摘要
汽车智能化需求推动了汽车电子电气(electrical/electronic,E/E)架构向基于时间敏感网络(time-sensitive networking,TSN)的区域(Zonal)架构演进,但网联化发展给数据传输带来了严重的信息安全问题。TSN标准所提供的流过滤器、流控门和流计量器3层信息防护模块本质上是一种边界防火墙技术,一旦边界被攻破,整个架构将暴露并因此瘫痪;此外,这种防护技术因存在多层处理而产生过多的计算和通信开销。本文提出一种面向汽车Zonal架构的TSN轻量级认证与授权通信框架,以去边界的方式实现了防劫持、防篡改及防监听的一体化防护方案。基于NXP车规级TSN交换芯片SJA1105Q(作为中央控制器)与NXP车规级SoC LS1028A(作为区域控制器)构建了Zonal架构原型平台,并将所开发的框架部署该原型平台,通过ProVerif工具验证了框架的安全性;基于原型平台的评估结果表明,所提框架在计算和通信开销方面均优于现有汽车信息安全通信框架。
The demand for intelligent vehicles has driven the evolution of the automotive electrical/electron‐ic(E/E)architecture towards the Zonal architecture based on time-sensitive networking(TSN).However,the de‐velopment of networking has brought serious information security issues to data transmission.The three-layer infor‐mation security protection modules provided by the TSN standard,which consist of flow filters,flow control gates,and flow meters,are essentially boundary firewall technology.Once the boundary is breached,the entire architec‐ture will be exposed and paralyzed.Additionally,this protection technology generates excessive computational and communication overhead due to the multiple layers of processing.This paper proposes a lightweight TSN authentica‐tion and authorization communication framework for the automotive Zonal architecture,which employs a boundary-less approach to provide integrated protection against hijacking,tampering,and eavesdropping.A Zonal architec‐ture prototype platform is built based on the NXP automotive-grade TSN switch chip SJA1105Q(as the central con‐troller)and the NXP automotive-grade SoC LS1028A(as the zone controller),and the developed framework is de‐ployed on this prototype platform.The security properties of the framework are verified using the ProVerif tool.The evaluation results based on the prototype platform show that the proposed framework outperforms existing automotive security communication frameworks in terms of computation and communication overhead.
作者
鲁睿其
谢国琪
刘新忠
李仁发
Lu Ruiqi;Xie Guoqi;Liu Xinzhong;Li Renfa(College of Computer Science and Electronic Engineering,Hunan University,Key Laboratory for Embedded and Cyber-Physical Systems of Hunan Province,Changsha 410082;Control and Software Department,Technical Center,SAIC-GM-Wuling Automobile Corporation,Liuzhou 545000;School of Information Science and Engineering,Hunan Institute of Science and Technology,Yueyang 414000;Research Institute of Hunan University in Chongqing,Chongqing 401135)
出处
《汽车工程》
EI
CSCD
北大核心
2023年第6期944-953,共10页
Automotive Engineering
基金
国家自然科学基金重点项目(61932010、62133014)
国家自然科学基金面上项目(61972139、62272155)
重庆市自然科学基金(CSTC2021JCYJ-MSXMX0461、CSTB2022NSCQ-MSX1393)
湖南省自然科学基金(2021JJ30150)资助。
