Design And Application Of Secure Communication Mechanism For In-vehicle Ethernet Based On Chinese Cryptographic Algorithms HSM

As the scale of vehicle software continues to increase,the steady increase of on-board system complexity and the number of sensors,the communication between modules in the vehicle and the communication between inside and outside the vehicle show a geometric growth.The security issues have attracted the attention of software developers,OEMs,vehicle manufacturers and even consumers.The traditional vehicle network is difficult to meet the requirements under the concept of intelligent networked vehicle,and the low-cost and high-performance In-vehicle Ethernet will become the first choice of the next generation vehicle communication architecture.Although traditional Ethernet has realized some reliable security communication mechanisms,it is difficult to realize the original communication security mechanism on ECU with high real-time requirements and relatively weak performance.To achieve a trade-off between security and real-time performance,mainstream ECU manufacturers began to integrate hardware security module(HSM)in ECU.This module has an independent operation core,which is specially used for encryption and decryption operation,and has a hardware accelerator for specific algorithms.This paper introduces the related technologies of on-board Ethernet in detail,summarizes the possible attacks on on-board Ethernet,analyzes the safety requirements of on-board Ethernet,designs and implements a safety communication mechanism of on-board Ethernet,which ensures the safety of on-board Ethernet communication to a certain extent.The primary focus of this research includes:(1)Based on the relevant resources provided by the HSM module of ECU,the Chinese cryptographic algorithms SM2,SM3,SM4 and related function functions are implemented.(2)Design and implement a safety communication mechanism of on-board Ethernet.Using SM2,SM3,SM4 algorithm and digital signature technology to implement the key distribution and management module including key generation,management,distribution and other functions;Using SM3 and SM4 algorithms to implement a secure communication module including data encryption,message authentication code generation,and fresh value management.(3)The above functions are tested and verified based on the SPC58NH-DISP development platform produced by ST company.The experimental results indicate that the relevant algorithm based on HSM has correct functions and time cost meets the requirements of on-board Ethernet communication;The mechanism proposed in this paper is effective and can guarantee the confidentiality,authenticity and freshness of communication messages,and the additional consumption of communication is controllable,which holds promising application prospects.