Research On Security Protocol Based On Vehicle CAN Bus Network

Along with the rapid development of intelligent connected vehicles,more and more technologies have emerged such as autonomous driving technology,V2 X technology,and intelligent traffic management technology.The wide application of these technologies enhances the convenience and comfort of driving,and provides users with a better way of travelling,but at the same time more and more open interfaces may become the access of the entrance of attacks,causing vehicle information security threat.Attackers can use the OBD-II,Bluetooth,WIFI,GPS/Beidou navigation interface to launch short-range or long-distance,wireless or wired attacks on the car,which poses a serious threat to the driver’s personal and property security.The information security problem of automobiles needs to be solved urgently.The vehicle gateway bears the information interaction between the off-board network and the in-vehicle bus network,but merely adding a firewall on the gateway can not provide sufficient security protection.The information security of the intelligent connected vehicles is to protect the safety of information of the in-vehicle bus network.The vehicle CAN bus technology is the basis of the vehicle bus technology,and has become the standard of the vehicle bus network due to its real-time,reliability and flexibility.But even if the CAN bus has a unique advantage,the CAN bus protocol did not consider information security issues at the beginning of the design.The CAN bus protocol does not provide an identity verification mechanism for nodes connected to the bus,does not provide encryption protection for data transmitted on the bus,and does not provide a verification mechanism that supports data correctness and integrity.The serious consequence of that is that an attacker can easily launch a series of malicious attacks based on listening to the bus,tampering with data,and replaying data.Considering the rapid development of intelligent connected vehicles and the security vulnerabilities of CAN bus networks,the information security problem of CAN bus has become an urgent problem to be solved in reality.At present,research has been conducted to ensure the information security of the CAN bus network by implementing a security protocol such as anomaly detection and key management on the CAN bus.However,since the above protocol does not take into account of the initialization identity authentication during the vehicle startup phase,nor does it consider the data confidentiality,message correctness,data integrity,data freshness,network availability and logging functions of the vehicle communication phase as a whole,so researching the suitable security protocol for the on-board CAN bus has very important significance.Based on the information security of intelligent connected vehicles,this paper analyzes the information security threats faced by intelligent connected vehicles,and conducts in-depth analysis and discussion on the security vulnerabilities of CAN bus protocols and the information security requirements of vehicle CAN buses.According to the characteristics of CAN bus,a security protocol for vehicle CAN bus network is proposed.The research work and main contents of this paper include:(1)Summarize the information security threats of intelligent connected vehicles,and summarize the research status of information security issues and security protocols of on-board CAN buse at home and abroad;(2)In-depth analyze the information security problem of the vehicle CAN bus network,inductively analyze the vehicle network architecture,CAN bus communication protocol;detailed analysis of the attack interface of the intelligent connected vehicles and the security vulnerabilities of the vehicle CAN bus network;proposed and discussed the protection objectives and information security requirements of the vehicle CAN bus network;(3)A security protocol designed for vehicle CAN bus network is proposed.Based on the premise assumption of the protocol,the CAN bus message format is redesigned.Secondly,according to the security and real-time requirements,the security problem of the vehicle network is divided into the security problem of the vehicle ignition start-up phase and the security of the communication phase,the initial key distribution method is designed for the first stage,the identity authentication process of each node on the bus is regulated by the gateway node,and the key of the communication phase is assigned to the node that passes the authentication;The communication security is designed for the second stage.The security architecture of the phase uses the key distribution security encryption algorithm distributed by the gateway to implement the secure communication process.Finally,the security of the hardware device HSM and TPM has been analyzed;(4)The security protocol’s design of the vehicle CAN bus network is introduced in detail.The implementation details of the RSA algorithm are deeply analyzed.The implementation process of the challenge/response mode is deeply studied.The initialization is realized by the fusion of RSA algorithm and challenge/response mode.The key distribution process uses the identity authentication technology based on the public key system encryption method to provide the identity authenticity guarantee of the node to be communicated on the CAN bus,and guarantees the communication security between the nodes during the start-up phase of the vehicle ignition.The DES algorithm is deeply studied.The Feistel principle and process structure,and the technical principle of BKDR-Hash algorithm are analyzed in detail.The security architecture of the communication phase is realized by the fusion of DES algorithm and BKDR-Hash.The encryption communication technology based on symmetric mechanism,message verification technology and serial number technology are adopted,provideing message correctness,data confidentiality,data integrity and data freshness assurance when transmitting information between nodes on the CAN bus.Monitoring the bus load in real time on the gateway ensures network availability,and log recording function in the communication phase of the car guarantees the transfer of security the letter between the nodes;(5)Based on the FreeScale MPC5646 C and MC9S12XDT512 development boards,the hardware platform of the CAN bus network vehicle control system is built.Based on the CANoe System Demo data set,the performance of the security protocol is evaluated in terms of effectiveness and real-time.In terms of effectiveness,It can effectively prevent attackers from performing identity spoofing attacks,intercepting attacks,tampering attacks,replay attacks,dos attacks,and has logging function;In realtime parts,even if the information security function is added to the traditional CAN bus protocol,either in the vehicle ignition start-up phase or the vehicle operation communication phase,the real-time technical indicators are still satisfied,so that the communication security between the nodes on the vehicle CAN bus network can be effectively guaranteed.