CN117521127A - Data access control method for intelligent network connection - Google Patents
Data access control method for intelligent network connection Download PDFInfo
- Publication number
- CN117521127A CN117521127A CN202311402314.XA CN202311402314A CN117521127A CN 117521127 A CN117521127 A CN 117521127A CN 202311402314 A CN202311402314 A CN 202311402314A CN 117521127 A CN117521127 A CN 117521127A
- Authority
- CN
- China
- Prior art keywords
- topic
- access control
- node
- access
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000011217 control strategy Methods 0.000 claims description 38
- 238000004422 calculation algorithm Methods 0.000 claims description 24
- 238000012795 verification Methods 0.000 claims description 24
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 230000001965 increasing effect Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 12
- 238000012360 testing method Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 229920006395 saturated elastomer Polymers 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data access control method for intelligent network connection, which is characterized in that an access control engine is arranged in an intelligent network connection automobile automatic driving system based on ROS2 and is used for receiving topics issued by nodes and registering, and the access control is carried out on the nodes accessing the topics; registering topic names to be used by topic issuing nodes in the automatic driving system, setting different access right modules for different topics by an access control engine, and establishing an access control model; when other nodes need to publish/subscribe to the topic message, an authentication application is provided for the access control engine, and after the authentication is passed by the access control engine, the node can publish or subscribe to the topic information according to the topic according to the required operation. The invention can realize flexible and reliable access control on the premise of not increasing the additional cost of the system, and simultaneously satisfies the access control of different security levels.
Description
Technical Field
The invention belongs to the technical field of automatic driving data security, and particularly relates to a data access control method for intelligent network coupling.
Background
In recent years, with the rapid development of intelligent network coupling, how to improve the flexible interaction between drivers and vehicles has become an important branch of current Autopilot research, and in order to build intelligent cabin ecology, various major technological companies or automobile manufacturers have also successively introduced Autopilot systems or platforms, such as Waymo of google, apollo of hundred degrees, autopilot of tesla, and the like. Their presence causes the vehicle drive to enter the assisted drive phase from the traditional manual drive phase and to be transitioning to the automatic drive phase.
The gradual shift in driving style has led to a gradual shift in the interest of people in vehicles as well as in the in-vehicle entertainment. More on-board screens, better UI interactions mean that future vehicles will integrate more applications and this has become a trend for future vehicle development. However, the application program is rapidly developed, and a new problem is brought about, namely, how the security of the vehicle-mounted data should be protected. Since for all applications accessing the autopilot system, they will be free to obtain various operational data of the vehicle, including sensor data, camera data, etc., if data access is not restricted. For example, for a tesla automatic driving system adopting a pure visual algorithm, when some malicious third party software reads the data of a camera, if the identification data of a traffic light is modified, the red light data is tampered with to be a green light, which will affect the automatic driving system to make a correct decision, thereby forming a behavior which jeopardizes personal or social security.
Currently, each large autopilot system developer mainly develops an autopilot framework on the basis of a second generation robot operating system (ROS 2). Although the ROS2 self-contained SROS2 security component provides security functions such as identity authentication, encryption communication and access control configuration by utilizing XML files, security problems such as authority file replacement, default error configuration and the like exist in the security implementation process due to the distributed characteristic of the ROS2 self-contained SROS2 security component. Second, since the Security of ROS2 depends on DDS Security, an attacker may initiate a potential attack based on a defect of the DDS, for example, a targeted attack using context information revealed by the DDS during the encryption handshake. It is therefore necessary to conduct a study for the above cases,
disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a data access control method for intelligent network connection, which can realize flexible and reliable access control on the premise of not increasing system overhead and simultaneously meet the access control of different security levels.
In order to achieve the above object, the data access control method for intelligent network connection of the present invention comprises the following steps:
s1: in an intelligent network-connected automobile automatic driving system based on ROS2, an access control engine is arranged and used for receiving registration and release of topics by nodes and performing access control on the nodes accessing the topics;
s2: the topic issuing node registers topic names to be used, and the specific steps include:
s2.1: when nodes in the automatic driving system need to issue messages, setting topics corresponding to the messages, setting access control strategies corresponding to the topics, packaging the topics and the access control strategies into topic registration applications, and sending the topic registration applications to an access control engine;
s2.2: the access control engine performs uniqueness judgment on the topics after receiving the topic registration application, namely analyzes and judges whether the received topics exist, if so, the step S2.3 is performed, and if not, the step S2.4 is performed;
s2.3: the access control engine feeds back topic conflict information to a node for sending a topic registration application, and the node selects to adopt the existing topic release information or re-register a new topic according to actual conditions;
s2.4: the access control engine stores topics contained in the topic registration application into a topic database, initializes an access right module according to an access control strategy contained in the topic registration application, and determines an access control model corresponding to the topics, wherein the specific method comprises the following steps of:
when the topic adopts the non-access control strategy, an access right module is not set for the topic;
when the topic adopts an access control strategy based on an access control list, setting the access control list in a corresponding access authority module, and adding a node name which allows access into the access control list by a topic registration application node;
when the topic adopts the access control strategy based on the certificate, the corresponding access authority module issues a root certificate for the topic registration application node, and the specific method is as follows: judging the category of the session question application node, if the session question application node is a vehicle-mounted original node, distributing a root certificate for the session question application node by an access authority module, and if the session question application node is a vehicle-mounted node of a public application, distributing a root certificate for the session question application node by a node developer; then the topic registration application node uses the root certificate as the node allowing access to the topic to distribute the allowed access certificate;
s3: when the node needs to publish or subscribe by means of topics, an authentication application is initiated to an access control engine, and an authentication application rs is generated by adopting the following method:
rs=ECDSA.Sign(NN,O,T,(Cert),SK)
wherein NN represents a node name, O represents an operation that the node desires to execute, T represents a topic name to be accessed, (Cert) represents permitted access certificate information of the node to an applied authentication topic, SK represents a private key of the node, ecdsa.sign () represents a signature algorithm in an ECDSA algorithm;
s4: when the access control engine receives an authentication application about a topic, the authentication is performed according to an access control strategy corresponding to the topic, and the specific method is as follows:
when the topics adopt the access-free control strategy, the access authority of the nodes is determined by the access control model;
when the topic adopts an access control strategy based on an access control list, firstly adopting an ECDSA algorithm to carry out authentication information verification to obtain an authentication verification result re:
re=ECDSA.Verify(NN,O,T,PK)
wherein PK represents a public key of the node, and ECDSA.verify () represents a verification algorithm corresponding to a signature algorithm in the ECDSA algorithm;
if the authentication verification result re is true, matching the authentication application node with an access control list in the corresponding topic access authority module, and if the matching is successful, allowing the node to access the topic, entering a step S5, otherwise, refusing the node to access the topic;
when the topic adopts the access control strategy based on the certificate, firstly adopting the ECDSA algorithm to carry out authentication information verification to obtain an authentication verification result re, if the authentication verification result re is wire, using a private key of the topic to verify the certificate information of an authentication application node by an access control module corresponding to the topic, allowing the node to access the topic if the authentication is passed, and entering a step S5, otherwise refusing the node to access the topic;
s5: the authentication application node publishes or subscribes to the information of the topic through the topic according to the required operation.
The invention is directed to a data access control method of intelligent network connection, in an intelligent network connection automobile automatic driving system based on ROS2, an access control engine is arranged and used for receiving topics issued by nodes and registering, and access control is carried out on the nodes accessing the topics; registering topic names to be used by topic issuing nodes in the automatic driving system, setting different access right modules for different topics by an access control engine, and establishing an access control model; when other nodes need to publish/subscribe the messages of the topics, an authentication application is provided for the access control engine, and after the authentication application is passed by the access control engine, the nodes can publish or subscribe the information of the topics through the topics according to the required operation of the nodes.
The invention has the following beneficial effects:
1) The invention designs a flexible and reliable access control method based on ROS2 and with the primary purpose of enhancing the safety transmission of vehicle-mounted data, which is compatible with access control strategies of different safety levels;
2) The throughput is evaluated by using different access control strategies, and the result shows that the transmission performance of the system can always be maintained at a good level when the invention is adopted, and the system overhead is not excessively increased.
Drawings
FIG. 1 is a flow chart of a specific embodiment of a data access control method for an intelligent network-connected vehicle of the present invention;
FIG. 2 is a flow chart of topic registration in the present invention;
FIG. 3 is a diagram of the time overhead for topic registration and authentication in the single-threaded case in this embodiment;
FIG. 4 is a graph of throughput versus authentication for topic registration and topic authentication under different policies in the present embodiment;
FIG. 5 is a throughput measurement attempt under multithreading in accordance with the present invention;
FIG. 6 is a graph of runtime overhead versus single-threaded and multi-threaded for the present invention in this embodiment.
Detailed Description
The following description of the embodiments of the invention is presented in conjunction with the accompanying drawings to provide a better understanding of the invention to those skilled in the art. It is to be expressly noted that in the description below, detailed descriptions of known functions and designs are omitted here as perhaps obscuring the present invention.
Examples
Fig. 1 is a flowchart of a specific implementation mode of a data access control method for an intelligent network-connected automobile. As shown in fig. 1, the data access control method for the intelligent network-connected automobile comprises the following specific steps:
s101: setting an access control engine:
in the intelligent network-connected automobile automatic driving system based on ROS2, an access control engine is arranged and used for receiving registration and release of topics by nodes and performing access control on the nodes accessing the topics.
S102: topic registration:
in the intelligent network-connected automobile safe driving system based on ROS2, topics are adopted as media for communication between different nodes in an automatic driving system, so in order to ensure the accuracy of communication between the points, topic names to be used by the nodes need to be registered before the safe driving system formally starts to operate. Fig. 2 is a flow chart of topic registration in the present invention. As shown in fig. 2, the specific steps of topic registration in the present invention include:
s201: transmit topics:
when nodes in the automatic driving system need to issue messages, setting topics corresponding to the messages, setting access control strategies corresponding to the topics, packaging the topics and the access control strategies into topic registration applications, and sending the topic registration applications to an access control engine.
The access control strategy can be set according to actual needs, and is generally selected according to the security level corresponding to the topic, the higher the security level is, the stricter the access control strategy is, and the access control strategy comprises an access control strategy without access, an access control strategy based on an access control list and an access control strategy based on a certificate.
S202: the access control engine performs the uniqueness judgment on the topic after receiving the topic registration application, i.e. analyzes and judges whether the received topic exists, if so, the step S203 is entered, otherwise, the step S204 is entered.
S203: feeding back topic conflict information:
the access control engine feeds back topic conflict information to a node for sending a topic registration application, and the node selects to adopt the existing topic release information or re-register a new topic according to actual conditions.
S204: registration is successful:
the access control engine stores topics contained in the topic registration application into a topic database, initializes an access right module according to an access control strategy contained in the topic registration application, and determines an access control model corresponding to the topics, wherein the specific method comprises the following steps of:
when the topic adopts the access control strategy, an access authority module is not set for the topic.
When the topic adopts an access control strategy based on the access control list, setting the access control list in the corresponding access authority module, and adding the node name which allows access to the access control list by the topic registration application node.
When the topic adopts the access control strategy based on the certificate, the corresponding access authority module issues a root certificate for the topic registration application node, and the specific method is as follows: judging the category of the session application node, if the session application node is a vehicle-mounted native node, distributing a root certificate for the session application node by the access authority module, and if the session application node is a vehicle-mounted node of a public application, distributing a root certificate for the session application node by a node developer. And then the topic registration application node uses the root certificate to distribute the permission access certificate for the node which is permitted to access the topic.
S103: node application authentication:
when the node needs to conduct publishing or subscribing operation by means of topics, an authentication application is initiated to the access control engine. In order to ensure the security of the authentication information in the transmission in the non-empty access control policy, the information to be authenticated needs to be signed by using an ECDSA (Elliptic Curve Digital Signature Algorith, elliptic curve digital signature) algorithm, so the authentication application rs is generated by adopting the following method:
rs=ECDSA.Sign(NN,O,T,(Cert),SK)
where NN represents a node name, O represents an operation that the node desires to perform, T represents a topic name to be accessed, (Cert) represents permitted access certificate information of the node to an applied authentication topic, SK represents a private key of the node, and ecdsa.sign () represents a signature algorithm in the ECDSA algorithm.
S104: access control engine authentication:
when the access control engine receives an authentication application about a topic, the authentication is performed according to an access control strategy corresponding to the topic, and the specific method is as follows:
when the topic adopts the access-free control strategy, the access authority of the node is determined by the access control model. Generally, access to a node is only allowed under an autonomous access control model, depending on the access control model employed by the system.
When the topic adopts an access control strategy based on an access control list, firstly adopting an ECDSA algorithm to carry out authentication information verification to obtain an authentication verification result re:
re=ECDSA.Verify(NN,O,T,PK)
where PK represents the public key of the node, ecdsa.verify () represents the verification algorithm of the signature algorithm of the ECDSA algorithm.
If the authentication verification result re is true, matching the authentication application node with the access control list in the corresponding topic access authority module, and if the matching is successful, allowing the node to access the topic, and entering into step S105, otherwise, refusing the node to access the topic.
When the topic adopts the access control strategy based on the certificate, firstly adopting the ECDSA algorithm to carry out authentication information verification to obtain an authentication verification result re, if the authentication verification result re is wire, using the private key of the topic to verify the certificate information of the authentication application node by the access control module corresponding to the topic, and allowing the node to access the topic if the authentication is passed, and entering step S105, otherwise rejecting the node to access the topic.
S105: nodes publish or subscribe to topics:
the authentication application node publishes or subscribes to the information of the topic through the topic according to the required operation.
Examples
In order to better illustrate the technical scheme of the invention, a specific example is adopted to carry out simulation verification on the invention. In order to master the performance of the system, the embodiment tests the running time and throughput of the system under different strategies. The different access control methods mainly have different execution conditions under specific conditions and do not affect time overhead brought by specific policies, so the access control method selected in the embodiment is a forced access control method, and simulation verification is performed by taking an access control policy based on an access control list and an access control policy based on a certificate as an example.
In order to grasp the time overhead of the access control list and the certificate policy in detail under the topic registration (region) and authentication (auth) links, the embodiment records the whole operation process of the two links under the single-thread condition. Fig. 3 is a diagram illustrating the time overhead of topic registration and authentication in the single-threaded case in this embodiment. As shown in fig. 3, the access control list policy is lower in total run time than the credential policy, whether topic registration or authentication. The main reason is that during topic registration, the certificate policy increases the time overhead of key generation and storage relative to access control list policies due to its specificity of requiring the issuing of certificates for requesting nodes. In the authentication process, although the certificate strategy only needs to search public key information for verification from the topic public key library in the process of inquiring the connection database, compared with the access control list strategy, the time cost of searching access control files of target topics from a plurality of access control files is small, the certificate strategy needs to verify ECDSA signature algorithm of the certificate, and the process is more complex in the operation process compared with node name matching of the access control list strategy, so that the total authentication time is greatly different. However, the initialization process of the access control mainly occurs in the initialization process of the automatic driving system, and the vehicle is still in a static state at this time, so that the vehicle operation is not excessively affected, and even if a new access control requirement is generated in the vehicle operation process, the current response time can meet the minimum response time standard of 100ms required by the automatic driving system.
In order to grasp the number of requests that the access control engine can process per second in the topic registration and authentication link, throughput measurements are also performed in this embodiment. The incremental request form is adopted in the test process, namely, the access control list and the certificate strategy start from 0 requests under the condition of topic registration and authentication, 100 and 50 requests are respectively added each time, and the throughput test is completed after the tenth request is finished. Fig. 4 is a graph of throughput versus authentication for topic registration and authentication under different policies in this embodiment of the invention. As shown in fig. 4, the peak throughput of the access control list policy under the topic registration (ACL-Regist) and authentication (ACL-Auth) links is 230 and 290 times per second, respectively, while the throughput of the certificate policy under the topic registration (Cert-Regist) and authentication (Cert-Auth) is relatively low, 62 and 70 times per second, respectively. The throughput of the access control list policy in two links is substantially four times the throughput of the credential policy. The combination of the two policies finds that the time cost of the access control list and the certificate policy under the same link is basically in a four-fold relationship after the runtime analysis under different links, so that the reason for lower throughput under the certificate policy is mainly the relatively complex calculation process.
Secondly, in the case of multithreading, the multithreading throughput test is performed with the total number of requests floating 30% -40% on the basis of the single line Cheng Fengzhi throughput. Fig. 5 is a throughput measurement attempt under multithreading according to the present invention. As shown in fig. 5, in the case where the total request number is constant, the throughput of each link tends to decrease as the number of threads increases. To find specific reasons we have counted the time overhead in the single-threaded and multi-threaded case. FIG. 6 is a graph of runtime overhead versus single-threaded and multi-threaded for the present invention in this embodiment. As shown in fig. 6, in the case of continuous requests, the running time of the requests under the multithreading condition has obvious fluctuation, which is mainly because of the limitation of the performance of the experimental platform, and when a plurality of threads arrive, the situation that the threads wait and schedule due to the fact that the plurality of requests cannot be processed simultaneously occurs, thereby resulting in the increase of the running time and the reduction of the throughput. However, as can be seen from the test results of the multithreading throughput, when the number of threads requested is constant, the throughput eventually stabilizes within a range as the number of requests increases, mainly because the scheduling of the threads is already in a saturated state, and the scheduling overhead also basically stabilizes, so that no situation of increasing requests and decreasing throughput occurs.
In summary, the invention meets the access control requirements of different security levels without excessively increasing the system overhead, and has good application prospect.
While the foregoing describes illustrative embodiments of the present invention to facilitate an understanding of the present invention by those skilled in the art, it should be understood that the present invention is not limited to the scope of the embodiments, but is to be construed as protected by the accompanying claims insofar as various changes are within the spirit and scope of the present invention as defined and defined by the appended claims.
Claims (1)
1. The data access control method for the intelligent network-connected automobile is characterized by comprising the following steps of:
s1: in an intelligent network-connected automobile automatic driving system based on ROS2, an access control engine is arranged and used for receiving registration and release of topics by nodes and performing access control on the nodes accessing the topics;
s2: the topic issuing node registers topic names to be used, and the specific steps include:
s2.1: when nodes in the automatic driving system need to issue messages, setting topics corresponding to the messages, setting access control strategies corresponding to the topics, packaging the topics and the access control strategies into topic registration applications, and sending the topic registration applications to an access control engine;
s2.2: the access control engine performs uniqueness judgment on the topics after receiving the topic registration application, namely analyzes and judges whether the received topics exist, if so, the step S2.3 is performed, and if not, the step S2.4 is performed;
s2.3: the access control engine feeds back topic conflict information to a node for sending a topic registration application, and the node selects to adopt the existing topic release information or re-register a new topic according to actual conditions;
s2.4: the access control engine stores topics contained in the topic registration application into a topic database, initializes an access right module according to an access control strategy contained in the topic registration application, and determines an access control model corresponding to the topics, wherein the specific method comprises the following steps of:
when the topic adopts the non-access control strategy, an access right module is not set for the topic;
when the topic adopts an access control strategy based on an access control list, setting the access control list in a corresponding access authority module, and adding a node name which allows access into the access control list by a topic registration application node;
when the topic adopts the access control strategy based on the certificate, the corresponding access authority module issues a root certificate for the topic registration application node, and the specific method is as follows: judging the category of the session question application node, if the session question application node is a vehicle-mounted original node, distributing a root certificate for the session question application node by an access authority module, and if the session question application node is a vehicle-mounted node of a public application, distributing a root certificate for the session question application node by a node developer; then the topic registration application node uses the root certificate as the node allowing access to the topic to distribute the allowed access certificate;
s3: when the node needs to publish or subscribe by means of topics, an authentication application is initiated to an access control engine, and an authentication application rs is generated by adopting the following method:
rs=ECDSA.Sign(NN,O,T,(Cert),SK)
wherein NN represents a node name, O represents an operation that the node desires to execute, T represents a topic name to be accessed, (Cert) represents permitted access certificate information of the node to an applied authentication topic, SK represents a private key of the node, ecdsa.sign () represents a signature algorithm in an ECDSA algorithm;
s4: when the access control engine receives an authentication application about a topic, the authentication is performed according to an access control strategy corresponding to the topic, and the specific method is as follows:
when the topics adopt the access-free control strategy, the access authority of the nodes is determined by the access control model;
when the topic adopts an access control strategy based on an access control list, firstly adopting an ECDSA algorithm to carry out authentication information verification to obtain an authentication verification result re:
re=ECDSA.Verify(NN,O,T,PK)
wherein PK represents a public key of the node, and ECDSA.verify () represents a verification algorithm corresponding to a signature algorithm in the ECDSA algorithm;
if the authentication verification result re is true, matching the authentication application node with an access control list in the corresponding topic access authority module, and if the matching is successful, allowing the node to access the topic, entering a step S5, otherwise, refusing the node to access the topic;
when the topic adopts the access control strategy based on the certificate, firstly adopting the ECDSA algorithm to carry out authentication information verification to obtain an authentication verification result re, if the authentication verification result re is wire, using a private key of the topic to verify the certificate information of an authentication application node by an access control module corresponding to the topic, allowing the node to access the topic if the authentication is passed, and entering a step S5, otherwise refusing the node to access the topic;
s5: the authentication application node publishes or subscribes to the information of the topic through the topic according to the required operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311402314.XA CN117521127A (en) | 2023-10-26 | 2023-10-26 | Data access control method for intelligent network connection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311402314.XA CN117521127A (en) | 2023-10-26 | 2023-10-26 | Data access control method for intelligent network connection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117521127A true CN117521127A (en) | 2024-02-06 |
Family
ID=89765369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311402314.XA Pending CN117521127A (en) | 2023-10-26 | 2023-10-26 | Data access control method for intelligent network connection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117521127A (en) |
-
2023
- 2023-10-26 CN CN202311402314.XA patent/CN117521127A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102347659B1 (en) | Secure provisioning and management of devices | |
| US20240073037A1 (en) | Internal certificate authority for electronic control unit | |
| US11445368B2 (en) | Vehicle, network component, method, computer program and device for generating an id for an equipped status of a vehicle | |
| US20220398149A1 (en) | Minimizing transport fuzzing reactions | |
| KR102359782B1 (en) | Blockchain-Based Message Transmission Method Between Vehicles in an Autonomous Driving Environment | |
| WO2021164609A1 (en) | Authentication method and apparatus for vehicle-mounted device | |
| US20230382329A1 (en) | Vehicle-based health monitoring | |
| Alshdadi | Cyber-physical system with IoT-based smart vehicles | |
| Yao et al. | Accident responsibility identification model for Internet of Vehicles based on lightweight blockchain | |
| Li et al. | Aggregated zero-knowledge proof and blockchain-empowered authentication for autonomous truck platooning | |
| CN112448998A (en) | Distributed vehicle network access authorization | |
| Wang et al. | Vulnerability of deep learning model based anomaly detection in vehicle network | |
| US20240281849A1 (en) | Dynamic vehicle tags | |
| US11271971B1 (en) | Device for facilitating managing cyber security health of a connected and autonomous vehicle (CAV) | |
| US20220270411A1 (en) | Device modification from transport operation | |
| CN111797404B (en) | IIoT equipment safety device based on block chain and intelligent contract | |
| Jadhav | Automotive cybersecurity | |
| CN117521127A (en) | Data access control method for intelligent network connection | |
| US20230276409A1 (en) | Resource selection for 5g nr v2x pc5 mode 2 | |
| US20230276482A1 (en) | Resource selection for 5g nr v2x communications | |
| Drobot et al. | The Internet of Vehicles (IoV)—Security, Privacy, Trust, and Reputation Management for Connected Vehicles | |
| Zoppelt et al. | Reaching Grey Havens Industrial Automotive Security Modeling with SAM | |
| US20240326597A1 (en) | Battery management system communication | |
| US20240106663A1 (en) | Vehicle temporary certificate authentication | |
| US20240008111A1 (en) | Automatic device and vehicle pairing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |