CN113468522A - Detection system for information security of vehicle-mounted OTA (over the air) upgrade server - Google Patents
Detection system for information security of vehicle-mounted OTA (over the air) upgrade server Download PDFInfo
- Publication number
- CN113468522A CN113468522A CN202110813474.8A CN202110813474A CN113468522A CN 113468522 A CN113468522 A CN 113468522A CN 202110813474 A CN202110813474 A CN 202110813474A CN 113468522 A CN113468522 A CN 113468522A
- Authority
- CN
- China
- Prior art keywords
- ota
- server
- detection
- firmware
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 107
- 238000012360 testing method Methods 0.000 claims abstract description 18
- 238000000034 method Methods 0.000 claims abstract description 16
- 230000008569 process Effects 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims abstract description 7
- 238000011161 development Methods 0.000 claims abstract description 6
- 230000035515 penetration Effects 0.000 claims abstract description 5
- 230000006870 function Effects 0.000 claims description 11
- 238000004422 calculation algorithm Methods 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 claims description 9
- 238000011156 evaluation Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 8
- 230000008439 repair process Effects 0.000 claims description 6
- 230000007547 defect Effects 0.000 claims description 5
- 238000002347 injection Methods 0.000 claims description 4
- 239000007924 injection Substances 0.000 claims description 4
- 239000011449 brick Substances 0.000 claims description 3
- 230000015556 catabolic process Effects 0.000 claims description 3
- 230000008859 change Effects 0.000 claims description 3
- 238000011217 control strategy Methods 0.000 claims description 3
- 238000006731 degradation reaction Methods 0.000 claims description 3
- 238000013210 evaluation model Methods 0.000 claims description 3
- 230000008676 import Effects 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000007670 refining Methods 0.000 claims description 3
- 230000003014 reinforcing effect Effects 0.000 claims description 3
- 238000012502 risk assessment Methods 0.000 abstract description 5
- 230000006872 improvement Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- TVZRAEYQIKYCPH-UHFFFAOYSA-N 3-(trimethylsilyl)propane-1-sulfonic acid Chemical compound C[Si](C)(C)CCCS(O)(=O)=O TVZRAEYQIKYCPH-UHFFFAOYSA-N 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a detection system for information security of a vehicle-mounted OTA (over the air) upgrade server, belonging to the field of information security of Internet of vehicles. The system is based on an OTA risk assessment model, emphasizes on the security storage of server-side bugs, the encryption and signature of an upgrade package, the security storage of the upgrade package, the signature verification and decryption management and control of the upgrade package, and provides professional server-side penetration tests for verifying that a software update package in OTA upgrade is protected by matching with an OEM clearly-defined information security protection framework, an upgrade flow and the like so as to prevent the software update package from being tampered before the update process is started; the update procedures used are protected from damage, including the development of system update programs or firmware; the authenticity and integrity of the software update package are protected to prevent the software update package from being damaged and other safety targets, and an effective verification method is provided for the firmware data safety and the CDN server information safety in the OTA upgrading process.
Description
Technical Field
The invention relates to the field of vehicle information security, in particular to a detection system for verifying data security of a cloud server in a vehicle OTA remote upgrading process.
Background
With the development of science and technology, automobiles are no longer pure tools for riding instead of walk. At present, the automobile industry is in the era of technological innovation, and the automobile networking technology is in the future. Communication among automobiles enables people and vehicles to be closely connected, and a vehicle owner can carry out interaction such as positioning, access and control on the vehicle through remote service; at present, the vehicle software establishes an interconnected service form through end-cloud fusion, remote upgrading can be realized through OTA (over the air) vehicle software, a consumer can feel more intelligent and convenient vehicle using experience, potential problems of vehicle software failure, software risk emergency response, safety leak repair and the like are solved for an automobile enterprise, and a new way for repairing defects is provided. However, everything has two sides, and although the OTA brings convenient service experience and performance improvement for the intelligent networking automobile, the OTA also brings new problems. In 2015, two hackers in the united states remotely blacked out a certain brand of automobile equipped with OTA functions, controlled all the functions of the automobile, and even forced the automobile to run on a highway for emergency stop, which caused serious safety problems. Meanwhile, the problems of hiding consumers, high-risk security holes brought by upgrading and the like exist in the OTA implementation process, and a severe test is brought to the OTA security management of the automobile.
The flow of the automotive OTA can be divided into three stages, a first step, generating an update package; secondly, transmitting an update packet; and thirdly, installing the update. OTA security also primarily considers three parts of security: the first part is the server security of the cloud, the second part is the vehicle end security, and the last part is the communication security between the vehicle and the cloud. In these three sections, the software update content needs not only authentication, but also encryption to ensure that data is not counterfeited and stolen during transmission. This requires the use of identification key technology into the OTA run. The remote servers in the three parts are attacked in many ways, are key protection objects in the whole security system, and need to be effectively verified by a professional detection system.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a detection system for information security of a vehicle-mounted OTA (over the air) upgrade server.
In order to achieve the purpose, the invention provides the following technical scheme: a detection system for information security of an on-vehicle OTA upgrade server comprises:
the OTA upgrade server loophole scanning module is used for carrying out loophole scanning and detection on a system and an application service of a detected OTA upgrade server, the detection content comprises the open port rationality and the open service rationality of the OTA server system, various loopholes and safety configuration defects, the safety reinforcing repair work effectiveness of the server operating system is carried out, meanwhile, the server is rechecked by combining the scanning result, on one hand, the correctness of the scanner result is verified, on the other hand, the missing report of the scanner is supplemented, and the loophole is verified and confirmed;
the OTA upgrading firmware safety detection module is used for detecting problems of upgrading process, upgrading failure, equipment brick change, private data leakage, equipment hijacking and the like caused by a series of reasons of upgrading package stealing, damage, tampering and the like, covers CVE loopholes, configuration risks, key safety, sensitive information leakage, code safety 5 types of firmware safety risk detection and supports Linux and RTOS system firmware;
the security detection module of the OTA upgrade server certificate secret key is used for encrypting each OTA firmware data block by using a pre-shared encryption key at the back end of the server and then transmitting the OTA firmware data blocks to the automobile terminal; and the OTA server risk evaluation module carries out SDL threat modeling based on a UML modeling technology and an OTA upgrade server risk evaluation model, carries out attack path description of OTA upgrade server end risk based on a knowledge base, a leakage base and a risk feature base technology by combining attack tree analysis, carries out threat analysis and attack path analysis, realizes an OTA upgrade server information security risk evaluation function, and derives a security detection report and a risk repair suggestion.
As a further improvement of the present invention, the specific steps of the OTA upgrade server bug scanning module to scan bugs are as follows:
step 11, determining the IP address of the detected server, and acquiring relevant information of the server in a PING (packet Internet protocol) mode, a TRACERT (traffic enhanced Internet protocol) mode and other modes;
step 12, a port scanning tool is adopted to obtain information such as a server system version, a developed port and service information, an application service version, a port access control strategy and the like;
step 13, detecting vulnerability inclusion of the server through a vulnerability detection tool and not limiting;
step 14, further refining a vulnerability detection strategy according to the scanned system, port, service version and vulnerability information, executing a vulnerability detection script in a grouping strategy mode, and verifying the detected vulnerability;
step 15, detecting vulnerability risks such as CDN server data hijacking and OTA upgrade security test data leakage through testing items such as CDN man-in-the-middle attack, degradation attack, signature verification security test, key storage, sensitive information leakage and DDoS attack;
and step 16, the OTA upgrade server vulnerability detection module generates an OTA server security test report according to the penetration test and vulnerability detection results, and a data interface of the OTA upgrade server vulnerability detection report is matched with the OTA server security evaluation module to import the results.
As a further improvement of the present invention, the detecting step of the OTA upgrade firmware security detecting module specifically includes the following steps:
step 21, acquiring OTA firmware;
step 22, identifying the OTA firmware, and performing file system identification, file type identification and CPU architecture identification of the OTA firmware;
step 23, analyzing the firmware, performing OTA firmware file system, decompressing a compressed file, and analyzing a CPU instruction;
step 24, scanning OTA firmware bugs;
and 25, exporting the security detection and result of the OTA firmware.
As a further improvement of the present invention, the acquiring OTA firmware in step 21 may be acquired by: obtained directly from a development team, manufacturer/supplier or user; compile from scratch using items provided by the OTA firmware manufacturer; obtaining the binary file extension from the OTA server; updating slave equipment to acquire a man-in-the-middle; an update server in the sniffing "serial communication in hardware component" requests that firmware be dumped from a boot loader to flash memory or network dump acquisition by tftp through a hard-coded interface in the mobile application.
As a further improvement of the present invention, when scanning the OTA firmware bugs in step 24, the bug detection of the open source component CVE and the bug detection of the Linux distribution software package are mainly performed; detecting a system weak password, detecting unnecessary software, and detecting self-starting service risks; detecting the safety of a firmware private key and a certificate; the sensitive information leakage detection comprises: safety detection such as SVN information leakage, Git information leakage, vi/vim information leakage, backup file leakage, temporary file leakage, information leakage in binary files and the like; and detecting the use of the unsafe library function, and identifying the security risk vulnerability of the OTA firmware information.
As a further improvement of the invention, the detection steps of the OTA upgrade firmware security detection module are as follows:
step 31, acquiring a certificate book and a secret key, and acquiring a server entity certificate, an intermediate certificate and a root certificate by using an OpenSSL tool;
step 32, acquiring the certificate and the key information, and detecting the detailed information of the certificate, the detailed information of the certificate chain, the current support protocol and the detailed information of the encryption suite by a certificate detection module through a certificate transparency mechanism;
step 33, detecting the encryption strength of the certificate and the secret key, and performing HeartBeled vulnerability detection, FREAK Attack vulnerability detection, SSL POODLE vulnerability detection, CCS injection vulnerability detection and CBC padding oracle detection through a certificate vulnerability detection tool to obtain partial information plaintext in SSL communication, a secret key of encrypted flow, a name and a password of a user and access content;
step 34, detecting an encryption algorithm of the certificate and the secret key, detecting the secret key through a secret key algorithm detection tool, detecting the algorithm intensity of a private key used for signing the certificate and the intensity of a hash function used in signature, and grading; and step 35, exporting the security detection result of the OTA server certificate and the key.
The system has the advantages that based on the OTA risk assessment model, encryption and signature of the upgrade package at the server end, safe storage of the upgrade package, establishment of a safe link channel for identity verification, signature verification and decryption management and control of the upgrade package, and professional server-end penetration test matched with an information safety protection framework with clear OEM definition, an upgrade flow and the like are provided to verify that the software update package in OTA upgrade is protected so as to prevent tampering before the update process is started; the update procedures used are protected from damage, including the development of system update programs or firmware; the authenticity and integrity of the software update package will be protected against security objectives such as tampering therewith. The method for verifying the firmware data security and the CDN server information security in the OTA upgrading process is effectively provided by the duplication.
Drawings
FIG. 1 is a schematic structural diagram of a detection system for information security of a vehicle-mounted OTA upgrade server provided by the present invention;
FIG. 2 is a basic flowchart of an embodiment of a vulnerability scanning module of an OTA upgrade server in the OTA upgrade server information security detection system provided by the present invention;
FIG. 3 is a basic flow diagram of an embodiment of a security detection module for the OTA upgrade firmware in the OTA upgrade server information security detection system provided by the present invention;
fig. 4 is a basic flowchart of an embodiment of a security detection module for a certificate key of an OTA upgrade server in the detection system for information security of the OTA upgrade server provided in the present invention.
Detailed Description
The invention will be further described in detail with reference to the following examples, which are given in the accompanying drawings.
As shown in fig. 1, the detection system for OTA upgrade cloud information security in the present invention is composed of 4 modules, including: the M1 OTA upgrade server vulnerability scanning module; the M2 OTA upgrade firmware security detection module; the security detection module of the certificate key of the M3 OTA upgrade server; m4 OTA server risk assessment module. The OTA server risk assessment module provides a unified risk vulnerability scanning result importing data interface to synchronize detection result data with the OTA upgrade server vulnerability scanning module, the OTA upgrade firmware security detection module, the OTA upgrade server certificate key security detection module and the OTA server risk assessment module.
The OTA upgrade server vulnerability scanning module scans and detects vulnerabilities of a system and an application service of a detected OTA upgrade server, detection contents comprise open port rationality of the OTA server system, rationality of service opening, various vulnerabilities and security configuration defects, and the security reinforcing and repairing work effectiveness of a server operating system. Meanwhile, the server is rechecked by combining the scanning result, so that the correctness of the result of the scanner is verified, the missing report of the scanner is supplemented, and the vulnerability is verified and confirmed.
The OTA upgrade firmware safety detection module is used for detecting the problems of attack on the firmware upgrade process, upgrade failure, equipment brick change, private data leakage, equipment hijacking and the like caused by a series of reasons of stealing, damaging and tampering of an upgrade package. The firmware security detection module covers CVE loopholes, configuration risks, key security, sensitive information leakage and code security 5 major types of firmware security risk detection and supports Linux and RTOS system firmware.
And the security detection module of the OTA upgrade server certificate secret key encrypts each OTA firmware data block by using a pre-shared encryption key at the back end of the server, and then transmits the OTA firmware data block to the automobile terminal. The OTA upgrade server certificate key security detection module integrates a plurality of certificate validity periods into a whole. And the HTTPS security rating of the OTA server, the brand of the certificate, the validity period of the certificate, SSL loopholes and PCI DSS & ATS compliance monitoring are supported.
And the OTA server risk evaluation module is used for carrying out SDL threat modeling based on a UML modeling technology and an OTA upgrade server risk evaluation model, carrying out attack path description, threat analysis and attack path analysis of OTA upgrade server side risks based on a knowledge base, a leakage base and a risk characteristic base technology and fusing attack tree analysis, thereby realizing an OTA upgrade server information security risk evaluation function and exporting a security detection report and a risk repair suggestion.
The specific process steps of the OTA upgrade server vulnerability scanning module instance shown in fig. 2 are as follows:
(1) and determining the IP address of the detected server, and acquiring the related information of the server in a PING (packet Internet protocol) mode, a TRACERT (traffic Internet protocol) mode and other modes.
(2) And acquiring information such as a server system version, developed port and service information, an application service version, a port access control strategy and the like by adopting a port scanning tool.
(3) The vulnerability detection tool detects vulnerability of the server and is not limited to (SQL injection vulnerability, firmware storage database vulnerability, OTA file uploading vulnerability, PHP remote execution code vulnerability, APP deception, XSS cross-site vulnerability, arbitrary file downloading vulnerability, DDoS attack vulnerability).
(4) And refining a vulnerability detection strategy further according to the scanned system, port, service version and vulnerability information, executing a vulnerability detection script in a grouping strategy mode, and verifying the detected vulnerability.
(5) And vulnerability risks such as CDN server data hijacking and OTA upgrading security test data leakage are detected through testing items such as CDN man-in-the-middle attack, degradation attack, signature verification security test, key storage, sensitive information leakage and DDoS attack. (6) And the OTA upgrade server vulnerability detection module generates an OTA server security test report according to the penetration test and vulnerability detection results, and a data interface of the OTA upgrade server vulnerability detection report is matched with the OTA server security evaluation module to import the results.
The specific steps of the OTA firmware upgrade security detection module example shown in fig. 3 are as follows:
(1) acquiring OTA firmware: firmware acquisition may be obtained by: obtained directly from a development team, manufacturer/supplier or user; compile from scratch using items provided by the OTA firmware manufacturer; obtaining the binary file extension from the OTA server; man-in-the-middle (MITM) acquisition from device updates; an update server in the sniffing "serial communication in hardware component" requests that firmware be dumped from a boot loader (e.g., U-boot) to flash memory or network dump by tftp via a hard coded interface in the mobile application.
(2) Identifying OTA firmware; performing OTA firmware file system identification, file type identification, and CPU architecture identification
(3) Analyzing the firmware, namely performing OTA firmware file system, compressing the file and decompressing, and analyzing a CPU instruction;
(4) scanning OTA firmware bugs, and performing open source component CVE bug detection and Linux distribution software package bug detection; detecting a system weak password, detecting unnecessary software, and detecting self-starting service risks; detecting the safety of a firmware private key and a certificate; the sensitive information leakage detection comprises: safety detection such as SVN information leakage, Git information leakage, vi/vim information leakage, backup file leakage, temporary file leakage, information leakage in binary files and the like; and detecting the use of the unsafe library function, and identifying the security risk vulnerability of the OTA firmware information.
(5) And exporting the security detection and result of the OTA firmware.
The specific steps of the OTA firmware upgrade security detection module example shown in fig. 4 are as follows:
(1) and acquiring a certificate book and a secret key, and acquiring a server entity certificate, an intermediate certificate and a root certificate by using an OpenSSL tool.
(2) The method comprises the steps of obtaining certificate and key information, and detecting certificate detailed information, certificate chain detailed information, current supporting protocol, encryption suite detailed information and the like by a certificate detection module through a certificate transparency mechanism.
(3) Detecting the encryption strength of the certificate and the secret key, and performing HeartBiled vulnerability detection, FREAK attach vulnerability detection, SSL POODLE vulnerability detection, CCS injection vulnerability detection and CBC padding oracle detection through a certificate vulnerability detection tool to obtain partial information plaintext in SSL communication, a secret key of encrypted flow, a name and a password of a user and access content.
(4) Detecting an encryption algorithm of the certificate and the secret key, detecting the secret key through a secret key algorithm detection tool, detecting the algorithm intensity of a private key used for signing the certificate and the intensity of a hash function used in signing, and grading.
(5) And exporting a security detection result of the OTA server certificate and the secret key.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (6)
1. The utility model provides a detection system of on-vehicle OTA upgrade server information security which characterized in that: the method comprises the following steps:
the OTA upgrade server loophole scanning module is used for carrying out loophole scanning and detection on a system and an application service of a detected OTA upgrade server, the detection content comprises the open port rationality and the open service rationality of the OTA server system, various loopholes and safety configuration defects, the safety reinforcing repair work effectiveness of the server operating system is carried out, meanwhile, the server is rechecked by combining the scanning result, on one hand, the correctness of the scanner result is verified, on the other hand, the missing report of the scanner is supplemented, and the loophole is verified and confirmed;
the OTA upgrading firmware safety detection module is used for detecting problems of upgrading process, upgrading failure, equipment brick change, private data leakage, equipment hijacking and the like caused by a series of reasons of upgrading package stealing, damage, tampering and the like, covers CVE loopholes, configuration risks, key safety, sensitive information leakage, code safety 5 types of firmware safety risk detection and supports Linux and RTOS system firmware;
the security detection module of the OTA upgrade server certificate secret key is used for encrypting each OTA firmware data block by using a pre-shared encryption key at the back end of the server and then transmitting the OTA firmware data blocks to the automobile terminal;
and the OTA server risk evaluation module carries out SDL threat modeling based on a UML modeling technology and an OTA upgrade server risk evaluation model, carries out attack path description of OTA upgrade server end risk based on a knowledge base, a leakage base and a risk feature base technology by combining attack tree analysis, carries out threat analysis and attack path analysis, realizes an OTA upgrade server information security risk evaluation function, and derives a security detection report and a risk repair suggestion.
2. The system for detecting the information security of the on-vehicle OTA upgrade server according to claim 1, wherein: the specific steps of the OTA upgrade server vulnerability scanning module for scanning the vulnerability are as follows:
step 11, determining the IP address of the detected server, and acquiring relevant information of the server in a PING (packet Internet protocol) mode, a TRACERT (traffic enhanced Internet protocol) mode and other modes;
step 12, a port scanning tool is adopted to obtain information such as a server system version, a developed port and service information, an application service version, a port access control strategy and the like;
step 13, detecting vulnerability inclusion of the server through a vulnerability detection tool and not limiting;
step 14, further refining a vulnerability detection strategy according to the scanned system, port, service version and vulnerability information, executing a vulnerability detection script in a grouping strategy mode, and verifying the detected vulnerability;
step 15, detecting vulnerability risks such as CDN server data hijacking and OTA upgrade security test data leakage through testing items such as CDN man-in-the-middle attack, degradation attack, signature verification security test, key storage, sensitive information leakage and DDoS attack;
and step 16, the OTA upgrade server vulnerability detection module generates an OTA server security test report according to the penetration test and vulnerability detection results, and a data interface of the OTA upgrade server vulnerability detection report is matched with the OTA server security evaluation module to import the results.
3. The system for detecting the information security of the on-vehicle OTA upgrade server according to claim 1 or 2, wherein: the detection steps of the OTA upgrade firmware security detection module specifically comprise the following steps:
step 21, acquiring OTA firmware;
step 22, identifying the OTA firmware, and performing file system identification, file type identification and CPU architecture identification of the OTA firmware;
step 23, analyzing the firmware, performing OTA firmware file system, decompressing a compressed file, and analyzing a CPU instruction;
step 24, scanning OTA firmware bugs;
and 25, exporting the security detection and result of the OTA firmware.
4. The system for detecting the information security of the on-vehicle OTA upgrade server according to claim 3, wherein: the acquisition of the OTA firmware in step 21 may be obtained by: obtained directly from a development team, manufacturer/supplier or user; compile from scratch using items provided by the OTA firmware manufacturer; obtaining the binary file extension from the OTA server; updating slave equipment to acquire a man-in-the-middle; an update server in the sniffing "serial communication in hardware component" requests that firmware be dumped from a boot loader to flash memory or network dump acquisition by tftp through a hard-coded interface in the mobile application.
5. The system for detecting the information security of the on-vehicle OTA upgrade server according to claim 3 or 4, wherein: when scanning OTA firmware bugs in the step 24, mainly performing open source component CVE bug detection and Linux distribution software package bug detection; detecting a system weak password, detecting unnecessary software, and detecting self-starting service risks; detecting the safety of a firmware private key and a certificate; the sensitive information leakage detection comprises: safety detection such as SVN information leakage, Git information leakage, vi/vim information leakage, backup file leakage, temporary file leakage, information leakage in binary files and the like; and detecting the use of the unsafe library function, and identifying the security risk vulnerability of the OTA firmware information.
6. The system for detecting the information security of the on-vehicle OTA upgrade server according to claim 1 or 2, wherein: the detection steps of the OTA upgrade firmware safety detection module are as follows:
step 31, acquiring a certificate book and a secret key, and acquiring a server entity certificate, an intermediate certificate and a root certificate by using an OpenSSL tool;
step 32, acquiring the certificate and the key information, and detecting the detailed information of the certificate, the detailed information of the certificate chain, the current support protocol and the detailed information of the encryption suite by a certificate detection module through a certificate transparency mechanism;
step 33, detecting the encryption strength of the certificate and the secret key, and performing HeartBeled vulnerability detection, FREAK Attack vulnerability detection, SSL POODLE vulnerability detection, CCS injection vulnerability detection and CBC padding oracle detection through a certificate vulnerability detection tool to obtain partial information plaintext in SSL communication, a secret key of encrypted flow, a name and a password of a user and access content;
step 34, detecting an encryption algorithm of the certificate and the secret key, detecting the secret key through a secret key algorithm detection tool, detecting the algorithm intensity of a private key used for signing the certificate and the intensity of a hash function used in signature, and grading;
and step 35, exporting the security detection result of the OTA server certificate and the key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110813474.8A CN113468522A (en) | 2021-07-19 | 2021-07-19 | Detection system for information security of vehicle-mounted OTA (over the air) upgrade server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110813474.8A CN113468522A (en) | 2021-07-19 | 2021-07-19 | Detection system for information security of vehicle-mounted OTA (over the air) upgrade server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113468522A true CN113468522A (en) | 2021-10-01 |
Family
ID=77881117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110813474.8A Pending CN113468522A (en) | 2021-07-19 | 2021-07-19 | Detection system for information security of vehicle-mounted OTA (over the air) upgrade server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113468522A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113859250A (en) * | 2021-10-14 | 2021-12-31 | 泰安北航科技园信息科技有限公司 | Intelligent automobile information security threat detection system based on driving behavior abnormity identification |
CN114024995A (en) * | 2021-11-24 | 2022-02-08 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Internet of things terminal firmware safety analysis system |
CN114338627A (en) * | 2021-11-30 | 2022-04-12 | 三一汽车起重机械有限公司 | OTA (over the air) upgrading method and system for engineering machinery controller and engineering machinery |
CN114465768A (en) * | 2021-12-28 | 2022-05-10 | 尚承科技股份有限公司 | Processing system and method for updating firmware online |
CN114489008A (en) * | 2022-01-24 | 2022-05-13 | 深圳市星卡软件技术开发有限公司 | Vehicle system firmware safety protection method and device and computer equipment |
CN117708835A (en) * | 2024-02-06 | 2024-03-15 | 北京云驰未来科技有限公司 | Policy engine system and method for automobile upgrading |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012024963A1 (en) * | 2010-08-27 | 2012-03-01 | 华为终端有限公司 | Method, apparatus and system for processing firmware based on firmware over the air technology |
CN108923933A (en) * | 2018-07-12 | 2018-11-30 | 北京航空航天大学 | The working method of server, the upgrade method of car-mounted terminal and system |
CN110460573A (en) * | 2019-07-08 | 2019-11-15 | 上海赫千电子科技有限公司 | One kind being applied to automobile ECU safety upgrade management system and method |
CN113065195A (en) * | 2021-04-02 | 2021-07-02 | 中国第一汽车股份有限公司 | Vehicle information security threat assessment method, device, medium and electronic equipment |
-
2021
- 2021-07-19 CN CN202110813474.8A patent/CN113468522A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012024963A1 (en) * | 2010-08-27 | 2012-03-01 | 华为终端有限公司 | Method, apparatus and system for processing firmware based on firmware over the air technology |
CN108923933A (en) * | 2018-07-12 | 2018-11-30 | 北京航空航天大学 | The working method of server, the upgrade method of car-mounted terminal and system |
CN110460573A (en) * | 2019-07-08 | 2019-11-15 | 上海赫千电子科技有限公司 | One kind being applied to automobile ECU safety upgrade management system and method |
CN113065195A (en) * | 2021-04-02 | 2021-07-02 | 中国第一汽车股份有限公司 | Vehicle information security threat assessment method, device, medium and electronic equipment |
Non-Patent Citations (3)
Title |
---|
"智能物联网安全风险报告", 信息安全与通信保密, no. 10, 10 October 2017 (2017-10-10) * |
周媛媛;: "车联网信息安全测试技术分析及应用", 北京汽车, no. 02, 25 April 2020 (2020-04-25) * |
杨玚等: "车载终端信息安全风险实测举隅", 《网络空间安全》, 30 September 2019 (2019-09-30), pages 2 - 3 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113859250A (en) * | 2021-10-14 | 2021-12-31 | 泰安北航科技园信息科技有限公司 | Intelligent automobile information security threat detection system based on driving behavior abnormity identification |
CN114024995A (en) * | 2021-11-24 | 2022-02-08 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Internet of things terminal firmware safety analysis system |
CN114338627A (en) * | 2021-11-30 | 2022-04-12 | 三一汽车起重机械有限公司 | OTA (over the air) upgrading method and system for engineering machinery controller and engineering machinery |
CN114338627B (en) * | 2021-11-30 | 2023-06-06 | 三一汽车起重机械有限公司 | OTA upgrading method and system of engineering machinery controller and engineering machinery |
CN114465768A (en) * | 2021-12-28 | 2022-05-10 | 尚承科技股份有限公司 | Processing system and method for updating firmware online |
CN114489008A (en) * | 2022-01-24 | 2022-05-13 | 深圳市星卡软件技术开发有限公司 | Vehicle system firmware safety protection method and device and computer equipment |
CN114489008B (en) * | 2022-01-24 | 2024-04-02 | 深圳市星卡软件技术开发有限公司 | Vehicle system firmware safety protection method and device and computer equipment |
CN117708835A (en) * | 2024-02-06 | 2024-03-15 | 北京云驰未来科技有限公司 | Policy engine system and method for automobile upgrading |
CN117708835B (en) * | 2024-02-06 | 2024-04-30 | 北京云驰未来科技有限公司 | Policy engine system and method for automobile upgrading |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113468522A (en) | Detection system for information security of vehicle-mounted OTA (over the air) upgrade server | |
CN110225063B (en) | Upgrading method and system of automobile-mounted system, server and vehicle-mounted terminal | |
US7694139B2 (en) | Securing executable content using a trusted computing platform | |
CN111131313B (en) | Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile | |
US8850211B2 (en) | Method and apparatus for improving code and data signing | |
ES2902644T3 (en) | System and method for secure software update | |
US9900157B2 (en) | Object signing within a cloud-based architecture | |
CN108124491B (en) | Diagnostic joint upgrading verification method and device of diagnostic equipment and diagnostic joint | |
CN113325825B (en) | Intelligent networking automobile data and information safety evaluation system | |
JP2012520027A (en) | Verification and management of wireless device platforms | |
CN104573435A (en) | Method for terminal authority management and terminal | |
Mahmood et al. | Systematic threat assessment and security testing of automotive over-the-air (OTA) updates | |
CN104751049A (en) | Application program installing method and mobile terminal | |
CN113138775B (en) | Firmware protection method and system for vehicle-mounted diagnosis system | |
CN114327532A (en) | Automobile OTA (over the air) upgrade information security implementation method based on digital signature and encryption | |
Mansor et al. | Don't brick your car: firmware confidentiality and rollback for vehicles | |
JP7040992B2 (en) | Vulnerability information generator and vulnerability evaluation device | |
CN113055181A (en) | OTA file security processing method, device and system | |
CN115643564A (en) | FOTA upgrading method, device, equipment and storage medium for automobile safety | |
CN114598501A (en) | Data processing method and device based on Internet of things | |
Kirk et al. | A formal framework for security testing of automotive over-the-air update systems | |
Kent et al. | Assuring vehicle update integrity using asymmetric public key infrastructure (PKI) and public key cryptography (PKC) | |
CN114629658B (en) | Application signature method, device, equipment and storage medium | |
Kirk et al. | Formalising uptane in csp for security testing | |
CN114238987A (en) | Intelligent networking automobile APP penetration test method, system and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |