摘要
针对车内网控制器局域网(CAN)总线中电子控制单元(ECU)易被篡改、假冒等安全问题,提出一种基于一次性密码本的身份认证协议。该协议利用网关ECU(GECU)中的安全存储模块TA验证ECU的合法身份,根据车载电源电压变化得到随机数,生成会话密钥并且使ECU节点间共享会话密钥,简化TA对ECU的密钥管理,周期性地更新连接和释放外部设备时的会话密钥,以防止重放攻击。仿真结果表明,该协议可有效减少总线负载,提高通信效率。
To solve the problem of Electronic Control Unit(ECU) in the Controller Area Network(CAN) bus of intra-vehicle network,which is easy to be tampered and faked,this paper puts forward an authentication protocol based on one-time pad in the vehicle network.Firstly,it uses secure storage module TA in the Gateway ECU(GECU) to verify the legal identity of the ECU.Then according to the vehicle power supply voltage,it achieves the random number,generates the session key,and simplifies the key management of TA to ECU.At last,it periodically updates the session key when connecting and releasing external devices and effectively prevents the replay attack.The experimental result shows that this protocol can be applied to the vehicle environment efficiently,which significantly reduces the bus load and improves the communication efficiency.
作者
万爱兰
韩牟
马世典
王运文
华蕾
冯晓林
WAN Ailan,HAN Mu,MA Shidian,WANG Yunwen,HUA Lei,FENG Xiaolin(School of Computer Science and Communication Engineering,Jiangsu University,Zhenjiang,Jiangsu 212013,Chin)
出处
《计算机工程》
CAS
CSCD
北大核心
2018年第6期141-146,161,共7页
Computer Engineering
基金
国家自然科学基金(61300229)
中国博士后科学基金(2013M531283)
江苏省"六大人才高峰"项目(DZXX-012)
江苏省高校自然科学基金(12KJD580002)
江苏省研究生创新基金(KYLX_1057)
江苏省重点研发计划项目(BE2017035)
关键词
车内网
控制器局域网
一次性密码本
密钥更新
认证协议
intra-vehicle network
Controller Area Network(CAN)
one-time pad
key update
authentication protocol
