| The development of in-vehicle network is not limited to the vehicle itself,but combined with V2X to form the Internet of Vehicles.The Internet of Vehicles has been developing rapidly in recent years,playing a major role in traffic management,dynamic information services and vehicle control,but at the same time,it is difficult to ensure the security of the vehicle network in the Internet of Vehicles.Since 2013,there have been safety incidents in vehicles from well-known car manufacturers every year.In response to this situation,this article conducts a vulnerability assessment of the vehicle network.Existing research work has focused on the vehicle network itself or inside.For example,the Martin team uses attack graph technology to evaluate the development documents before vehicle production,analyze and solve the problems in the vehicle development plan;many manufacturers embed security in the new vehicle design stage to provide Security-reinforced network topology.This article’s research on vehicle network security is different from the above work,but expands the scope of research to carry out vehicle network security analysis in a V2X environment(V2X environment enables the vehicle to connect and communicate with the outside world,and simulates the actual vehicle usage scenarios.Security analysis is more valuable).After-the scope is expanded,the existing attack graph technology cannot reasonably model the research content,and the MulVAL framework needs to be improved and optimized.When using the improved framework for security analysis,two publicly disclosed security incidents were selected,and the results of this article were compared with the attack paths practiced at the time to verify the rationality of the improved framework,and then security analysis was performed on unknown models.The analysis includes the explanation of the attack path,the order of vulnerability repairs based on the vulnerability CVSS score,and the vulnerability repair recommendations based on TISAX.First,this article introduces the Internet of Vehicles,and then summarizes the current research status of Internet of Vehicles security:including related standards;V2X communication and security issues;vehicle network architecture,communication,security standards and research work;and safety reports on automobile accidents.Second,in the related technology,this article first introduces the analysis environment V2X of the vehicle network,and selects the appropriate project as the landing model of V2X,and summarizes the attacks in V2X;then,according to the TCSAE 53-2017 standard,the development documents of the vehicle factory and some The network topology of the vehicle model gives a universal vehicle network model;finally,it introduces the attack graph technology,explains why the technology is used in the vehicle network security analysis,compares several attack graph tools and chooses the tool suitable for this article.Third,conduct an in-depth study on the internal technology and details of the attack graph generation tool MulVAL.Combine the previous V2X model,vehicle network model,and V2X attack to optimize and improve the framework(add and modify facts and rules in the original rule library of MulVAL;identify and delete useless attack steps based on the original algorithm of the framework).Fourth,use the optimized framework to analyze two car security incidents that have been announced(Jeep Cherokee,Mercedes-Benz),compare and analyze the attack graph generated by the framework of this article and the attack path taken by the actual attacker,and prove the framework of this article.rationality.Finally,use the framework of this article to conduct a security assessment of unknown vehicle models and discover the attack path and vulnerability exploitation methods of unknown vehicle models.This article also scores the vulnerabilities in the vehicle according to the CVSS scoring standard.According to the scores,the vulnerabilities can be repaired and sorted,and security recommendations are given according to TISAX. |
PDF Full Text Request