indicated by the messages numbered 19 to 20 in Table 29To ECU1A message transmitted in the network is sent, but because both communication parties record the number of the messages in a mode of maintaining the serial number, the ECU at the moment1The maintained sequence number has changed and the message authentication code should also change. ECU (electronic control Unit)1After receiving the message, calculating and comparing the message authentication codes, and if the message authentication codes are not consistent with the message authentication codes, discarding the message and sending an attack alarm.
(ii) real-time assessment
The invention measures the running time of the basic algorithm applied in the method and provides a calculation formula of the total time overhead of each process.
The key distribution method adopts an asymmetric encryption algorithm RSA and a message digest algorithm HMAC-MD 5. The key distribution method comprises five parts of time overhead which are respectively the time overhead generated by encrypting the message by the sender, the time overhead generated by transmitting the data frame in the network, the time overhead generated by decrypting the message by the receiver, the time overhead generated by calculating the message authentication code by the sender and the time overhead calculated by the receiverThe time overhead incurred by the message authentication code. Therefore, the time cost T of the gateway ECU performing the key distribution process for the single legal ECU in the key distribution methodaThe calculation formula (2) is shown as (13):
Ta=2*(TRSA+THMAC-MD5+Tcom) (13)
wherein, TRSATime overhead, T, generated for RSA encryption/decryption of an Ethernet frame for asymmetric encryption algorithmsHMAC-MD5Time overhead, T, generated by calculation of message authentication code for message digest algorithm HMAC-MD5comThe time overhead generated for the transmission of ethernet frames.
The secure communication method adopts a symmetric encryption algorithm DES and a message digest algorithm HMAC-MD 5. The safety communication method comprises five parts of time overhead which are respectively the time overhead generated by encrypting the message by the sender, the time overhead generated by calculating the message authentication code by the sender, the time overhead generated by transmitting the data frame in the network, the time overhead generated by decrypting the message by the receiver and the time overhead generated by calculating the message authentication code by the receiver. Therefore, the response time T of the Ethernet frame after the secure communication method is increasedrIs shown as (14):
Tr=(TDES+THMAC-MD5)*2+Tcom(14)
wherein, TDESTime overhead, T, generated for the symmetric encryption algorithm DES to encrypt/decrypt an Ethernet frameHMAC-MD5Time overhead, T, generated by calculation of message authentication code for message digest algorithm HMAC-MD5comThe time overhead generated for the transmission of ethernet frames.
In the experiment, the running times of the RSA algorithm, the DES algorithm and the HMAC-MD5 algorithm on the Freescale MPC5646C, the English flying Tricore and the FPGA are measured, and the test results are shown in Table 3 and are measured in milliseconds.
TABLE 3 real-time test results
Figure GDA0002255810520000111
The effectiveness and the real-time performance of the vehicle-mounted Ethernet information safety protection method are fully evaluated based on the built vehicle-mounted Ethernet experiment platform. In the evaluation experiment of the key distribution method, the attack initiated by the illegal ECU under two conditions of disguising identity and capturing message is simulated, and in the evaluation experiment of the secure communication method, the attack initiated by the illegal ECU under three conditions of eavesdropping message, forging message and replaying message is simulated, so that the sufficiency of the experiment is guaranteed. In a real-time test analysis experiment, the running time of the applied algorithm is measured, and the reliability of the experiment is guaranteed. Experimental results show that the vehicle-mounted Ethernet information safety protection method can provide information safety guarantee for the vehicle-mounted Ethernet under the condition that the vehicle-mounted signal real-time requirement is met, and is easy to practically apply and deploy.

Claims (2)

