| With the continuous development of technology and the increasing demand for automobiles,the automotive systems have become more and more complex.Some cars even have more than one hundred ECUs.While these ECUs realize the functions of automobiles,they also connect to each other via different bus systems.In addition,the current trend in the automotive field is to continuously add technologies,such as WLAN,cellular mobile data,and car Ethernet to automobiles.The continuous development of these automotive technologies has allowed cars to gradually enter the era of the Internet of Things,and at the same time it has made potential illegal actions.The numerator can have more ways to attack the vehicle network.The safety and reliability of the automotive system has always been an important topic in the automotive field.As an important part of the automotive system,the vehiclemounted network cannot be ignored.For the most widely used CAN-bus in an in-vehicle network,its own principle characteristics have exposed many loopholes.Therefore,for these issues,the main research content of this thesis includes:Summarize the protocol vulnerabilities of CAN bus and the attack methods for these vulnerabilities.Based on the gateway node of the vehicle center,a security gateway bus defense mechanism is designed to protect the communication security in the vehiclemounted CAN-bus environment.A centralized authentication mechanism based on mixed message authentication codes was designed for tamper attacks,which allows gateways to participate in communication protection between ECU nodes.Freshness Value management strategy based on multiple counters is designed for replay attacks.The Freshness Value is added to the authentication calculation process to enhance the antireplay ability of the authentication code.A node authentication strategy based on twoway Challenge-Response authentication mode is designed for injection attacks,and the gateway verifies the identity of each ECU node on the bus during the car startup phase.The security gateway technology was applied to the hardware of the AUTOSAR architecture to implement the security gateway system,so that the gateway node serves as the master end of the security gateway system and the ECU node serves as the slave end.Mainly starting from the inter-node interaction strategy corresponding to each module function,a specific security module is implemented at the gateway node and the ECU node,respectively.After the functional testing of the security gateway system and the comprehensive attack defense test,the feasibility and effectiveness of the security gateway technology studied and implemented in this thesis are verified. |
