摘要
针对汽车CAN总线的安全缺陷,通过对计数器、随机数、密钥矩阵、消息认证码与扩展帧的综合利用,提出一种车载CAN总线信息安全机制,使CAN总线具备节点认证与通信加密的能力,从而保证信息的机密性、完整性与真实性。搭建实验平台对所提出的认证与加密机制进行测评与分析,结果表明,在128 MHz的总线频率下,该机制在表现出较快的节点认证速度的同时,安全CAN总线单帧报文的收发可在2 ms之内完成,适应当下汽车的高速发展对CAN总线通信速度的要求。
In view of the security vulnerabilities of the automobile CAN(controller area network)bus,an information security mechanism for vehicle⁃mounted CAN bus is proposed on the basis of the comprehensive utilization of counter,random number,key matrix,message authentication code and extended frame.The mechanism enables the CAN bus to have the abilities of node authentication and communication encryption,which thereby ensures the information confidentiality,integrity and authenticity.An experimental platform was established to test and analyze its authentication and encryption mechanism.The results show that when CAN bus is set at 128 MHz,the proposed mechanism shows high node authentication speed.Meanwhile,the single⁃frame message of security CAN bus can be received and dispatched within 2 ms,which meets the requirements for CAN bus communication speed in the rapid development of automobiles.
作者
孙瑶
王小妮
刘鹏
于肇贤
吴杰
SUN Yao;WANG Xiaoni;LIU Peng;YU Zhaoxian;WU Jie(School of Applied Science,Beijing Information Science&Technology University,Beijing 100192,China;Beijing Renxin Certificate Technology Co.,Ltd.,Beijing 100080,China;State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications,Beijing 100876,China)
出处
《现代电子技术》
2021年第9期6-11,共6页
Modern Electronics Technique
基金
网络与交换技术国家重点实验室(北京邮电大学)开放课题资助项目(SKLNST⁃2018⁃1⁃01)
国家自然科学基金(61604014)。
关键词
加密通信
节点认证
CAN总线
信息安全
认证流程
安全性分析
encrypted communication
node authentication
CAN bus
information security
authentication process
security analysis
