CN114584384A - In-vehicle heterogeneous network secure communication control method, computer device and storage medium - Google Patents

In-vehicle heterogeneous network secure communication control method, computer device and storage medium Download PDF

Info

Publication number
CN114584384A
CN114584384A CN202210234304.9A CN202210234304A CN114584384A CN 114584384 A CN114584384 A CN 114584384A CN 202210234304 A CN202210234304 A CN 202210234304A CN 114584384 A CN114584384 A CN 114584384A
Authority
CN
China
Prior art keywords
vehicle
network
ecu
communication control
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210234304.9A
Other languages
Chinese (zh)
Other versions
CN114584384B (en
Inventor
曹进
尚超
李晖
刘家佳
马如慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202210234304.9A priority Critical patent/CN114584384B/en
Publication of CN114584384A publication Critical patent/CN114584384A/en
Application granted granted Critical
Publication of CN114584384B publication Critical patent/CN114584384B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention belongs to the technical field of communication network safety, and discloses an in-vehicle heterogeneous network safety communication control method, computer equipment and a storage medium, wherein nodes participating in-vehicle network data transmission complete in-vehicle heterogeneous network safety communication control node identity registration with the assistance of an in-vehicle gateway; and the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle. The invention provides an in-vehicle network node identity registration method and an in-vehicle network node identity authentication method by combining the characteristics of complex isomerization, multiple network node types, identity identifier loss, various authentication scenes, serious limitation of resources such as calculation bandwidth and the like of intelligent automobile vehicle-mounted software and a network architecture, realizes mutual authentication between automobile internal network entities, solves the node authentication problem of the in-vehicle network under the scene of resource limitation, and ensures the legality of an external access entity and an internal network node.

Description

In-vehicle heterogeneous network secure communication control method, computer device and storage medium
Technical Field
The invention belongs to the technical field of communication network safety, and particularly relates to a method for controlling safety communication of an in-vehicle heterogeneous network, computer equipment and a storage medium.
Background
At present, with the rapid development of intelligent networked automobiles, the number of new-generation intelligent networked automobiles represented by new energy automobiles is increased rapidly, and the safety protection problem of heterogeneous networks in automobiles also becomes a great problem. Because of the problems of multiple network node types, identity identification loss, various authentication scenes, severely limited resources such as calculation bandwidth and the like, the intelligent networked automobile has the advantages that the safety communication of the internal network of the automobile is greatly threatened, the driving safety of the automobile is seriously influenced, and potential threats are brought to the safety of lives and properties of people.
In order to solve the security problem of the internal network of the automobile, researchers at home and abroad have proposed various schemes. For example, an automobile internal network intrusion detection mechanism is designed by combining machine learning technology. The intrusion detection mechanism needs a large amount of actual data as input for detection model training, and has high training time cost, large calculation consumption and large storage cost of the model; meanwhile, the model for intrusion detection cannot guarantee the instantaneity and the 100% accuracy, so that certain time delay exists after the model is subjected to malicious attack, and the situations of missed detection and false detection exist. In consideration of the characteristics of heterogeneity of networks in the intelligent driving automobile, openness of interfaces, variety of ECU and the like, the intrusion detection mechanism cannot perform unified identity management aiming at various network nodes, and an omnibearing and multilevel entity identity authentication protocol and a network node key agreement mechanism are lacked. Therefore, designing an in-vehicle network security communication protection scheme is a key problem facing the internet of vehicles (an in-vehicle network).
Through the above analysis, the problems and defects of the prior art are as follows: the prior art does not fully consider the characteristics of heterogeneity of an internal network, openness of an interface, variety and diversity of ECU (electronic control unit) of an intelligent driving automobile, can not carry out unified identity management aiming at various network nodes, and lacks an all-round and multi-level entity identity authentication protocol and a network node key agreement mechanism.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an in-vehicle heterogeneous network safety communication control method, computer equipment and a storage medium.
The invention is realized in this way, a method for controlling the safety communication of the in-vehicle heterogeneous network, the method for controlling the safety communication of the in-vehicle heterogeneous network comprises the following steps:
the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway;
and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
Further, in the first step, the node identity registration includes identity registration of an in-vehicle network gateway and an in-vehicle network ECU node.
Further, in the step one, the specific process of node identity registration is as follows:
the whole vehicle CAN gateway is marked as V-G, and all CAN gateway lists are maintained; the single CAN gateway is marked as G _ i and maintains an ECU list of the single CAN gateway; single ECU, denoted ECUiMaintaining an ECU list subscribed by the user for filtering messages of a receiver;
the ECU identification is represented by ECU-ID and is used as a unique identifier of each ECU pair in the vehicle; the coding length is 8 bits, the first 3 bits represent the domain, and the last 5 bits represent the ECU serial number;
in hexadecimal representation, 0x 41-0 b01000001 represents the first ECU of 0b010 field;
the CAN gateway is used as a special ECU, and is marked as 0 th ECU, 0x 40; and setting a sensitive threshold value ECU-ID _ S, wherein the ECU-ID < ECU-ID _ S is marked as a sensitive ECU.
Further, the code length is 8 bits, and the first 3 bits represent a key group in which the domain is a single CAN or multiple CANs.
Further, in the second step, the node identity authentication includes identity authentication or group authentication of an in-vehicle network gateway and an in-vehicle network ECU node.
Further, in the second step, the node identity authentication is selected as required, and when the scene is limited, the identity authentication is omitted, and each in-vehicle network bus is regarded as a group.
Further, in the second step, the specific process of node identity authentication is as follows:
V-G、Gi、ECUian encryption initial symmetric long-term key sk is built iniA group authenticates the initial symmetric long-term key gk;
after each power-on, V-G generates current group key (cgk) of the group authentication key, encrypts by gk and sends E (gk, cgk) to Gi
GiDecryption cgk compute MAC (cgk, G)ID) And sending the ACK and G after the V-G verifies that the MAC passesiJoining the group to complete identity authentication;
Gibroadcasting E (gk, cgk) to the ECUi,ECUiUpon receipt, the decryption by gk is carried out to obtain cgk, the MAC is calculated (cgk, ECU-ID), and the result is sent to Gi,GiAfter the MAC is verified to pass, ACK is sent, and the ECUiAnd joining the group to finish the identity authentication.
Another object of the present invention is to provide a computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program, which when executed by the processor, causes the processor to perform the steps of:
the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway;
and step two, the nodes participating in the data transmission of the in-vehicle network complete the identity authentication of the in-vehicle network nodes.
It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway;
and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
Another object of the present invention is to provide the information data processing terminal, wherein the information data processing terminal is configured to execute the in-vehicle heterogeneous network secure communication control method.
In combination with the technical solutions and the technical problems to be solved, please analyze the advantages and positive effects of the technical solutions to be protected in the present invention from the following aspects:
first, aiming at the technical problems existing in the prior art and the difficulty in solving the problems, the technical problems to be solved by the technical scheme of the present invention are closely combined with results, data and the like in the research and development process, and some creative technical effects are brought after the problems are solved. The specific description is as follows:
the invention provides a multi-type network node unified identity registration method and an identity authentication protocol suitable for an automobile internal network by aiming at the characteristics of diversified types and missing identity identifications of automobile internal network nodes and combining an in-automobile network bus data transmission frame format, and supports credible authentication of ECU nodes and safe transmission of messages among the nodes. The invention is designed aiming at the characteristics of the CAN bus, takes the CAN bus as an example for explanation, does not change the original CAN protocol and the message frame structure, and has good adaptability to the existing automobile type; the invention has strong expandability and can be expanded to other types of in-vehicle network bus scenes.
Secondly, considering the technical scheme as a whole or from the perspective of products, the technical effect and advantages of the technical scheme to be protected by the invention are specifically described as follows:
the invention provides an in-vehicle network node identity registration method and an in-vehicle network node identity authentication method by combining the characteristics of complex isomerization, multiple network node types, identity identifier loss, various authentication scenes, serious limitation of resources such as calculation bandwidth and the like of intelligent automobile vehicle-mounted software and a network architecture, realizes mutual authentication between automobile internal network entities, solves the node authentication problem of the in-vehicle network under the scene of resource limitation, and ensures the legality of an external access entity and an internal network node.
Third, as an inventive supplementary proof of the claims of the present invention, there are also presented several important aspects:
(1) the expected income and commercial value after the technical scheme of the invention is converted are as follows:
the invention provides a method for controlling the secure communication of an in-vehicle heterogeneous network, computer equipment and a storage medium. The method takes the automobile Bus CAN Bus which is most widely applied at present as an example for explanation, CAN be applied to all automobile brands taking the CAN Bus as the automobile Bus in the industry, CAN be used as a prototype, is slightly modified to be applied to automobiles with other Bus types, and has a very wide application range. After the method is used by automobile manufacturers, the identity management and the identity authentication of network nodes in automobiles can be realized, most of internal network attacking behaviors of automobiles are avoided, the driving safety of the automobiles is greatly improved, and the personal and property safety of users is guaranteed.
(2) The technical scheme of the invention solves the technical problems which are always desired to be solved but are not successfully achieved:
the invention solves the problem that the internal network of the automobile lacks node identity management and identity authentication mechanism due to limited bandwidth resources of the internal network of the automobile, severely limited computing capacity of network nodes and diversification of the network nodes, thereby avoiding numerous attack types such as counterfeit attack, man-in-the-middle attack and the like aiming at the internal network of the automobile.
Drawings
Fig. 1 is a flowchart of a method for controlling secure communication of an in-vehicle heterogeneous network according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a network node identity registration process provided in an embodiment of the present invention.
Fig. 3 is a schematic diagram of a network node identity authentication process according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
First, an embodiment is explained. This section is an explanatory embodiment expanding on the claims so as to fully understand how the present invention is embodied by those skilled in the art.
As shown in fig. 1, the method for controlling secure communication in a heterogeneous network in a vehicle according to an embodiment of the present invention includes:
s101: and the nodes participating in the in-vehicle network data transmission complete the node identity registration of the in-vehicle heterogeneous network safety communication control with the help of the in-vehicle gateway.
S102: and the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
In S101 provided by the embodiment of the present invention, the node identity registration includes identity registration of nodes such as an in-vehicle network gateway and an in-vehicle network ECU.
In S101 provided by the embodiment of the present invention, a specific process of node identity registration is as follows:
the whole CAN gateway is marked as V-G, and all CAN gateway lists are maintained; single CAN gateway, denoted GiMaintaining an ECU list of the user; single ECU, denoted ECUiMaintaining an ECU list subscribed by the user for filtering messages of a receiver;
the ECU identification is represented by ECU-ID and is used as a unique identifier of each ECU pair in the vehicle; the code length is 8 bits, the first 3 bits represent the domain (CAN be single CAN or a key group consisting of a plurality of CAN), and the last 5 bits represent the serial number of the ECU.
Hexadecimal notation is used, such as 0x 41-0 b01000001 for the first ECU in the 0b010 domain.
The CAN gateway is used as a special ECU, and is marked as 0 th ECU, 0x 40; and setting a sensitive threshold value ECU-ID _ S, wherein the ECU-ID < ECU-ID _ S is marked as a sensitive ECU.
In S102 provided by the embodiment of the present invention, the node authentication includes authentication or group authentication of nodes such as an in-vehicle network gateway and an in-vehicle network ECU.
In S102 provided by the embodiment of the present invention, node identity authentication is selected as needed, and when a scene is limited, identity authentication is omitted, and each in-vehicle network bus is regarded as a group, so as to satisfy a scene with low requirements on security level and a scene with scarce network computing bandwidth resources.
In S102 provided in the embodiment of the present invention, a specific process of node identity authentication is as follows:
V-G、Gi、ECUian encryption initial symmetric long-term key sk is built iniOne group authenticates the initial symmetric long-term key gk.
After each power-on, V-G generates current group key (cgk) of the group authentication key, encrypts by gk and sends E (gk, cgk) to Gi
GiDecryption cgk compute MAC (cgk, G)ID) And sending the ACK and G after the V-G verifies that the MAC passesiJoining the group to complete identity authentication;
Gibroadcasting E (gk, cgk) to the ECUi,ECUiUpon receipt, the decryption by gk is carried out to obtain cgk, the MAC is calculated (cgk, ECU-ID), and the result is sent to Gi,GiAfter the MAC is verified to pass, ACK is sent, and the ECUiAnd joining the group to finish the identity authentication.
And II, application embodiment. In order to prove the creativity and the technical value of the technical scheme of the invention, the part is the application example of the technical scheme of the claims on specific products or related technologies.
The network gateway equipment in the vehicle provided by the embodiment of the invention comprises a memory and a processor, wherein the memory stores a computer program, and the computer program is executed by the processor, so that the processor executes the following steps: the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway; and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
The network node equipment in the vehicle provided by the embodiment of the invention comprises a memory and a processor, wherein the memory stores a computer program, and the computer program is executed by the processor, so that the processor executes the following steps: the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway; and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
The invention provides an in-vehicle network ECU device, which comprises a memory and a processor, wherein the memory stores a computer program, and the computer program causes the processor to execute the following steps when executed by the processor: the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway; and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
The computer device provided by the embodiment of the invention comprises a memory and a processor, wherein the memory stores a computer program, and when the computer program is executed by the processor, the processor executes the following steps: the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway; and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
The embodiment of the invention provides a readable storage medium of an in-vehicle network gateway, which stores a computer program, and when the computer program is executed by a processor, the processor executes the following steps: the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway; and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
The invention provides an in-vehicle network ECU readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the processor executes the following steps: the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway; and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
The embodiment of the invention provides a readable storage medium of an in-vehicle network node, which stores a computer program, and when the computer program is executed by a processor, the processor executes the following steps: the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway; and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
A computer-readable storage medium according to an embodiment of the present invention stores a computer program, and when the computer program is executed by a processor, the processor executes the following steps: the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway; and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
The embodiment of the invention provides an information data processing terminal, which is used for executing the in-vehicle heterogeneous network secure communication control method.
And thirdly, evidence of relevant effects of the embodiment. The embodiment of the invention achieves some positive effects in the process of research and development or use, and has great advantages compared with the prior art, and the following contents are described by combining data, diagrams and the like in the test process.
The embodiment of the invention carries out node identity registration by virtue of the in-vehicle network gateway, is very suitable for the characteristics of strong gateway calculation and storage capacity and weak calculation and storage capacity of other nodes in the current in-vehicle network, and can determine the sensitive ECU in the identity registration link for subsequent processing. According to the embodiment of the invention, the authenticity and the legality of the network node in the vehicle are ensured through the node identity authentication, and only the authenticated node can participate in the network communication in the vehicle, the unregistered illegal node cannot participate in the network communication in the vehicle, and the network communication message in the vehicle cannot be acquired, so that external malicious attacks caused by no identity management and no identity authentication of the network in the vehicle are greatly reduced.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the embodiments of the present invention, and the scope of the present invention should not be limited thereto, and any modifications, equivalents and improvements made by those skilled in the art within the technical scope of the present invention as disclosed in the present invention should be covered by the scope of the present invention.

Claims (10)

1. An in-vehicle heterogeneous network security communication control method is characterized by comprising the following steps:
the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway;
and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
2. The in-vehicle heterogeneous network secure communication control method according to claim 1, wherein in the first step, the node identity registration includes identity registration of an in-vehicle network gateway and an in-vehicle network ECU node.
3. The in-vehicle heterogeneous network secure communication control method according to claim 1, wherein in the first step, the specific process of node identity registration is as follows:
the whole vehicle CAN gateway is marked as V-G, and all CAN gateway lists are maintained; the single CAN gateway is marked as G _ i and maintains an ECU list per se; the ECU maintains an ECU list subscribed by the ECU and filters the message of the receiver;
the ECU identification is represented by ECU-ID and is used as a unique identifier of each ECU pair in the vehicle; the coding length is 8 bits, the first 3 bits represent the domain, and the last 5 bits represent the ECU serial number;
in hexadecimal representation, 0x 41-0 b01000001 represents the first ECU of 0b010 field;
the CAN gateway is used as a special ECU, and is marked as 0 th ECU, 0x 40; and setting a sensitive threshold value ECU-ID _ S, wherein the ECU-ID < ECU-ID _ S is marked as a sensitive ECU.
4. The in-vehicle heterogeneous network security communication control method according to claim 3, wherein the code length is 8 bits, and the first 3 bits indicate that the domain is a key group consisting of a single CAN or multiple CAN.
5. The in-vehicle heterogeneous network secure communication control method according to claim 1, wherein in the second step, the node authentication includes authentication of an in-vehicle network gateway, an in-vehicle network ECU node, or group authentication.
6. The in-vehicle heterogeneous network security communication control method according to claim 1, wherein in the second step, node authentication is selected as needed, and when a scene is limited, the authentication is omitted, and each in-vehicle network bus is regarded as a group.
7. The in-vehicle heterogeneous network secure communication control method according to claim 1, wherein in the second step, the specific process of node identity authentication is as follows:
V-G、Gi、ECUian encryption initial symmetric long-term key sk is built iniOne group authenticates the initial symmetric long-term key gk.
After each power-on, V-G generates current group key (cgk) of the group authentication key, encrypts by gk and sends E (gk, cgk) to Gi
GiDecryption cgk compute MAC (cgk, G)ID) And sending the ACK and G after the V-G verifies that the MAC passesiJoining the group to complete identity authentication;
Gibroadcasting E (gk, cgk) to the ECUi,ECUiUpon receipt, the decryption by gk is carried out to obtain cgk, the MAC is calculated (cgk, ECU-ID), and the result is sent to Gi,GiAfter the MAC is verified to pass, ACK is sent, and the ECUiAnd joining the group to finish the identity authentication.
8. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:
the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway;
and step two, the nodes participating in the network data transmission in the vehicle finish the identity authentication of the network nodes in the vehicle.
9. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
the method comprises the following steps that firstly, nodes participating in-vehicle network data transmission complete node identity registration of in-vehicle heterogeneous network safety communication control with the assistance of an in-vehicle gateway;
and step two, the nodes participating in the data transmission of the in-vehicle network complete the identity authentication of the in-vehicle network nodes.
10. An information data processing terminal, characterized in that the information data processing terminal is used for executing the in-vehicle heterogeneous network secure communication control method according to any one of claims 1 to 7.
CN202210234304.9A 2022-03-09 2022-03-09 In-vehicle heterogeneous network security communication control method, computer device and storage medium Active CN114584384B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210234304.9A CN114584384B (en) 2022-03-09 2022-03-09 In-vehicle heterogeneous network security communication control method, computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210234304.9A CN114584384B (en) 2022-03-09 2022-03-09 In-vehicle heterogeneous network security communication control method, computer device and storage medium

Publications (2)

Publication Number Publication Date
CN114584384A true CN114584384A (en) 2022-06-03
CN114584384B CN114584384B (en) 2022-12-09

Family

ID=81775003

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210234304.9A Active CN114584384B (en) 2022-03-09 2022-03-09 In-vehicle heterogeneous network security communication control method, computer device and storage medium

Country Status (1)

Country Link
CN (1) CN114584384B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics
CN108259465A (en) * 2017-12-08 2018-07-06 清华大学 A kind of authentication encryption method of intelligent automobile internal network
CN110943957A (en) * 2018-09-21 2020-03-31 郑州信大捷安信息技术股份有限公司 Safety communication system and method for vehicle intranet
US20200169555A1 (en) * 2018-11-26 2020-05-28 Electronics And Telecommunications Research Institute Device and method for communication between in-vehicle devices over intra-vehicle network based on automotive ethernet
US20200213287A1 (en) * 2018-12-27 2020-07-02 Didi Research America, Llc Trusted platform protection in an autonomous vehicle
CN111432374A (en) * 2020-02-28 2020-07-17 深圳开源互联网安全技术有限公司 Method and device for authenticating identity of network-connected automobile network node and readable storage medium
CN112994898A (en) * 2021-04-08 2021-06-18 北京邮电大学 Vehicle intranet communication safety authentication method and device
CN113132098A (en) * 2021-03-12 2021-07-16 北京航空航天大学 Large-scale in-vehicle network-oriented extensible CAN bus safety communication method and device
CN113411294A (en) * 2021-04-30 2021-09-17 中汽研(天津)汽车工程研究院有限公司 Vehicle-mounted secure communication method, system and device based on secure cloud public key protection
CN113839782A (en) * 2021-09-07 2021-12-24 北京航空航天大学 Light-weight safe communication method for CAN (controller area network) bus in vehicle based on PUF (physical unclonable function)

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics
CN108259465A (en) * 2017-12-08 2018-07-06 清华大学 A kind of authentication encryption method of intelligent automobile internal network
CN110943957A (en) * 2018-09-21 2020-03-31 郑州信大捷安信息技术股份有限公司 Safety communication system and method for vehicle intranet
US20200169555A1 (en) * 2018-11-26 2020-05-28 Electronics And Telecommunications Research Institute Device and method for communication between in-vehicle devices over intra-vehicle network based on automotive ethernet
US20200213287A1 (en) * 2018-12-27 2020-07-02 Didi Research America, Llc Trusted platform protection in an autonomous vehicle
CN111432374A (en) * 2020-02-28 2020-07-17 深圳开源互联网安全技术有限公司 Method and device for authenticating identity of network-connected automobile network node and readable storage medium
CN113132098A (en) * 2021-03-12 2021-07-16 北京航空航天大学 Large-scale in-vehicle network-oriented extensible CAN bus safety communication method and device
CN112994898A (en) * 2021-04-08 2021-06-18 北京邮电大学 Vehicle intranet communication safety authentication method and device
CN113411294A (en) * 2021-04-30 2021-09-17 中汽研(天津)汽车工程研究院有限公司 Vehicle-mounted secure communication method, system and device based on secure cloud public key protection
CN113839782A (en) * 2021-09-07 2021-12-24 北京航空航天大学 Light-weight safe communication method for CAN (controller area network) bus in vehicle based on PUF (physical unclonable function)

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JIN CAO: "《A Secure Authentication Scheme for Remote》", 《WCNC》 *
曹进: "《面向多类型终端的天地一体化信息网络》", 《天地一体化信息网络》 *

Also Published As

Publication number Publication date
CN114584384B (en) 2022-12-09

Similar Documents

Publication Publication Date Title
Jeong et al. Convolutional neural network-based intrusion detection system for AVTP streams in automotive Ethernet-based networks
Lin et al. Cyber-security for the controller area network (CAN) communication protocol
Boudguiga et al. A simple intrusion detection method for controller area network
Hafeez et al. Comparative study of can-bus and flexray protocols for in-vehicle communication
Longari et al. Copycan: An error-handling protocol based intrusion detection system for controller area network
Liang et al. Network and system level security in connected vehicle applications
Bi et al. Intrusion Detection Method for In‐Vehicle CAN Bus Based on Message and Time Transfer Matrix
Anwar et al. Security assessment of in-vehicle communication protocols
Boumiza et al. An anomaly detector for CAN bus networks in autonomous cars based on neural networks
Fakhfakh et al. Cybersecurity attacks on CAN bus based vehicles: a review and open challenges
Dong et al. Multiple observation HMM-based CAN bus intrusion detection system for in-vehicle network
Wu et al. A digital watermark method for in-vehicle network security enhancement
CN114584384B (en) In-vehicle heterogeneous network security communication control method, computer device and storage medium
CN114785543B (en) In-vehicle network cross-domain communication method, computer equipment and intelligent terminal
CN114584385B (en) In-vehicle network safety communication method, computer equipment, medium and terminal
KR102148453B1 (en) Controller area network system and message authentication method
Carsten et al. A system to recognize intruders in controller area network (can)
Stabili et al. A Benchmark Framework for CAN IDS.
Casparsen et al. Closing the security gaps in some/ip through implementation of a host-based intrusion detection system
Jia et al. Intelligent Connected Vehicle CAN-FD Bus Network Security Protocol
Douss et al. State-of-the-art survey of in-vehicle protocols and automotive Ethernet security and vulnerabilities
Laštinec Security extension of automotive communication protocols using ethernet/ip
Jin et al. Study of In-Vehicle CAN Bus Network Security Based on Tamper Attack Detection Method
Boudguiga et al. Enhancing CAN security by means of lightweight stream-ciphers and protocols
Yli-Olli Machine Learning for Secure Vehicular Communication: an Empirical Study

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant