CN109729056A - Vehicle network safety protection method and the vehicle network architecture based on car networking - Google Patents

Vehicle network safety protection method and the vehicle network architecture based on car networking Download PDF

Info

Publication number
CN109729056A
CN109729056A CN201711052820.5A CN201711052820A CN109729056A CN 109729056 A CN109729056 A CN 109729056A CN 201711052820 A CN201711052820 A CN 201711052820A CN 109729056 A CN109729056 A CN 109729056A
Authority
CN
China
Prior art keywords
layer
vehicle
message
evita
car networking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711052820.5A
Other languages
Chinese (zh)
Inventor
陆群
胡兴煜
杨池英
李艳伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CH Auto Technology Co Ltd
Beijing Changcheng Huaguan Automobile Technology Development Co Ltd
Original Assignee
Beijing Changcheng Huaguan Automobile Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Changcheng Huaguan Automobile Technology Development Co Ltd filed Critical Beijing Changcheng Huaguan Automobile Technology Development Co Ltd
Priority to CN201711052820.5A priority Critical patent/CN109729056A/en
Publication of CN109729056A publication Critical patent/CN109729056A/en
Pending legal-status Critical Current

Links

Abstract

The present invention proposes a kind of vehicle network safety protection method and the vehicle network architecture based on car networking, the following steps are included: establishing multiple Prevention-Security layers to vehicle network, multiple Prevention-Security layers include at least method: car networking defends layer, finished vehicle electronic electrical architecture defence layer, In-vehicle networking defence layer and automobile electronic controller physics to defend layer;For each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes vehicle network safety prevention, wherein car networking defends layer is corresponding to use firewall technology, and finished vehicle electronic electrical architecture defends layer is corresponding to use central gateway technology;In-vehicle networking defends layer is corresponding to use network message MAC encryption technology, and automobile electronic controller physics defends layer is corresponding to use the secure hardware module technology based on EVITA.The present invention can effectively resist network attack, improve vehicle internet security.

