CN114189377A - Automobile data safety assessment method - Google Patents

Automobile data safety assessment method Download PDF

Info

Publication number
CN114189377A
CN114189377A CN202111488684.0A CN202111488684A CN114189377A CN 114189377 A CN114189377 A CN 114189377A CN 202111488684 A CN202111488684 A CN 202111488684A CN 114189377 A CN114189377 A CN 114189377A
Authority
CN
China
Prior art keywords
data
automobile
data packet
encrypted
enterprise
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111488684.0A
Other languages
Chinese (zh)
Inventor
滕添益
赵梓健
童星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Motor Vehicle Inspection Certification and Tech Innovation Center Co Ltd
Original Assignee
Shanghai Motor Vehicle Inspection Certification and Tech Innovation Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Motor Vehicle Inspection Certification and Tech Innovation Center Co Ltd filed Critical Shanghai Motor Vehicle Inspection Certification and Tech Innovation Center Co Ltd
Priority to CN202111488684.0A priority Critical patent/CN114189377A/en
Publication of CN114189377A publication Critical patent/CN114189377A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to an automobile data safety assessment method. The safety evaluation method comprises the following steps: s1, the automobile data storage certificate comprises: t1, acquiring automobile data at the whole automobile end, processing the automobile data to generate original data, performing hash value calculation on the original data to obtain a data hash value, and encrypting the original data to form an encrypted data packet and sending the encrypted data packet to an automobile enterprise; t2, converting the encrypted data packet into plaintext data by the automobile enterprise; t3, converting the plaintext data into standard data by the automobile enterprise; t4, the data evidence storage center stores standard data and data hash value; s2, the testing and evaluating organization develops data security evaluation, the data security evaluation at least includes: detecting the consistency of the encrypted data packet and the vehicle state of the whole vehicle; and (3) detecting the consistency of the collected data and the plaintext data applied by the automobile enterprises. The invention provides an automobile data safety assessment method for carrying out automobile data safety assessment management on road motor vehicles with data interaction.

Description

Automobile data safety assessment method
Technical Field
The invention relates to the technical field of automobile data safety, in particular to an automobile data safety assessment method.
Background
With the accelerated development of automobile products to mobile intelligent terminals, the automobile industry is about to enter a big data era, the levels of automobile intellectualization and networking are gradually improved, the proportion of automobile data safety is gradually increased, and a plurality of data safety events related to national safety and personal privacy protection are generated. Each occurrence of a data security event is an alert to automotive data security issues, and these events may both impact national security and compromise consumer interest.
Therefore, in order to better cope with the problems encountered during the digitization of each industry, related departments have issued a series of laws and regulations in 2021 for enhancing the protection of data security. However, the whole data security supervision system is not established yet, and corresponding operation rules do not exist, so that the standard system construction is still required to be accelerated, the management rules are improved, a detection scheme is explored, and data storage evidence is promoted.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an automobile data safety assessment method, which is used for carrying out automobile data safety assessment management on road motor vehicles with data interaction.
Specifically, the invention provides an automobile data safety evaluation method, which comprises the following steps:
s1, the automobile data storage certificate comprises:
t1, acquiring the automobile data at the automobile end, processing the automobile data to generate original data, performing hash value calculation on the original data to obtain a data hash value, and encrypting the original data to form an encrypted data packet and sending the encrypted data packet to an automobile enterprise;
t2, the automobile enterprise converts the encrypted data packet into plaintext data;
t3, the automobile enterprise converts the plaintext data into standard data;
t4, the data evidence storage center stores the standard data and the data hash value;
s2, the testing and evaluating organization develops data security evaluation, the data security evaluation at least comprises: detecting the consistency of the encrypted data packet and the vehicle state of the whole vehicle; consistency detection of collected data and plaintext data applied by the automobile enterprise; and detecting the consistency of the encrypted data packet and the data hash value.
According to one embodiment of the invention, the data security assessment further comprises: detecting the consistency of the IP address list provided by the automobile enterprise and the encrypted data packet; and detecting the consistency of the encrypted data packet and/or the plaintext data and the standard data.
According to an embodiment of the present invention, the consistency detection of the encrypted data packet and the vehicle state of the entire vehicle includes the steps of:
building a comprehensive tester and an exchanger between the whole vehicle end and the vehicle enterprise, wherein the original data are encrypted to form an encrypted data packet, the encrypted data packet is sent to the vehicle enterprise through the comprehensive tester and the exchanger, and the comprehensive tester captures a mirror image data packet of the encrypted data packet from the exchanger and sends the mirror image data packet to the testing and evaluating mechanism;
the testing and evaluating mechanism directly obtains real state data of the vehicle from the whole vehicle;
the test and evaluation mechanism obtains the encrypted data packet and the plaintext data, compares the data consistency of the encrypted data packet and the data consistency of the mirror image data packet, compares the vehicle state information in the plaintext data with the consistency of the real vehicle state data, and if the encrypted data packet and the real vehicle state data both meet the requirement of consistency, the vehicle state of the encrypted data packet is consistent with that of the whole vehicle.
According to one embodiment of the invention, the consistency detection of the collected data and the plaintext data of the automobile enterprise application comprises the following steps:
the testing and evaluating mechanism acquires the plaintext data and the acquired data applied by the automobile enterprise;
comparing the field number and format definition consistency of the plaintext data and the applied acquired data;
if the plaintext data comprises fields which are not contained in the applied acquired data, the acquired data applied by the automobile enterprise is inconsistent with the plaintext data; and if the plaintext data does not comprise fields which are not included in the applied acquired data, the acquired data applied by the automobile enterprise is consistent with the plaintext data.
According to an embodiment of the present invention, the consistency detection of the encrypted data packet and the data hash value comprises the steps of:
calculating the hash value of the encrypted data packet to obtain the hash value of the encrypted data;
the testing and evaluating mechanism acquires the encrypted data hash value and acquires the data hash value from the data evidence storage center;
and comparing the consistency of the encrypted data hash value and the data hash value, if the consistency is consistent, the authenticity and the integrity of the encrypted data packet can be ensured, and if the consistency is not consistent, the encrypted data packet is changed.
According to one embodiment of the invention, the consistency detection of the IP address list provided by the automobile enterprise and the encrypted data packet comprises the following steps:
building a comprehensive tester and an exchanger between the whole vehicle end and the vehicle enterprise, wherein the original data are encrypted to form an encrypted data packet, the encrypted data packet is sent to the vehicle enterprise through the comprehensive tester and the exchanger, and the comprehensive tester captures a mirror image data packet of the encrypted data packet from the exchanger and sends the mirror image data packet to the testing and evaluating mechanism;
the testing and evaluating mechanism obtains an IP address list of the automobile enterprise and verifies the IP address list;
and the testing and evaluating mechanism compares whether the IP address in the mirror image data packet is consistent with the IP address in the IP address list, if so, the IP address list provided by the automobile enterprise is consistent with the encrypted data packet, and if not, the IP address list provided by the automobile enterprise is inconsistent with the encrypted data packet.
According to one embodiment of the invention, the consistency detection of the encrypted data packets and/or the plaintext data with the standard data comprises the steps of:
the testing and evaluating mechanism acquires the encrypted data packet and/or the plaintext data from the automobile enterprise, and acquires the corresponding standard data from the data evidence storage center according to the VIN code and the timestamp in the encrypted data packet and/or the plaintext data;
and the testing and evaluating mechanism compares the fields of the encrypted data packet and/or the plaintext data with the standard data, and if the fields of the encrypted data packet and/or the plaintext data have correspondence, the encrypted data packet and/or the plaintext data are consistent with the standard data.
According to an embodiment of the present invention, in step T1, the desensitization process is performed on the vehicle data acquired at the vehicle end, and the original data is regenerated.
According to an embodiment of the present invention, in step T1, the data hash value is synchronously uploaded to the data certification authority when the data packet is uploaded to the automobile enterprise.
According to an embodiment of the present invention, at step T3, the automobile enterprise converts the plaintext data into standard data according to the group standard of "intelligent networking automobile data format and definition".
The automobile data safety assessment method provided by the invention is used for carrying out automobile data safety assessment management on road motor vehicles with data interaction.
It is to be understood that both the foregoing general description and the following detailed description of the present invention are exemplary and explanatory and are intended to provide further explanation of the invention as claimed.
Drawings
The accompanying drawings, which are included to provide a further explanation of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention. In the drawings:
fig. 1 shows a flow chart of a method for evaluating the safety of automobile data according to an embodiment of the invention.
Fig. 2 shows a schematic structural diagram of building a comprehensive tester and an exchange between a whole vehicle end and a vehicle enterprise according to an embodiment of the invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
The technical solution in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the application, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
The relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present application unless specifically stated otherwise. Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description. Techniques, security assessment methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate. In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
In the description of the present application, it is to be understood that the orientation or positional relationship indicated by the directional terms such as "front, rear, upper, lower, left, right", "lateral, vertical, horizontal" and "top, bottom", etc., are generally based on the orientation or positional relationship shown in the drawings, and are used for convenience of description and simplicity of description only, and in the case of not making a reverse description, these directional terms do not indicate and imply that the device or element being referred to must have a particular orientation or be constructed and operated in a particular orientation, and therefore, should not be considered as limiting the scope of the present application; the terms "inner and outer" refer to the inner and outer relative to the profile of the respective component itself.
Spatially relative terms, such as "above … …," "above … …," "above … …," "above," and the like, may be used herein for ease of description to describe one device or feature's spatial relationship to another device or feature as illustrated in the figures. It will be understood that the spatially relative terms are intended to encompass different orientations of the device in use or operation in addition to the orientation depicted in the figures. For example, if a device in the figures is turned over, devices described as "above" or "on" other devices or configurations would then be oriented "below" or "under" the other devices or configurations. Thus, the exemplary term "above … …" can include both an orientation of "above … …" and "below … …". The device may be otherwise variously oriented (rotated 90 degrees or at other orientations) and the spatially relative descriptors used herein interpreted accordingly.
It should be noted that the terms "first", "second", and the like are used to define the components, and are only used for convenience of distinguishing the corresponding components, and the terms have no special meanings unless otherwise stated, and therefore, the scope of protection of the present application is not to be construed as being limited. Further, although the terms used in the present application are selected from publicly known and used terms, some of the terms mentioned in the specification of the present application may be selected by the applicant at his or her discretion, the detailed meanings of which are described in relevant parts of the description herein. Further, it is required that the present application is understood not only by the actual terms used but also by the meaning of each term lying within.
Fig. 1 shows a flow chart of a method for evaluating the safety of automobile data according to an embodiment of the invention. As shown in the figure, an automobile data security assessment method comprises the following steps:
s1, the automobile data storage certificate comprises:
t1, acquiring automobile data at the whole automobile end, processing the automobile data to generate original data, performing hash value calculation on the original data to obtain a data hash value, and encrypting the original data to form an encrypted data packet to be sent to an automobile enterprise;
t2, converting the encrypted data packet into plaintext data by the automobile enterprise;
