The Research Of Adaptive Lightweightsecurity Mechanism For CAN

With the fast development of the mobile Internet and industrial intelligence,the traditional automobile industry is turning to intelligence and network connection,entering the era of the intelligent Internet of vehicles gradually.While the connected vehicles are promoting the development of important technologies such as intelligent transportation and smart cities,its security problems are increasingly severe at the same time.And the attacks aiming at the network-based vehicles are constantly emerging as well.As the core bus network of connected vehicles,CAN bus is responsible for the transmission of sensor information and control instructions in the vehicle,therefore,the issue of its security protection has become the main focus of connected vehicles' research recently.However,the CAN bus protocol does not provide security mechanisms such as message authentication and encryption,which makes it possible for attackers to invade the bus network.Although a lot of CAN bus security schemes have been proposed by scholars accordingly,the existing schemes still have the following two problems based on analysis and research:(1)It is difficult for a single security mechanism to be suitable for a variety of message security needs as well as dynamic in-car network environment,and it is also hard to take both security and network performance into consideration at the same time.(2)In the encryption and authentication schemes of the CAN bus of the in-vehicle network,no key management scheme proposed is not suitable for ECU nodes with limited computing and storage capacity.Therefore,in order to solve the problems proposed above,an adaptive lightweight CAN bus security mechanism is proposed in this thesis.The main work includes:(1)According to the problem that the existing security mechanism failed to consider the differentiated needs of messages and dynamic in-vehicle network environment and it is hard to balance security and network performance at the same time,a security strategy selection scheme based on fuzzy decision is proposed.Through the analysis of the characteristics of the message and the network environment in the vehicle,a number of influencing factors are selected accordingly,and by utilizing the idea of analytic hierarchy process as well as fuzzy decision,the adaptive adjustment of the security strategy is realized according to the dynamic interior environment of the vehicle,while meeting the security needs of the message as well.(2)Based on the issue of the lack of effective key management scheme in the current authentication and encryption of CAN bus,the communication frequency of ECU node in the intranet is abstracted as undirected graph.And the communication frequency is taken as the weight of the edge,the communication frequency between ECU is divided into hierarchical structure by utilizing the Markov clustering method.Based on this,a tree domain key structure is used properly for key management on the vehicle interior network.Combined with the adaptive CAN bus security mechanism,a differentiated security strategy and its communication protocol are designed in this thesis.(3)As for the proposed scheme in this thesis,the theoretical analysis of its feasibility,security and some related issues have been carried out,and further verification of security has been implemented on the Pro Verif.Then,the validity of adaptive fuzzy decision is verified by a large number of experiments,meanwhile,the performance of ECU domain and key management schemes is analyzed.It proves that the proposed scheme has less storage overhead and computational cost,and is suitable for ECU nodes with limited computing power.CAN bus network with high real-time requirements.At last,compared with the existing schemes,the results show that the proposed method requires less storage and computing costs,which means it is perfectly suitable for ECU nodes with limited computing capacity and CAN bus networks with high real-time requirements.