Description

Vehicle network safety protection method and the vehicle network architecture based on car networking
Technical field
The present invention relates to automobile technical field, in particular to a kind of vehicle network safety protection method based on car networking and The vehicle network architecture.
Background technique
Currently, the notable feature of pure electric vehicle intelligent network connection automobile is embodied in height automatically controlledization of Vehicular system, ECU (Electronic Control Unit, electronic controller) quantity and interactive function dramatically increase, software code and control algolithm Amount significantly increases, and simultaneity factor loophole risk also increases, this also causes " hacker " tissue or individual with business or other mesh The network attack activity to vehicle also increasing, such as the modification of vehicle security restriction parameter, the distorting of vehicle mileage table, OBD (On-Board Diagnostic, onboard diagnostic system) intrusion, long-range control etc..
It is to capture the control of vehicle In-vehicle networking by unauthorized access that hacker, which invades important means, is mainly manifested in: Send the control bus message that non-driver is intended to;It sends unexpected high priority message malice and increases the disconnected load factor of net;Hair It send diagnostic service to request, steal vehicle core data or steals vehicle.And the complete guard technology of current network can not be effective Problem above is solved, therefore, validity and safety are poor.
It is contemplated that the probability of future network attack can further increase, and automotive networking is safe of crucial importance, because This, it would be highly desirable to a kind of more safely and effectively network safety prevention means protect vehicle network.
Summary of the invention
The present invention is directed at least solve one of above-mentioned technical problem.
For this purpose, an object of the present invention is to provide a kind of vehicle network safety protection method based on car networking, it should Method can effectively resist network attack, improve vehicle internet security.
It is another object of the present invention to propose a kind of vehicle network architecture based on car networking.
To achieve the goals above, the embodiment of first aspect present invention proposes a kind of vehicle network based on car networking Safety protecting method, comprising the following steps: multiple Prevention-Security layers are established to vehicle network, the multiple Prevention-Security layer is at least It include: that car networking defence layer, finished vehicle electronic electrical architecture defence layer, In-vehicle networking defence layer and automobile electronic controller physics are anti- Imperial layer;For each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes vehicle network security Protection, wherein the car networking defence layer is corresponding to use firewall technology, and the finished vehicle electronic electrical architecture defence layer correspondence is adopted With central gateway technology;The In-vehicle networking defence layer is corresponding to use network message MAC encryption technology, the Vehicle Electronic Control Implements reason defence layer is corresponding to use the secure hardware module technology based on EVITA.
Vehicle network safety protection method according to an embodiment of the present invention based on car networking, using layered defense strategy, It establishes multiple Prevention-Security layers and realizes vehicle security protection, can effectively resist hacker and be connect by wireless communication with OBD diagnosis The network attack that mouth carries out, while the camouflage replay attack of hacker can be effectively resisted, to further improve vehicle network Safety.
In addition, the vehicle network safety protection method according to the above embodiment of the present invention based on car networking can also have Following additional technical characteristic:
In some instances, the car networking defence layer is corresponding uses firewall technology, further comprises: taking in car networking Be engaged in increasing T-BOX hardware between platform and vehicle, and the relevant safety standard of communication and external interface between the two according to The secure communication regulation enforcement of the relevant wireless network defined in IEEE 1609.2 for intelligent transportation system.
In some instances, the finished vehicle electronic electrical architecture defence layer is corresponding uses central gateway technology, further wraps Include: according to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication carry out check and Filtering carries out the forwarding of corresponding message, and has secure access to machine using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence System.
In some instances, the In-vehicle networking defence layer is corresponding uses network message MAC encryption technology, further wraps It includes: determining sending node and receiving node, the sending node and receiving node respectively saves and shared key;The transmission section Point is generated a message authentication code MAC and is calculated uniquely using MAC generating algorithm according to practical message, key and fresh value Authentication data;The sending node is by practical message, the Payload of fresh value and message authentication code composition message, and by institute It states Payload and is sent to the receiving node;The receiving node verifies the Payload, if receive Fresh value is higher than the fresh value locally saved, then the fresh value that saves by the practical message received, locally and receives new Fresh value connects, input of the value and key after connection as the MAC generating algorithm;By the MAC calculated and reception To MAC matched, if successful match, receiving node determine message come from reliable sending node.
In some instances, the automobile electronic controller physics defence layer is corresponding uses the secure hardware based on EVITA Building block technique further comprises: determining the vapour according to the grade scale of EVITA according to the functional requirement of automobile electronic controller The EVITA grade that vehicle electronic controller is chosen, wherein the EVITA grade includes: Full grades of EVITA, EVITA Medium Grade and EVITA Light grades.
To achieve the goals above, the embodiment of second aspect of the present invention proposes a kind of vehicle network based on car networking Framework, comprising: multiple Prevention-Security layers, the multiple Prevention-Security layer include at least: car networking defends layer, finished vehicle electronic electrical Framework defends layer, In-vehicle networking defence layer and automobile electronic controller physics to defend layer, wherein for each Prevention-Security layer, Corresponding preset Prevention-Security technology is chosen respectively and realizes vehicle network safety prevention, wherein the car networking defence Layer is corresponding to use firewall technology, and the finished vehicle electronic electrical architecture defence layer is corresponding to use central gateway technology;It is described vehicle-mounted Cyber-defence layer is corresponding to use network message MAC encryption technology, and the automobile electronic controller physics defence layer is corresponding to use base In the secure hardware module technology of EVITA.
The vehicle network architecture according to an embodiment of the present invention based on car networking is established more using layered defense strategy A Prevention-Security layer realizes vehicle security protection, can effectively resist what hacker carried out with OBD diagnosis interface by wireless communication Network attack, while the camouflage replay attack of hacker can be effectively resisted, to further improve vehicle internet security.
In addition, the vehicle network architecture according to the above embodiment of the present invention based on car networking can also have following add Technical characteristic:
In some instances, the car networking defence layer is corresponding uses firewall technology, further comprises: taking in car networking Be engaged in increasing T-BOX hardware between platform and vehicle, and the relevant safety standard of communication and external interface between the two according to The secure communication regulation enforcement of the relevant wireless network defined in IEEE 1609.2 for intelligent transportation system.
In some instances, the finished vehicle electronic electrical architecture defence layer is corresponding uses central gateway technology, further wraps Include: according to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication carry out check and Filtering carries out the forwarding of corresponding message, and has secure access to machine using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence System.
In some instances, the In-vehicle networking defence layer is corresponding uses network message MAC encryption technology, further wraps It includes: determining sending node and receiving node, the sending node and receiving node respectively saves and shared key;The transmission section Point is generated a message authentication code MAC and is calculated uniquely using MAC generating algorithm according to practical message, key and fresh value Authentication data;The sending node is by practical message, the Payload of fresh value and message authentication code composition message, and by institute It states Payload and is sent to the receiving node;The receiving node verifies the Payload, if receive Fresh value is higher than the fresh value locally saved, then the fresh value that saves by the practical message received, locally and receives new Fresh value connects, input of the value and key after connection as the MAC generating algorithm;By the MAC calculated and reception To MAC matched, if successful match, receiving node determine message come from reliable sending node.
In some instances, the automobile electronic controller physics defence layer is corresponding uses the secure hardware based on EVITA Building block technique further comprises: determining the vapour according to the grade scale of EVITA according to the functional requirement of automobile electronic controller The EVITA grade that vehicle electronic controller is chosen, wherein the EVITA grade includes: Full grades of EVITA, EVITA Medium Grade and EVITA Light grades.
Additional aspect and advantage of the invention will be set forth in part in the description, and will partially become from the following description Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect of the invention and advantage will become from the description of the embodiment in conjunction with the following figures Obviously and it is readily appreciated that, in which:
Fig. 1 is the flow chart of the vehicle network safety protection method according to an embodiment of the present invention based on car networking;
Fig. 2 is the schematic diagram of multiple Prevention-Security layers according to an embodiment of the invention;
Fig. 3 is the layered defense of the vehicle network safety protection method according to an embodiment of the invention based on car networking Topological structure schematic diagram;
Fig. 4 is MAC generation according to an embodiment of the invention and identifying procedure schematic diagram;
Fig. 5 is the Payload schematic diagram according to an embodiment of the invention comprising MAC;
Fig. 6 is the vehicle network architecture schematic diagram according to an embodiment of the present invention based on car networking.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached The embodiment of figure description is exemplary, and for explaining only the invention, and is not considered as limiting the invention.
In the description of the present invention, it is to be understood that, term " center ", " longitudinal direction ", " transverse direction ", "upper", "lower", The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark Show that signified device or element must have a particular orientation, be constructed and operated in a specific orientation, therefore should not be understood as pair Limitation of the invention.In addition, term " first ", " second " are used for description purposes only, it is not understood to indicate or imply opposite Importance.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.
Below in conjunction with attached drawing describe the vehicle network safety protection method according to an embodiment of the present invention based on car networking and The vehicle network architecture.
Fig. 1 is the flow chart of the vehicle network safety protection method according to an embodiment of the invention based on car networking. As shown in Figure 1, method includes the following steps:
Step S1: multiple Prevention-Security layers are established to vehicle network, multiple Prevention-Security layers include at least: car networking defence Layer, finished vehicle electronic electrical architecture defence layer, In-vehicle networking defence layer and automobile electronic controller physics defend layer, specifically for example scheme Shown in 2.
Step S2: for each Prevention-Security layer, it is whole that corresponding preset Prevention-Security technology realization is chosen respectively Vehicle network safety prevention, wherein car networking defends layer is corresponding to use firewall technology, and finished vehicle electronic electrical architecture defends layer corresponding Using central gateway technology;In-vehicle networking defends layer is corresponding to use network message MAC encryption technology, automobile electronic controller physics Defend layer is corresponding to use the secure hardware module technology based on EVITA.Specifically, being taken accordingly to each Prevention-Security layer choosing Prevention-Security technological means.Car networking defends layer (between cloud server terminal and vehicle) is corresponding to use firewall technology, vehicle electricity Sub- electrical architecture defence layer (between vehicle modules and In-vehicle networking) is corresponding to use central gateway technology;In-vehicle networking defends layer (between each domain controller or each automatically controlled ECU) is corresponding to use network message MAC encryption technology, the defence of automobile electronic controller physics Layer is corresponding to use the secure hardware module technology based on EVITA, and concrete example is as shown in Figure 3.
Specifically, in one embodiment of the invention, car networking defence layer is corresponding uses firewall technology, further wraps It includes: increasing T-BOX hardware between car networking service platform TSP and vehicle, and communication between the two is related to external interface Safety standard according in IEEE 1609.2 be directed to ITS (Intelligent Traffic Systems, intelligent transportation system) The secure communication regulation enforcement of the relevant wireless network of definition, so as to effectively to the cloud server terminal of car networking and vehicle it Between network safety prevention, improve internet security.
In one embodiment of the invention, finished vehicle electronic electrical architecture defence layer is corresponding uses central gateway technology, into One step includes: based on message ID and period and signal content, to be carried out to Content of Communication according to the specification of CAN bus network It checks and filters, carry out the forwarding of corresponding message, and to diagnosis request and the transmission of nonstandard numbers evidence using Seed-Key safety Access mechanism improves network security so as to effectively realize to the network safety prevention between vehicle modules and In-vehicle networking Property.
In one embodiment of the invention, the network message MAC encryption technology that In-vehicle networking defence layer uses, is counterweight Message is wanted to use the MAC encryption technology of SecOC (safe system on chip) code requirement based on AUTOSAR.It first will be important The sending node and receiving node of message determine, it is desirable that these nodes all realize SecOC, and each SecOC module has for data The fresh value (such as freshness counter, timestamp) of freshness protection.
Based on this, in one embodiment of the invention, as shown in connection with fig. 4, In-vehicle networking defends layer is corresponding to use network Message MAC encryption technology further comprises:
Step 1: the sending node (the sending node A in such as Fig. 4) and receiving node for determining important message are (in such as Fig. 4 Receiving node B), sending node and receiving node respectively saves and shared key.
Step 2: sending node generates a message authentication code MAC, using MAC generating algorithm, according to practical message, key Unique authentication data is calculated with fresh value.
Step 3: practical message, fresh value and message authentication code are formed the Payload of message by sending node, and will Payload is sent to receiving node.The specific signal of Payload is as shown in Figure 5.
Step 4: receiving node verifies Payload, if what fresh value (LSB) ratio received locally saved Fresh value (MSB) is high, then the fresh value (MSB) saved by the practical message received, locally and the fresh value (LSB) received It connects, the input of value and key as MAC generating algorithm after connection, so as to effectively prevent replay attack.
Step 5: the MAC calculated and the MAC received being matched, if successful match, receiving node is sentenced The sending node that message comes from reliable (sharing the same private key) is determined, so that it is guaranteed that message is not tampered with and fresh, i.e., It is not replayed, so as to effectively realize to the network safety prevention between each domain controller or each automatically controlled ECU, improves network Safety.
In one embodiment of the invention, automobile electronic controller physics defence layer is corresponding uses the peace based on EVITA Devices at full hardware building block technique further comprises: using towards secure hardware module of the In-vehicle networking safety based on EVITA, according to vapour The functional requirement of vehicle electronic controller determines the EVITA grade that automobile electronic controller is chosen according to the grade scale of EVITA, from And can effectively realize the security protection to automobile electronic controller network of relation, improve internet security.Wherein, EVITA Grade includes: Full grades of EVITA, Medium grades of EVITA and Light grades of EVITA.Specifically, for example, V-BOX, T-BOX etc. Choose EVITA Full grades;The driving such as GateWay, VCU, MCU, ESP, ADAS, BMS and active safety relevant ECU (electronics control Device processed) choose EVITA Medium grades;The relevant ECU of BCM, DCM equivalent comfort system chooses EVITA Light grades.
To sum up, the vehicle network safety protection method according to an embodiment of the present invention based on car networking, using layered defense Strategy establishes multiple Prevention-Security layers and realizes vehicle security protection, can effectively resist hacker and examine by wireless communication with OBD The network attack that slave interrupt interface carries out, while the camouflage replay attack of hacker can be effectively resisted, to further improve vehicle Internet security.
Further embodiment of the present invention also proposed a kind of vehicle network architecture based on car networking.
Fig. 6 is the vehicle network architecture schematic diagram according to an embodiment of the invention based on car networking.As shown in fig. 6, The vehicle network architecture 1000 based on car networking includes: multiple Prevention-Security layers 100.Specifically, multiple Prevention-Security layers 100 Include at least: car networking defends layer 110, finished vehicle electronic electrical architecture defence layer 120, In-vehicle networking defence layer 130 and automobile electricity Sub-controller physics defends layer 140.
Wherein, for each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes vehicle Network safety prevention, wherein car networking defends layer 110 is corresponding to use firewall technology, and finished vehicle electronic electrical architecture defends layer 120 It is corresponding to use central gateway technology;In-vehicle networking defends layer 130 is corresponding to use network message MAC encryption technology, automotive electronics control Implements reason defence layer 140 processed is corresponding to use the secure hardware module technology based on EVITA.Specifically, i.e. anti-to each safety Imperial layer choosing takes corresponding Prevention-Security technological means.Car networking defends layer 110 (between cloud server terminal and vehicle) corresponding using anti- Wall with flues technology, finished vehicle electronic electrical architecture defend layer 120 (between vehicle modules and In-vehicle networking) is corresponding to use central gateway skill Art;In-vehicle networking defends layer 130 (between each domain controller or each automatically controlled ECU) is corresponding to use network message MAC encryption technology, vapour Vehicle electronic controller physics defends layer 140 is corresponding to use the secure hardware module technology based on EVITA.
Specifically, in one embodiment of the invention, car networking defence layer 110 is corresponding uses firewall technology, into one Step includes: increase T-BOX hardware, and communication and external interface between the two between car networking service platform TSP and vehicle Relevant safety standard according in IEEE 1609.2 be directed to ITS (Intelligent Traffic Systems, intelligent transportation system System) the secure communication regulation enforcement of relevant wireless network that defines, so as to effectively to the cloud server terminal of car networking and whole Network safety prevention between vehicle improves internet security.
In one embodiment of the invention, finished vehicle electronic electrical architecture defence layer 120 is corresponding uses central gateway technology, Further comprise: according to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication into Row checks and filtering, carries out the forwarding of corresponding message, and pacify using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence Full access mechanism improves network peace so as to effectively realize to the network safety prevention between vehicle modules and In-vehicle networking Quan Xing.
In one embodiment of the invention, In-vehicle networking defends the network message MAC encryption technology of the use of layer 130, is The MAC encryption technology of SecOC (safe system on chip) code requirement based on AUTOSAR is used to important message.First will The sending node and receiving node of important message determine, it is desirable that these nodes all realize SecOC, and each SecOC module is used for The fresh value (such as freshness counter, timestamp) of data freshness protection.
Based on this, in one embodiment of the invention, In-vehicle networking defence layer 130 is corresponding to be added using network message MAC Secret skill art further comprises: determining that the sending node and receiving node of important message, sending node and receiving node respectively save And shared key;Sending node generates a message authentication code MAC, using MAC generating algorithm, according to practical message, key and Fresh value calculates unique authentication data;Practical message, fresh value and message authentication code are formed message by sending node Payload, and receiving node is sent by Payload;Receiving node verifies Payload, if what is received is new Fresh value (LSB) is higher than the fresh value (MSB) locally saved, then the fresh value (MSB) saved by the practical message received, locally It is connected with the fresh value (LSB) received, the input of value and key as MAC generating algorithm after connection, so as to It effectively prevent replay attack;The MAC calculated and the MAC received are matched, if successful match, receiving node Determine that message comes from the sending node of reliable (sharing the same private key), so that it is guaranteed that message is not tampered with and fresh, It is not replayed, so as to effectively realize to the network safety prevention between each domain controller or each automatically controlled ECU, improves net Network safety.
In one embodiment of the invention, automobile electronic controller physics defence layer 140 is corresponding using based on EVITA's Secure hardware module technology further comprises: using towards In-vehicle networking safety the secure hardware module based on EVITA, according to The functional requirement of automobile electronic controller determines the EVITA grade that automobile electronic controller is chosen according to the grade scale of EVITA, So as to effectively realize to the security protection of automobile electronic controller network of relation, internet security is improved.Wherein, EVITA grade includes: Full grades of EVITA, Medium grades of EVITA and Light grades of EVITA.Specifically, for example, V-BOX, T- BOX etc. chooses EVITA Full grades;The driving such as GateWay, VCU, MCU, ESP, ADAS, BMS and the relevant ECU of active safety (electronic controller) chooses EVITA Medium grades;The relevant ECU of BCM, DCM equivalent comfort system chooses EVITA Light grades.
It should be noted that the specific implementation of the vehicle network architecture based on car networking of the embodiment of the present invention and sheet The specific implementation of the vehicle network safety protection method based on car networking of inventive embodiments is similar, specifically refers to method Partial description, in order to reduce redundancy, details are not described herein again.
To sum up, the vehicle network architecture according to an embodiment of the present invention based on car networking is built using layered defense strategy Found multiple Prevention-Security layers and realize vehicle security protections, can effectively resist hacker diagnosed by wireless communication with OBD interface into Capable network attack, while the camouflage replay attack of hacker can be effectively resisted, to further improve vehicle network security Property.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not Centainly refer to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be any One or more embodiment or examples in can be combined in any suitable manner.
Although an embodiment of the present invention has been shown and described, it will be understood by those skilled in the art that: not A variety of change, modification, replacement and modification can be carried out to these embodiments in the case where being detached from the principle of the present invention and objective, this The range of invention is by claim and its equivalent limits.

Claims (10)

1. a kind of vehicle network safety protection method based on car networking, which comprises the following steps:
Establish multiple Prevention-Security layers to vehicle network, the multiple Prevention-Security layer includes at least: car networking defends layer, vehicle Electric framework defence layer, In-vehicle networking defence layer and automobile electronic controller physics defend layer;
For each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes that vehicle network security is anti- Shield, wherein the car networking defence layer is corresponding to use firewall technology, and the finished vehicle electronic electrical architecture defence layer is corresponding to be used Central gateway technology;The In-vehicle networking defence layer is corresponding to use network message MAC encryption technology, the automobile electronic controller Physics defends layer is corresponding to use the secure hardware module technology based on EVITA.
2. the vehicle network safety protection method according to claim 1 based on car networking, which is characterized in that the vehicle connection Net defence layer is corresponding to use firewall technology, further comprises:
Increase T-BOX hardware between car networking service platform and vehicle, and communication and external interface between the two is relevant Safety standard is held according to the secure communication specification for being directed to the relevant wireless network that intelligent transportation system defines in IEEE 1609.2 Row.
3. the vehicle network safety protection method according to claim 1 based on car networking, which is characterized in that the vehicle Electric framework defence layer is corresponding to use central gateway technology, further comprises:
According to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication carry out check and Filtering carries out the forwarding of corresponding message, and has secure access to machine using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence System.
4. the vehicle network safety protection method according to claim 1 based on car networking, which is characterized in that described vehicle-mounted Cyber-defence layer is corresponding to use network message MAC encryption technology, further comprises:
Determine sending node and receiving node, the sending node and receiving node respectively saves and shared key;
The sending node generates a message authentication code MAC, using MAC generating algorithm, according to practical message, key and fresh Value calculates unique authentication data;
The sending node has described practical message, the Payload of fresh value and message authentication code composition message Effect load is sent to the receiving node;
The receiving node verifies the Payload, if the fresh value received is than the fresh value that locally saves Height, the then fresh value saved by the practical message received, locally and the fresh value received connect, the value after connection and Input of the key as the MAC generating algorithm;
The MAC calculated and the MAC received are matched, if successful match, receiving node determines that message comes from Reliable sending node.
5. the vehicle network safety protection method according to claim 1 based on car networking, which is characterized in that the automobile Electronic controller physics defends layer is corresponding to use the secure hardware module technology based on EVITA, further comprises:
Determine that the automobile electronic controller is chosen according to the grade scale of EVITA according to the functional requirement of automobile electronic controller EVITA grade, wherein the EVITA grade includes: Full grades of EVITA, Medium grades of EVITA and EVITA Light Grade.
6. a kind of vehicle network architecture based on car networking characterized by comprising
Multiple Prevention-Security layers, the multiple Prevention-Security layer include at least: car networking defends layer, finished vehicle electronic electrical architecture anti- Imperial layer, In-vehicle networking defence layer and automobile electronic controller physics defend layer, wherein
For each Prevention-Security layer, corresponding preset Prevention-Security technology is chosen respectively and realizes that vehicle network security is anti- Shield, wherein the car networking defence layer is corresponding to use firewall technology, and the finished vehicle electronic electrical architecture defence layer is corresponding to be used Central gateway technology;The In-vehicle networking defence layer is corresponding to use network message MAC encryption technology, the automobile electronic controller Physics defends layer is corresponding to use the secure hardware module technology based on EVITA.
7. the vehicle network architecture according to claim 6 based on car networking, which is characterized in that the car networking defends layer It is corresponding to use firewall technology, further comprise:
Increase T-BOX hardware, communication between the two and the relevant peace of external interface between car networking service platform and vehicle Full standard according to the relevant wireless network that intelligent transportation system justice is directed in IEEE 1609.2 secure communication regulation enforcement.
8. the vehicle network architecture according to claim 6 based on car networking, which is characterized in that the finished vehicle electronic is electrical Framework defends layer is corresponding to use central gateway technology, further comprises:
According to the specification of CAN bus network, based on message ID and period and signal content, to Content of Communication carry out check and Filtering carries out the forwarding of corresponding message, and has secure access to machine using Seed-Key to diagnosis request and the transmission of nonstandard numbers evidence System.
9. the vehicle network architecture according to claim 6 based on car networking, which is characterized in that the In-vehicle networking defence Layer is corresponding to use network message MAC encryption technology, further comprises:
Determine sending node and receiving node, the sending node and receiving node respectively saves and shared key;
The sending node generates a message authentication code MAC, using MAC generating algorithm, according to practical message, key and fresh Value calculates unique authentication data;
The sending node has described practical message, the Payload of fresh value and message authentication code composition message Effect load is sent to the receiving node;
The receiving node verifies the Payload, if the fresh value received is than the fresh value that locally saves Height, the then fresh value saved by the practical message received, locally and the fresh value received connect, the value after connection and Input of the key as the MAC generating algorithm;
The MAC calculated and the MAC received are matched, if successful match, receiving node determines that message comes from Reliable sending node.
10. the vehicle network architecture according to claim 6 based on car networking, which is characterized in that the automotive electronics control Implements reason defence layer processed is corresponding to use the secure hardware module technology based on EVITA, further comprises:
Determine that the automobile electronic controller is chosen according to the grade scale of EVITA according to the functional requirement of automobile electronic controller EVITA grade, wherein the EVITA grade includes: Full grades of EVITA, Medium grades of EVITA and EVITA Light Grade.
CN201711052820.5A 2017-10-30 2017-10-30 Vehicle network safety protection method and the vehicle network architecture based on car networking Pending CN109729056A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711052820.5A CN109729056A (en) 2017-10-30 2017-10-30 Vehicle network safety protection method and the vehicle network architecture based on car networking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711052820.5A CN109729056A (en) 2017-10-30 2017-10-30 Vehicle network safety protection method and the vehicle network architecture based on car networking

Publications (1)

Publication Number Publication Date
CN109729056A true CN109729056A (en) 2019-05-07

Family

ID=66293287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711052820.5A Pending CN109729056A (en) 2017-10-30 2017-10-30 Vehicle network safety protection method and the vehicle network architecture based on car networking

Country Status (1)

Country Link
CN (1) CN109729056A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351358A (en) * 2019-07-09 2019-10-18 成都信息工程大学 A kind of car networking safe information transmission and intelligent early-warning system
CN112217634A (en) * 2019-07-12 2021-01-12 华为技术有限公司 Authentication method, equipment and system applied to intelligent vehicle
CN112422595A (en) * 2019-08-20 2021-02-26 华为技术有限公司 Vehicle-mounted system safety protection method and device
CN112637152A (en) * 2020-12-08 2021-04-09 国汽(北京)智能网联汽车研究院有限公司 Vehicle-mounted Ethernet firewall system, communication delay determination method and device
CN112740726A (en) * 2020-12-28 2021-04-30 华为技术有限公司 Data transmission method and device
CN113242139A (en) * 2021-03-24 2021-08-10 江铃汽车股份有限公司 Vehicle network signal platform design method
CN113439425A (en) * 2020-01-23 2021-09-24 华为技术有限公司 Message transmission method and device
CN113741393A (en) * 2021-09-03 2021-12-03 东风汽车集团股份有限公司 Vehicle safety network architecture based on central gateway and diagnosis method thereof
WO2022032548A1 (en) * 2020-08-13 2022-02-17 华为技术有限公司 In-vehicle network secure communication method, apparatus and device
CN114257388A (en) * 2020-09-21 2022-03-29 北京新能源汽车股份有限公司 Information safety protection method and device of Internet of vehicles system and electric vehicle
CN114301739A (en) * 2021-12-29 2022-04-08 北京国家新能源汽车技术创新中心有限公司 Central gateway security architecture, system and storage medium
CN115208694A (en) * 2022-09-13 2022-10-18 智己汽车科技有限公司 Vehicle-mounted network communication encryption system based on central computing platform and vehicle
WO2022246760A1 (en) * 2021-05-27 2022-12-01 华为技术有限公司 In-vehicle communication method and apparatus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101481403B1 (en) * 2013-08-26 2015-01-21 고려대학교 산학협력단 Data certification and acquisition method for vehicle
CN105009546A (en) * 2013-02-25 2015-10-28 丰田自动车株式会社 Information processing device and information processing method
CN105745862A (en) * 2013-09-24 2016-07-06 密执安州立大学董事会 Real-time frame authentication using ID anonymization in automotive networks
CN105871830A (en) * 2016-03-28 2016-08-17 成都信息工程大学 Firewall of vehicle-mounted information system of automobile

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105009546A (en) * 2013-02-25 2015-10-28 丰田自动车株式会社 Information processing device and information processing method
KR101481403B1 (en) * 2013-08-26 2015-01-21 고려대학교 산학협력단 Data certification and acquisition method for vehicle
CN105745862A (en) * 2013-09-24 2016-07-06 密执安州立大学董事会 Real-time frame authentication using ID anonymization in automotive networks
CN105871830A (en) * 2016-03-28 2016-08-17 成都信息工程大学 Firewall of vehicle-mounted information system of automobile

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
于赫: "《网联汽车信息安全问题及CAN总线异常检测技术研究》", 《中国博士学位论文全文数据库工程科技Ⅱ辑》 *
张铁欣: "《基于汽车网关平台功能的网络拓扑设计与安全研究》", 《汽车电器》 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351358A (en) * 2019-07-09 2019-10-18 成都信息工程大学 A kind of car networking safe information transmission and intelligent early-warning system
CN112217634B (en) * 2019-07-12 2022-07-19 华为技术有限公司 Authentication method, equipment and system applied to intelligent vehicle
CN112217634A (en) * 2019-07-12 2021-01-12 华为技术有限公司 Authentication method, equipment and system applied to intelligent vehicle
CN115378580A (en) * 2019-07-12 2022-11-22 华为技术有限公司 Authentication method, equipment and system
CN112422595A (en) * 2019-08-20 2021-02-26 华为技术有限公司 Vehicle-mounted system safety protection method and device
CN112422595B (en) * 2019-08-20 2022-10-11 华为技术有限公司 Vehicle-mounted system safety protection method and device
CN113439425B (en) * 2020-01-23 2022-10-11 华为技术有限公司 Message transmission method and device
CN113439425A (en) * 2020-01-23 2021-09-24 华为技术有限公司 Message transmission method and device
WO2022032548A1 (en) * 2020-08-13 2022-02-17 华为技术有限公司 In-vehicle network secure communication method, apparatus and device
CN114257388A (en) * 2020-09-21 2022-03-29 北京新能源汽车股份有限公司 Information safety protection method and device of Internet of vehicles system and electric vehicle
CN114257388B (en) * 2020-09-21 2024-03-26 北京新能源汽车股份有限公司 Information safety protection method and device of Internet of vehicles system and electric automobile
CN112637152B (en) * 2020-12-08 2023-03-24 国汽(北京)智能网联汽车研究院有限公司 Vehicle-mounted Ethernet firewall system, communication delay determination method and device
CN112637152A (en) * 2020-12-08 2021-04-09 国汽(北京)智能网联汽车研究院有限公司 Vehicle-mounted Ethernet firewall system, communication delay determination method and device
WO2022140895A1 (en) * 2020-12-28 2022-07-07 华为技术有限公司 Data transmission method, and apparatus
CN112740726B (en) * 2020-12-28 2022-06-10 华为技术有限公司 Data transmission method and device
CN112740726A (en) * 2020-12-28 2021-04-30 华为技术有限公司 Data transmission method and device
CN113242139A (en) * 2021-03-24 2021-08-10 江铃汽车股份有限公司 Vehicle network signal platform design method
WO2022246760A1 (en) * 2021-05-27 2022-12-01 华为技术有限公司 In-vehicle communication method and apparatus
CN113741393A (en) * 2021-09-03 2021-12-03 东风汽车集团股份有限公司 Vehicle safety network architecture based on central gateway and diagnosis method thereof
CN113741393B (en) * 2021-09-03 2023-03-24 东风汽车集团股份有限公司 Vehicle safety network architecture based on central gateway and diagnosis method thereof
CN114301739A (en) * 2021-12-29 2022-04-08 北京国家新能源汽车技术创新中心有限公司 Central gateway security architecture, system and storage medium
CN114301739B (en) * 2021-12-29 2023-08-22 北京国家新能源汽车技术创新中心有限公司 Central gateway security architecture, system and storage medium
CN115208694A (en) * 2022-09-13 2022-10-18 智己汽车科技有限公司 Vehicle-mounted network communication encryption system based on central computing platform and vehicle
CN115208694B (en) * 2022-09-13 2023-01-13 智己汽车科技有限公司 Vehicle-mounted network communication encryption system based on central computing platform and vehicle

Similar Documents

Publication Publication Date Title
CN109729056A (en) Vehicle network safety protection method and the vehicle network architecture based on car networking
CN109714344B (en) Intelligent networking automobile information safety platform based on' end-pipe-cloud
US11618394B2 (en) Vehicle secure messages based on a vehicle private key
Bernardini et al. Security and privacy in vehicular communications: Challenges and opportunities
US9866570B2 (en) On-vehicle communication system
JP5479408B2 (en) In-vehicle network system
US10791125B2 (en) End-to-end controller protection and message authentication
US20160173530A1 (en) Vehicle-Mounted Network System
JP6807906B2 (en) Systems and methods to generate rules to prevent computer attacks on vehicles
Abbott-McCune et al. Intrusion prevention system of automotive network CAN bus
CN106953796A (en) Security gateway, data processing method, device, vehicle network topology and vehicle
CN109428716A (en) The encryption key distribution of car group
US20130227650A1 (en) Vehicle-Mounted Network System
CN107483393B (en) Communication method, server and communication system of Internet of vehicles
CN111147448B (en) CAN bus flood attack defense system and method
CN108173856A (en) Vehicle communication data safety detection method, device and car-mounted terminal
CN106406281A (en) Safety remote control system for electric vehicle, and method thereof
Huang et al. On the security of in-vehicle hybrid network: Status and challenges
US11176229B2 (en) Anti-tamper system for vehicle firmware
CN112740617B (en) Certificate list updating method and device
Luo et al. Security mechanisms design of automotive gateway firewall
Dadam et al. Onboard Cybersecurity Diagnostic System for Connected Vehicles
CN116800531A (en) Automobile electronic and electric architecture and safety communication method
CN106685967A (en) Vehicle network communication encryption and intrusion monitoring device
Zou et al. Research on information security framework of intelligent connected vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190507