CN109729056A - Vehicle network safety protection method and the vehicle network architecture based on car networking - Google Patents
Vehicle network safety protection method and the vehicle network architecture based on car networking Download PDFInfo
- Publication number
- CN109729056A CN109729056A CN201711052820.5A CN201711052820A CN109729056A CN 109729056 A CN109729056 A CN 109729056A CN 201711052820 A CN201711052820 A CN 201711052820A CN 109729056 A CN109729056 A CN 109729056A
- Authority
- CN
- China
- Prior art keywords
- layer
- vehicle
- message
- evita
- car networking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The present invention proposes a kind of vehicle network safety protection method and the vehicle network architecture based on car networking, the following steps are included: establishing multiple Prevention-Security layers to vehicle network, multiple Prevention-Security layers include at least method: car networking defends layer, finished vehicle electronic electrical architecture defence layer, In-vehicle networking defence layer and automobile electronic controller physics to defend layer;For each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes vehicle network safety prevention, wherein car networking defends layer is corresponding to use firewall technology, and finished vehicle electronic electrical architecture defends layer is corresponding to use central gateway technology;In-vehicle networking defends layer is corresponding to use network message MAC encryption technology, and automobile electronic controller physics defends layer is corresponding to use the secure hardware module technology based on EVITA.The present invention can effectively resist network attack, improve vehicle internet security.
Description
Technical field
The present invention relates to automobile technical field, in particular to a kind of vehicle network safety protection method based on car networking and
The vehicle network architecture.
Background technique
Currently, the notable feature of pure electric vehicle intelligent network connection automobile is embodied in height automatically controlledization of Vehicular system, ECU
(Electronic Control Unit, electronic controller) quantity and interactive function dramatically increase, software code and control algolithm
Amount significantly increases, and simultaneity factor loophole risk also increases, this also causes " hacker " tissue or individual with business or other mesh
The network attack activity to vehicle also increasing, such as the modification of vehicle security restriction parameter, the distorting of vehicle mileage table, OBD
(On-Board Diagnostic, onboard diagnostic system) intrusion, long-range control etc..
It is to capture the control of vehicle In-vehicle networking by unauthorized access that hacker, which invades important means, is mainly manifested in:
Send the control bus message that non-driver is intended to;It sends unexpected high priority message malice and increases the disconnected load factor of net;Hair
It send diagnostic service to request, steal vehicle core data or steals vehicle.And the complete guard technology of current network can not be effective
Problem above is solved, therefore, validity and safety are poor.
It is contemplated that the probability of future network attack can further increase, and automotive networking is safe of crucial importance, because
This, it would be highly desirable to a kind of more safely and effectively network safety prevention means protect vehicle network.
Summary of the invention
The present invention is directed at least solve one of above-mentioned technical problem.
For this purpose, an object of the present invention is to provide a kind of vehicle network safety protection method based on car networking, it should
Method can effectively resist network attack, improve vehicle internet security.
It is another object of the present invention to propose a kind of vehicle network architecture based on car networking.
To achieve the goals above, the embodiment of first aspect present invention proposes a kind of vehicle network based on car networking
Safety protecting method, comprising the following steps: multiple Prevention-Security layers are established to vehicle network, the multiple Prevention-Security layer is at least
It include: that car networking defence layer, finished vehicle electronic electrical architecture defence layer, In-vehicle networking defence layer and automobile electronic controller physics are anti-
Imperial layer;For each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes vehicle network security
Protection, wherein the car networking defence layer is corresponding to use firewall technology, and the finished vehicle electronic electrical architecture defence layer correspondence is adopted
With central gateway technology;The In-vehicle networking defence layer is corresponding to use network message MAC encryption technology, the Vehicle Electronic Control
Implements reason defence layer is corresponding to use the secure hardware module technology based on EVITA.
Vehicle network safety protection method according to an embodiment of the present invention based on car networking, using layered defense strategy,
It establishes multiple Prevention-Security layers and realizes vehicle security protection, can effectively resist hacker and be connect by wireless communication with OBD diagnosis
The network attack that mouth carries out, while the camouflage replay attack of hacker can be effectively resisted, to further improve vehicle network
Safety.
In addition, the vehicle network safety protection method according to the above embodiment of the present invention based on car networking can also have
Following additional technical characteristic:
In some instances, the car networking defence layer is corresponding uses firewall technology, further comprises: taking in car networking
Be engaged in increasing T-BOX hardware between platform and vehicle, and the relevant safety standard of communication and external interface between the two according to
The secure communication regulation enforcement of the relevant wireless network defined in IEEE 1609.2 for intelligent transportation system.
In some instances, the finished vehicle electronic electrical architecture defence layer is corresponding uses central gateway technology, further wraps
Include: according to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication carry out check and
Filtering carries out the forwarding of corresponding message, and has secure access to machine using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence
System.
In some instances, the In-vehicle networking defence layer is corresponding uses network message MAC encryption technology, further wraps
It includes: determining sending node and receiving node, the sending node and receiving node respectively saves and shared key;The transmission section
Point is generated a message authentication code MAC and is calculated uniquely using MAC generating algorithm according to practical message, key and fresh value
Authentication data;The sending node is by practical message, the Payload of fresh value and message authentication code composition message, and by institute
It states Payload and is sent to the receiving node;The receiving node verifies the Payload, if receive
Fresh value is higher than the fresh value locally saved, then the fresh value that saves by the practical message received, locally and receives new
Fresh value connects, input of the value and key after connection as the MAC generating algorithm;By the MAC calculated and reception
To MAC matched, if successful match, receiving node determine message come from reliable sending node.
In some instances, the automobile electronic controller physics defence layer is corresponding uses the secure hardware based on EVITA
Building block technique further comprises: determining the vapour according to the grade scale of EVITA according to the functional requirement of automobile electronic controller
The EVITA grade that vehicle electronic controller is chosen, wherein the EVITA grade includes: Full grades of EVITA, EVITA Medium
Grade and EVITA Light grades.
To achieve the goals above, the embodiment of second aspect of the present invention proposes a kind of vehicle network based on car networking
Framework, comprising: multiple Prevention-Security layers, the multiple Prevention-Security layer include at least: car networking defends layer, finished vehicle electronic electrical
Framework defends layer, In-vehicle networking defence layer and automobile electronic controller physics to defend layer, wherein for each Prevention-Security layer,
Corresponding preset Prevention-Security technology is chosen respectively and realizes vehicle network safety prevention, wherein the car networking defence
Layer is corresponding to use firewall technology, and the finished vehicle electronic electrical architecture defence layer is corresponding to use central gateway technology;It is described vehicle-mounted
Cyber-defence layer is corresponding to use network message MAC encryption technology, and the automobile electronic controller physics defence layer is corresponding to use base
In the secure hardware module technology of EVITA.
The vehicle network architecture according to an embodiment of the present invention based on car networking is established more using layered defense strategy
A Prevention-Security layer realizes vehicle security protection, can effectively resist what hacker carried out with OBD diagnosis interface by wireless communication
Network attack, while the camouflage replay attack of hacker can be effectively resisted, to further improve vehicle internet security.
In addition, the vehicle network architecture according to the above embodiment of the present invention based on car networking can also have following add
Technical characteristic:
In some instances, the car networking defence layer is corresponding uses firewall technology, further comprises: taking in car networking
Be engaged in increasing T-BOX hardware between platform and vehicle, and the relevant safety standard of communication and external interface between the two according to
The secure communication regulation enforcement of the relevant wireless network defined in IEEE 1609.2 for intelligent transportation system.
In some instances, the finished vehicle electronic electrical architecture defence layer is corresponding uses central gateway technology, further wraps
Include: according to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication carry out check and
Filtering carries out the forwarding of corresponding message, and has secure access to machine using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence
System.
In some instances, the In-vehicle networking defence layer is corresponding uses network message MAC encryption technology, further wraps
It includes: determining sending node and receiving node, the sending node and receiving node respectively saves and shared key;The transmission section
Point is generated a message authentication code MAC and is calculated uniquely using MAC generating algorithm according to practical message, key and fresh value
Authentication data;The sending node is by practical message, the Payload of fresh value and message authentication code composition message, and by institute
It states Payload and is sent to the receiving node;The receiving node verifies the Payload, if receive
Fresh value is higher than the fresh value locally saved, then the fresh value that saves by the practical message received, locally and receives new
Fresh value connects, input of the value and key after connection as the MAC generating algorithm;By the MAC calculated and reception
To MAC matched, if successful match, receiving node determine message come from reliable sending node.
In some instances, the automobile electronic controller physics defence layer is corresponding uses the secure hardware based on EVITA
Building block technique further comprises: determining the vapour according to the grade scale of EVITA according to the functional requirement of automobile electronic controller
The EVITA grade that vehicle electronic controller is chosen, wherein the EVITA grade includes: Full grades of EVITA, EVITA Medium
Grade and EVITA Light grades.
Additional aspect and advantage of the invention will be set forth in part in the description, and will partially become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect of the invention and advantage will become from the description of the embodiment in conjunction with the following figures
Obviously and it is readily appreciated that, in which:
Fig. 1 is the flow chart of the vehicle network safety protection method according to an embodiment of the present invention based on car networking;
Fig. 2 is the schematic diagram of multiple Prevention-Security layers according to an embodiment of the invention;
Fig. 3 is the layered defense of the vehicle network safety protection method according to an embodiment of the invention based on car networking
Topological structure schematic diagram;
Fig. 4 is MAC generation according to an embodiment of the invention and identifying procedure schematic diagram;
Fig. 5 is the Payload schematic diagram according to an embodiment of the invention comprising MAC;
Fig. 6 is the vehicle network architecture schematic diagram according to an embodiment of the present invention based on car networking.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, and for explaining only the invention, and is not considered as limiting the invention.
In the description of the present invention, it is to be understood that, term " center ", " longitudinal direction ", " transverse direction ", "upper", "lower",
The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is
It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark
Show that signified device or element must have a particular orientation, be constructed and operated in a specific orientation, therefore should not be understood as pair
Limitation of the invention.In addition, term " first ", " second " are used for description purposes only, it is not understood to indicate or imply opposite
Importance.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
Below in conjunction with attached drawing describe the vehicle network safety protection method according to an embodiment of the present invention based on car networking and
The vehicle network architecture.
Fig. 1 is the flow chart of the vehicle network safety protection method according to an embodiment of the invention based on car networking.
As shown in Figure 1, method includes the following steps:
Step S1: multiple Prevention-Security layers are established to vehicle network, multiple Prevention-Security layers include at least: car networking defence
Layer, finished vehicle electronic electrical architecture defence layer, In-vehicle networking defence layer and automobile electronic controller physics defend layer, specifically for example scheme
Shown in 2.
Step S2: for each Prevention-Security layer, it is whole that corresponding preset Prevention-Security technology realization is chosen respectively
Vehicle network safety prevention, wherein car networking defends layer is corresponding to use firewall technology, and finished vehicle electronic electrical architecture defends layer corresponding
Using central gateway technology;In-vehicle networking defends layer is corresponding to use network message MAC encryption technology, automobile electronic controller physics
Defend layer is corresponding to use the secure hardware module technology based on EVITA.Specifically, being taken accordingly to each Prevention-Security layer choosing
Prevention-Security technological means.Car networking defends layer (between cloud server terminal and vehicle) is corresponding to use firewall technology, vehicle electricity
Sub- electrical architecture defence layer (between vehicle modules and In-vehicle networking) is corresponding to use central gateway technology;In-vehicle networking defends layer
(between each domain controller or each automatically controlled ECU) is corresponding to use network message MAC encryption technology, the defence of automobile electronic controller physics
Layer is corresponding to use the secure hardware module technology based on EVITA, and concrete example is as shown in Figure 3.
Specifically, in one embodiment of the invention, car networking defence layer is corresponding uses firewall technology, further wraps
It includes: increasing T-BOX hardware between car networking service platform TSP and vehicle, and communication between the two is related to external interface
Safety standard according in IEEE 1609.2 be directed to ITS (Intelligent Traffic Systems, intelligent transportation system)
The secure communication regulation enforcement of the relevant wireless network of definition, so as to effectively to the cloud server terminal of car networking and vehicle it
Between network safety prevention, improve internet security.
In one embodiment of the invention, finished vehicle electronic electrical architecture defence layer is corresponding uses central gateway technology, into
One step includes: based on message ID and period and signal content, to be carried out to Content of Communication according to the specification of CAN bus network
It checks and filters, carry out the forwarding of corresponding message, and to diagnosis request and the transmission of nonstandard numbers evidence using Seed-Key safety
Access mechanism improves network security so as to effectively realize to the network safety prevention between vehicle modules and In-vehicle networking
Property.
In one embodiment of the invention, the network message MAC encryption technology that In-vehicle networking defence layer uses, is counterweight
Message is wanted to use the MAC encryption technology of SecOC (safe system on chip) code requirement based on AUTOSAR.It first will be important
The sending node and receiving node of message determine, it is desirable that these nodes all realize SecOC, and each SecOC module has for data
The fresh value (such as freshness counter, timestamp) of freshness protection.
Based on this, in one embodiment of the invention, as shown in connection with fig. 4, In-vehicle networking defends layer is corresponding to use network
Message MAC encryption technology further comprises:
Step 1: the sending node (the sending node A in such as Fig. 4) and receiving node for determining important message are (in such as Fig. 4
Receiving node B), sending node and receiving node respectively saves and shared key.
Step 2: sending node generates a message authentication code MAC, using MAC generating algorithm, according to practical message, key
Unique authentication data is calculated with fresh value.
Step 3: practical message, fresh value and message authentication code are formed the Payload of message by sending node, and will
Payload is sent to receiving node.The specific signal of Payload is as shown in Figure 5.
Step 4: receiving node verifies Payload, if what fresh value (LSB) ratio received locally saved
Fresh value (MSB) is high, then the fresh value (MSB) saved by the practical message received, locally and the fresh value (LSB) received
It connects, the input of value and key as MAC generating algorithm after connection, so as to effectively prevent replay attack.
Step 5: the MAC calculated and the MAC received being matched, if successful match, receiving node is sentenced
The sending node that message comes from reliable (sharing the same private key) is determined, so that it is guaranteed that message is not tampered with and fresh, i.e.,
It is not replayed, so as to effectively realize to the network safety prevention between each domain controller or each automatically controlled ECU, improves network
Safety.
In one embodiment of the invention, automobile electronic controller physics defence layer is corresponding uses the peace based on EVITA
Devices at full hardware building block technique further comprises: using towards secure hardware module of the In-vehicle networking safety based on EVITA, according to vapour
The functional requirement of vehicle electronic controller determines the EVITA grade that automobile electronic controller is chosen according to the grade scale of EVITA, from
And can effectively realize the security protection to automobile electronic controller network of relation, improve internet security.Wherein, EVITA
Grade includes: Full grades of EVITA, Medium grades of EVITA and Light grades of EVITA.Specifically, for example, V-BOX, T-BOX etc.
Choose EVITA Full grades;The driving such as GateWay, VCU, MCU, ESP, ADAS, BMS and active safety relevant ECU (electronics control
Device processed) choose EVITA Medium grades;The relevant ECU of BCM, DCM equivalent comfort system chooses EVITA Light grades.
To sum up, the vehicle network safety protection method according to an embodiment of the present invention based on car networking, using layered defense
Strategy establishes multiple Prevention-Security layers and realizes vehicle security protection, can effectively resist hacker and examine by wireless communication with OBD
The network attack that slave interrupt interface carries out, while the camouflage replay attack of hacker can be effectively resisted, to further improve vehicle
Internet security.
Further embodiment of the present invention also proposed a kind of vehicle network architecture based on car networking.
Fig. 6 is the vehicle network architecture schematic diagram according to an embodiment of the invention based on car networking.As shown in fig. 6,
The vehicle network architecture 1000 based on car networking includes: multiple Prevention-Security layers 100.Specifically, multiple Prevention-Security layers 100
Include at least: car networking defends layer 110, finished vehicle electronic electrical architecture defence layer 120, In-vehicle networking defence layer 130 and automobile electricity
Sub-controller physics defends layer 140.
Wherein, for each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes vehicle
Network safety prevention, wherein car networking defends layer 110 is corresponding to use firewall technology, and finished vehicle electronic electrical architecture defends layer 120
It is corresponding to use central gateway technology;In-vehicle networking defends layer 130 is corresponding to use network message MAC encryption technology, automotive electronics control
Implements reason defence layer 140 processed is corresponding to use the secure hardware module technology based on EVITA.Specifically, i.e. anti-to each safety
Imperial layer choosing takes corresponding Prevention-Security technological means.Car networking defends layer 110 (between cloud server terminal and vehicle) corresponding using anti-
Wall with flues technology, finished vehicle electronic electrical architecture defend layer 120 (between vehicle modules and In-vehicle networking) is corresponding to use central gateway skill
Art;In-vehicle networking defends layer 130 (between each domain controller or each automatically controlled ECU) is corresponding to use network message MAC encryption technology, vapour
Vehicle electronic controller physics defends layer 140 is corresponding to use the secure hardware module technology based on EVITA.
Specifically, in one embodiment of the invention, car networking defence layer 110 is corresponding uses firewall technology, into one
Step includes: increase T-BOX hardware, and communication and external interface between the two between car networking service platform TSP and vehicle
Relevant safety standard according in IEEE 1609.2 be directed to ITS (Intelligent Traffic Systems, intelligent transportation system
System) the secure communication regulation enforcement of relevant wireless network that defines, so as to effectively to the cloud server terminal of car networking and whole
Network safety prevention between vehicle improves internet security.
In one embodiment of the invention, finished vehicle electronic electrical architecture defence layer 120 is corresponding uses central gateway technology,
Further comprise: according to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication into
Row checks and filtering, carries out the forwarding of corresponding message, and pacify using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence
Full access mechanism improves network peace so as to effectively realize to the network safety prevention between vehicle modules and In-vehicle networking
Quan Xing.
In one embodiment of the invention, In-vehicle networking defends the network message MAC encryption technology of the use of layer 130, is
The MAC encryption technology of SecOC (safe system on chip) code requirement based on AUTOSAR is used to important message.First will
The sending node and receiving node of important message determine, it is desirable that these nodes all realize SecOC, and each SecOC module is used for
The fresh value (such as freshness counter, timestamp) of data freshness protection.
Based on this, in one embodiment of the invention, In-vehicle networking defence layer 130 is corresponding to be added using network message MAC
Secret skill art further comprises: determining that the sending node and receiving node of important message, sending node and receiving node respectively save
And shared key;Sending node generates a message authentication code MAC, using MAC generating algorithm, according to practical message, key and
Fresh value calculates unique authentication data;Practical message, fresh value and message authentication code are formed message by sending node
Payload, and receiving node is sent by Payload;Receiving node verifies Payload, if what is received is new
Fresh value (LSB) is higher than the fresh value (MSB) locally saved, then the fresh value (MSB) saved by the practical message received, locally
It is connected with the fresh value (LSB) received, the input of value and key as MAC generating algorithm after connection, so as to
It effectively prevent replay attack;The MAC calculated and the MAC received are matched, if successful match, receiving node
Determine that message comes from the sending node of reliable (sharing the same private key), so that it is guaranteed that message is not tampered with and fresh,
It is not replayed, so as to effectively realize to the network safety prevention between each domain controller or each automatically controlled ECU, improves net
Network safety.
In one embodiment of the invention, automobile electronic controller physics defence layer 140 is corresponding using based on EVITA's
Secure hardware module technology further comprises: using towards In-vehicle networking safety the secure hardware module based on EVITA, according to
The functional requirement of automobile electronic controller determines the EVITA grade that automobile electronic controller is chosen according to the grade scale of EVITA,
So as to effectively realize to the security protection of automobile electronic controller network of relation, internet security is improved.Wherein,
EVITA grade includes: Full grades of EVITA, Medium grades of EVITA and Light grades of EVITA.Specifically, for example, V-BOX, T-
BOX etc. chooses EVITA Full grades;The driving such as GateWay, VCU, MCU, ESP, ADAS, BMS and the relevant ECU of active safety
(electronic controller) chooses EVITA Medium grades;The relevant ECU of BCM, DCM equivalent comfort system chooses EVITA Light grades.
It should be noted that the specific implementation of the vehicle network architecture based on car networking of the embodiment of the present invention and sheet
The specific implementation of the vehicle network safety protection method based on car networking of inventive embodiments is similar, specifically refers to method
Partial description, in order to reduce redundancy, details are not described herein again.
To sum up, the vehicle network architecture according to an embodiment of the present invention based on car networking is built using layered defense strategy
Found multiple Prevention-Security layers and realize vehicle security protections, can effectively resist hacker diagnosed by wireless communication with OBD interface into
Capable network attack, while the camouflage replay attack of hacker can be effectively resisted, to further improve vehicle network security
Property.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any
One or more embodiment or examples in can be combined in any suitable manner.
Although an embodiment of the present invention has been shown and described, it will be understood by those skilled in the art that: not
A variety of change, modification, replacement and modification can be carried out to these embodiments in the case where being detached from the principle of the present invention and objective, this
The range of invention is by claim and its equivalent limits.
Claims (10)
1. a kind of vehicle network safety protection method based on car networking, which comprises the following steps:
Establish multiple Prevention-Security layers to vehicle network, the multiple Prevention-Security layer includes at least: car networking defends layer, vehicle
Electric framework defence layer, In-vehicle networking defence layer and automobile electronic controller physics defend layer;
For each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes that vehicle network security is anti-
Shield, wherein the car networking defence layer is corresponding to use firewall technology, and the finished vehicle electronic electrical architecture defence layer is corresponding to be used
Central gateway technology;The In-vehicle networking defence layer is corresponding to use network message MAC encryption technology, the automobile electronic controller
Physics defends layer is corresponding to use the secure hardware module technology based on EVITA.
2. the vehicle network safety protection method according to claim 1 based on car networking, which is characterized in that the vehicle connection
Net defence layer is corresponding to use firewall technology, further comprises:
Increase T-BOX hardware between car networking service platform and vehicle, and communication and external interface between the two is relevant
Safety standard is held according to the secure communication specification for being directed to the relevant wireless network that intelligent transportation system defines in IEEE 1609.2
Row.
3. the vehicle network safety protection method according to claim 1 based on car networking, which is characterized in that the vehicle
Electric framework defence layer is corresponding to use central gateway technology, further comprises:
According to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication carry out check and
Filtering carries out the forwarding of corresponding message, and has secure access to machine using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence
System.
4. the vehicle network safety protection method according to claim 1 based on car networking, which is characterized in that described vehicle-mounted
Cyber-defence layer is corresponding to use network message MAC encryption technology, further comprises:
Determine sending node and receiving node, the sending node and receiving node respectively saves and shared key;
The sending node generates a message authentication code MAC, using MAC generating algorithm, according to practical message, key and fresh
Value calculates unique authentication data;
The sending node has described practical message, the Payload of fresh value and message authentication code composition message
Effect load is sent to the receiving node;
The receiving node verifies the Payload, if the fresh value received is than the fresh value that locally saves
Height, the then fresh value saved by the practical message received, locally and the fresh value received connect, the value after connection and
Input of the key as the MAC generating algorithm;
The MAC calculated and the MAC received are matched, if successful match, receiving node determines that message comes from
Reliable sending node.
5. the vehicle network safety protection method according to claim 1 based on car networking, which is characterized in that the automobile
Electronic controller physics defends layer is corresponding to use the secure hardware module technology based on EVITA, further comprises:
Determine that the automobile electronic controller is chosen according to the grade scale of EVITA according to the functional requirement of automobile electronic controller
EVITA grade, wherein the EVITA grade includes: Full grades of EVITA, Medium grades of EVITA and EVITA Light
Grade.
6. a kind of vehicle network architecture based on car networking characterized by comprising
Multiple Prevention-Security layers, the multiple Prevention-Security layer include at least: car networking defends layer, finished vehicle electronic electrical architecture anti-
Imperial layer, In-vehicle networking defence layer and automobile electronic controller physics defend layer, wherein
For each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes that vehicle network security is anti-
Shield, wherein the car networking defence layer is corresponding to use firewall technology, and the finished vehicle electronic electrical architecture defence layer is corresponding to be used
Central gateway technology;The In-vehicle networking defence layer is corresponding to use network message MAC encryption technology, the automobile electronic controller
Physics defends layer is corresponding to use the secure hardware module technology based on EVITA.
7. the vehicle network architecture according to claim 6 based on car networking, which is characterized in that the car networking defends layer
It is corresponding to use firewall technology, further comprise:
Increase T-BOX hardware, communication between the two and the relevant peace of external interface between car networking service platform and vehicle
Full standard according to the relevant wireless network that intelligent transportation system justice is directed in IEEE 1609.2 secure communication regulation enforcement.
8. the vehicle network architecture according to claim 6 based on car networking, which is characterized in that the finished vehicle electronic is electrical
Framework defends layer is corresponding to use central gateway technology, further comprises:
According to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication carry out check and
Filtering carries out the forwarding of corresponding message, and has secure access to machine using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence
System.
9. the vehicle network architecture according to claim 6 based on car networking, which is characterized in that the In-vehicle networking defence
Layer is corresponding to use network message MAC encryption technology, further comprises:
Determine sending node and receiving node, the sending node and receiving node respectively saves and shared key;
The sending node generates a message authentication code MAC, using MAC generating algorithm, according to practical message, key and fresh
Value calculates unique authentication data;
The sending node has described practical message, the Payload of fresh value and message authentication code composition message
Effect load is sent to the receiving node;
The receiving node verifies the Payload, if the fresh value received is than the fresh value that locally saves
Height, the then fresh value saved by the practical message received, locally and the fresh value received connect, the value after connection and
Input of the key as the MAC generating algorithm;
The MAC calculated and the MAC received are matched, if successful match, receiving node determines that message comes from
Reliable sending node.
10. the vehicle network architecture according to claim 6 based on car networking, which is characterized in that the automotive electronics control
Implements reason defence layer processed is corresponding to use the secure hardware module technology based on EVITA, further comprises:
Determine that the automobile electronic controller is chosen according to the grade scale of EVITA according to the functional requirement of automobile electronic controller
EVITA grade, wherein the EVITA grade includes: Full grades of EVITA, Medium grades of EVITA and EVITA Light
Grade.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711052820.5A CN109729056A (en) | 2017-10-30 | 2017-10-30 | Vehicle network safety protection method and the vehicle network architecture based on car networking |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711052820.5A CN109729056A (en) | 2017-10-30 | 2017-10-30 | Vehicle network safety protection method and the vehicle network architecture based on car networking |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109729056A true CN109729056A (en) | 2019-05-07 |
Family
ID=66293287
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711052820.5A Pending CN109729056A (en) | 2017-10-30 | 2017-10-30 | Vehicle network safety protection method and the vehicle network architecture based on car networking |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109729056A (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110351358A (en) * | 2019-07-09 | 2019-10-18 | 成都信息工程大学 | A kind of car networking safe information transmission and intelligent early-warning system |
CN112217634A (en) * | 2019-07-12 | 2021-01-12 | 华为技术有限公司 | Authentication method, equipment and system applied to intelligent vehicle |
CN112422595A (en) * | 2019-08-20 | 2021-02-26 | 华为技术有限公司 | Vehicle-mounted system safety protection method and device |
CN112637152A (en) * | 2020-12-08 | 2021-04-09 | 国汽(北京)智能网联汽车研究院有限公司 | Vehicle-mounted Ethernet firewall system, communication delay determination method and device |
CN112740726A (en) * | 2020-12-28 | 2021-04-30 | 华为技术有限公司 | Data transmission method and device |
CN113242139A (en) * | 2021-03-24 | 2021-08-10 | 江铃汽车股份有限公司 | Vehicle network signal platform design method |
CN113439425A (en) * | 2020-01-23 | 2021-09-24 | 华为技术有限公司 | Message transmission method and device |
CN113741393A (en) * | 2021-09-03 | 2021-12-03 | 东风汽车集团股份有限公司 | Vehicle safety network architecture based on central gateway and diagnosis method thereof |
WO2022032548A1 (en) * | 2020-08-13 | 2022-02-17 | 华为技术有限公司 | In-vehicle network secure communication method, apparatus and device |
CN114257388A (en) * | 2020-09-21 | 2022-03-29 | 北京新能源汽车股份有限公司 | Information safety protection method and device of Internet of vehicles system and electric vehicle |
CN114301739A (en) * | 2021-12-29 | 2022-04-08 | 北京国家新能源汽车技术创新中心有限公司 | Central gateway security architecture, system and storage medium |
CN115208694A (en) * | 2022-09-13 | 2022-10-18 | 智己汽车科技有限公司 | Vehicle-mounted network communication encryption system based on central computing platform and vehicle |
WO2022246760A1 (en) * | 2021-05-27 | 2022-12-01 | 华为技术有限公司 | In-vehicle communication method and apparatus |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101481403B1 (en) * | 2013-08-26 | 2015-01-21 | 고려대학교 산학협력단 | Data certification and acquisition method for vehicle |
CN105009546A (en) * | 2013-02-25 | 2015-10-28 | 丰田自动车株式会社 | Information processing device and information processing method |
CN105745862A (en) * | 2013-09-24 | 2016-07-06 | 密执安州立大学董事会 | Real-time frame authentication using ID anonymization in automotive networks |
CN105871830A (en) * | 2016-03-28 | 2016-08-17 | 成都信息工程大学 | Firewall of vehicle-mounted information system of automobile |
-
2017
- 2017-10-30 CN CN201711052820.5A patent/CN109729056A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105009546A (en) * | 2013-02-25 | 2015-10-28 | 丰田自动车株式会社 | Information processing device and information processing method |
KR101481403B1 (en) * | 2013-08-26 | 2015-01-21 | 고려대학교 산학협력단 | Data certification and acquisition method for vehicle |
CN105745862A (en) * | 2013-09-24 | 2016-07-06 | 密执安州立大学董事会 | Real-time frame authentication using ID anonymization in automotive networks |
CN105871830A (en) * | 2016-03-28 | 2016-08-17 | 成都信息工程大学 | Firewall of vehicle-mounted information system of automobile |
Non-Patent Citations (2)
Title |
---|
于赫: "《网联汽车信息安全问题及CAN总线异常检测技术研究》", 《中国博士学位论文全文数据库工程科技Ⅱ辑》 * |
张铁欣: "《基于汽车网关平台功能的网络拓扑设计与安全研究》", 《汽车电器》 * |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110351358A (en) * | 2019-07-09 | 2019-10-18 | 成都信息工程大学 | A kind of car networking safe information transmission and intelligent early-warning system |
CN112217634B (en) * | 2019-07-12 | 2022-07-19 | 华为技术有限公司 | Authentication method, equipment and system applied to intelligent vehicle |
CN112217634A (en) * | 2019-07-12 | 2021-01-12 | 华为技术有限公司 | Authentication method, equipment and system applied to intelligent vehicle |
CN115378580A (en) * | 2019-07-12 | 2022-11-22 | 华为技术有限公司 | Authentication method, equipment and system |
CN112422595A (en) * | 2019-08-20 | 2021-02-26 | 华为技术有限公司 | Vehicle-mounted system safety protection method and device |
CN112422595B (en) * | 2019-08-20 | 2022-10-11 | 华为技术有限公司 | Vehicle-mounted system safety protection method and device |
CN113439425B (en) * | 2020-01-23 | 2022-10-11 | 华为技术有限公司 | Message transmission method and device |
CN113439425A (en) * | 2020-01-23 | 2021-09-24 | 华为技术有限公司 | Message transmission method and device |
WO2022032548A1 (en) * | 2020-08-13 | 2022-02-17 | 华为技术有限公司 | In-vehicle network secure communication method, apparatus and device |
CN114257388A (en) * | 2020-09-21 | 2022-03-29 | 北京新能源汽车股份有限公司 | Information safety protection method and device of Internet of vehicles system and electric vehicle |
CN114257388B (en) * | 2020-09-21 | 2024-03-26 | 北京新能源汽车股份有限公司 | Information safety protection method and device of Internet of vehicles system and electric automobile |
CN112637152B (en) * | 2020-12-08 | 2023-03-24 | 国汽(北京)智能网联汽车研究院有限公司 | Vehicle-mounted Ethernet firewall system, communication delay determination method and device |
CN112637152A (en) * | 2020-12-08 | 2021-04-09 | 国汽(北京)智能网联汽车研究院有限公司 | Vehicle-mounted Ethernet firewall system, communication delay determination method and device |
WO2022140895A1 (en) * | 2020-12-28 | 2022-07-07 | 华为技术有限公司 | Data transmission method, and apparatus |
CN112740726B (en) * | 2020-12-28 | 2022-06-10 | 华为技术有限公司 | Data transmission method and device |
CN112740726A (en) * | 2020-12-28 | 2021-04-30 | 华为技术有限公司 | Data transmission method and device |
CN113242139A (en) * | 2021-03-24 | 2021-08-10 | 江铃汽车股份有限公司 | Vehicle network signal platform design method |
WO2022246760A1 (en) * | 2021-05-27 | 2022-12-01 | 华为技术有限公司 | In-vehicle communication method and apparatus |
CN113741393A (en) * | 2021-09-03 | 2021-12-03 | 东风汽车集团股份有限公司 | Vehicle safety network architecture based on central gateway and diagnosis method thereof |
CN113741393B (en) * | 2021-09-03 | 2023-03-24 | 东风汽车集团股份有限公司 | Vehicle safety network architecture based on central gateway and diagnosis method thereof |
CN114301739A (en) * | 2021-12-29 | 2022-04-08 | 北京国家新能源汽车技术创新中心有限公司 | Central gateway security architecture, system and storage medium |
CN114301739B (en) * | 2021-12-29 | 2023-08-22 | 北京国家新能源汽车技术创新中心有限公司 | Central gateway security architecture, system and storage medium |
CN115208694A (en) * | 2022-09-13 | 2022-10-18 | 智己汽车科技有限公司 | Vehicle-mounted network communication encryption system based on central computing platform and vehicle |
CN115208694B (en) * | 2022-09-13 | 2023-01-13 | 智己汽车科技有限公司 | Vehicle-mounted network communication encryption system based on central computing platform and vehicle |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109729056A (en) | Vehicle network safety protection method and the vehicle network architecture based on car networking | |
CN109714344B (en) | Intelligent networking automobile information safety platform based on' end-pipe-cloud | |
US11618394B2 (en) | Vehicle secure messages based on a vehicle private key | |
Bernardini et al. | Security and privacy in vehicular communications: Challenges and opportunities | |
US9866570B2 (en) | On-vehicle communication system | |
JP5479408B2 (en) | In-vehicle network system | |
US10791125B2 (en) | End-to-end controller protection and message authentication | |
US20160173530A1 (en) | Vehicle-Mounted Network System | |
JP6807906B2 (en) | Systems and methods to generate rules to prevent computer attacks on vehicles | |
Abbott-McCune et al. | Intrusion prevention system of automotive network CAN bus | |
CN106953796A (en) | Security gateway, data processing method, device, vehicle network topology and vehicle | |
CN109428716A (en) | The encryption key distribution of car group | |
US20130227650A1 (en) | Vehicle-Mounted Network System | |
CN107483393B (en) | Communication method, server and communication system of Internet of vehicles | |
CN111147448B (en) | CAN bus flood attack defense system and method | |
CN108173856A (en) | Vehicle communication data safety detection method, device and car-mounted terminal | |
CN106406281A (en) | Safety remote control system for electric vehicle, and method thereof | |
Huang et al. | On the security of in-vehicle hybrid network: Status and challenges | |
US11176229B2 (en) | Anti-tamper system for vehicle firmware | |
CN112740617B (en) | Certificate list updating method and device | |
Luo et al. | Security mechanisms design of automotive gateway firewall | |
Dadam et al. | Onboard Cybersecurity Diagnostic System for Connected Vehicles | |
CN116800531A (en) | Automobile electronic and electric architecture and safety communication method | |
CN106685967A (en) | Vehicle network communication encryption and intrusion monitoring device | |
Zou et al. | Research on information security framework of intelligent connected vehicle |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190507 |