CN114978656A - Vehicle-mounted Ethernet detection defense method and device - Google Patents

Vehicle-mounted Ethernet detection defense method and device Download PDF

Info

Publication number
CN114978656A
CN114978656A CN202210534839.8A CN202210534839A CN114978656A CN 114978656 A CN114978656 A CN 114978656A CN 202210534839 A CN202210534839 A CN 202210534839A CN 114978656 A CN114978656 A CN 114978656A
Authority
CN
China
Prior art keywords
intrusion detection
ecu
defense
tbox
detection defense
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210534839.8A
Other languages
Chinese (zh)
Other versions
CN114978656B (en
Inventor
胡秀兰
李玉平
郭卫华
赵晨啸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingwei Hirain Tech Co Ltd
Original Assignee
Beijing Jingwei Hirain Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingwei Hirain Tech Co Ltd filed Critical Beijing Jingwei Hirain Tech Co Ltd
Priority to CN202210534839.8A priority Critical patent/CN114978656B/en
Publication of CN114978656A publication Critical patent/CN114978656A/en
Application granted granted Critical
Publication of CN114978656B publication Critical patent/CN114978656B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/48Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for in-vehicle communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Burglar Alarm Systems (AREA)

Abstract

The invention provides a vehicle-mounted Ethernet detection defense method and a device, wherein the method comprises the following steps: after the TBOX establishes communication connection with a remote center through a public network and an ECU through a vehicle-mounted Ethernet, starting TCP port interception service and receiving a first registration request sent by the ECU, wherein the first registration request comprises an ECU identification and a first group name of at least one intrusion detection defense subgroup which the ECU applies to join; and under the condition that the first group name is established and the ECU is not registered with the intrusion detection defense subgroup corresponding to the first group name according to the ECU identification, synchronizing an intrusion detection defense file corresponding to the first group name to the ECU, wherein the intrusion detection defense file corresponding to the first group name is acquired from a remote center by TBOX. Through the scheme, the number of connections needing to be maintained by the remote center can be reduced, the risk of the vehicle invading by the outside can be reduced, the resource waste of the invasion detection defense file transmission can be avoided, and a plurality of ECUs belonging to the same vehicle are associated on the remote center to present the whole vehicle effect.

Description

Vehicle-mounted Ethernet detection defense method and device
Technical Field
The disclosure relates to the technical field of automobiles, in particular to a vehicle-mounted Ethernet detection defense method and device.
Background
With the development of the vehicle-mounted network technology, vehicles have been changed from an independent individual without any network connection with the outside world to a part of the internet, and therefore, functions such as software online upgrade, intelligent driving, auxiliary driving and the like can be completed, and services such as vehicle-mounted entertainment and the like are provided. Although the joining of the network can make the vehicle conveniently provide more and more flexible services, the possibility of illegal intrusion is provided, so that a host intrusion detection and defense system is necessarily introduced into the vehicle-mounted network.
The traditional solution for host intrusion is a CS architecture, i.e., a composite architecture of a client and a server. The client end for executing intrusion detection and defense can monitor the system, and when finding that the system is invaded, the client end generates an intrusion detection and defense report and sends the report to the server end for detecting intrusion and defense. Electronic Control Units (ECUs) with different functions are deployed in a vehicle, and although the ECUs have strong or weak computing power and storage space, the ECUs are independent computer systems and may be invaded. In order to improve the safety of the ECUs, the current scheme is that each ECU is provided with an intrusion detection defense client, a remote center is provided with an intrusion detection defense server, each ECU is in independent communication connection with the remote center, and the remote center can respectively send all intrusion detection defense files required by the whole vehicle to each ECU so as to realize system monitoring. Assuming that vehicle 1 and vehicle 2 each include 3 ECUs, as shown in fig. 1, each vehicle needs to establish 3 communication connections.
However, the intrusion detection defense method described above has the following problems:
(1) with the abundance of vehicle functions, the number and types of ECUs in a vehicle are also increasing, and the size of deploying nearly 200 ECUs in one vehicle is reached at present. Therefore, the number of connections to be maintained by the remote center is greatly increased, and the computation power of the remote center is consumed.
(2) All ECUs in the vehicle communicate with entities outside the vehicle, increasing the risk of vehicle intrusion.
(3) The positions of a plurality of ECUs in the vehicle are equal, the ECUs are independent intrusion detection defense clients for a remote center, and the ECUs belonging to the same vehicle are difficult to be associated on the remote center to present the effect of the whole vehicle.
(4) In practical applications, each ECU may only require a portion of the intrusion detection defense files, and the intrusion detection defense files required for each ECU may be different. Therefore, transmitting all intrusion detection prevention files to each ECU separately also causes resource waste.
Disclosure of Invention
The invention provides a vehicle-mounted Ethernet detection defense method and device, which can solve the problems that in the related art, a remote center needs to maintain a large number of connections, a vehicle is high in invasion risk, a plurality of ECUs belonging to the same vehicle are difficult to associate to present the effect of the whole vehicle, and resources are wasted.
The specific technical scheme is as follows:
in a first aspect, the disclosed embodiments provide a vehicle ethernet detection defense method, which is applied to a telematics unit TBOX that initiates a transmission control protocol TCP port listening service after establishing a communication connection with a remote center through a public network and an electronic control unit ECU through a vehicle ethernet, the method including:
receiving a first registration request sent by the ECU, wherein the first registration request comprises an ECU identifier of the ECU and a first group name of at least one intrusion detection defense subgroup which the ECU applies to join;
under the condition that the first group name is established and the ECU is not registered with the intrusion detection defense subgroup corresponding to the first group name according to the ECU identification, synchronizing an intrusion detection defense file corresponding to the first group name to the ECU, wherein the intrusion detection defense file corresponding to the first group name is acquired by the TBOX from the remote center.
In one embodiment, before synchronizing the intrusion detection defense file corresponding to the first set of names to the ECU, the method further comprises:
sending a second registration request to the remote center, wherein the second registration request comprises a whole vehicle identifier of a vehicle to which the TBOX belongs and a second group name of at least one intrusion detection defense group applied for joining by the TBOX, and the intrusion detection defense group comprises at least one intrusion detection defense subgroup;
and under the condition that the remote center determines that the second group of names are created and determines that the vehicle is not registered with the intrusion detection defense group corresponding to the second group of names according to the whole vehicle identification, receiving an intrusion detection defense file corresponding to the second group of names, which is sent by the remote center.
In one embodiment, the method further comprises:
receiving the updated intrusion detection defense file corresponding to the at least one intrusion detection defense group sent by the remote center under the condition that the remote center determines that the intrusion detection defense file corresponding to the at least one intrusion detection defense group changes;
when the remote center determines that the hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense group calculated last time are different from the hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense group calculated this time, the remote center determines that the intrusion detection defense files corresponding to the at least one intrusion detection defense group change.
In one embodiment, after receiving the intrusion detection defense file corresponding to the second set of names sent by the remote center, the method further comprises:
calculating the hash value of all intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup which is applied by the ECU in a fixed time;
and when the hash values of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated last time are different from the hash values of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated this time, sending the updated intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup to the ECU.
In one embodiment, the method further comprises:
receiving an intrusion detection defense report sent by the ECU, wherein the intrusion detection defense report comprises a preset identification, an ECU identification of the ECU and intrusion detection defense data, a field corresponding to the preset identification is a finished automobile identification field, and the content of the preset identification is 0 or null;
after the preset identification is changed into the finished automobile identification, the changed intrusion detection defense report is sent to the remote center, so that the remote center determines defense rules matched with the intrusion detection defense data;
receiving defense instruction information issued by the remote center according to the defense rule, wherein the defense instruction information comprises the whole vehicle identification, the ECU identification and a defense instruction;
and under the condition that the whole vehicle identification is determined to be the whole vehicle identification of the vehicle, the defense instruction is sent to the ECU corresponding to the ECU identification, so that the ECU executes the defense instruction.
In one embodiment, prior to sending the second registration request to the remote hub, the method further comprises:
and performing identity authentication on the remote center based on a secure socket protocol, and generating a first symmetric key when the identity authentication is successful, so that the TBOX and the remote center use the first symmetric key to encrypt and decrypt communication information.
In one embodiment, before receiving the first registration request sent by the ECU, the method further comprises:
and receiving a second symmetric key generated by the ECU so as to enable the communication information to be encrypted and decrypted between the TBOX and the ECU by using the second symmetric key, wherein the second symmetric key is generated after the ECU successfully authenticates the identity of the TBOX based on a secure socket protocol.
In one embodiment, the method further comprises:
reading the equipment identification of the client during the starting process of the client for detecting and defending the intrusion;
and in the case that the self equipment identification is determined to be the same as the TBOX identification, starting a specific function of the TBOX.
In one embodiment, a plurality of the ECUs are divided into at least one grade, each grade comprises at least one ECU, and the ECU of the high grade is used for managing the intrusion detection defense files of the ECU of the low grade, and the grade of the ECU is divided according to the vehicle networking information and/or the service category.
In a second aspect, the disclosed embodiments provide an on-board ethernet detection defense apparatus, which is applied to a telematics unit TBOX, and includes:
the monitoring unit is used for starting Transmission Control Protocol (TCP) port monitoring service after the TBOX establishes communication connection with a remote center through a public network and the TBOX establishes communication connection with an Electronic Control Unit (ECU) through a vehicle-mounted Ethernet;
the device comprises a receiving unit, a first registration unit and a second registration unit, wherein the receiving unit is used for receiving a first registration request sent by the ECU, and the first registration request comprises an ECU identifier of the ECU and a first group name of at least one intrusion detection defense subgroup which the ECU applies to join;
and the synchronization unit is used for synchronizing the intrusion detection defense files corresponding to the first group name to the ECU under the condition that the first group name is established and the ECU is not registered with the intrusion detection defense subgroup corresponding to the first group name according to the ECU identification, wherein the intrusion detection defense files corresponding to the first group name are acquired from the remote center by TBOX.
In one embodiment, the apparatus further comprises:
a first sending unit, configured to send a second registration request to the remote center before synchronizing the intrusion detection defense file corresponding to the first group name to the ECU, where the second registration request includes a vehicle identifier of a vehicle to which the TBOX belongs, and a second group name of at least one intrusion detection defense group to which the TBOX applies for joining, and the intrusion detection defense group includes at least one intrusion detection defense subgroup;
and the receiving unit is further used for receiving the intrusion detection defense file corresponding to the second group of names sent by the remote center under the condition that the remote center determines that the second group of names is created and determines that the vehicle is not registered with the intrusion detection defense group corresponding to the second group of names according to the whole vehicle identification.
In an embodiment, the receiving unit is further configured to receive, when the remote center determines that an intrusion detection defense file corresponding to the at least one intrusion detection defense group changes, an updated intrusion detection defense file corresponding to the at least one intrusion detection defense group sent by the remote center;
when the remote center determines that the hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense group calculated last time are different from the hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense group calculated this time, the remote center determines that the intrusion detection defense files corresponding to the at least one intrusion detection defense group change.
In one embodiment, the apparatus further comprises:
the computing unit is used for regularly computing hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup which are applied by the ECU to be added after receiving the intrusion detection defense files corresponding to the second group of names sent by the remote center;
and the first sending unit is used for sending the updated intrusion detection defense file corresponding to the at least one intrusion detection defense subgroup to the ECU when the hash value of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated last time is different from the hash value of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated this time.
