| 引用本文: |
-
徐国胜,李逸静,汪梓撼,王晨宇.车载异构网络节点消息认证协议设计[J].信息安全学报,已采用 [点击复制]
- XU GUOSHENG,LI Yijing,WANG Zihan,WANG Chenyu.Design of Message Authentication Protocol for Vehicle Heterogeneous Network Nodes[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 消费者对汽车安全性、舒适性和智能性的需求推动着汽车工业的不断发展,目前大多数创新都集中在汽车电子和软件领域,这一点在车载网络架构以及电子控制单元(ECU)和车内节点之间交换的消息数量增长中表现得非常明显。一方面,推动着汽车电子系统不断升级,另外一方面,也不可避免的引入了额外安全风险,其中最突出的就是消息缺乏认证,面临的关键挑战之一是如何利用有限的计算和通信资源来验证总线内的消息,其主要目的是确保数据传输的可靠性和新鲜性。目前的方案主要问题在于实际应用开销大,需要在通信节点之间维护多个字段来验证消息新鲜行,这导致整体通信负载较大。为弥补这一缺陷,本文提出了一种新的车载网络消息认证方案,我们提供了理论证据,证明该方案可以有效抵御重放和欺骗等攻击,同时提高对去同步化的抵抗能力。在理论分析的基础上,我们使用专业仿真软件开发了一个模拟环境,并设计了一系列对比实验来验证方案的有效性。实验结果表明,该方案不仅能够有效地抵抗重放和欺骗等常见攻击,还具备良好的安全性、抗去同步性和鲁棒性。该方案通过基于时间间隔的新鲜性机制,消除了用于同步的计数器开销,进而降低了消息认证的整体时间开销。与现有方案相比,本方案在确保数据传输的可靠性和新鲜性方面可以显著提升了车内消息认证的效率和安全性,在实际应用中具有较高的价值,能够为车载网络提供更为安全、可靠的消息认证服务。 |
| 关键词: 车载异构网络 消息认证 电子控制单元 控制域网络 |
| DOI: |
| 投稿时间:2024-03-26修订日期:2024-08-01 |
| 基金项目:智能驾驶汽车内部异构网络轻量化安全防护(网络空间安全专项国家重点研发计划项目) |
|
| Design of Message Authentication Protocol for Vehicle Heterogeneous Network Nodes |
|
XU GUOSHENG1, LI Yijing2, WANG Zihan1, WANG Chenyu1
|
| (1.Beijing University of Posts and Telecommunications;2.China Academy of Information and Communications Technology) |
| Abstract: |
| Consumer demand for automotive safety, comfort, and intelligence drives continuous development in the automotive industry. Currently, most innovations are focused on automotive electronics and software, which is particularly evident in vehicle network architecture and the increasing number of messages exchanged between the electronic control units (ECUs) and in-vehicle nodes. On one hand, it propels continuous upgrading of automotive electronic systems; on the other hand, it inevitably introduces additional security risks, the most prominent of which is the lack of message authentication. One of the key challenges is how to verify messages within the bus using limited computing and communication resources, with the main goal of ensuring the reliability and freshness of data transmission. The main problem of current solutions is the high practical overhead due to the demand of maintaining multiple fields between communication nodes to verify message freshness, resulting in a high overall communication load. To compensate for this deficiency, this paper proposes a novel in-vehicle network message authentication scheme. We provided theoretical evidence to demonstrate that the scheme is effective in resisting replay and deception attacks while enhancing the resistance to desynchronization. Based on theoretical analysis, we developed a simulation environment using professional simulation software and designed a series of comparative experiments to verify the effectiveness of the proposed scheme. Experimental results indicate that the proposed scheme not only effectively resist common attacks such as replay and deception, but also has good security, anti-desynchronization, and robustness. This scheme eliminates the counter overhead for synchronization through a freshness mechanism based on time intervals, thereby reducing the overall time overhead for message authentication. Compared to existing solutions, this scheme significantly improves the efficiency and security of in-vehicle message authentication by ensuring the reliability and freshness of data transmission. This scheme is of high practical application value, providing a more secure and reliable message au-thentication service for in-vehicle networks. |
| Key words: In-vehicle heterogeneous networks message authentication ECU CAN |
