CN111756842A - Method and device for detecting vulnerability of Internet of vehicles and computer equipment - Google Patents
Method and device for detecting vulnerability of Internet of vehicles and computer equipment Download PDFInfo
- Publication number
- CN111756842A CN111756842A CN202010583507.XA CN202010583507A CN111756842A CN 111756842 A CN111756842 A CN 111756842A CN 202010583507 A CN202010583507 A CN 202010583507A CN 111756842 A CN111756842 A CN 111756842A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- information
- vehicle
- car networking
- intelligence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000006855 networking Effects 0.000 claims abstract description 60
- 238000001514 detection method Methods 0.000 claims description 20
- 230000015654 memory Effects 0.000 claims description 19
- 238000012550 audit Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 5
- 238000005065 mining Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 claims 2
- 230000008439 repair process Effects 0.000 abstract description 5
- 230000006378 damage Effects 0.000 description 10
- 238000011156 evaluation Methods 0.000 description 8
- 230000000694 effects Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 208000027418 Wounds and injury Diseases 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 208000014674 injury Diseases 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000009525 mild injury Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 208000037974 severe injury Diseases 0.000 description 2
- 230000009528 severe injury Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method, a device and computer equipment for detecting car networking vulnerabilities, wherein the method comprises the following steps: obtaining vulnerability intelligence, the vulnerability intelligence includes: vehicle hardware vulnerability information and vehicle software vulnerability information; will according to the rule of predetermineeing the vulnerability information matches with the vehicle information of prestoring, vehicle information includes: vehicle identification information, vehicle hardware identification information and vehicle software identification information; and determining the car networking vulnerability information according to the matching result. By implementing the method and the system, detailed information of various car networking vulnerabilities can be found, and timely repair is facilitated, so that loss caused by information security vulnerabilities is avoided.
Description
Technical Field
The invention relates to the technical field of Internet of vehicles, in particular to a method and a device for detecting vulnerabilities of the Internet of vehicles and computer equipment.
Background
With the intelligentization and networking processes of the car networking technology being accelerated, the connection relationship between the electronic control units and the electronic control units of the cars in the car networking is continuously increased, and each calculating, controlling and sensing unit and each connection path are likely to be utilized by hackers due to the existence of security holes, so that the attack and control on the cars in the car networking are realized. Therefore, a method for detecting the car networking vulnerability is urgently needed to be provided to find car networking vulnerability information in time and guarantee the safety of the car networking.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is to overcome the defect of low security of the internet of vehicles in the prior art, and provide a method and a device for detecting vulnerabilities of the internet of vehicles and computer equipment.
According to a first aspect, the embodiment of the invention discloses a car networking vulnerability detection method, which comprises the following steps: obtaining vulnerability intelligence, the vulnerability intelligence includes: vehicle hardware vulnerability information and vehicle software vulnerability information; will according to the rule of predetermineeing the vulnerability information matches with the vehicle information of prestoring, vehicle information includes: vehicle identification information, vehicle hardware identification information and vehicle software identification information; and determining the car networking vulnerability information according to the matching result.
Optionally, the method further comprises: and sending the car networking vulnerability information to a target object in the car networking according to the car information.
Optionally, after the sending the car networking vulnerability information to a target object in a car networking according to the vehicle information, the method further includes: and storing the vulnerability intelligence according to a target format.
Optionally, the storing the vulnerability intelligence according to a target format includes: auditing the vulnerability intelligence according to the target format; when the audit is not passed, determining that the vulnerability information is invalid and discarding; when the audit is passed, determining the type of the vulnerability intelligence; when the type of the vulnerability information is a newly added vulnerability type, verifying the authenticity of the vulnerability information, and discarding vulnerability information which does not meet the authenticity requirement; and when the type of the vulnerability intelligence is the existing vulnerability type, storing the vulnerability intelligence according to the target format.
Optionally, the method further comprises: and evaluating the grade of the vulnerability information of the newly added vulnerability type.
Optionally, the vulnerability intelligence includes artificially mined vulnerability intelligence, and the method further includes: and scoring the obtained artificially mined vulnerability information to obtain vulnerability information integral results, wherein the vulnerability information integral results are used for rewarding the users who perform vulnerability information mining.
According to a second aspect, an embodiment of the present invention further discloses a device for detecting car networking vulnerabilities, including: the acquisition module is used for acquiring vulnerability information, and the vulnerability information comprises: vehicle hardware vulnerability information and vehicle software vulnerability information; the matching module is used for matching the vulnerability information with prestored vehicle information according to a preset rule, and the vehicle information comprises: vehicle identification information, vehicle hardware identification information and vehicle software identification information; and the determining module is used for determining the car networking vulnerability information according to the matching result.
Optionally, the apparatus further comprises: and the sending module is used for sending the car networking vulnerability information to a target object in the car networking according to the car information.
Optionally, the apparatus further comprises: and the storage module is used for storing the vulnerability intelligence according to a target format.
According to a third aspect, an embodiment of the present invention further discloses a computer device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the steps of the vehicle networking vulnerability detection method according to the first aspect or any optional aspect of the first aspect.
According to a fourth aspect, the present invention further discloses a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the car networking vulnerability detection method according to the first aspect or any optional item of the first aspect.
The technical scheme of the invention has the following advantages:
according to the method and the device for detecting the car networking vulnerability, the vulnerability information is obtained and comprises the following steps: vehicle hardware leak information and vehicle software leak information match leak information and the vehicle information of prestoring according to predetermineeing the rule, and vehicle information includes: and determining the vulnerability information of the Internet of vehicles according to the matching result by using the identification information of the whole vehicle, the hardware identification information of the vehicle and the software identification information of the vehicle. By implementing the method and the system, detailed information of various car networking vulnerabilities can be found, and timely repair is facilitated, so that loss caused by information security vulnerabilities is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a specific example of a car networking vulnerability detection method in an embodiment of the present invention;
FIG. 2 is a diagram illustrating an exemplary embodiment of pre-stored vehicle information;
FIG. 3 is a schematic block diagram of a specific example of a car networking vulnerability detection apparatus in an embodiment of the present invention;
FIG. 4 is a diagram of an exemplary computer device according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; the two elements may be directly connected or indirectly connected through an intermediate medium, or may be communicated with each other inside the two elements, or may be wirelessly connected or wired connected. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The embodiment of the invention discloses a method for detecting car networking vulnerabilities, which comprises the following steps of:
s101: acquiring vulnerability information, wherein the vulnerability information comprises: vehicle hardware vulnerability information and vehicle software vulnerability information.
Illustratively, to be able to accommodate the complexity of a car networking system, vulnerability intelligence may include: vehicle hardware vulnerability information and vehicle software vulnerability information. The vehicle hardware vulnerability can be a specific vehicle part vulnerability; the vehicle software vulnerability may be a third party common software vulnerability used by the vehicle component.
The method for acquiring the Vulnerability information may be to acquire the latest Vulnerability information issued by Vulnerability websites such as a National information security Vulnerability sharing platform (CNVD), an information security Vulnerability portal (vulhub), a National Vulnerability Database (NVD) and the like through subscription or a crawler manner, or may be to extract vulnerabilities mined and stored by technicians directly from a background Database. Wherein, the vulnerability that technical staff excavated can submit background database to through a foreground display interface, and this vulnerability intelligence can include: the vulnerability information is obtained through the steps of detecting the vulnerability, and determining the vulnerability according to the vulnerability information.
As an optional implementation manner of the present invention, the vulnerability information includes artificially mined vulnerability information, and the car networking vulnerability detection method further includes: and scoring the obtained artificially mined vulnerability information to obtain vulnerability information integral results, wherein the vulnerability information integral results are used for rewarding the users who perform vulnerability information mining.
Illustratively, in order to encourage technicians to actively mine and submit bugs, the embodiment of the present invention may introduce a point reward mechanism to reward technicians who submit bugs, and reward the technicians with different physical objects according to the size of the bug credits, for example, when the bug credits are higher, the technicians are given physical objects with higher values; and conversely, when the vulnerability integral is low, the technician is given a real object with low value. The specific calculation method of the vulnerability integral is as follows:
the leak integral v k y,
wherein v represents a vulnerability score, and specific values are shown in table 1 below; k represents a vulnerability influence coefficient, and the determination of the vulnerability influence coefficient k is shown in the following table 2; y represents an original coefficient, when the vulnerability type is a newly added vulnerability type, the value of y is 1, and when the vulnerability type is an existing vulnerability type, the value of y is shown in the following table 3.
TABLE 1 vulnerability Scoring value-taking Table
| Vulnerability hazard classification | Score value |
| Severe severity of disease | 4 |
| High risk | 3 |
| Middle-risk | 2 |
| Low risk | 1 |
Severe vulnerability: under the working condition that the automobile runs at high speed, the loophole is utilized to influence a power control system of multiple automobile types in a remote (such as cellular network) mode, so that the whole automobile factory or a part factory suffers huge property loss, even the national automobile industry suffers great loss, and the social public safety can be seriously damaged.
High risk vulnerability: under the working condition that the automobile runs at a middle speed or above, by utilizing the loophole, a body system or a power control system of a certain automobile type is influenced in a short-distance (such as Bluetooth, Wi-Fi and the like) or long-distance (such as a cellular network) mode, so that a whole automobile factory or a part factory is lost for a period of time (such as a large number of vehicles are recalled), but the existence of the factory is not influenced, or privacy sensitive information of a large number of users in the whole automobile factory, such as user identity information, driving record information and the like, is not obtained.
And (3) medium-risk vulnerability: under the working condition that the automobile runs at a low speed or above, by utilizing the loophole, a single-automobile or certain-automobile-type entertainment system, an automobile body system or a power system is influenced in a contact (such as OBD), close-range (such as Bluetooth, Wi-Fi and the like) or remote (such as a cellular network) mode, so that a light loss of a whole automobile factory or a part factory can be caused, but a large amount of automobile recalls cannot be caused, or privacy sensitive information of a large amount of users in a certain automobile type, such as user identity information, driving record information and the like, can be obtained.
Low risk vulnerability: under the working condition that the automobile is in a static state, the loophole is utilized to influence an entertainment system, an automobile body system or a power system of a single automobile or a certain automobile type in a contact type, close distance or remote mode, only the reputation loss of the whole automobile factory or a part factory is influenced, the loophole can be repaired through remote updating or 4S shop updating, or non-privacy sensitive information of a user, such as oil consumption, tire pressure and the like, is obtained.
TABLE 2 vulnerability influence coefficient value-taking table
| Vulnerability impact value (x) | Calculation formula of vulnerability influence coefficient (k) |
| Serious loophole (x is more than or equal to 9.0 and less than or equal to 10.0) | 25x-90 |
| High risk loophole (x is more than or equal to 7.0 and less than or equal to 8.9) | 7.9x-10.3 |
| Middle risk vulnerability (x is more than or equal to 4.0 and less than or equal to 6.9) | 1.38x-2.48 |
| Low risk loophole (x is more than or equal to 0 and less than or equal to 3.9) | x+1 |
The vulnerability influence coefficient is determined according to a vulnerability influence value (x), and the vulnerability influence value represents the actual influence of the vulnerability and is obtained through expert evaluation.
TABLE 3 vulnerability coefficient value-taking table
| y | With patch | Patch-free |
| Has a poc | 0.2 | 0.16 |
| No poc | 0.04 | 0.02 |
Where poc represents a piece of descriptive content or a sample of an attack, enabling the relevant technician to confirm that the vulnerability is in fact present.
S102: according to presetting the rule and matching the vulnerability information with the vehicle information of prestoring, vehicle information includes: vehicle identification information, vehicle hardware identification information, and vehicle software identification information.
For example, the preset rule may be matching the vulnerability intelligence according to Common Platform Enumeration (CPE), or may be matching the vulnerability intelligence according to a custom rule.
In the embodiment of the invention, the preset rule is CPE2.3, for example, vulnerability information is matched with pre-stored vehicle information, in order to be compatible with the previous version, 11 tag features are specified in CPE2.3 to extract the characteristics of the vulnerability information, namely a target type (part), a manufacturer (vendor), a product name (product), a version number (version), an update package (update), a version (edition), a language item (language), a software version (sw _ edition), a target hardware version (target _ hw) and other information/remark information (other). The embodiment of the invention removes the edition field reserved by considering the downward compatibility, and adopts the remaining 10 fields as the matching characteristics. Matching the vulnerability information with the pre-stored vehicle information according to a preset rule can be realized by matching the latest vulnerability information with the pre-stored vehicle information one by one according to the 10 characteristic values, when all the fields are successfully matched, the matching is successful, and if one field is not matched, the matching is unsuccessful.
The vehicle information may be provided by OEM manufacturers participating in the cooperation. For the complexity of the vehicle information, the pre-stored vehicle information is formatted and stored in a tree structure, for example, as shown in fig. 2, a first hierarchy represents vehicle series of the vehicle, a second hierarchy represents a model number of the vehicle included in each vehicle series, a third hierarchy represents part data of the vehicle included in a certain vehicle model, and a fourth hierarchy represents third-party general software used by vehicle parts. The stored vehicle information includes vehicle identification information, vehicle hardware identification information, and vehicle software identification information. The whole vehicle identification information comprises an OEM manufacturer, vehicle detailed information and the like, and the detailed information of the vehicle comprises the vehicle series, the model and the like of the vehicle. The vehicle hardware identification information may include detail information of the component manufacturer, name, version number, and the like. The vehicle software identification information may include detailed information such as a third party common software type, manufacturer, name, version number, and the like. The embodiment of the present invention does not specifically limit the vehicle information, and those skilled in the art can set the vehicle information according to actual situations.
S103: and determining the car networking vulnerability information according to the matching result.
Exemplarily, the determining of the car networking vulnerability information according to the matching result may be: when the information in the vulnerability information is matched with the prestored vehicle information, specific vulnerability information is determined, such as which vehicle system, model, part or third-party general software of which manufacturer is specific; when there is a mismatch, it is not the vehicle in the pre-stored vehicle information, and the following steps are not performed.
According to the vehicle networking vulnerability detection method provided by the invention, vulnerability information is obtained, and the vulnerability information comprises the following steps: vehicle hardware leak information and vehicle software leak information match leak information and the vehicle information of prestoring according to predetermineeing the rule, and vehicle information includes: and determining the vulnerability information of the Internet of vehicles according to the matching result by using the identification information of the whole vehicle, the hardware identification information of the vehicle and the software identification information of the vehicle. By implementing the method and the system, detailed information of various car networking vulnerabilities can be found, and timely repair is facilitated, so that loss caused by information security vulnerabilities is avoided.
As an optional implementation manner of the present invention, the car networking vulnerability detection method further includes: and sending the vulnerability information of the Internet of vehicles to a target object in the Internet of vehicles according to the vehicle information.
The target object may include, for example, an OEM manufacturer and an owner of the vehicle, and the target object is not particularly limited in the embodiment of the present invention and may be selected by a person skilled in the art according to the actual situation. When the vehicle loophole is discovered, loophole information is sent to a corresponding OEM manufacturer and a corresponding vehicle owner according to the loophole condition so as to warn the OEM manufacturer and the vehicle owner, the OEM manufacturer can discover the loophole in the vehicle in time and repair the loophole in time, and loss caused by the information security loophole is avoided. The vulnerability information can be sent by a mail or a system notification method, the sending mode of the vulnerability information is not particularly limited in the embodiment of the invention, and the technical personnel in the field can set the vulnerability information according to the actual situation.
In the embodiment of the invention, the OEM needs to register and verify through the registration page in advance, and after the OEM registers successfully, the verification information can be the photo of the relevant certificate (e.g. a business license) and the contact and mailbox of the OEM. Only registered and verified vendors can receive the car networking vulnerability information.
As an optional implementation manner of the present invention, the car networking vulnerability detection method further includes: and storing the vulnerability intelligence according to a target format.
For example, the target format may be a vulnerability name, a serial number, a vulnerability description, a hazard level, a type, a vendor, a name, a version number, and the like of an affected component.
As an optional embodiment of the present invention, the storing the vulnerability information according to a target format includes:
firstly, auditing the vulnerability intelligence according to a target format.
Illustratively, when the vulnerability report is obtained, the format of the vulnerability report is checked, and the content of the check may include: vulnerability name, number, vulnerability description, hazard level, type of affected component, vendor, name, version number, and information such as vulnerability exploits and vulnerability patches. And when the vulnerability intelligence lacks important fields or the field format is incorrect and the auditing is not passed, determining that the vulnerability intelligence is invalid and discarding.
Secondly, when the auditing is passed, the type of the vulnerability intelligence is determined.
Illustratively, the vulnerability intelligence types comprise a newly added vulnerability type and an existing vulnerability type, and when the auditing of the vulnerability intelligence passes, the vulnerability intelligence is determined to belong to which type: when the type of the vulnerability information is the existing vulnerability type, directly storing the vulnerability information according to a target format; and when the type of the vulnerability information is the newly added vulnerability type, verifying the authenticity of the vulnerability information, wherein the authenticity verification means that the vulnerability is reproduced according to the content of the vulnerability information, if the vulnerability can be reproduced, the vulnerability is considered to be real, and the verified vulnerability information is recorded. If the reproduction can not be realized, the method can be directly discarded.
As an optional implementation manner of the present invention, the car networking vulnerability detection method further includes: and evaluating the grade of the vulnerability information of the newly added vulnerability type.
Illustratively, in order to determine the danger level of the newly added vulnerability, the vulnerability information of the newly added vulnerability type is subjected to level evaluation, and the specific level evaluation method can be determined through attack factors and influence effect factors, wherein the attack factors comprise Technical Mastery (TM), access paths (WD), vehicle working conditions (VC), attack range (AA), Knowledge Skills (KS), information influence degree (II) and the like. The influencing effect factors comprise Personal Safety (PS), property (PP), Operation (OA), Privacy (PA) and the like. The specific calculation method is as follows:
1. attack factor
1.1 Technical Mastery (TM)
The technical mastery refers to the comprehensive consideration of the understanding degree of the utilized attack vulnerability and the mastering degree of the technology, and is divided into three values, namely low, medium and high, and the specific values are shown in a table 8:
1) low: the vulnerability position is known in a fuzzy mode, and an attack flow, an attack step and the like are mastered;
2) the method comprises the following steps: detailed vulnerability data and information can be obtained, and the relevant principles of the vulnerability can be known on the basis of 'low';
3) high: on the basis of 'middle', the vulnerability triggering work mode is well mastered, and the mature related principle is accumulated.
1.2 Access Path (WD)
The access path assignment includes local, neighbor and remote, the degree of security vulnerability that can be exploited remotely is generally higher than that can be exploited adjacently, the second order of security vulnerability that can be exploited locally is described in table 4, and the specific values are shown in table 8.
Table 4 access path assignment specification table
1.3 Vehicle Conditions (VC)
The vehicle working condition refers to the state of the vehicle when the vehicle is attacked, is divided into five states of static, low speed, medium speed, high speed and the like according to the running speed, and the specific values are shown in table 8:
1) and (3) standing: the automobile is in a parking and idling state, namely the automobile speed is 0;
2) and (3) low speed: the automobile runs at 0-15 km/h;
3) medium speed: the automobile runs at 16km/h to 25 km/h;
4) and (3) high speed: the automobile runs at 26km/h to 50 km/h;
5) high speed: the automobile runs at a speed of more than 50 km/h.
1.4 attack Range (AA)
The attack range refers to the comprehensive consideration of the number and the types of the targets attacking the automobile and is divided into single-automobile attack, multi-automobile attack and the like, and specific values are shown in a table 8:
1) single vehicle attack: vulnerability attacks can be carried out on only one vehicle;
2) attack of a single vehicle type: the same vehicle model can be attacked by the loophole;
3) multi-vehicle type attack: the vulnerability can be used to attack more than one vehicle type.
1.5 Knowledge Skills (KS)
The knowledge skill refers to the comprehensive consideration of the audience of the knowledge group, i.e. the difficulty level of attack initiation, using the basic principle, method and knowledge group, and the specific values are shown in table 8:
1) the amateur: an attacker utilizes the existing attack to execute simple instructions to launch the attack, but cannot improve the attack method and the attack tool;
2) the skilled operator: the attacker has certain related knowledge in the security field or the automobile field, can perform related services, knows simple and popular attack processes and can improve the utilized attack tools;
3) an automobile safety expert: the method is familiar with newly defined attack techniques and tools, firm cryptography knowledge and classical attack methods in the bottom layer algorithm, protocol, hardware, architecture or security field of key parts such as automobile ECU and the like;
4) multi-domain experts: attackers launch attacks as exploits, requiring knowledge in different areas of expertise for different attack steps.
1.6 information influence degree (II)
The evaluation of the influence degree includes complete, partial, slight and none, which means that the information is possibly exposed under the attack path, generally, the influence degree is that the damage degree of the complete security hole is higher than that of the partial security hole, the influence degree is the minor security hole, the security hole with the influence degree of no can be ignored, the specific description is shown in table 5, and the specific value is shown in table 8.
Table 5 information influence degree assignment explanatory table
The data integrity is a characteristic that ensures that information and information system information are not discarded in the transmission process, and includes data integrity and system integrity. Data availability is a property of data or resources that an authorized entity can access and use as required. Data confidentiality is the property that data has that indicates how well the data has been rendered or otherwise compromised to unauthorized individuals, processes, or other entities.
The evaluation of the influence degree is derived jointly by the influence of the security vulnerability on three aspects of data confidentiality, data integrity and data availability, the influence evaluation of each aspect is complete, partial and none, the specific description is shown in table 6, and the specific values are shown in table 8.
TABLE 6 data confidentiality, data integrity and data availability impact assignment description tables
And (4) according to the influence assignment of the security vulnerability on the three aspects of data confidentiality, data availability and data integrity, obtaining the influence degree assignment, see table 7, and specifically obtaining the value, see table 8.
Table 7 influence degree assignment correspondence table
Wherein, A represents whether the storage unit has corresponding backup capability, 0 represents none, and 1 represents existence; b represents whether the protocol has functions of checking integrity such as checksum and the like, 0 represents no, and 1 represents present; c represents whether encryption is performed by using a security algorithm such as a national encryption algorithm, 0 represents that the encryption is not used, and 1 represents that the encryption is used; d represents whether the protocol itself is safe, 0 represents unsafe, and 1 represents safe.
TABLE 8 values of various aggressors
The attack factors were calculated as follows: TP ═ TM × 2+ WD × 2+ VC × 1.5+ AA × 1.5+ KS × 1.5+ II × 1.5.
TABLE 9 Attack Level (AL)
| Total of attack level parameters TP | Attack Level (AL) | Attack Level Score (ALS) |
| Greater than 9 (excluding 9) | Is low in | 1 |
| 7-9 | In | 2 |
| 4-7 | Height of | 3 |
| 0-4 | Super high | 4 |
2. Factors influencing the Effect
The influence parameters (optional parameters) refer to relevant factors representing harm after the automobile is attacked, and are divided into five factors such as personal safety, property, operation, privacy, public safety, regulations and the like.
2.1 Personal Safety (PS)
Personal safety refers to the severity of safety injury to a person in an automobile after attack, and is divided into four categories, namely no injury, mild injury, severe injury, life threat and the like, and specific values are shown in a table 10:
1) none: can not cause personal injury;
2) mild injury;
3) severe injury;
4) and (4) life threatening.
2.2 Properties (PP)
After the property is attacked, the total consideration of the property of direct and indirect losses of automobile manufacturers, component manufacturers and individuals is divided into four values of none, low, medium and high, and the specific values are shown in a table 10:
1) none: property loss can not be generated;
2) low: property loss of the bicycle;
3) the method comprises the following steps: property loss of multiple cars;
4) high: the whole car factory or the component factory suffers from huge property loss and even the national automobile industry suffers from huge property loss.
2.3 Operation (OA)
The operation refers to that unexpected loss is caused in the aspect of automobile functions after attack is started, and the loss is divided into four values of none, low, medium and high, and the specific values are shown in a table 10:
1) none: no operational influence can be generated;
2) low: affect entertainment system operation only;
3) the method comprises the following steps: impact on body system operation;
4) high: affecting the control system operation.
2.4 Privacy (PA)
The privacy refers to the loss caused by invading personal privacy data after attack is started, and is divided into none, low, medium and high, and the specific values are shown in a table 10:
1) none: no loss of private data can be generated;
2) low: private data such as personal accounts, keys, address books and the like are infringed;
3) the method comprises the following steps: private data such as multi-person accounts, passwords, address books and the like are infringed;
4) high: the privacy data of the relevant users of the whole vehicle type, the whole vehicle factory and even the whole vehicle factory.
2.5 public safety and regulations (PR)
The public safety and regulations refer to the sum of the losses caused by harming the surrounding public safety and destroying the laws and regulations after attack is started, and the total of the losses is divided into four values of none, low, medium and high, and the specific values are shown in a table 10:
1) none: no loss of private data is generated;
2) low: does not cause social harm and causes slight damage to laws and regulations;
3) the method comprises the following steps: causing slight social harm;
4) high: causing serious social harm and causing serious damage to laws and regulations.
TABLE 10 values of various factors affecting Effect
The effect factors are calculated as follows: IP 3.5+ PP 1.5+ OA 1.5+ PA + PR 2.5.
TABLE 11 impact rating (IL)
And determining the risk level of the vulnerability according to the influence level score and the attack level score, which is shown in table 12.
TABLE 12 vulnerability Risk level
The embodiment of the invention also discloses a device for detecting the car networking vulnerability, which comprises the following components:
an obtaining module 21, configured to obtain vulnerability information, where the vulnerability information includes: vehicle hardware vulnerability information and vehicle software vulnerability information; the specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
The matching module 22 is used for matching the vulnerability information with pre-stored vehicle information according to a preset rule, wherein the vehicle information comprises: vehicle identification information, vehicle hardware identification information and vehicle software identification information; the specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
And the determining module 23 is configured to determine the car networking vulnerability information according to the matching result. The specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
The car networking vulnerability detection device provided by the invention obtains vulnerability information, and the vulnerability information comprises: vehicle hardware leak information and vehicle software leak information match leak information and the vehicle information of prestoring according to predetermineeing the rule, and vehicle information includes: and determining the vulnerability information of the Internet of vehicles according to the matching result by using the identification information of the whole vehicle, the hardware identification information of the vehicle and the software identification information of the vehicle. By implementing the method and the system, detailed information of various car networking vulnerabilities is found, and timely repair is facilitated, so that loss caused by information security vulnerabilities is avoided.
As an optional implementation manner of the present invention, the car networking vulnerability detection apparatus further includes:
and the sending module is used for sending the vulnerability information of the Internet of vehicles to the target object in the Internet of vehicles according to the vehicle information. The specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
As an optional implementation manner of the present invention, the car networking vulnerability detection apparatus further includes:
and the storage module is used for storing the vulnerability intelligence according to the target format. The specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
As an optional implementation manner of the present invention, the car networking vulnerability detection apparatus further includes:
and the auditing module is used for auditing the vulnerability information according to a target format. The specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
And the discarding module is used for determining that the vulnerability information is invalid and discarding when the audit is failed. The specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
And the type determining module of the vulnerability intelligence is used for determining the type of the vulnerability intelligence when the audit is passed. The specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
And the verification module is used for verifying the authenticity of the vulnerability information and discarding the vulnerability information which does not meet the authenticity requirement when the type of the vulnerability information is a newly added vulnerability type. The specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
And the storage submodule is used for storing the vulnerability information according to the target format when the type of the vulnerability information is the existing vulnerability type. The specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
As an optional implementation manner of the present invention, the car networking vulnerability detection apparatus further includes:
and the evaluation module is used for carrying out grade evaluation on the vulnerability information of the newly added vulnerability type. The specific implementation manner is described in the relevant description of the corresponding steps in the above embodiments, and is not described herein again.
As an optional implementation manner of the present invention, the vulnerability information includes artificially mined vulnerability information, and the car networking vulnerability detection apparatus further includes:
and the scoring module is used for scoring the acquired manually excavated vulnerability information to obtain a vulnerability information integral result, and the vulnerability information integral result is used for rewarding the user who excavates the vulnerability information.
An embodiment of the present invention further provides a computer device, as shown in fig. 4, the computer device may include a processor 31 and a memory 32, where the processor 31 and the memory 32 may be connected by a bus or in another manner, and fig. 4 takes the example of connection by a bus as an example.
The processor 31 may be a Central Processing Unit (CPU). The Processor 31 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 32 may be used as a non-transitory computer readable storage medium for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules (e.g., the obtaining module 21, the matching module 22, and the determining module 23 shown in fig. 3) corresponding to the car networking vulnerability detection method in the embodiment of the present invention. The processor 31 executes various functional applications and data processing of the processor by running non-transitory software programs, instructions and modules stored in the memory 32, that is, implements the car networking vulnerability detection method in the above method embodiment.
The memory 32 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 31, and the like. Further, the memory 32 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 32 may optionally include memory located remotely from the processor 31, and these remote memories may be connected to the processor 31 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 32 and, when executed by the processor 31, perform the car networking vulnerability detection method in the embodiment shown in fig. 1.
The details of the computer device can be understood with reference to the corresponding related descriptions and effects in the embodiment shown in fig. 1, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (10)
1. The method for detecting the car networking vulnerability is characterized by comprising the following steps of:
obtaining vulnerability intelligence, the vulnerability intelligence includes: vehicle hardware vulnerability information and vehicle software vulnerability information;
will according to the rule of predetermineeing the vulnerability information matches with the vehicle information of prestoring, vehicle information includes: vehicle identification information, vehicle hardware identification information and vehicle software identification information;
and determining the car networking vulnerability information according to the matching result.
2. The method according to claim 1, further comprising, after the determining the car networking vulnerability information from the matching result: and sending the car networking vulnerability information to a target object in the car networking according to the car information.
3. The method of claim 1, further comprising: and storing the vulnerability intelligence according to a target format.
4. The method of claim 3, wherein storing the vulnerability intelligence according to a target format comprises:
auditing the vulnerability intelligence according to the target format;
when the audit is not passed, determining that the vulnerability information is invalid and discarding;
when the audit is passed, determining the type of the vulnerability intelligence;
when the type of the vulnerability information is a newly added vulnerability type, verifying the authenticity of the vulnerability information, and discarding vulnerability information which does not meet the authenticity requirement;
and when the type of the vulnerability intelligence is the existing vulnerability type, storing the vulnerability intelligence according to the target format.
5. The method of claim 4, further comprising: and evaluating the grade of the vulnerability information of the newly added vulnerability type.
6. The method of claim 1, wherein the vulnerability intelligence comprises artificially mined vulnerability intelligence, the method further comprising: and scoring the obtained artificially mined vulnerability information to obtain vulnerability information integral results, wherein the vulnerability information integral results are used for rewarding the users who perform vulnerability information mining.
7. The utility model provides a car networking leak detection device which characterized in that includes:
the acquisition module is used for acquiring vulnerability information, and the vulnerability information comprises: vehicle hardware vulnerability information and vehicle software vulnerability information;
the matching module is used for matching the vulnerability information with prestored vehicle information according to a preset rule, and the vehicle information comprises: vehicle identification information, vehicle hardware identification information and vehicle software identification information;
and the determining module is used for determining the car networking vulnerability information according to the matching result.
8. The apparatus of claim 7, further comprising:
and the sending module is used for sending the car networking vulnerability information to a target object in the car networking according to the car information.
9. A computer device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the steps of the vehicle networking vulnerability management method of any of claims 1-6.
10. A computer-readable storage medium, having a computer program stored thereon, where the computer program is executed by a processor to perform the steps of the car networking vulnerability management method according to any of the claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010583507.XA CN111756842A (en) | 2020-06-23 | 2020-06-23 | Method and device for detecting vulnerability of Internet of vehicles and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010583507.XA CN111756842A (en) | 2020-06-23 | 2020-06-23 | Method and device for detecting vulnerability of Internet of vehicles and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111756842A true CN111756842A (en) | 2020-10-09 |
Family
ID=72676923
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010583507.XA Pending CN111756842A (en) | 2020-06-23 | 2020-06-23 | Method and device for detecting vulnerability of Internet of vehicles and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111756842A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491799A (en) * | 2020-10-28 | 2021-03-12 | 深圳市广和通无线股份有限公司 | Remote repair method and device for communication module, computer equipment and storage medium |
| CN113434864A (en) * | 2021-06-25 | 2021-09-24 | 国汽(北京)智能网联汽车研究院有限公司 | Management method and management system for vehicle networking cave depot |
| CN115329347A (en) * | 2022-10-17 | 2022-11-11 | 中国汽车技术研究中心有限公司 | Prediction method, device and storage medium based on car networking vulnerability data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103258165A (en) * | 2013-05-10 | 2013-08-21 | 华为技术有限公司 | Processing method and device for leak evaluation |
| CN107977579A (en) * | 2017-12-19 | 2018-05-01 | 福建中金在线信息科技有限公司 | A kind of method and device of administrative vulnerability information |
| CN109067709A (en) * | 2018-07-06 | 2018-12-21 | 北京知道创宇信息技术有限公司 | A kind of Vulnerability Management method, apparatus, electronic equipment and storage medium |
| CN110795346A (en) * | 2019-10-22 | 2020-02-14 | 苏州浪潮智能科技有限公司 | Product monitoring method, device, equipment and readable storage medium |
| CN110807196A (en) * | 2019-10-30 | 2020-02-18 | 国汽(北京)智能网联汽车研究院有限公司 | Car networking leak public survey system |
| CN111143225A (en) * | 2019-12-26 | 2020-05-12 | 深圳市元征科技股份有限公司 | Vulnerability processing method of automobile diagnosis software and related product |
-
2020
- 2020-06-23 CN CN202010583507.XA patent/CN111756842A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103258165A (en) * | 2013-05-10 | 2013-08-21 | 华为技术有限公司 | Processing method and device for leak evaluation |
| CN107977579A (en) * | 2017-12-19 | 2018-05-01 | 福建中金在线信息科技有限公司 | A kind of method and device of administrative vulnerability information |
| CN109067709A (en) * | 2018-07-06 | 2018-12-21 | 北京知道创宇信息技术有限公司 | A kind of Vulnerability Management method, apparatus, electronic equipment and storage medium |
| CN110795346A (en) * | 2019-10-22 | 2020-02-14 | 苏州浪潮智能科技有限公司 | Product monitoring method, device, equipment and readable storage medium |
| CN110807196A (en) * | 2019-10-30 | 2020-02-18 | 国汽(北京)智能网联汽车研究院有限公司 | Car networking leak public survey system |
| CN111143225A (en) * | 2019-12-26 | 2020-05-12 | 深圳市元征科技股份有限公司 | Vulnerability processing method of automobile diagnosis software and related product |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491799A (en) * | 2020-10-28 | 2021-03-12 | 深圳市广和通无线股份有限公司 | Remote repair method and device for communication module, computer equipment and storage medium |
| CN113434864A (en) * | 2021-06-25 | 2021-09-24 | 国汽(北京)智能网联汽车研究院有限公司 | Management method and management system for vehicle networking cave depot |
| CN115329347A (en) * | 2022-10-17 | 2022-11-11 | 中国汽车技术研究中心有限公司 | Prediction method, device and storage medium based on car networking vulnerability data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Monteuuis et al. | Sara: Security automotive risk analysis method | |
| CN111756842A (en) | Method and device for detecting vulnerability of Internet of vehicles and computer equipment | |
| CN107665405A (en) | A kind of vehicle credit management method and device | |
| CN110807196B (en) | Car networking leak public survey system | |
| CN101950338A (en) | Bug repair method based on hierarchical bug threat assessment | |
| CN106611126A (en) | Loophole severity assessment and repair method | |
| CN109871683B (en) | Database protection system and method | |
| Strandberg et al. | Securing the connected car: A security-enhancement methodology | |
| CN112751831B (en) | Automobile vulnerability classification and processing method, device, equipment and readable storage medium | |
| CN110682875A (en) | Vehicle safety risk assessment method and device and vehicle | |
| EP3857846A1 (en) | Electronic controller security system | |
| CN106899561A (en) | A kind of TNC authority control methods and system based on ACL | |
| Zhang et al. | Test and evaluation system for automotive cybersecurity | |
| KR20220136040A (en) | compliance management system through automatic diagnosis of infrastructure asset threat and method therefor | |
| CN114499919B (en) | Method and system for modeling engineering machinery communication security network threat | |
| CN114386857A (en) | Security prevention and control method, device, equipment and storage medium | |
| CN110807187A (en) | Block chain-based network market illegal information evidence storing method and platform terminal | |
| KR102304231B1 (en) | compliance management support system using hierarchical structure and method therefor | |
| CN111314370B (en) | Method and device for detecting service vulnerability attack behavior | |
| CN117254945A (en) | Vulnerability tracing method and device based on automobile attack link | |
| CN110086812B (en) | Safe and controllable internal network safety patrol system and method | |
| CN116362543A (en) | Comprehensive risk assessment method and device integrating information security and functional security | |
| CN113268738B (en) | Intelligent automobile information security vulnerability assessment method and system | |
| US20230275877A1 (en) | Visual sensor validation system | |
| Santa Barletta et al. | Automotive Knowledge Base for Supporting Vehicle-SOC Analysts |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201009 |
|
| RJ01 | Rejection of invention patent application after publication |