摘要
网联汽车在推动智能交通、智慧城市等重要技术发展的同时,其存在的安全问题日益突出.作为网联汽车的核心总线网络,CAN总线主要负责传感器信息以及控制指令的传输,对其安全防护成为了研究重点.然而现有的CAN总线安全方案未考虑到报文安全需求的差异性以及车内网络环境的动态性,难以兼顾安全性和网络性能.因此,提出了一种自适应的车内CAN总线安全机制,首先根据报文安全需求和车内网络环境等因素建立因素集,并设计了差异化的安全策略及相应的通信协议.随后基于模糊决策的思想,根据报文安全需求和车内网络环境自适应地选取安全策略.最后通过理论分析验证了所提方案的可行性和安全性,同时,实验结果表明该方案所需计算开销有限,适用于计算能力受限的ECU节点和高实时性需求的CAN总线网络.
While the connected vehicles are promoting the development of important technologies such as intelligent transportation and smart cities,its security problems are increasingly severe at the same time.As the core bus network of connected vehicles,CAN bus is responsible for the transmission of sensor information and control instructions,therefore,the issue of its security protection attracts more and more attention.However,the existing security mechanism failed to consider the differentiated needs of messages and dynamic in-vehicle network environment.It is hard to balance security and network performance at the same time.Therefore,an adaptive security mechanism for CAN bus is proposed.Firstly,a factor set is established,and a differentiated security strategy and corresponding communication protocol are designed according to the requirement of message security and in-vehicle network environment.Then,the adaptive selection of security strategy is proposed based on the fuzzy decision-making idea and the consideration of the message requirements as well as the in-vehicle network factors.Finally,the feasibility and security of the proposed scheme are verified through theoretical analysis,Moreover,the experimental results indicated that the proposed scheme had limited computing cost,which made it suitable for ECU nodes with limited computing capacity and CAN bus networks with high real-time requirements.
作者
陈颖
钟成
李兴华
姜奇
张会林
景誉文
Chen Ying;Zhong Cheng;Li Xinghua;Jiang Qi;Zhang Huilin;Jing Yuwen(School of Cyber Engineering,Xidian University,Xi’an 710071)
出处
《信息安全研究》
2019年第12期1076-1088,共13页
Journal of Information Security Research
基金
国家自然科学基金项目(U1708262,U1736203,61772173,61672413,U1804263)
关键词
车内网
CAN总线
安全机制
模糊决策
密钥管理
in-vehicle network
CAN bus
security mechanism
fuzzy decision
key management