t3, converting the plaintext data into standard data by the automobile enterprise;
t4, the data evidence storage center stores standard data and data hash value;
s2, the testing and evaluating organization develops data security evaluation, the data security evaluation at least includes: detecting the consistency of the encrypted data packet and the vehicle state of the whole vehicle; consistency detection of collected data and plaintext data applied by an automobile enterprise; and detecting the consistency of the encrypted data packet and the data hash value.
It should be noted that the automobile enterprises herein include intelligent networked automobile manufacturers, component and software suppliers, and travel service enterprises, the automobile data refers to data related to personal information and important data in the processes of automobile design, production, sale, use, operation and maintenance, and the automobile data activities include collection, storage, use, processing, transmission, provision, disclosure, etc. of the automobile data.
The testing and evaluating organization is responsible for developing safety evaluation of data activities of the automobile enterprise, and the safety evaluation is based on data verification results. The data verification refers to the inspection of data safety, integrity and authenticity, the field test is mainly developed, and the inspection is developed from the aspects of data acquisition, transmission, decryption, comparison, format conversion, data storage and the like.
Preferably, in step S2, the data security evaluation further includes: detecting the consistency of an IP address list and an encrypted data packet provided by an automobile enterprise; and (3) detecting the consistency of the encrypted data packet and/or the plaintext data and the standard data.
Preferably, the consistency detection of the encrypted data packet and the vehicle state of the whole vehicle comprises the following steps:
and establishing a comprehensive tester and a switchboard between the whole vehicle end and the vehicle enterprise. Fig. 2 shows a schematic structural diagram of building a comprehensive tester and an exchange between a whole vehicle end and a vehicle enterprise according to an embodiment of the invention. As shown, the entire vehicle 201 under test and the communication antenna 202 are disposed in the electromagnetic shielding chamber 203. The control room 204 is provided with an integration 205 and a computer 206 connected to the integration 205, and the switch 207 is provided outside the control room 204. The original data form an encrypted data packet at the whole vehicle end, the communication antenna 202 wirelessly receives the encrypted data packet from the whole vehicle 201 end and transmits the encrypted data packet to the comprehensive tester 205 through the coaxial cable 208, and the encrypted data packet is transmitted to the vehicle enterprise 210 through the communication base station 209 from the comprehensive tester 205 to the switch 207. The computer 206 fetches the mirror image packet of the encrypted packet from the switch 207 through the synthesizer 205 and sends the mirror image packet to the testing and evaluating organization. Wherein the electromagnetic shielding room 203 can be replaced by an anechoic room to ensure that the original data is protected from electromagnetic interference.
A testing and evaluating mechanism directly obtains real state data of the vehicle from the whole vehicle;
and the test and evaluation mechanism acquires the encrypted data packet and the plaintext data, compares the data consistency of the encrypted data packet and the data consistency of the mirror image data packet, compares the vehicle state information in the plaintext data with the consistency of the real vehicle state data, and if the encrypted data packet and the real vehicle state data both meet the requirement of consistency, the encrypted data packet and the vehicle state of the whole vehicle are consistent. The consistency detection of the encrypted data packet and the vehicle state of the whole vehicle is the consistency detection of the data collected at the whole vehicle end and the real state of the whole vehicle.
Preferably, the consistency detection of the collected data and the plaintext data applied by the automobile enterprise comprises the following steps:
a testing and evaluating mechanism acquires plaintext data and acquired data applied by an automobile enterprise;
comparing the field number of the plaintext data and the applied acquired data and the consistency of the format definition;
if the plaintext data comprises fields which are not contained in the applied acquired data, the acquired data applied by the automobile enterprise is inconsistent with the plaintext data; and if the plaintext data does not comprise fields which are not contained in the applied acquired data, the acquired data applied by the automobile enterprise is consistent with the plaintext data. The comparison between the collected data applied by the automobile enterprise and the plaintext data is to ensure that the data applied by the automobile enterprise is consistent with the actually obtained data.
Preferably, the consistency check of the encrypted data packet and the data hash value comprises the steps of:
carrying out hash value calculation on an encrypted data packet acquired by an automobile enterprise to obtain an encrypted data hash value;
the testing and evaluating mechanism acquires the encrypted data hash value and acquires the data hash value from the data evidence storage center;
and comparing the consistency of the encrypted data hash value and the data hash value, if the consistency is consistent, the authenticity and the integrity of the encrypted data packet can be ensured, and if the consistency is not consistent, the encrypted data packet is changed. The consistency detection of the encrypted data packet and the data hash value is used for ensuring the consistency of the data obtained by the automobile enterprise and the original data.
Preferably, the consistency detection of the IP address list and the encrypted data packet provided by the automobile enterprise comprises the following steps:
referring to fig. 2, a comprehensive tester and an exchange are built between the whole vehicle end and the automobile enterprise. The tested whole vehicle 201 and the communication antenna 202 are arranged in an electromagnetic shielding chamber 203. The control room 204 is provided with an integration 205 and a computer 206 connected to the integration 205, and the switch 207 is provided outside the control room 204. The original data form an encrypted data packet at the whole vehicle end, the communication antenna 202 wirelessly receives the encrypted data packet from the whole vehicle 201 end and transmits the encrypted data packet to the comprehensive tester 205 through the coaxial cable 208, and the encrypted data packet is transmitted to the automobile enterprise 210 through the comprehensive tester 205 to the switch 207 and the communication base station 209. The computer 206 fetches the mirror image packet of the encrypted packet from the switch 207 through the synthesizer 205 and sends the mirror image packet to the testing and evaluating organization. Wherein the electromagnetic shielding room 203 can be replaced by an anechoic room to ensure that the original data is protected from electromagnetic interference.
The testing and evaluating mechanism obtains an IP address list of the automobile enterprise and verifies the IP address list;
and the testing and evaluating mechanism compares whether the IP address in the mirror image data packet is consistent with the IP address in the IP address list, if so, the IP address list provided by the automobile enterprise is consistent with the encrypted data packet, and if not, the IP address list provided by the automobile enterprise is inconsistent with the encrypted data packet. The consistency detection of the IP address list provided by the automobile enterprise and the encrypted data packet is used for ensuring the fixed-point transmission of the automobile data, namely the applied IP address is consistent with the IP address uploaded by the actual data packet.
Preferably, the checking of the conformity of the encrypted data packets and/or the plaintext data with the standard data comprises the steps of:
the method comprises the steps that a testing and evaluating mechanism obtains encrypted data packets and/or plaintext data from an automobile enterprise, and corresponding standard data are obtained from a data evidence storage center according to VIN codes and timestamps in the encrypted data packets and/or the plaintext data;
and the testing and evaluating mechanism compares fields in the encrypted data packet and/or the plaintext data with the standard data, and if the encrypted data packet and/or the plaintext data have correspondence, the encrypted data packet and/or the plaintext data are consistent with the standard data.
It should be noted that the VIN code and the time stamp corresponding to the entire vehicle may be added when the encrypted data packet is generated by the vehicle enterprise, or the VIN code and the time stamp corresponding to the entire vehicle may be added when the plaintext data is generated. Generally, only by comparing any one of the encrypted data packet or the plaintext data with the standard data, whether the standard data of the data evidence center is consistent with the original data obtained by the automobile enterprise can be known.
Preferably, in step T1, the desensitization process is performed on the acquired vehicle data at the vehicle end, and then the raw data is generated. When the data is collected at the whole vehicle end, firstly, desensitization treatment is carried out on the collected data at the whole vehicle end according to laws and regulations.
Preferably, in step T1, the data hash value is synchronously uploaded to the data certification authority when the data packet is uploaded to the automobile enterprise. In this step, the raw data to be uploaded to the automobile enterprise needs to be subjected to hash value calculation according to SHA256 international hash calculation standard. When the original data are uploaded to a data center of an automobile enterprise, the corresponding data hash values are synchronously uploaded to a data storage center, and verification of authenticity and integrity of the data is conveniently carried out when enterprise audit evaluation is carried out in the later stage.
Preferably, in step T3, the automobile enterprise converts the plaintext data into standard data according to the group standard of "intelligent networking automobile data format and definition". In view of the requirements of intellectual property rights and enterprise trade secret protection of each automobile enterprise, decoded original data cannot be provided externally, and in order to carry out decryption and standardization on data of each automobile enterprise, the automobile enterprises need to carry out format conversion on safety-related data according to a group standard of intelligent networking automobile data format and definition and submit the generated standard data to a data evidence storage center. The vehicle user can inquire the historical data of the whole vehicle in the data evidence storage center.
The automobile data safety evaluation method provided by the invention has the following advantages:
1. the hash value of original data to be uploaded is calculated at the whole vehicle end according to SHA256 international hash calculation standards, and when the original data uploaded by the whole vehicle is transmitted to a data center of an automobile enterprise through a switch, the data hash value corresponding to the original data is synchronously uploaded to a storage center, so that the anti-tampering of the original data is ensured, and the verification of the authenticity and integrity of the data is conveniently carried out in the later period of carrying out the safety evaluation of the data of the automobile enterprise.
2. According to the group standard of intelligent networking automobile data format and definition, automobile enterprises need to perform format conversion on safety-related automobile data according to the standard and submit the generated standard data to a certificate storage center, so that the requirements of intellectual property rights and enterprise commercial secret protection of each automobile enterprise are met, and government supervision and management and data inquiry of vehicle users are facilitated.
3. And in the data verification (data safety evaluation), the data packet is captured at the switch and compared with the data packet transmitted back to the automobile enterprise at the whole automobile end, so that the consistency detection of the automobile data can be realized.
It will be apparent to those skilled in the art that various modifications and variations can be made to the above-described exemplary embodiments of the present invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.

Claims (10)

1. A safety evaluation method for automobile data comprises the following steps:
s1, the automobile data storage certificate comprises:
t1, acquiring the automobile data at the automobile end, processing the automobile data to generate original data, performing hash value calculation on the original data to obtain a data hash value, and encrypting the original data to form an encrypted data packet and sending the encrypted data packet to an automobile enterprise;
t2, the automobile enterprise converts the encrypted data packet into plaintext data;
t3, the automobile enterprise converts the plaintext data into standard data;
t4, the data evidence storage center stores the standard data and the data hash value;
s2, the testing and evaluating organization develops data security evaluation, the data security evaluation at least comprises: detecting the consistency of the encrypted data packet and the vehicle state of the whole vehicle; consistency detection of collected data and plaintext data applied by the automobile enterprise; and detecting the consistency of the encrypted data packet and the data hash value.
2. The security assessment method of claim 1, wherein said data security assessment further comprises: detecting the consistency of the IP address list provided by the automobile enterprise and the encrypted data packet; and detecting the consistency of the encrypted data packet and/or the plaintext data and the standard data.
3. The security assessment method according to claim 1, wherein the consistency detection of the encrypted data packet and the vehicle state of the entire vehicle comprises the steps of:
building a comprehensive tester and an exchanger between the whole vehicle end and the vehicle enterprise, wherein the original data are encrypted to form an encrypted data packet, the encrypted data packet is sent to the vehicle enterprise through the comprehensive tester and the exchanger, and the comprehensive tester captures a mirror image data packet of the encrypted data packet from the exchanger and sends the mirror image data packet to the testing and evaluating mechanism;
the testing and evaluating mechanism directly obtains real state data of the vehicle from the whole vehicle;
the testing and evaluating mechanism obtains the encrypted data packet and the plain text data from the automobile enterprise, compares the data consistency of the encrypted data packet and the mirror image data packet, and simultaneously compares the consistency of the vehicle state information in the plain text data and the real vehicle state data, if the encrypted data packet and the real vehicle state data both meet the requirement of consistency, the vehicle state of the encrypted data packet is consistent with that of the whole automobile.
4. The automobile data security assessment method according to claim 1, wherein the consistency detection of the collected data and the plaintext data applied by the automobile enterprise comprises the steps of:
the testing and evaluating mechanism acquires the plaintext data and the acquired data applied by the automobile enterprise;
comparing the field number and format definition consistency of the plaintext data and the applied acquired data;
if the plaintext data comprises fields which are not contained in the applied acquired data, the acquired data applied by the automobile enterprise is inconsistent with the plaintext data; and if the plaintext data does not comprise fields which are not included in the applied acquired data, the acquired data applied by the automobile enterprise is consistent with the plaintext data.
5. The automobile data security evaluation method according to claim 1, wherein the consistency detection of the encrypted data packet and the data hash value comprises the steps of:
calculating the hash value of the encrypted data packet to obtain the hash value of the encrypted data;
the testing and evaluating mechanism acquires the encrypted data hash value and acquires the data hash value from the data evidence storage center;
and comparing the consistency of the encrypted data hash value and the data hash value, if the consistency is consistent, the authenticity and the integrity of the encrypted data packet can be ensured, and if the consistency is not consistent, the encrypted data packet is changed.
6. The automobile data security assessment method according to claim 2, wherein the consistency detection of the IP address list provided by the automobile enterprise and the encrypted data packet comprises the steps of:
building a comprehensive tester and an exchanger between the whole vehicle end and the vehicle enterprise, wherein the original data are encrypted to form an encrypted data packet, the encrypted data packet is sent to the vehicle enterprise through the comprehensive tester and the exchanger, and the comprehensive tester captures a mirror image data packet of the encrypted data packet from the exchanger and sends the mirror image data packet to the testing and evaluating mechanism;
the testing and evaluating mechanism obtains an IP address list of the automobile enterprise and verifies the IP address list;
and the testing and evaluating mechanism compares whether the IP address in the mirror image data packet is consistent with the IP address in the IP address list, if so, the IP address list provided by the automobile enterprise is consistent with the encrypted data packet, and if not, the IP address list provided by the automobile enterprise is inconsistent with the encrypted data packet.
7. The automobile data security evaluation method according to claim 2, wherein the consistency detection of the encrypted data packet and/or the plaintext data and the standard data comprises the steps of:
the testing and evaluating mechanism acquires the encrypted data packet and/or the plaintext data from the automobile enterprise, and acquires the corresponding standard data from the data evidence storage center according to the VIN code and the timestamp in the encrypted data packet and/or the plaintext data;
and the testing and evaluating mechanism compares the fields of the encrypted data packet and/or the plaintext data with the standard data, and if the fields of the encrypted data packet and/or the plaintext data have correspondence, the encrypted data packet and/or the plaintext data are consistent with the standard data.
8. The automobile data security assessment method according to claim 1, wherein in step T1, the acquired automobile data at the whole automobile end is desensitized and then the original data is generated.
9. The automobile data security evaluation method according to claim 1, wherein in step T1, the data hash value is synchronously uploaded to the data certification center when the data packet is uploaded to the automobile enterprise.
10. The automobile data security evaluation method according to claim 1, wherein at step T3, the automobile enterprise converts the plaintext data into standard data according to the group standard of "intelligent internet automobile data format and definition".
CN202111488684.0A 2021-12-07 2021-12-07 Automobile data safety assessment method Pending CN114189377A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111488684.0A CN114189377A (en) 2021-12-07 2021-12-07 Automobile data safety assessment method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111488684.0A CN114189377A (en) 2021-12-07 2021-12-07 Automobile data safety assessment method

Publications (1)

Publication Number Publication Date
CN114189377A true CN114189377A (en) 2022-03-15

Family

ID=80603756

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111488684.0A Pending CN114189377A (en) 2021-12-07 2021-12-07 Automobile data safety assessment method

Country Status (1)

Country Link
CN (1) CN114189377A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115391832A (en) * 2022-08-23 2022-11-25 中德智骋(上海)汽车科技有限公司 Data management method and system based on block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115391832A (en) * 2022-08-23 2022-11-25 中德智骋(上海)汽车科技有限公司 Data management method and system based on block chain

Similar Documents

Publication Publication Date Title
Kim et al. Cybersecurity for autonomous vehicles: Review of attacks and defense
CN111630825B (en) Intrusion anomaly monitoring in a vehicle environment
US8498771B2 (en) Wireless vehicle servicing
JP6805667B2 (en) Detection device, gateway device, detection method and detection program
CN110232749B (en) Block chain-based inspection and evidence storage method and device and electronic equipment
Buquerin et al. A generalized approach to automotive forensics
CN110636075A (en) Operation and maintenance management and control and operation and maintenance analysis method and device
CN111901349A (en) Penetration testing method, device and system based on in-vehicle CAN bus
CN108415398A (en) Automobile information safety automation tests system and test method
CN102455700A (en) Method and system for realizing real-time interaction of automobile fault diagnosis information
EP1990972A1 (en) Method for testing safety access protocol conformity to identification service entity and system thereof
CN109159758B (en) Equipment authentication method and mobile unit
CN110505497A (en) A kind of cloud mobile phone operational monitoring method, system, device and storage medium
Frassinelli et al. I know where you parked last summer: Automated reverse engineering and privacy analysis of modern cars
CN112738121B (en) Password security situation awareness method, device, equipment and readable storage medium
CN110830491A (en) Internet of vehicles information acquisition method and device
CN114189377A (en) Automobile data safety assessment method
CN114664002A (en) Distributed on-board real-time sensor data processing as a service
CN109733323A (en) The management method and vehicle of vehicle
CN111402456B (en) Unlocking method and device
Daily et al. Towards a cyber assurance testbed for heavy vehicle electronic controls
CN111711664A (en) Information safety testing method and system of intelligent vehicle-road cooperative system
CN111314921A (en) Test system, method, device and storage medium based on wireless communication
Faschang et al. An open software-based framework for automotive cybersecurity testing
KR20130106155A (en) Black box data service system for a vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination