CN111435945B - Automobile Ethernet communication method, terminal equipment and storage medium - Google Patents

Abstract

The invention relates to the technical field of automobile communication, and provides an automobile Ethernet communication method, terminal equipment and a storage medium, wherein the method comprises the following steps: (1) Naming the data generated by each module in the vehicle; (2) Setting a plurality of nodes, wherein each module in the vehicle is in communication connection with the nearest node, and each node is used for storing and updating data generated by each module; setting a use range prefix contained in a naming prefix of data which is only used in a specific area, wherein a corresponding interest packet for acquiring the data needs to contain the use range prefix, and the interest packet can only acquire the data comprising the use range prefix in the name from a node which is in communication connection with the interest packet; (3) setting a security gateway as a certificate authority; (4) setting a security gateway as an authorization server. The invention uses named data network to replace TCP/IP protocol to construct network communication architecture, and uses the safety characteristic of the network to ensure the safety of network and information in the vehicle.

Description

Automobile Ethernet communication method, terminal equipment and storage medium

Technical Field

The present invention relates to the field of automotive communications technologies, and in particular, to an automotive ethernet communication method, a terminal device, and a storage medium.

Background

Automobiles are considered and are becoming "next-generation advanced mobile interconnect intelligent terminals" for individuals or homes that require information exchange with external networks. Meanwhile, automobiles have extremely high safety requirements as high-speed vehicles. Networking of automobiles will present challenges to in-car networking and information security. The TCP/IP protocol widely used in the internet today solves the problem of where and how data is going. Because of the lack of security concerns at the beginning of the design, the network running the TCP/IP protocol is always unsatisfactory in terms of security, no matter how many security mechanisms it joins. People who are skilled in the network can always want to invade any corner of the network to obtain information that the owner does not want to know. Under the condition that the vehicle-mounted network introduces the Ethernet and carries the TCP/IP, the vehicle network realizes seamless connection with the Internet, and meanwhile, security holes in the Internet are inherited.

Disclosure of Invention

In order to solve the above problems, the present invention provides an automotive ethernet communication method, a terminal device and a storage medium, wherein a network communication architecture is constructed by using a named data network instead of a TCP/IP protocol, and the security of the network and information in the automobile is ensured by using the security characteristics of the network communication architecture.

The specific scheme is as follows:

an automotive ethernet communication method, comprising:

(1) Naming the data generated by each module in the vehicle;

(2) Setting a plurality of nodes, wherein each module in the vehicle is in communication connection with the nearest node, and each node is used for storing and updating data generated by each module;

setting a use range prefix contained in a naming prefix (prefix) of data which is only used in a specific area, wherein a corresponding Interest Packet (Interest Packet) for acquiring the data needs to contain the use range prefix, and the data comprising the use range prefix in the name can be acquired only from a node which is in communication connection with the data;

(3) Setting a security gateway as a certificate issuing mechanism, issuing a production certificate for a data generation module to authorize the data generation module to issue data generated by the data generation module, and granting a corresponding decryption key for the data demand module to allow the data demand module to access the corresponding data;

(4) And setting a security gateway as an authorization server, distributing an access key to an issuer of the control instruction to perform authorization service, using the access key to digitally sign the interest packet by the instruction issuer, verifying the access key by an operation executor, and generating a feedback data packet containing an execution effect to confirm by the issuer of the control instruction after the verification is successful.

Further, the data generated by each module in the vehicle is named according to the hierarchical tree network structure, the structural hierarchy and the meaning of the data of the network where the data are located.

Further, when each module generates new data, the new data is issued to the central node by propagating the name of the new data, and the central node stores or updates the new data according to the name of the new data.

The invention relates to an automobile Ethernet communication terminal device, which comprises a processor, a memory and a computer program stored in the memory and capable of running on the processor, wherein the steps of the method of the embodiment of the invention are realized when the processor executes the computer program.

A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the method according to the embodiments of the present invention.

The invention adopts the technical proposal that the invention has: the data packet is complete, real and non-tamperable; the flow meaning is clear and transparent, and the data is directly managed; determining routing and forwarding by the network based on the name, the network structure not being transparent to the user; the beneficial effects of supporting the cache and facilitating the data sharing are achieved.

Drawings

Fig. 1 is a diagram illustrating a network area division structure according to a first embodiment of the present invention.

Fig. 2 is a partial namespace schematic of the embodiment.

Fig. 3 is a diagram showing access control in this embodiment.

Fig. 4 is a schematic diagram of authorization authentication in this embodiment.

Detailed Description

For further illustration of the various embodiments, the invention is provided with the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments and together with the description, serve to explain the principles of the embodiments. With reference to these matters, one of ordinary skill in the art will understand other possible embodiments and advantages of the present invention.

The invention will now be further described with reference to the drawings and detailed description.

Embodiment one:

to achieve a safer, more intelligent vehicle driving function, a large amount of data must be provided as support. Automotive ethernet provides the basic condition for implementing these advanced functions-the transmission bandwidth-from the physical layer and the link layer. In the in-vehicle network, various sensors, radars, cameras and other modules are responsible for generating relevant data of the running states of the vehicle body and the power system and the change of the environment outside the vehicle. A large amount of data is acquired by a corresponding monitoring module, an Advanced Driving Assistance System (ADAS) module, an intelligent driving module to confirm the current vehicle state, to run safely or to assist in safe driving, and even to realize intelligent driving. Thus, establishing an efficient and secure in-vehicle communication network must ensure that: the safety of the whole in-vehicle network is available; isolation of extraneous data; the true and stealth data of the useful data is kept secret; identity authentication of the data (service) acquirer; authorization of the operation control command; and filtering illegal flow. The network architecture implemented by the named data network, which uses the data information as a central point, takes these security problems into account at the beginning of the design. Compared with the TCP/IP protocol, the named data network can realize the functions in the automobile Ethernet environment.

The first embodiment of the invention provides an automobile Ethernet communication method based on a named data network, which mainly comprises the following steps:

(1) Naming in-vehicle generation of data and in-vehicle services

In a named data networking architecture, a developer is given the right to define his own namespace. Naming data networks employ a hierarchical naming convention with semantics that name data or services based on content.

In an in-vehicle network, in order to save space and cost occupied by wiring, the topology of the in-vehicle network is also typically a hierarchical tree network structure. The data and the services can be named according to the structural hierarchy of the network where each module generating the data in the vehicle is located and the actual content and meaning of the data and the services provided by the module generating the data. The hierarchical naming can well define the attribution relation of the data, and the authority of the data or the service acquisition can be conveniently defined. The names with definite semantics enable the application to understand the content of the currently transmitted data or the requested data and conveniently check the validity of the currently transmitted data or the requested data, so that the difficulty in monitoring and analyzing the flow is greatly reduced.

According to the requirements of the communication of the network in the vehicle for data and services, the specific naming in the embodiment is shown in fig. 2, and the naming of the data communication of the reversing radar with semantics is carried out in a layered manner as an example:

a. naming the root of the owner/ivndn/yaxon;

b. adding a new layer/park according to the range of the data, namely the parking system;

c. joining identity information/radar 02 of the device;

d. adding related prefixes of the data, including segment identification, time stamp, data content type, serial number and the like;

the data provided by the final reversing radar can be named:

/ivndn/yaxon/parking/radar02/data/2/am9h24m00s/barrier_detection/1/…

(2) Name-based in-vehicle network area partitioning

Conventional in-vehicle network communications may be divided into different communication systems by physical isolation, but some of the data needs to be shared by multiple modules in the vehicle. Thus relying solely on physical isolation will disrupt the interconnection within the vehicle. The virtual local area network (Virtual Local Area Network, VLAN) technology used by the same TCP/IP also requires a trade-off between the isolation effect and the additional bandwidth overhead (communication of the different virtual local area networks implemented by single-arm routing) in this case. In addition, in order to implement some higher-level functions, the automobile needs to exchange and share data with an external network through a communication module such as communication V2X, 4G/5G between the automobile and unknown things. This will greatly increase the complexity of network communications, with a significant potential safety hazard.

Referring to fig. 1, a plurality of nodes are disposed in an in-vehicle network, each module in the in-vehicle network is in communication connection with a nearest node, and each node is used for storing and updating data generated by each module. Specifically, in this embodiment, the node is set to node m (m is a node requirement, e.g. 1, 2, … …), which not only operates as a forwarding node, but also serves as a publish-subscribe center of the range (/ domain). When the radar generates new data, the node m serving as a publishing and subscribing center retrieves or updates (according to/timestamp) the corresponding data according to the name and stores the corresponding data locally in preparation for the subscriber to access the data by publishing the new data to the node m by means of propagating the name of the new data.

In order to facilitate the security and management of data, in this embodiment, a usage range prefix (/ scope name hierarchy) is added when naming data used in the interior region of the vehicle only to divide the region of the network in the vehicle. The usage range prefix used in this embodiment is "localhop", and when the data naming contains a localhop prefix, such as \ivndn/yaxon/localhop, the interest packet corresponding to the data will also carry a corresponding usage range prefix, such as \localhop. When the interest packet carries a name containing/localhop, the interest packet has only one-hop survival space, i.e. only the data including the use range prefix in the name can be acquired from the node connected with the interest packet, and the data cannot be acquired from other nodes, and after the data is acquired, the interest packet disappears. By the arrangement, other devices which are not directly connected with the communication can be ensured to be incapable of acquiring the data with the/localhop prefix.

For example, when the advanced driving assistance system module wants to acquire data generated by the reverse radar, the advanced driving assistance system will send an interest packet carrying/ivndn/yaxon/localhop/park/radar 02/data/…/barrier_detection/… name to node m. Since the interest packet carries/localhop prefix, node m will not forward the interest packet to RADAR (RADAR), but will still be able to retrieve the corresponding data packet stored in node m.

In this embodiment, a synchronization mechanism between nodes is introduced to meet the requirement of data that needs to be shared and not acquired by external devices. Therefore, when data carrying/localhop prefix is required by multiple modules, it can be achieved by data synchronization between nodes. And when the data without carrying/localhop prefix is needed by a plurality of modules, the data can be directly retrieved by sending the interest packet.

(3) Access control based on data and service name

Referring to fig. 3, the present embodiment provides access control based on data, service names to further enhance the security of in-vehicle information. By building trust anchors on top of car security gateways, we can assign security gateways to be data owners of the entire in-car network, with the entire namespaces. Meanwhile, a security gateway is provided to act as a certificate authority (CA, certificate Authority) of the in-vehicle network. Meanwhile, a certificate authority based on a named data network can provide convenient keys and certificate management functions. Because the data is uniquely named at the beginning of generation, the related certificates and KEYs can share part of the naming prefix, and the KEY identifier-KEY-CK and other suffixes are added on the basis of the prefix. For example, the encryption key for the use of data generated by the reversing radar may be named: pervndn/yaxon/localhop/working/radar 02/data/…/barrier_detection/KEY-CK/…

A certificate authority issues a "production certificate" for a "producer" of data to authorize it to issue certain data or a certain service it generates, and is used for "consumer" authentication of data sources and encryption rules for specifying the data; for some data related to security and needing sharing, the data can be directly and symmetrically encrypted according to rules, and a secret key can be directly bound with the name of the data.

The certificate authority issues "consumption certificates" for legitimate "consumers" that are allowed access to the data by enabling them to obtain decryption keys. The "consumer" may be a device of an in-vehicle network, as well as an external network device, such as other vehicles, RSA, etc. Since the information thief does not have the decryption key, even if accessing the inside of the in-vehicle network from the physical layer, the encrypted information cannot be obtained.

(4) Authorization authentication based on data and service name

In an in-vehicle network, some devices need to be woken up and manipulated through the network. In order to ensure the safety of the vehicle, the legitimacy of the control instruction needs to be verified. The naming data network supports the establishment of a local trust mechanism in the vehicle, and the trust mechanism can be directly matched with the naming space, so that the safety of the network in the vehicle is completely ensured. Since most operation performers themselves have limited operational performance, they enter a sleep state for energy saving. Therefore, it is not preferable that the authorized authentication service be provided by the operation executor itself.

In this embodiment, the security gateway acts AS an authorization server (Authorization Server, AS). Referring to fig. 4, a Body Controller (BCM) is an issuer of a manipulation instruction, a door lock device (Door lockingsystem) is an operation executor, and an authorization server performs an authorization service by distributing an "access key" to the issuer of the manipulation instruction in accordance with a request from the operation executor, thereby ensuring the validity of the manipulation instruction. The instruction issuer digitally signs the interest package carrying the manipulation instruction using the "access key" for verification by the operation executor. After the verification is successful, the operation executor will be confirmed by the sender of the control instruction by generating a feedback data packet containing the execution effect.

Named data networking uses "request and retrieve data by name driven by data consumers" instead of "in TCP/IP" to establish a connection by IP address driven by data producer and send data. The use of such a data information centric network architecture in an in-vehicle network has the following advantages:

1. the data packet is complete, real and non-tamperable.

The data in the named data network is given a unique and unchangeable name at the beginning of generation, and the data package, the data name and the producer information are bound together by a signature of the producer to support the verification of the external data package by the vehicle-mounted network. At the same time, direct encryption of the on-board network data is supported to protect information security, instead of additionally establishing a secure connection or channel (e.g. SSL, IPSec) in TCP/IP.

2. The flow meaning is clear and transparent, and the data is directly managed.

In TCP/IP, data flows are identified by a five-tuple (Source IP address, source Port, destination IP address, destination Port, protocol). Such identification cannot be used directly to identify the purpose and legitimacy of the traffic. The data packets in the named data network are identified by unique semantic names, and the vehicle-mounted network manager can clearly determine the meaning of the data carried by each packet and directly manage the data.

3. Routing and forwarding are determined by the network based on name, and the network structure is not transparent to the user.

For an in-vehicle network, the TCP/IP protocol configures an IP address for in-vehicle network devices, which gives an opportunity for an external attacker to invade or launch an attack. The named data network routes through names, so that an attacker cannot directly access the internal equipment of the vehicle-mounted network, and malicious invasion and attack are prevented to a certain extent.

4. And a cache is supported, so that data sharing is convenient.

In a named data networking network, data is no longer bound to addresses. The named data can thus be cached directly at the intermediate network node and then accessed and retrieved by other "consumers" by name. In an in-vehicle network, when some data is needed by multiple modules (e.g., the data of the camera is needed by both the advanced driving assistance system module and the intelligent driving module), a large amount of data can be cached in the intermediate node and shared. This will greatly improve the operating efficiency of the in-vehicle network.

Embodiment two:

the invention also provides an automobile Ethernet communication terminal device, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the steps in the method embodiment of the first embodiment of the invention are realized when the processor executes the computer program.

Further, as an executable scheme, the automotive ethernet communication terminal device may be a computing device such as a computer, a vehicle-mounted computer, and the like. The automobile ethernet communication terminal device may include, but is not limited to, a processor, a memory. It will be understood by those skilled in the art that the above-mentioned constituent structure of the automotive ethernet communication terminal device is merely an example of the automotive ethernet communication terminal device, and does not constitute limitation of the automotive ethernet communication terminal device, and may include more or fewer components than the above-mentioned components, or may combine some components, or different components, for example, the automotive ethernet communication terminal device may further include an input/output device, a network access device, a bus, etc., which is not limited in the embodiment of the present invention.

Further, as an implementation, the processor may be a central processing unit (Central Processing Unit, CPU), other general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. The general processor may be a microprocessor or the processor may be any conventional processor, etc., and the processor is a control center of the automotive ethernet communication terminal device, and connects various parts of the entire automotive ethernet communication terminal device using various interfaces and lines.

The memory may be used to store the computer program and/or the module, and the processor may implement various functions of the automotive ethernet communication terminal device by running or executing the computer program and/or the module stored in the memory, and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for a function; the storage data area may store data created according to the use of the cellular phone, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.

The present invention also provides a computer readable storage medium storing a computer program which when executed by a processor implements the steps of the above-described method of an embodiment of the present invention.

The modules/units integrated in the automotive ethernet communication terminal device may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a software distribution medium, and so forth.

While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (4)

1. A method of automotive ethernet communication, comprising:

(1) Naming the data generated by each module in the vehicle according to the hierarchical tree network structure, the structural hierarchy and the meaning of the data of the network where the data are located;

(2) Setting a plurality of nodes, wherein each module in the vehicle is in communication connection with the nearest node, and each node is used for storing and updating data generated by each module;

setting a use range prefix contained in a naming prefix of data which is only used in a specific area, wherein a corresponding interest packet for acquiring the data needs to contain the use range prefix, and the interest packet can only acquire the data comprising the use range prefix in the name from a node which is in communication connection with the interest packet;

(3) Setting a security gateway as a certificate issuing mechanism, issuing a production certificate for a data generation module to authorize the data generation module to issue data generated by the data generation module, and granting a corresponding decryption key for the data demand module to allow the data demand module to access the corresponding data;

(4) And setting a security gateway as an authorization server, distributing an access key to an issuer of the control instruction to perform authorization service, using the access key to digitally sign the interest packet by the instruction issuer, verifying the access key by an operation executor, and generating a feedback data packet containing an execution effect to confirm by the issuer of the control instruction after the verification is successful.

2. The automotive ethernet communication method of claim 1, wherein: when each module generates new data, the new data is released to the central node in a mode of spreading the name of the new data, and the central node stores or updates the new data according to the name of the new data.

3. An automotive ethernet communication terminal device, which is characterized in that: comprising a processor, a memory and a computer program stored in the memory and running on the processor, which processor, when executing the computer program, implements the steps of the method according to any of claims 1-2.

4. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the method according to any of claims 1-2.