In one embodiment, the receiving unit is further configured to receive an intrusion detection defense report sent by the ECU, where the intrusion detection defense report includes a preset identifier, an ECU identifier of the ECU, and intrusion detection defense data, a field corresponding to the preset identifier is a finished vehicle identifier field, and the content of the preset identifier is 0 or null;
the device further comprises:
a second sending unit, configured to send the modified intrusion detection defense report to the remote center after the preset identifier is modified to the vehicle identifier, so that the remote center determines a defense rule matching the intrusion detection defense data;
the receiving unit is further used for receiving defense instruction information issued by the remote center according to the defense rules, wherein the defense instruction information comprises the finished vehicle identifier, the ECU identifier and a defense instruction;
and the second sending unit is also used for sending the defense instruction to the ECU corresponding to the ECU identification under the condition that the whole vehicle identification is determined to be the own vehicle identification, so that the ECU executes the defense instruction.
In one embodiment, the apparatus further comprises:
the authentication unit is used for carrying out identity authentication on the remote center based on a secure socket protocol before sending a second registration request to the remote center;
and the generating unit is used for generating a first symmetric key when the identity authentication is successful, so that the TBOX and the remote center can encrypt and decrypt communication information by using the first symmetric key.
In one embodiment, the receiving unit is further configured to receive, before receiving the first registration request sent by the ECU, a second symmetric key generated by the ECU, so that the second symmetric key is used by the ECU to encrypt and decrypt communication information between the TBOX and the ECU, where the second symmetric key is generated after the ECU successfully authenticates the TBOX based on a secure socket protocol.
In one embodiment, the apparatus further comprises:
the reading unit is used for reading the own equipment identifier in the starting process of the own intrusion detection defense client;
a starting unit, configured to start a specific function of the TBOX if it is determined that the own device identifier is the same as the TBOX identifier.
In one embodiment, a plurality of said ECUs are divided into at least one hierarchy, each hierarchy including at least one said ECU, and a high level ECU is used to manage intrusion detection defense files for a low level ECU.
In a third aspect, embodiments of the present disclosure provide a vehicle-mounted ethernet detection defense system, which includes at least one electronic control unit ECU, a telematics processor TBOX for performing the method of any of the embodiments of the first aspect, and a remote center.
In a fourth aspect, another embodiment of the disclosure provides a storage medium having stored thereon executable instructions, which when executed by a processor, cause the processor to implement the method according to any one of the embodiments of the first aspect.
As can be seen from the above, the vehicle-mounted ethernet detection defense method and apparatus provided by the embodiments of the present disclosure can establish a communication connection with a remote center through a public network and establish a communication connection with an ECU through a vehicle-mounted ethernet network, then start a TCP port listening service, so that the TBOX serves as a data forwarding center to receive a first registration request sent by the ECU, where the first registration request includes an ECU identifier of the ECU and a first group name of at least one intrusion detection defense subgroup to which the ECU applies to join, and synchronize an intrusion detection defense file corresponding to the first group name acquired from the remote center to the ECU when it is determined that the first group name is created and the ECU does not register the intrusion detection defense subgroup corresponding to the first group name according to the ECU identifier. Therefore, in the embodiment of the disclosure, each vehicle only needs to establish one connection with the remote center, that is, the TBOX is connected with the remote center, and each ECU in the vehicle does not need to establish a connection with the remote center, so that the number of connections that the remote center needs to maintain is greatly reduced, the consumption of load and computational power of the remote center is reduced, and the risk that the vehicle is invaded by the outside is reduced. And because the TBOX is used as a data forwarding center to communicate with a remote center, and the remote center stores all intrusion detection defense files related to each vehicle in the form of the whole vehicle, a plurality of ECUs belonging to the same vehicle can be associated on the remote center to present the whole vehicle effect. In addition, the TBOX can also respectively send the intrusion detection defense files acquired from the remote center to the ECUs applying for registering the subgroup in the form of the subgroup, and all the intrusion detection defense files do not need to be blindly sent to each ECU, so that resource waste can be avoided.
Of course, not all advantages described above need to be achieved at the same time to practice any one product or method of the present disclosure.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It is to be understood that the drawings in the following description are merely exemplary of some embodiments of the disclosure. For a person skilled in the art, without inventive effort, further figures can be obtained from these figures.
Fig. 1 is a diagram illustrating an architecture of a vehicle-mounted ethernet detection defense system provided in the related art;
fig. 2 is an architecture diagram of a vehicle-mounted ethernet detection defense system according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of a detection and defense method for a vehicle-mounted ethernet according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of another vehicle-mounted ethernet detection defense method according to an embodiment of the present disclosure;
fig. 5 is an exemplary diagram of detection and defense registration information of a vehicle-mounted ethernet according to an embodiment of the present disclosure;
fig. 6 is an exemplary diagram of another in-vehicle ethernet detection defense registration information provided by an embodiment of the present disclosure;
fig. 7 is a flowchart of a method for remote hub-to-TBOX synchronization of information provided by an embodiment of the present disclosure;
FIG. 8 is a flowchart of a method for synchronizing information at TBOX to an ECU in accordance with an embodiment of the present disclosure;
fig. 9 is a schematic flowchart of another vehicle-mounted ethernet detection defense method according to an embodiment of the present disclosure;
fig. 10 is a block diagram of a vehicle-mounted ethernet detection defense device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure. It is to be understood that the described embodiments are merely a subset of the disclosed embodiments and not all embodiments. All other embodiments, which can be derived by one of ordinary skill in the art from the embodiments disclosed herein without inventive faculty, are intended to be within the scope of the disclosure.
It is to be noted that the terms "comprising" and "having," and any variations thereof, in the disclosed embodiments and drawings are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Fig. 2 is an architecture diagram of a vehicle-mounted ethernet detection and defense system provided in an embodiment of the present disclosure, where the system includes at least one ECU (Electronic Control Unit) 11, a TBOX (telematics box) 12, and a remote center 13, where a first intrusion detection and defense client is deployed in each ECU11, a second intrusion detection and defense client is deployed in TBOX12, and an intrusion detection and defense server is deployed in the remote center 13.
In the present application, in order to distinguish between a normal ECU and a TBOX, an ECU other than TBOX is referred to as an ECU, and TBOX is referred to as TBOX. The remote center can be a server or a cloud. The ECU may communicate indirectly with the remote center via TBOX, which may communicate directly with the remote center.
The following preparation working stages of the vehicle-mounted Ethernet detection defense system are as follows:
a first preparation phase: configuration preparation
In order to make the whole vehicle-mounted ethernet detection defense system work normally, the information described in table 1 is firstly deployed or configured on three computer bodies, namely an ECU, a TBOX and a remote center:
TABLE 1
Figure BDA0003647451500000071
Figure BDA0003647451500000081
The information in the table above is more, and the increase is illustrated as follows:
(1) the name of the ECU, and the name of TBOX, are planned at the time of vehicle production. The number and the distribution of the ECUs in the vehicles of the same type are fixed, and the names of the ECUs can be fixed. The names are expressed in the form of character strings, the names of all ECUs in the same vehicle cannot be repeated, but the names of the ECUs among a plurality of vehicles can be repeated;
(2) the whole vehicle identification is a vehicle identification code, namely a commonly-known vehicle frame number, each vehicle is unique in the global range, and the vehicle identification is information carried when leaving a factory;
(3) in this intrusion detection defense solution, SSL (Secure Sockets Layer Secure socket protocol) authentication between the ECU and TBOX, and between TBOX and the remote center, can be one-way authentication, i.e. the ECU authenticates the identity of TBOX, and TBOX authenticates the identity of the remote center, so certificates on the three computer entities are deployed as in the table above. SSL authentication between ECU and TBOX, and between TBOX and a remote center, may also be two-way authentication, with only a slightly different deployment of certificates.
A second preparation phase: multi-level group deployment on remote centers
This preparation is served for the group file synchronization function described later, and it is only clear here that: files and folders needed for normal operation of the whole vehicle-mounted Ethernet detection defense system should be deployed at a remote center before the intrusion detection defense functions on the ECU and the TBOX are started. How to deploy the group file synchronization function is described in detail later.
A third preparation phase: in-vehicle multi-ECU role selection
By running the intrusion detection defense clients on all ECUs and TBOX in the vehicle, each device needs to know whether the device is the identity of the ordinary ECU or the identity of the TBOX clearly so as to do different things, for example, the ordinary ECU does not need to start TCP port interception service, and the TBOX needs to start TCP port interception service. And in the starting stage of the intrusion detection defense client, reading the own equipment identifier and the TBOX identifier of the vehicle in sequence. Comparing the two flags, if equal, activating the specific function of TBOX, and vice versa, activating the normal function of the ECU.
A fourth preparation phase: route preparation
The route between the ECU and the TBOX can be reached, and the TBOX and the remote center route can be reached.
The following explains the detection and defense process of the vehicle-mounted Ethernet based on the system architecture:
fig. 3 is a schematic flowchart of a vehicle-mounted ethernet detection defense method provided in an embodiment of the present disclosure, where the method is applied to a TBOX, and after the TBOX establishes a communication connection with a remote center through a public network and a communication connection with an ECU through a vehicle-mounted ethernet, a TCP port listening service is started, and the method further includes:
s210: and receiving a first registration request sent by the ECU, wherein the first registration request comprises an ECU identification of the ECU and a first group name of at least one intrusion detection defense subgroup for which the ECU applies to join.
The ECU identifier is information for uniquely identifying the ECU in the host vehicle, and may be, for example, an ECU name. The intrusion detection defense subgroup may be understood as a subfolder comprising intrusion detection defense files and is within the joining intrusion detection defense group of the host vehicle application.
The first registration request may also include an IP address of the ECU, which is an option. When the IP address is carried, the TBOX associates the IP address with the ECU identification, and when the IP address is not carried, the TBOX adopts the source IP address of the received IP message as the content and associates the source IP address with the ECU identification.
Before the ECU sends the first registration request to the TBOX, a TCP connection between the two needs to be established. In the preparation work, the ECU is already configured with the IP address of the TBOX and the open TCP port, and after the intrusion detection defense client on the ECU is started, the intrusion detection defense client actively initiates a TCP connection request message to the configured IP address of the TBOX and the configured TCP port, and successfully establishes TCP connection.
After the connection is established, the TBOX may further receive a second symmetric key generated by the ECU, so that the communication information is encrypted and decrypted between the TBOX and the ECU by using the second symmetric key, where the second symmetric key is generated after the ECU successfully authenticates the identity of the TBOX based on the secure socket protocol. Thereby, a safe passage is established between each ECU and TBOX, and the safety of communication between each ECU and TBOX is improved.
S220: and synchronizing the intrusion detection defense files corresponding to the first group of names to the ECU under the condition that the first group of names are established and the intrusion detection defense subgroup corresponding to the first group of names is not registered by the ECU according to the ECU identification.
Wherein the intrusion detection defense files corresponding to the first group name are obtained by TBOX from a remote center. Before synchronizing the intrusion detection defense files corresponding to the first group of names to the ECU, the TBOX can send a registration response message to the ECU, so that the ECU can know that the registration is successful and wait for receiving the intrusion detection defense files, thereby avoiding resource waste caused by that the ECU re-initiates a first registration request when not receiving the intrusion detection defense files.
In the embodiment of the disclosure, under the condition that the first group names of all intrusion detection defense subgroups applied for joining by the ECU are established and the ECU is determined not to register all intrusion detection defense subgroups to be applied according to the ECU identification, all intrusion detection defense files corresponding to all intrusion detection defense subgroups applied for joining are synchronized to the ECU, otherwise, a registration rejection message is responded to the ECU; or respectively judging the single intrusion detection defense subgroups applied for joining, if a first group name of a certain intrusion detection defense subgroup applied for joining by the ECU is created and the ECU is not registered, directly synchronizing an intrusion detection defense file corresponding to the intrusion detection defense subgroup to the ECU, and responding a registration rejection message to the ECU when the first group name of the certain intrusion detection defense subgroup applied for joining by the ECU is not created. After the ECU receives the registration rejection message, a timer may be started, and the first registration request may be sent to the TBOX at regular time until the registration is successful.
In addition, a management list can be created in TBOX, including entries of ECU id, IP address, registered first group name, etc. When a certain ECU sends a first registration request for the first time, the management list does not have information of the ECU, and then the relevant information of the ECU can be added in the management list; when an ECU does not send a first registration request for the first time, the information of the ECU is stored in the management list, and the relevant information of the ECU in the management list may be updated according to the first registration request (including the ECU identifier and at least one first group name) sent this time, the creation condition of at least one first group name, and the condition whether the ECU registers at least one first group name.
In one embodiment, after receiving the registration reply message, the ECU may start a timer and send a heartbeat request message to the TBOX at certain intervals (determined by the configuration). The interaction of the data messages between the ECU and the TBOX is also considered as one of the approaches for reachability detection, that is, the data messages from the TBOX received on the ECU also consider the TBOX reachable, and the start time of the heartbeat timer is refreshed by the time of receiving the TBOX data messages. And after receiving the heartbeat request message, the TBOX updates the saved state of the ECU to be active and replies a heartbeat response message. When data messages do not interact between the ECU and the TBOX for a long time, the ECU sends a heartbeat request message to detect the accessibility of the TBOX. The vehicle-mounted Ethernet detection defense method provided by the embodiment of the disclosure can establish communication connection with a remote center through a public network respectively at a TBOX, and after establishing communication connection with an ECU through the vehicle-mounted Ethernet, a TCP port interception service is started, so that the TBOX is used as a data forwarding center to receive a first registration request sent by the ECU, wherein the first registration request comprises an ECU identifier of the ECU and a first group name of at least one intrusion detection defense subgroup to which the ECU applies for joining, and under the condition that the first group name is determined to be established and the intrusion detection defense subgroup corresponding to the first group name is not registered by the ECU according to the ECU identifier, an intrusion detection defense file corresponding to the first group name acquired from the remote center is synchronized to the ECU. Therefore, in the embodiment of the disclosure, each vehicle only needs to establish one connection with the remote center, that is, the TBOX is connected with the remote center, and each ECU in the vehicle does not need to establish a connection with the remote center, so that the number of connections that the remote center needs to maintain is greatly reduced, the consumption of load and computational power of the remote center is reduced, and the risk that the vehicle is invaded by the outside is reduced. And because the TBOX is used as a data forwarding center to communicate with a remote center, and the remote center stores all intrusion detection defense files related to each vehicle in the form of the whole vehicle, a plurality of ECUs belonging to the same vehicle can be associated on the remote center to present the whole vehicle effect. In addition, the TBOX can also respectively send the intrusion detection defense files acquired from the remote center to the ECUs applying for registering the subgroup in the form of the subgroup, and all the intrusion detection defense files do not need to be blindly sent to each ECU, so that resource waste can be avoided.
In one embodiment, before synchronizing the intrusion detection defense files corresponding to the first group name to the ECU, the TBOX further needs to acquire these intrusion detection defense files from a remote center, and the specific acquisition method is shown in fig. 4:
s310: and the TBOX sends a second registration request to a remote center, wherein the second registration request comprises a whole vehicle identifier of a vehicle to which the TBOX belongs and a second group name of at least one intrusion detection defense group applied for joining by the TBOX, and the intrusion detection defense group comprises at least one intrusion detection defense subgroup.
The second registration request may also include the IP address of TBOX, which is an option. When carrying the IP address, the remote center associates the IP address with the TBOX mark, and when not carrying the IP address, the remote center adopts the source IP address of the received IP message as the content and associates the source IP address with the TBOX mark.
A TCP connection between the TBOX and the remote center needs to be established before the TBOX sends a second registration request to the remote center. The preparation stage configures an IP address and an open TCP port of a remote center for the TBOX, and after the intrusion detection defense client on the TBOX is started, the intrusion detection defense client actively initiates a TCP connection request message to the IP address and the TCP port of the remote center and successfully establishes TCP connection.
After the connection is established, the TBOX can also perform identity authentication on the remote center based on a secure socket protocol, and when the identity authentication is successful, a first symmetric key is generated, so that the communication information is encrypted and decrypted by using the first symmetric key between the TBOX and the remote center. Thereby establishing a secure channel between the TBOX and the remote center, thereby improving the security of the communication between the TBOX and the remote center.
S320: and under the condition that the remote center determines that the second group of names is established and determines that the vehicle is not registered with the intrusion detection defense group corresponding to the second group of names according to the whole vehicle identification, the TBOX receives the intrusion detection defense file corresponding to the second group of names sent by the remote center.
In one embodiment, under the condition that second group names of all intrusion detection defense groups applied for joining by the TBOX are established and all intrusion detection defense groups to be applied are determined that the TBOX is not registered according to a whole vehicle identifier, all intrusion detection defense files corresponding to all the intrusion detection defense groups applied for joining are synchronized to the TBOX, otherwise, a registration rejection message is responded to the TBOX; the method can also be used for respectively judging single intrusion detection defense groups which are applied for joining, if a second group name of a certain intrusion detection defense group which is applied for joining by the TBOX is created and the TBOX is not registered, the intrusion detection defense files corresponding to the intrusion detection defense group are directly synchronized to the TBOX, and when the second group name of the certain intrusion detection defense group which is applied for joining by the TBOX is not created, a registration rejection message is responded to the TBOX. After receiving the registration rejection message, the TBOX may start a timer, and periodically send a second registration request to the remote center until the registration is successful.
Similar to TBOX, the remote center may also create a management list including entries for vehicle id, registered second group name, IP address, etc. When a certain TBOX sends a second registration request for the first time, and the management list does not have the relevant information of the vehicle to which the TBOX belongs, the relevant information of the vehicle to which the TBOX belongs can be added in the management list; when a certain TBOX does not send a second registration request for the first time, and the management list has the related information of the vehicle to which the TBOX belongs, the related information of the entire vehicle identifier in the management list can be updated according to the second registration request, the creation condition of at least one second group name, and the condition whether the vehicle corresponding to the entire vehicle identifier has registered at least one second group name.
Before receiving the intrusion detection defense files corresponding to the second group of names sent by the remote center, the remote center can send a registration response message to the TBOX, so that the TBOX knows that the registration is successful first and waits for receiving the intrusion detection defense files, thereby avoiding resource waste caused by reinitiating a second registration request when the TBOX does not receive the intrusion detection defense files. It should be added that waiting for receiving the intrusion detection defense file by the TBOX does not mean that the TBOX executes a waiting task, but means that the TBOX does not need to reinitiate a second registration request, and can directly execute other tasks, and when receiving a message in a preset format sent by a remote center, it can know that the message is the intrusion detection defense file.
After receiving the registration reply message, the TBOX may start a timer, and send a heartbeat request message to the remote center at certain intervals (determined by configuration). The interaction of the data messages between the TBOX and the remote center is also considered as one of the approaches for reachability detection, that is, the data messages from the remote center received on the TBOX are considered to be reachable by the remote center, and the start time of the heartbeat timer is refreshed according to the time of receiving the data messages from the remote center. And after receiving the heartbeat request message, the remote center updates the state of the stored TBOX to be active and replies a heartbeat response message. When no data message interaction exists between the TBOX and the remote center for a long time, the TBOX sends a heartbeat request message to detect the accessibility of the remote center.
In one embodiment, one intrusion detection defense group may be a folder, and each intrusion detection defense subgroup in the intrusion detection defense group may be a subfolder, and the intrusion detection defense files include host intrusion prevention executable files, virus signature library files, host intrusion detection defense configuration files, and the like.
The group into which the ECU and TBOX join is decided during the registration phase. Fig. 5 shows an example of a registration process: vehicle 1 and vehicle 2. The vehicle 1 is provided with 3 ECUs and 1 TBOX which runs an intrusion detection defense client; there are 2 ECUs and 1 TBOX running intrusion detection defense clients on vehicle 2. The ECU identifications of the 3 ECUs on the vehicle 1 are AA00-1, AA00-2 and AA00-3, respectively, the TBOX is TA00-1, and the entire vehicle is LFWSRXRJOL1E 00001. The ECUs of the 2 ECUs on vehicle 2 are identified as RE00-1 and RE00-2, TBOX as TE00-1, and full vehicle as LFWSRXJOL 1E 00002.
The group information carried by 3 ECUs in the vehicle 1 when registering to the TBOX, the group information carried by 2 ECUs in the vehicle 2 when registering to the TBOX, and the group information carried by TBOXs of two vehicles when registering to the remote center are shown in fig. 4, and will not be described again.
As the registration information shown in fig. 5, the group information required to be deployed at the remote center is as follows:
there are at least 3 intrusion detection defense groups: common, TA00-1, TE 00-1;
at least 4 intrusion detection defense subgroups are included in group TA 00-1: common1, AA00-1, AA00-2, AA 00-3;
at least 3 intrusion detection defense subgroups are included in group TE 00-1: common2, RE00-1, RE 00-2;
the intrusion detection defense files in the group common are applicable to the TBOX of vehicle type1 and vehicle type 2; the intrusion detection defensive files within group TA00-1 are applicable to the TBOX of vehicle type 1; the intrusion detection defensive files within the group TE00-1 are applicable to the TBOX of the vehicle type 2; the intrusion detection defense files in the intrusion detection defense subgroup common1 in the TA00-1 are applicable to the ECU1, the ECU2 and the ECU3 in the vehicle 1; the intrusion detection defense files in the intrusion detection defense subgroup AA00-1 in the TA00-1 are applicable to the ECU1 in the vehicle 1. Others may be analogized.
Fig. 6 shows a group folder directory on a remote center corresponding to this example, where files in the directory are placed according to an actual application situation, and the files in the directory are only an example.
It should be noted that fig. 5 and 6 show information such as a first group name, a second group name, an ECU identifier, a TBOX identifier, a vehicle identifier, and a file name of an intrusion detection defense file (e.g., HIDS-type 1-ECU1-function-1) in the form of a character string, and do not refer to a certain english abbreviation or english word. Of course, in practical application, the names or identifiers may also be represented by chinese, and the specific presentation form of the names and identifiers is not limited in the embodiment of the present disclosure.
According to the vehicle-mounted Ethernet detection defense method provided by the embodiment of the disclosure, the TBOX can register the intrusion detection defense files required by the vehicle to which the TBOX belongs to the remote center in a group form, so that only the intrusion detection defense files required by the vehicle need to be acquired, and other irrelevant intrusion detection defense files do not need to be acquired, thereby further avoiding resource waste.
In one embodiment, when the administrator wants to add, modify or delete an intrusion detection defense function for a certain vehicle, the administrator does not need to run in front of the actual vehicle, and only needs to add, modify or delete an intrusion detection defense file related to the intrusion detection defense function under a group corresponding to the vehicle in a remote center. After the administrator updates the intrusion detection defense file stored in the remote center, the remote center needs to synchronize the relevant information to the vehicle. The specific implementation mode can be as follows: under the condition that the remote center determines that the intrusion detection defense files corresponding to at least one intrusion detection defense group change, the TBOX receives the updated intrusion detection defense files corresponding to at least one intrusion detection defense group sent by the remote center; when the remote center determines that the hash values of all intrusion detection defense files corresponding to at least one intrusion detection defense group calculated last time are different from the hash values of all intrusion detection defense files corresponding to at least one intrusion detection defense group calculated this time, the remote center determines that the intrusion detection defense files corresponding to at least one intrusion detection defense group change. The time interval between two adjacent hash value calculations, that is, the period of the timer, can be set according to actual requirements. The hash value is a value obtained by logical operation according to the data of the content of the file, and the hash values obtained by different files (even the same file name) are different, so that the intrusion detection defense file corresponding to at least one intrusion detection defense group can be quickly obtained by comparing the hash values calculated twice in the adjacent way, and the content in each intrusion detection defense file does not need to be compared word by word, and sentence by sentence, so that the efficiency of updating the intrusion detection defense file by the TBOX is improved.
In one embodiment, after receiving the intrusion detection defense files corresponding to the second group of names sent by the remote center, the TBOX may periodically calculate hash values of all intrusion detection defense files corresponding to at least one intrusion detection defense subgroup to which the ECU applies for joining; and when the hash values of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated last time are different from the hash values of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated this time, sending the updated intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup to the ECU.
The updated intrusion detection defense files acquired by the TBOX from the remote center may be more than one intrusion detection defense file required by the ECU, and may also include part of the intrusion detection defense files which are not updated.
In one embodiment, as shown in fig. 7, the mutual information involved in synchronizing the intrusion detection defense files to the TBOX by the remote center may include:
s410: remote center preparation phase-complete deployment of multi-level groups;
s420: the TBOX sends a second registration request to the remote center;
s430: the remote center sends a registration response message to the TBOX;
s440: the remote center starts group file synchronization work;
s450: the remote center sends an intrusion detection defense file of an intrusion detection defense group to the TBOX;
s460: the remote center detects whether the files in the group change;
s470: and when the remote center detects that the files in the group change, the remote center sends the updated intrusion detection defense files of the intrusion detection defense group to the TBOX.
In one embodiment, as shown in fig. 8, the interaction information involved in synchronizing the intrusion detection defense files by TBOX to the ECU may include:
s510: TBOX acquires intrusion detection defense files in an intrusion detection defense group from a remote center;
s520: the ECU sends a first registration request to the TBOX;
s530: TBOX sends registration response message to ECU;
s540: TBOX starts the sub-group file to work synchronously;
s550: TBOX sends an intrusion detection defense file of the intrusion detection defense subgroup to the ECU;
s560: the ECU detects whether the files in the subgroup change or not;
s570: and when detecting that the file in the subgroup changes, the ECU sends the updated intrusion detection defense file of the intrusion detection defense subgroup to the ECU.
In one embodiment, after each ECU obtains a required intrusion detection defense file, the intrusion detection defense client performs intrusion detection based on the intrusion detection defense file, generates an intrusion detection defense report, and uploads the intrusion detection defense report to the remote center through TBOX, so that the remote center remotely protects the ECU according to the intrusion detection defense report. The specific process can be as shown in fig. 9:
s610: the TBOX receives an intrusion detection defense report sent by the ECU.
The intrusion detection defense report comprises a preset identification, an ECU identification of the ECU and intrusion detection defense data, wherein a field corresponding to the preset identification is a finished automobile identification field, and the content of the preset identification is 0 or null.
The intrusion detection defense report also comprises IP header information and TCP header information required in the message transmission process. The preset identifier, the ECU identifier of the ECU and the intrusion detection defense data may be referred to as message bodies in the intrusion detection defense report.
If the ECU1 on the vehicle 1 finds that the process audio occupies 80% of the system CPU for up to 5 seconds, a message body in JSON format as described in text one is generated. VIN value is null and the name of the ECU carried is AA 00-1. The message body may be in other non-JSON formats.
Text one
Figure BDA0003647451500000151
S620: and the TBOX changes the preset mark into a whole vehicle mark.
S630: and sending the changed intrusion detection defense report to a remote center.
S640: and the remote center determines a defense rule matched with the intrusion detection defense data and generates defense instruction information corresponding to the defense rule.
The defense instruction information comprises a vehicle identification, an ECU identification and a defense instruction.
And after the vehicle identification is changed into a specific vehicle identification, the text I is changed into a text II.
Text two
Figure BDA0003647451500000161
Different defense instructions may be configured for different types of intrusion threats or system anomalies. After the remote center receives the intrusion detection defense report sent by the TBOX, the intrusion detection defense data in the intrusion detection defense report can be analyzed and matched with various defense rules to obtain the defense instruction corresponding to the successfully matched defense rule.
For example, if the remote center finds that the user with the IP- cA address sends more than 1000 ping messages to the ECU1 in 1 minute from the intrusion detection defense datcA reported by the ECU1 of the vehicle 1 and interferes with the normal operation of the ECU1, the remote center issues cA defense instruction to the ECU1 of the vehicle 1, and the remote center directly discards all messages with the original IP being IP- cA.
S650: and the TBOX receives defense instruction information issued by the remote center according to the defense rules.
S660: and under the condition that the whole vehicle identification is determined to be the whole vehicle identification of the vehicle, the TBOX sends the defense instruction to the ECU corresponding to the ECU identification.
S670: the ECU executes the defense instruction.
In addition, an intrusion detection defense client is also operated on the TBOX, and if the intrusion detection defense client detects an intrusion threat or discovers system abnormality, the TBOX sends intrusion detection defense data to a remote center. The specific implementation method comprises the following steps:
after an intrusion detection defense client side of the TBOX detects intrusion threats or discovers system abnormality, the TBOX generates an intrusion detection defense report comprising a whole vehicle identification, a TBOX identification and intrusion detection defense data, and reports the intrusion detection defense report to a remote center, and the TBOX receives defense instruction information issued by the remote center according to defense rules, wherein the defense instruction information comprises the whole vehicle identification, the TBOX identification and defense instructions.
The vehicle-mounted Ethernet detection defense method provided by the embodiment of the disclosure can not only forward the intrusion detection defense report of each ECU through TBOX, but also automatically analyze the intrusion detection defense report based on a remote center and issue defense instructions to the corresponding ECUs through TBOX, so that the ECUs can realize self defense by executing the defense instructions.
In one embodiment, a plurality of ECUs in one vehicle may be classified into at least one class, each class including at least one ECU, and the high-class ECUs are used to manage intrusion detection defense files of the low-class ECUs, and the classes of the ECUs are classified according to on-vehicle networking information and/or traffic categories.
The vehicle-mounted networking information includes the communication relationship and the upstream and downstream relationship among the ECUs, and the ECU can be classified according to the communication relationship and the upstream and downstream relationship of the ECUs. For example, among the plurality of ECUs that are connected, an ECU that is located upstream may be set to be higher in rank than an ECU that is located downstream, and for the plurality of ECUs that are co-located, an ECU whose performance is the highest may be randomly selected or selected therefrom, and the other ECUs that are higher in rank than the co-located ECUs may be set. When the number of the plurality of ECUs in the same trip is large, the plurality of ECUs in the same trip may be divided into a plurality of groups in parallel ranks according to the traffic type, and an ECU with a higher rank may be selected from the plurality of groups.
When the vehicle-mounted networking information indicates that the ECUs are intercommunicated and do not have upstream and downstream, classification can be performed according to service types independently, for example, the ECUs are divided into different groups according to different service types, so that different groups process different services, the ECU with the highest performance is selected randomly or selected from the ECUs in the same group, and the other ECUs with the higher levels than the same group are arranged.
In the implementation process, the ECU grade division operation can be executed by TBOX, and the ECU grade division operation can also be executed by a remote center.
The low-level grade sends a first registration request to the high-level ECU, and the highest-level ECU sends the first registration request to the TBOX and the TBOX sends the first registration request to the remote center. And after receiving the intrusion detection defense files corresponding to at least one intrusion detection defense subgroup, the TBOX sends the intrusion detection defense files to the low-level ECU step by step until the intrusion detection defense files are sent to the ECU corresponding to the intrusion detection defense files. When a plurality of ECU grades are included, the intrusion detection defense subgroup can also include an intrusion detection defense secondary subgroup, a intrusion detection defense tertiary subgroup and the like.
Illustratively, one vehicle includes 5 ECUs and 1 TBOX, ECU1 and ECU2 are first class ECUs, ECU3 and ECU4 are second class ECUs managed by ECU1, and ECU5 is a second class ECU managed by ECU 2. Wherein the first level is higher than the second level. There are then 3 communication connections between the vehicle interior and the remote center, including ECU3< - > -ECU 1< - > -TBOX < - >, ECU4< - > -ECU 1< - > -TBOX < - >, and ECU5< - > -ECU 2< - > -TBOX < - >.
According to the vehicle-mounted Ethernet detection defense method provided by the embodiment of the disclosure, the ECUs are divided into at least one grade, and the high-grade ECU is used for managing the intrusion detection defense files of the low-grade ECU, so that the management burden of the TBOX can be reduced, and the consumption of the computing power of the TBOX can be reduced.
Based on the above method embodiment, another embodiment of the present disclosure provides an in-vehicle ethernet detection defense apparatus, as shown in fig. 10, which is applied to a telematics unit TBOX, the apparatus including:
the interception unit 70 is configured to start a TCP port interception service after the TBOX establishes a communication connection with a remote center through a public network and establishes a communication connection with an ECU through a vehicle-mounted ethernet;
a receiving unit 71, configured to receive a first registration request sent by an ECU, where the first registration request includes an ECU identifier of the ECU, and a first group name of at least one intrusion detection defense subgroup to which the ECU applies to join;
a synchronization unit 72, configured to synchronize an intrusion detection defense file corresponding to the first group name to the ECU when it is determined that the first group name is created and it is determined that the ECU does not register the intrusion detection defense subgroup corresponding to the first group name according to the ECU identifier, where the intrusion detection defense file corresponding to the first group name is obtained from the remote center by TBOX.
In one embodiment, the apparatus further comprises:
a first sending unit, configured to send a second registration request to the remote center before synchronizing the intrusion detection defense file corresponding to the first group name to the ECU, where the second registration request includes a vehicle identifier of a vehicle to which the TBOX belongs, a second group name of at least one intrusion detection defense group to which the TBOX applies for joining, and the intrusion detection defense group includes at least one intrusion detection defense subgroup;
the receiving unit 71 is further configured to receive the intrusion detection defense file corresponding to the second group of names sent by the remote center, when the remote center determines that the second group of names is created and determines that the vehicle is not registered in the intrusion detection defense group corresponding to the second group of names according to the vehicle identifier.
In an embodiment, the receiving unit 71 is further configured to receive, when the remote center determines that the intrusion detection defense file corresponding to the at least one intrusion detection defense group changes, the updated intrusion detection defense file corresponding to the at least one intrusion detection defense group sent by the remote center;
when the remote center determines that the hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense group calculated last time are different from the hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense group calculated this time, the remote center determines that the intrusion detection defense files corresponding to the at least one intrusion detection defense group change.
In one embodiment, the apparatus further comprises:
the computing unit is used for regularly computing hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup which are applied by the ECU to be added after receiving the intrusion detection defense files corresponding to the second group of names sent by the remote center;
and the first sending unit is used for sending the updated intrusion detection defense file corresponding to the at least one intrusion detection defense subgroup to the ECU when the hash value of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated last time is different from the hash value of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated this time.
In an embodiment, the receiving unit 71 is further configured to receive an intrusion detection defense report sent by the ECU, where the intrusion detection defense report includes a preset identifier, an ECU identifier of the ECU, and intrusion detection defense data, a field corresponding to the preset identifier is a finished vehicle identifier field, and the content of the preset identifier is 0 or null;
the device further comprises:
a second sending unit, configured to send the modified intrusion detection defense report to the remote center after the preset identifier is modified to the vehicle identifier, so that the remote center determines a defense rule matching the intrusion detection defense data;
the receiving unit 71 is further configured to receive defense instruction information issued by the remote center according to the defense rule, where the defense instruction information includes the vehicle identification, the ECU identification, and a defense instruction;
and the second sending unit is also used for sending the defense instruction to the ECU corresponding to the ECU identification under the condition that the whole vehicle identification is determined to be the own vehicle identification, so that the ECU executes the defense instruction.
In one embodiment, the apparatus further comprises:
the authentication unit is used for carrying out identity authentication on the remote center based on a secure socket protocol before sending a second registration request to the remote center;
and the generating unit is used for generating a first symmetric key when the identity authentication is successful, so that the TBOX and the remote center can encrypt and decrypt communication information by using the first symmetric key.
In an embodiment, the receiving unit 71 is further configured to receive, before receiving the first registration request sent by the ECU, a second symmetric key generated by the ECU, so that the second symmetric key is used by the ECU to encrypt and decrypt communication information between the TBOX and the ECU using the second symmetric key, where the second symmetric key is generated after the ECU successfully authenticates the TBOX based on a secure socket protocol.
In one embodiment, the apparatus further comprises:
the reading unit is used for reading the own equipment identifier in the starting process of the own intrusion detection defense client;
a starting unit, configured to start a specific function of the TBOX if it is determined that the own device identifier is the same as the TBOX identifier.
In one embodiment, a plurality of said ECUs are divided into at least one hierarchy, each hierarchy including at least one said ECU, and a high level ECU is used to manage intrusion detection defense files for a low level ECU.
The vehicle-mounted Ethernet detection defense device provided by the embodiment of the disclosure can establish communication connection with a remote center through a public network respectively at a TBOX, and after establishing communication connection with an ECU through the vehicle-mounted Ethernet, a TCP port interception service is started, so that the TBOX is used as a data forwarding center to receive a first registration request sent by the ECU, wherein the first registration request comprises an ECU identifier of the ECU and a first group name of at least one intrusion detection defense subgroup to which the ECU applies for joining, and under the condition that the first group name is determined to be established and the intrusion detection defense subgroup corresponding to the first group name is not registered by the ECU according to the ECU identifier, an intrusion detection defense file corresponding to the first group name acquired from the remote center is synchronized to the ECU. Therefore, in the embodiment of the disclosure, each vehicle only needs to establish one connection with the remote center, that is, the TBOX is connected with the remote center, and each ECU in the vehicle does not need to establish a connection with the remote center, so that the number of connections that the remote center needs to maintain is greatly reduced, the consumption of load and computational power of the remote center is reduced, and the risk that the vehicle is invaded by the outside is reduced. And because the TBOX is used as a data forwarding center to communicate with a remote center, and the remote center stores all intrusion detection defense files related to each vehicle in the form of the whole vehicle, a plurality of ECUs belonging to the same vehicle can be associated on the remote center to present the whole vehicle effect. In addition, the TBOX can also respectively send the intrusion detection defense files acquired from the remote center to the ECUs applying for registering the subgroup in the form of the subgroup, and all the intrusion detection defense files do not need to be blindly sent to each ECU, so that resource waste can be avoided.
Based on the above method embodiments, another embodiment of the present disclosure provides an on-board ethernet detection defense system, which includes at least one electronic control unit ECU, a telematics unit TBOX for performing the method of any of the above method embodiments, and a remote center.
Based on the above method embodiments, another embodiment of the present disclosure provides a storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to implement the method of any of the above method embodiments.
The system and apparatus embodiments correspond to the method embodiments, and have the same technical effects as the method embodiments, and for the specific description, refer to the method embodiments. The device embodiment is obtained based on the method embodiment, and for specific description, reference may be made to the method embodiment section, which is not described herein again. Those of ordinary skill in the art will understand that: the figures are merely schematic representations of one embodiment, and the blocks or processes in the figures are not necessarily required to practice the present disclosure.
Those of ordinary skill in the art will understand that: modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, or may be located in one or more devices different from the embodiments with corresponding changes. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solutions of the present disclosure, not to limit them; although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.

Claims (10)

1. An in-vehicle Ethernet detection defense method is applied to a telematics unit (TBOX), and after the TBOX establishes a communication connection with a remote center through a public network and the TBOX establishes a communication connection with an Electronic Control Unit (ECU) through an in-vehicle Ethernet, the TBOX starts a Transmission Control Protocol (TCP) port interception service, and the method comprises the following steps:
receiving a first registration request sent by the ECU, wherein the first registration request comprises an ECU identifier of the ECU and a first group name of at least one intrusion detection defense subgroup which the ECU applies to join;
under the condition that the first group name is established and the ECU is not registered with the intrusion detection defense subgroup corresponding to the first group name according to the ECU identification, synchronizing an intrusion detection defense file corresponding to the first group name to the ECU, wherein the intrusion detection defense file corresponding to the first group name is acquired by the TBOX from the remote center.
2. The method of claim 1, wherein prior to synchronizing the intrusion detection defense file corresponding to the first set of names to the ECU, the method further comprises:
sending a second registration request to the remote center, wherein the second registration request comprises a whole vehicle identifier of a vehicle to which the TBOX belongs and a second group name of at least one intrusion detection defense group applied for joining by the TBOX, and the intrusion detection defense group comprises at least one intrusion detection defense subgroup;
and under the condition that the remote center determines that the second group of names are created and determines that the vehicle is not registered with the intrusion detection defense group corresponding to the second group of names according to the whole vehicle identification, receiving an intrusion detection defense file corresponding to the second group of names, which is sent by the remote center.
3. The method of claim 2, further comprising:
receiving the updated intrusion detection defense file corresponding to the at least one intrusion detection defense group sent by the remote center under the condition that the remote center determines that the intrusion detection defense file corresponding to the at least one intrusion detection defense group changes;
when the remote center determines that the hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense group calculated last time are different from the hash values of all intrusion detection defense files corresponding to the at least one intrusion detection defense group calculated this time, the remote center determines that the intrusion detection defense files corresponding to the at least one intrusion detection defense group change.
4. The method of claim 2, wherein after receiving the intrusion detection defense file corresponding to the second set of names sent by the remote center, the method further comprises:
calculating the hash value of all intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup which is applied by the ECU in a fixed time;
and when the hash values of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated last time are different from the hash values of all the intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup calculated this time, sending the updated intrusion detection defense files corresponding to the at least one intrusion detection defense subgroup to the ECU.
5. The method of claim 1, further comprising:
receiving an intrusion detection defense report sent by the ECU, wherein the intrusion detection defense report comprises a preset identifier, an ECU identifier of the ECU and intrusion detection defense data, a field corresponding to the preset identifier is a finished automobile identifier field, and the content of the preset identifier is 0 or null;
after the preset identification is changed into the finished automobile identification, the changed intrusion detection defense report is sent to the remote center, so that the remote center determines defense rules matched with the intrusion detection defense data;
receiving defense instruction information issued by the remote center according to the defense rule, wherein the defense instruction information comprises the whole vehicle identification, the ECU identification and a defense instruction;
and under the condition that the whole vehicle identification is determined to be the whole vehicle identification of the vehicle, the defense instruction is sent to the ECU corresponding to the ECU identification, so that the ECU executes the defense instruction.
6. The method of claim 2, wherein prior to sending the second registration request to the remote center, the method further comprises:
and performing identity authentication on the remote center based on a secure socket protocol, and generating a first symmetric key when the identity authentication is successful, so that the TBOX and the remote center can encrypt and decrypt communication information by using the first symmetric key.
7. The method of claim 1, wherein prior to receiving the first registration request sent by the ECU, the method further comprises:
and receiving a second symmetric key generated by the ECU so as to enable the communication information to be encrypted and decrypted between the TBOX and the ECU by using the second symmetric key, wherein the second symmetric key is generated after the ECU successfully authenticates the identity of the TBOX based on a secure socket protocol.
8. The method of claim 1, further comprising:
reading the equipment identification of the client during the starting process of the client for detecting and defending the intrusion;
and starting a specific function of the TBOX under the condition that the self equipment identification is determined to be the same as the TBOX identification.
9. Method according to any of claims 1-8, characterized in that a number of said ECUs are classified into at least one class, each class comprising at least one of said ECUs, and that high-class ECUs are used to manage intrusion detection defensive files of low-class ECUs, said ECU classes being classified according to on-board networking information and/or traffic classes.
10. An on-board ethernet detection defense apparatus, wherein the apparatus is applied to a telematics unit TBOX, the apparatus comprising:
the monitoring unit is used for starting Transmission Control Protocol (TCP) port monitoring service after the TBOX establishes communication connection with a remote center through a public network and the TBOX establishes communication connection with an Electronic Control Unit (ECU) through a vehicle-mounted Ethernet;
the device comprises a receiving unit, a first registration unit and a second registration unit, wherein the receiving unit is used for receiving a first registration request sent by the ECU, and the first registration request comprises an ECU identifier of the ECU and a first group name of at least one intrusion detection defense subgroup which the ECU applies to join;
and the synchronization unit is used for synchronizing the intrusion detection defense files corresponding to the first group name to the ECU under the condition that the first group name is established and the ECU is not registered with the intrusion detection defense subgroup corresponding to the first group name according to the ECU identification, wherein the intrusion detection defense files corresponding to the first group name are acquired from the remote center by TBOX.
CN202210534839.8A 2022-05-17 2022-05-17 Vehicle-mounted Ethernet detection defense method and device Active CN114978656B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210534839.8A CN114978656B (en) 2022-05-17 2022-05-17 Vehicle-mounted Ethernet detection defense method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210534839.8A CN114978656B (en) 2022-05-17 2022-05-17 Vehicle-mounted Ethernet detection defense method and device

Publications (2)

Publication Number Publication Date
CN114978656A true CN114978656A (en) 2022-08-30
CN114978656B CN114978656B (en) 2023-06-09

Family

ID=82984030

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210534839.8A Active CN114978656B (en) 2022-05-17 2022-05-17 Vehicle-mounted Ethernet detection defense method and device

Country Status (1)

Country Link
CN (1) CN114978656B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180173515A1 (en) * 2015-06-01 2018-06-21 Opensynergy Gmbh Method for updating a control unit for an automotive vehicle, control unit for an automotive vehicle, and computer program product
US20180212937A1 (en) * 2017-01-25 2018-07-26 Beijing Baidu Netcom Science And Technology Co., Ltd. Method and Device for Communicating Securely between T-Box Device and ECU Device in Internet of Vehicles System
US20190173951A1 (en) * 2017-12-01 2019-06-06 GM Global Technology Operations LLC Vehicle communication using publish-subscribe messaging protocol
CN111314386A (en) * 2020-03-23 2020-06-19 北京邮电大学 Intrusion detection method and device for intelligent networked automobile
CN111669352A (en) * 2019-03-08 2020-09-15 广州汽车集团股份有限公司 Method and device for preventing denial of service attack
CN112363984A (en) * 2020-11-13 2021-02-12 北京天融信网络安全技术有限公司 In-vehicle safety rule file generation method and device
WO2021162473A1 (en) * 2020-02-14 2021-08-19 현대자동차주식회사 System and method for detecting intrusion into in-vehicle network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180173515A1 (en) * 2015-06-01 2018-06-21 Opensynergy Gmbh Method for updating a control unit for an automotive vehicle, control unit for an automotive vehicle, and computer program product
US20180212937A1 (en) * 2017-01-25 2018-07-26 Beijing Baidu Netcom Science And Technology Co., Ltd. Method and Device for Communicating Securely between T-Box Device and ECU Device in Internet of Vehicles System
US20190173951A1 (en) * 2017-12-01 2019-06-06 GM Global Technology Operations LLC Vehicle communication using publish-subscribe messaging protocol
CN111669352A (en) * 2019-03-08 2020-09-15 广州汽车集团股份有限公司 Method and device for preventing denial of service attack
WO2021162473A1 (en) * 2020-02-14 2021-08-19 현대자동차주식회사 System and method for detecting intrusion into in-vehicle network
CN111314386A (en) * 2020-03-23 2020-06-19 北京邮电大学 Intrusion detection method and device for intelligent networked automobile
CN112363984A (en) * 2020-11-13 2021-02-12 北京天融信网络安全技术有限公司 In-vehicle safety rule file generation method and device

Also Published As

Publication number Publication date
CN114978656B (en) 2023-06-09

Similar Documents

Publication Publication Date Title
CN101253488B (en) Distributed caching of files in a network
EP3759885B1 (en) Broker-based bus protocol and multi-client architecture
US20190173951A1 (en) Vehicle communication using publish-subscribe messaging protocol
US10285051B2 (en) In-vehicle networking
EP2465279B1 (en) Methods and devices for deriving, communicating and verifying ownership of expressions
EP4050474A1 (en) Vehicle upgrade packet processing method and apparatus
AU2018102186A4 (en) An aggregated trust evaluation method for message reliability in vanets
CN102571591B (en) Method, edge router and system for realizing marked network communication
US20190089648A1 (en) Resource subscription method, resource subscription apparatus, and resource subscription system
CN103001965A (en) Method for updating server certificates and servers
US11647077B2 (en) VIN ESN signed commands and vehicle level local web of trust
CN103209108A (en) Dynamic virtual private network (DVPN)-based route generation method and equipment
CN102437946B (en) Access control method, network access server (NAS) equipment and authentication server
US8176161B2 (en) Method and system for content-based routing of network traffic
KR102172287B1 (en) Vehicle communication network system and operating method of the same
CN116321147A (en) Zero trust-based multi-attribute terminal identity authentication method and system
JP7384198B2 (en) Management device, communication system, vehicle, vehicle communication management method, and vehicle communication management program
CN110290176B (en) Point-to-point information pushing method based on MQTT
CN107911339B (en) Information maintenance method and device
CN114978656B (en) Vehicle-mounted Ethernet detection defense method and device
CN113472620A (en) Management method and system for in-vehicle message authentication fresh value
CN105959315B (en) A kind of IP keepalive method and client for user&#39;s migration
CN115277208A (en) Intelligent networking automobile data transmission method, device, equipment and medium
CN113987475A (en) Distributed resource management system, distributed resource management method, credential information management system, and medium
Wei et al. Authenticated can communications using standardized cryptographic techniques

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant