摘要
随着智能充电桩的广泛部署,电动汽车充电桩的信息安全问题日益严重。攻击者可以通过外部访问接口渗透到连接关键控制单元的充电桩CAN总线,通过CAN总线发送恶意攻击报文,干扰充电桩工作,严重危害充电基础设施安全。针对电动汽车充电桩CAN总线信息安全问题,提出了一种基于最大最小蚁群算法(MMAS)的CAN总线模糊测试方法。该方法通过改进最大最小蚁群算法来提高CAN协议模糊测试报文生成的效率,利用特定的变异策略,更改报文相应字段,通过CAN协议分析仪向充电桩CAN节点发送模糊测试报文,使充电桩CAN协议的检测效率大幅提高。基于上述测试方法,发现利用目前充电协议安全脆弱性对充电桩进行攻击,可导致充电桩产生停机、拒绝服务等安全问题。
With the extensive deployment of intelligent charging piles, the related information security issues are gradually becoming serious. Through the external access interface, an attacker can penetrate to the CAN bus network which connects to the key control unit of charging pile. By sending malicious attack messages, an attacker can interfere with charging pile operating and seriously endanger the safety of charging infrastructure. In order to solve the problem of CAN bus information security of electric vehicle charging pile, a fuzzing test method of CAN bus based on maximum and minimum ant colony algorithm(MMAS) is proposed. This method improves the fuzzing test efficiency of CAN protocol by improving the maximum and minimum ant colony algorithm. It uses a specific mutation strategy to change the corresponding fields of the message packet,sending the fuzzing test message to CAN node of the charging pile through the CAN protocol analyzer. Based on the above testing method, it is found that the attack on charging piles by utilizing the current security vulnerabilities of charging protocol can lead to shutdown, denial of service and other security problems of charging piles.
作者
徐江珮
王晋
刘畅
周亮
龙凤
XU Jiang-pei;WANG Jin;LIU Chang;ZHOU Liang;LONG Feng(State Grid Hubei Electric Power Research Institute,Wuhan 430077,Hubei,China)
出处
《山东大学学报(理学版)》
CAS
CSCD
北大核心
2020年第5期95-104,共10页
Journal of Shandong University(Natural Science)
关键词
CAN总线
充电桩
信息安全
异常检测
模糊测试
最大最小蚁群算法
CAN bus
charging pile
information security
anomaly detection
fuzzing test
maximum and minimum ant colony algorithm