1. A vehicle-mounted Ethernet information security protection method is characterized by comprising the following parts:
a first part: the method comprises the steps that secret key distribution is carried out, a gateway Electronic Control Unit (ECU) has a set of digital certificates, wherein the digital certificates comprise identification, public keys and private keys of each legal ECU in a network, meanwhile, the gateway ECU has an encryption key EK and an authentication key AK which are required by communication, and the gateway ECU distributes the encryption key and the authentication key for each legal ECU in the network in sequence at a starting stage;
the gateway ECU distributes a key for the HECU, the HECU represents any legal ECU in the network, and the method comprises the following steps:
(1) and the gateway ECU generates a random number R1An encryption key EK, an authentication key AK and a random number R1Encrypting by using the public key P of the HECU together to obtain a ciphertext C1And sending to the HECU:
C1=ENP(EK||AK||R1) (1)
wherein ENPAn asymmetric cryptographic function representing the use of a key P;
(2) and the HECU decrypts the ciphertext C by using the private key S after receiving the message1Obtaining an encryption key EK, an authentication key AK and a random number R1
EK||AK||R1=DES(C1) (2)
Wherein DESAn asymmetric decryption function representing the use of a secret key S;
(3) HECU identifies the ID of the HECU by using the authentication key AK1And a random number R1Calculating to obtain message authentication code MAC1Will ID1And MAC1Jointly sending the data to a gateway ECU;
MAC1=HAAK(ID1||R1) (3)
wherein, HAAKA keyed hash function representing the use of a key AK;
(4) HECU will MAC1Identification ID stored in HECU1Then forming a confirmation message D and sending the confirmation message D to the gateway ECU;
D=ID1||MAC1(4)
(5) the gateway ECU extracts the identification ID of the HECU from the received message1With message authentication code MAC1Identification ID of HECU by using authentication key AK1And a random number R1Calculating to obtain message authentication code MACG
MACG=HAAK(ID1||R1) (5)
(6) And the gateway ECU compares the MAC bit by bit1And MACGJudging whether the confirmation message D is valid or not if the confirmation message D is equal to the HECU, namely, successfully distributing the key of the HECU, and judging that the confirmation message D is sent by an illegal ECU and discards the message if the confirmation message D is not equal to the HECU; if the gateway ECU does not receive the valid confirmation message within 2ms, repeating the steps and distributing the key for the HECU again;
after the key distribution process is completed, all legal ECUs successfully obtain an encryption key EK and an authentication key AK, the encryption key EK and the authentication key AK are regularly updated by a gateway ECU, the encryption key EK and the authentication key AK are effective only after the vehicle is started, the encryption key EK and the authentication key AK are automatically emptied after the vehicle is shut down, and the key distribution process from the step (1) to the step (5) needs to be executed again when the ignition is started next time;
a second part: and after the key distribution process in the starting stage is finished, each legal ECU in the network already has an encryption key and an authentication key, so that the encryption, decryption and authentication operations can be performed on the messages in the normal running process of the vehicle.
2. The vehicle-mounted Ethernet information security protection method according to claim 1, wherein the sender ECU in the second partiAnd the receiver ECUjPerforms communication with an ECUiAnd ECUjThe method represents two independent legal ECUs in a network, the total number of the ECUs except a gateway ECU in the network is n, and i and j are all unequal positive integers less than or equal to n, and the method comprises the following steps:
and sending a message:
(1)、ECUiencrypting the communication data M with the encryption key EK to obtain a ciphertext C2
C2=FEK(M) (6)
Wherein, FEKA symmetric encryption/decryption function representing the use of the key EK;
(2)、ECUiusing authentication key AK to cipher text C2And ECUiMaintained sequence number CTRiCalculating to obtain message authentication code MACi
MACi=HAAK(C2||CTRi) (7)
(3)、ECUiMAC message authentication codeiStored in ciphertext C2Then form the ciphertext C3Is sent to ECUj
C3=C2||MACi(8)
(4)、ECUiSequence number CTR to be maintainediAdding 1;
CTRi’=CTRi+1 (9)
receiving a message:
(1)、ECUjextracting ciphertext C from a received message2Using authentication key AK to C2And ECUjMaintenanceSequence number CTR ofjCalculating to obtain message authentication code MACj
MACj=HAAK(C2||CTRj) (10)
(2)、ECUjExtracting a message authentication code MAC from a received messageiComparing MAC bit by bitiAnd MACjIf so, judging the message to be a legal message, and continuing to execute the step (3), otherwise, discarding the message and sending an attack alarm;
(3)、ECUjdecrypting ciphertext C with encryption Key EK2Obtaining communication data M;
M=FEK(C2) (11)
(4)、ECUjsequence number CTR to be maintainedjAdding 1;
CTRj’=CTRj+1 (12)
in the safe communication method, legal ECUs use encryption keys to encrypt and decrypt messages, and use authentication keys to calculate message authentication codes, each legal ECU in a network maintains an independent serial number, the serial numbers before communication are all zero, the serial numbers are increased progressively after each use to ensure the freshness of the messages, each communication message in the network comprises a string of message authentication codes obtained by jointly calculating the serial numbers maintained by the ECU of a sender and communication data encrypted by using an EK, and a receiver judges whether the message is legal or not by comparing the message authentication codes contained in the message with the message authentication codes obtained by self calculation after receiving the communication message.
CN201910896749.1A 2019-09-21 2019-09-21 Vehicle-mounted Ethernet information security protection method Active CN110635893B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910896749.1A CN110635893B (en) 2019-09-21 2019-09-21 Vehicle-mounted Ethernet information security protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910896749.1A CN110635893B (en) 2019-09-21 2019-09-21 Vehicle-mounted Ethernet information security protection method

Publications (2)

Publication Number Publication Date
CN110635893A CN110635893A (en) 2019-12-31
CN110635893B true CN110635893B (en) 2020-10-20

Family

ID=68972242

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910896749.1A Active CN110635893B (en) 2019-09-21 2019-09-21 Vehicle-mounted Ethernet information security protection method

Country Status (1)

