Research On Information Security Protection Mechanism For Automotive Ethernet

With the continuous development of Internet technology and the continuous growth of people’s daily needs,intelligence and networking have gradually become an inevitable trend in the development of the auto industry,and the concept of intelligent connected vehicles has emerged.Compared with traditional cars,intelligent connected vehicles have more functions,and the amount of network data that needs to be processed is also larger.The traditional in-vehicle network has limited bandwidth and cannot handle a large amount of network data.Compared with traditional in-vehicle networks,automotive Ethernet has the advantages of high bandwidth,high throughput,and low cost.At present,many automakers have gradually applied automotive Ethernet to meet the operational requirements of advanced driver assistance system applications.Therefore,the application prospect of automotive Ethernet in vehicles is very broad.With the rapid development of intelligent connected vehicles,vehicles need to open more and more interfaces to communicate with external networks,which greatly increases the risk of vehicles being attacked.Attackers can attack the vehicles through external interfaces such as physical access interfaces,short-range wireless access interfaces,and long-range wireless access interfaces.Therefore,in the context of the rapid development of intelligent networked vehicles,the information security of the invehicle network is one of the key issues that need to be solved urgently.In the future,the functions of intelligent connected vehicles will be more abundant,and automotive Ethernet is bound to occupy a pivotal position in in-vehicle information systems.Therefore,while applying the automotive Ethernet with high bandwidth,high throughput,and low cost,it is very important to design an information security protection mechanism for it.Automotive Ethernet is the communication medium of the Electronic Control Unit(ECU)in the vehicle.Due to the limited bandwidth,computing power and storage capacity of the ECU,a large number of computing tasks cannot be completed in a short time.Therefore,the information security protection mechanism based on traditional Ethernet cannot meet the real-time requirements of automotive Ethernet.On the premise of meeting the real-time requirements of automotive Ethernet,how to achieve a balance between security and real-time performance and improve the informationsecurity protection capability of automotive Ethernet is of great research significance.This paper conducts related research on the information security of automotive network,analyzes the information security threats faced by vehicles,and puts forward the information security requirements of vehicle-mounted Ethernet and the constraints in the in-vehicle environment.On this basis,combined with the characteristics of the automotive Ethernet,a balance is achieved between the security protection capability of the automotive Ethernet and the real-time requirements,and an information security protection mechanism for automotive Ethernet is proposed.The main research contents of this article include:(1)Describe the development trend of intelligent connected vehicles and the research background and significance of automotive Ethernet information security,and analyze the current research status of in-vehicle network security;(2)Summarize the characteristics of traditional in-vehicle networks,introduces the concept and related technologies of automotive Ethernet,and analyze the advantages of automotive Ethernet over traditional in-vehicle networks;(3)Summarize the attack methods of intelligent networked vehicles,and put forward the information security requirements of automotive Ethernet.On the basis of comprehensive consideration of the information safety problems faced by vehicles from the ignition start stage to the normal driving stage,combined with the characteristics of automotive Ethernet,information security requirements and constraints,an information security protection mechanism for automotive Ethernet is designed.Based on the adaptation conditions of the mechanism,the message format and symbols are explained,and the overall architecture of the mechanism is introduced,namely the realization process of the key distribution module in the ignition start phase of the vehicle and the secure communication module in the normal driving phase of the vehicle.In the key distribution module,the gateway ECU distributes the encryption key and authentication key required for the subsequent communication process to each legal ECU in the network.In the secure communication module,the legal ECU which has the keys uses the encryption key to encrypt the communication message,uses the authentication key to calculate the message authentication code,and authenticates the message by comparing the message authentication code to ensure the security of message transmission.(4)Analyze the asymmetric encryption algorithm RSA,symmetric encryption algorithm DES,message digest algorithm HMAC-MD5,and the technical characteristics of the dynamic encryption mechanism used in the proposed information security protection mechanism for automotive Ethernet.And analyze the principle and security of the key distribution module and the secure communication module that integrate the above-mentioned algorithms and technologies.This mechanism guarantees the confidentiality of the message by encrypting the communication message,guarantees the authenticity of the message by calculating and comparing the message authentication code,and guarantees the freshness of the message by maintaining the message serial number.(5)In order to verify the performance of the proposed information security protection mechanism for automotive Ethernet,an experimental platform based on the Free Scale MPC5646 C development board was built.Experimental results show that,in terms of effectiveness,the mechanism can achieve a safe and stable key distribution process,and can resist eavesdropping attacks,forgery attacks,and replay attacks performed by malicious attackers,ensuring the confidentiality,authenticity and freshness of automotive Ethernet messages.In terms of real-time performance,this mechanism can meet the real-time requirements of automotive Ethernet...