Research On Security Of In-Vehicle Infotainment System

With the rapid development of intelligence and networking of vehicle,the network security problems faced by intelligent connected vehicle are becoming increasingly severe,and the security challenges of In-Vehicle Infotainment(IVI)system are particularly prominent,so it is of great significance to study the network security of IVI system for improving vehicle safety.At present,the systematic researches on network security issues of IVI system is relatively lacking,and the relevant researches mainly focus on the vehicle security system,in-vehicle bus network security,privacy protection of Internet of Vehicles,in-vehicle wireless communication security,etc.Aiming at the problems of IVI system,which are the complex and diverse external network attack threats,the internal two-way security threats with in-vehicle bus network,and the needs for data transmission security,through analyzing in-depth the network security risks faced by IVI system,this paper constructs the network security threat model of IVI system based on STRIDE and attack tree,and proposes some security protection and optimization methods,which include the external network security threat protection method for IVI system based on the zero trust security framework,the lightweight bus network security protection method for IVI system based on the security agent,and the data transmission threat suppression method of IVI system based on anonymous exchange algorithm and the optimization method of IVI system data transmission mechanism based on fuzzy comprehensive evaluation.The main research works of this paper includes:1.In view of the security threats faced by IVI system,with the Multi-dimensional analysis of external environment,internal network,application platform,and business services and so on,based on the modeling methods of STRIDE and attack tree,the network security threat model of IVI system is constructed by hierarchical modeling mode,and the network security risks are assessed by analytic hierarchy process.The network security threat model of IVI system is more conducive to researchers' analysis of the security threats existing in IVI system from the perspective of attack,and can deeply,comprehensively and intuitively grasp the security risks and its nature of IVI system.2.In view of the security threats from external network environment faced by IVI system,based on the security trust foundation of identity authentication and access authorization,the zerotrust security access control system of IVI system is built,to provide dynamic and trusted security access to IVI system by using the continuous,dynamic,multiple level and fine-grained access authorization control.At the same time,the external security information detection system based on the "end-cloud-end" three-level structure is designed,to provide external security risk information input to the trust algorithm of the zero-trust security access control system,so as to improve the comprehensiveness and accuracy of access control decisions.Compared with the traditional network security protection system based on firewall security boundary for IVI system,this method has obvious advantages in the aspects of target resource hiding,identity authentication policy,access control and external security information decision.3.In view of the two-way security threats between IVI system and in-vehicle bus network,with simple and effective lightweight design ideas,the bus network security protection method of IVI system is realized,by the integration of IVI application service bus access control,bus communication message filtering,message data content audit and message transmission frequency detection and other security mechanisms and designs.This method has good protection effect on bus access control and abnormal detection of data packets,and alleviates the security risk between IVI system and in-vehicle bus network to a great extent.4.In view of the security risks of IVI system data during the transmission of the Internet of Vehicles,based on the use of comprehensive evaluation method to identify the level of security threat targets faced in the process of data transmission,by enhancing the security of the transmitted data through anonymization technology,and adopting secret key anonymous exchange algorithm based on random precoding,the suppression method of attack threats during data transmission is realized.Compared with the existing related research,this method has better effects in threat identification and threat target suppression,and the detection deviation is controlled within 2%.5.In view of the problems such as long transmission delay,high transmission interrupt rate and slow transmission speed existing in the traditional data transmission mechanism of Internet of Vehicles,on the basis of analyzing and evaluating the data transmission characteristics of IVI system in Internet of Vehicles environment using fuzzy comprehensive evaluation method,the optimization method of data transmission mechanism of IVI system in the Internet of Vehicles environment is realized,by choosing the appropriate data transmission path,analyzing transmission path switching in different road types,and distributing data transmission load.Comparison with the traditional data transmission mechanism of Internet of Vehicles,the transmission rate of this method is increased by 3.58MB/s,and the packet loss rate is reduced by41%,the data transmission reliability is improved.Aiming at the complex and diverse security risks in IVI system of intelligent connected vehicles,based on the analysis and construction of IVI system network security threat model,this paper puts forward the network security protection and optimization methods for IVI system,which effectively improves the security of IVI system,further perfects the overall network security system of intelligent connected vehicle,and plays a positive role in enhancing the safety and reliability of intelligent connected vehicle.