Country Link
CN (1) CN110635893B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111865922B (en) * 2020-06-23 2022-09-23 国汽(北京)智能网联汽车研究院有限公司 Communication method, device, equipment and storage medium
WO2022041122A1 (en) * 2020-08-28 2022-03-03 华为技术有限公司 Data transmission method and apparatus
CN112131572B (en) * 2020-08-31 2022-12-27 华为技术有限公司 Control method of vehicle-mounted equipment, vehicle-mounted equipment and vehicle system
JP7380530B2 (en) * 2020-11-13 2023-11-15 トヨタ自動車株式会社 Vehicle communication system, communication method and communication program
CN112636923B (en) * 2020-12-23 2024-04-05 江苏徐工工程机械研究院有限公司 Engineering machinery CAN equipment identity authentication method and system
CN113194466A (en) * 2021-04-23 2021-07-30 哈尔滨理工大学 Hybrid key system and method based on wireless channel characteristic simulation
CN113709101A (en) * 2021-07-19 2021-11-26 英博超算(南京)科技有限公司 Automobile fingerprint safety identification system and method
CN113794734A (en) * 2021-09-26 2021-12-14 上汽通用五菱汽车股份有限公司 Vehicle-mounted CAN bus encryption communication method, control device and readable storage medium
CN113938304B (en) * 2021-10-14 2024-02-13 吉林大学 CAN bus-based data encryption transmission method
CN113992331A (en) * 2021-11-15 2022-01-28 苏州挚途科技有限公司 Vehicle-mounted Ethernet data transmission method, device and system
CN114422181A (en) * 2021-12-11 2022-04-29 浙江吉利控股集团有限公司 Vehicle data message safety communication method
CN114584385B (en) * 2022-03-09 2023-02-03 西安电子科技大学 In-vehicle network safety communication method, computer equipment, medium and terminal

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017092807A (en) * 2015-11-13 2017-05-25 株式会社東芝 Inspection device, communication system, mobile body, and inspection method
WO2018026030A1 (en) * 2016-08-03 2018-02-08 엘지전자 주식회사 Vehicle and method for controlling same

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6079768B2 (en) * 2014-12-15 2017-02-15 トヨタ自動車株式会社 In-vehicle communication system
CN110086622A (en) * 2018-01-25 2019-08-02 南京汽车集团有限公司 In-vehicle network security architecture designs under a kind of intelligent network connection environment
CN109033862B (en) * 2018-08-12 2019-04-30 吉林大学 A kind of distributed locomotive electronic system protecting information safety method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017092807A (en) * 2015-11-13 2017-05-25 株式会社東芝 Inspection device, communication system, mobile body, and inspection method
WO2018026030A1 (en) * 2016-08-03 2018-02-08 엘지전자 주식회사 Vehicle and method for controlling same

Also Published As

Publication number Publication date
CN110635893A (en) 2019-12-31

Similar Documents

Publication Publication Date Title
CN110635893B (en) Vehicle-mounted Ethernet information security protection method
CN109462836B (en) Internet of vehicles malicious node detection system and method fusing block chain consensus mechanism
CN106027260B (en) Automobile ECU integrity verification and encryption communication method based on cipher key pre-distribution
US10735206B2 (en) Securing information exchanged between internal and external entities of connected vehicles
CN105635147A (en) Vehicle-mounted-special-equipment-system-based secure data transmission method and system
CN106899404A (en) Vehicle-mounted CAN FD bus communication systems and method based on wildcard
CN106453326B (en) A kind of certification of CAN bus and access control method
CN106506149B (en) Key generation method and system between a kind of TBOX terminal and TSP platform
CN111049803A (en) Data encryption and platform security access method based on vehicle-mounted CAN bus communication system
CN104442704B (en) VATS Vehicle Anti-Theft System and method
CN115242411B (en) Vehicle-interior network secure communication method based on quantum random number generator
CN113612617A (en) CAN-based in-vehicle communication protocol security improvement method
US11678177B2 (en) Dual-link wireless ad hoc network and security defense method in emergency scene
CN116405302B (en) System and method for in-vehicle safety communication
Khalil et al. Sybil attack prevention through identity symmetric scheme in vehicular ad-hoc networks
Daily et al. Securing CAN traffic on J1939 networks
Cui et al. Lightweight encryption and authentication for controller area network of autonomous vehicles
Luo et al. Security mechanisms design for in-vehicle network gateway
Olivier et al. Hashing-based authentication for CAN bus and application to Denial-of-Service protection
Park et al. A secure communication method for canbus
CN116032495B (en) Vehicle-cloud cooperative safety transmission data anomaly detection method based on intelligent traffic system
Wang et al. An information security protocol for automotive ethernet
CN111343606A (en) Safety protection method and device for train data
Carsten et al. A system to recognize intruders in controller area network (can)
CN110995671A (en) Communication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant