高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于动态异构冗余架构的车载网络内生安全机制

王鹏 翟浡琨 李玉峰 郑秋生

王鹏, 翟浡琨, 李玉峰, 郑秋生. 基于动态异构冗余架构的车载网络内生安全机制[J]. 电子与信息学报, 2023, 45(1): 272-281. doi: 10.11999/JEIT211294
引用本文: 王鹏, 翟浡琨, 李玉峰, 郑秋生. 基于动态异构冗余架构的车载网络内生安全机制[J]. 电子与信息学报, 2023, 45(1): 272-281. doi: 10.11999/JEIT211294
WANG Peng, ZHAI Bokun, LI Yufeng, ZHENG Qiusheng. Endogenous Security Mechanism of Vehicle Network Based on Dynamic Heterogeneous Redundancy[J]. Journal of Electronics & Information Technology, 2023, 45(1): 272-281. doi: 10.11999/JEIT211294
Citation: WANG Peng, ZHAI Bokun, LI Yufeng, ZHENG Qiusheng. Endogenous Security Mechanism of Vehicle Network Based on Dynamic Heterogeneous Redundancy[J]. Journal of Electronics & Information Technology, 2023, 45(1): 272-281. doi: 10.11999/JEIT211294

基于动态异构冗余架构的车载网络内生安全机制

doi: 10.11999/JEIT211294
基金项目: 国家自然科学基金 (61702547)
详细信息
    作者简介:

    王鹏:男,博士,硕士生导师,研究方向为智能网联系统安全、新型网络与网络安全、网络空间内生安全

    翟浡琨:男,硕士生,研究方向为智能网联系统安全、网络空间内生安全

    李玉峰:男,博士,博士生导师,研究方向为网络空间安全、高速网络信息处理与管理、自主智能系统安全

    郑秋生:男,博士,硕士生导师,研究方向为网络安全、网络舆情、大数据

    通讯作者:

    王鹏 15803846349@163.com

  • 中图分类号: TN915.08

Endogenous Security Mechanism of Vehicle Network Based on Dynamic Heterogeneous Redundancy

Funds: The National Natural Science Foundation of China (61702547)
  • 摘要: 针对车载网络通信报文容易被捕获重放的问题,该文提出一种基于动态异构冗余(DHR)架构的车载网络内生安全机制(ESM-VN)。首先,对车载网络重放攻击进行建模分析,总结重放攻击依赖的车载网络特征;然后结合网络空间内生安全理论,设计车载网络通信报文动态异构冗余的实现机制,通过拟态裁决和负反馈机制实现攻击感知与主动防御的协调统一。实验结果表明,相比于传统车载网络防御方法,该文所提机制能够在至少降低50%报文响应时延的同时,有效提高车载网络对重放攻击的防御能力。
  • 图  1  动态异构冗余架构图

    图  2  核心框架图

    图  3  机制框图

    图  4  DHR结构的报文收发实例

    图  5  单节点空间占用对比

    图  6  全节点空间占用对比

    图  7  不同参数下报文处理时延

    图  8  总线服务可用率

    表  1  单节点占用空间对比(Byte)

    ECU数量(个)
    20100
    文献[15]835.13519
    ESM-VN15235451
    下载: 导出CSV

    表  2  全节点空间对比(Byte)

    防御机制
    20个ECU占用空间100个ECU占用空间
    文献[15]16354350178
    ESM-VN31157543134
    下载: 导出CSV

    表  3  时间开销对比(ms)

    文献[7]文献[8]文献[12]ESM-VN
    ECU平均注册时延2.0062.298.3671.417
    报文时延5901.56320.16736.8742510.72
    下载: 导出CSV

    表  4  安全性分析对比

    文献[12]文献[15]文献[16]ESM-VN
    消息来源完整性
    保密性部分
    侦察攻击
    重放攻击部分部分
    下载: 导出CSV
  • [1] 张林, 李琳, 张树祥. 车载网络安全的系统设计研究及关键技术开发[J]. 汽车电器, 2021(3): 19–25. doi: 10.13273/j.cnki.qcdq.2021.03.009

    ZHANG Lin, LI Lin, and ZHANG Shuxiang. Vehicle network safety system design and key technology development[J]. Auto Electric Parts, 2021(3): 19–25. doi: 10.13273/j.cnki.qcdq.2021.03.009
    [2] 郑志超, 南金瑞, 南江峰. 车载网络CAN FD总线的应用前景和技术研究[J]. 现代电子技术, 2021, 44(1): 5–9. doi: 10.16652/j.issn.1004-373x.2021.01.002

    ZHENG Zhichao, NAN Jinrui, and NAN Jiangfeng. Research on application prospect and technology of CAN FD bus of vehicle network[J]. Modern Electronics Technique, 2021, 44(1): 5–9. doi: 10.16652/j.issn.1004-373x.2021.01.002
    [3] Upstream Security. Upstream security's 2021 global automotive cybersecurity report[EB/OL]. https://upstream.auto/2021report/, 2021.
    [4] CUI Jin, LIEW L S, SABALIAUSKAITE G, et al. A review on safety failures, security attacks, and available countermeasures for autonomous vehicles[J]. Ad Hoc Networks, 2019, 90: 101823. doi: 10.1016/j.adhoc.2018.12.006
    [5] GMIDEN M, GMIDEN M H, and TRABELSI H. Cryptographic and intrusion detection system for automotive CAN bus: Survey and contributions[C]. The 16th International Multi-Conference on Systems, Signals & Devices (SSD), Istanbul, Turkey, 2019: 158–163.
    [6] CUI Jin, SABALIAUSKAITE G, LIEW L S, et al. Collaborative analysis framework of safety and security for autonomous vehicles[J]. IEEE Access, 2019, 7: 148672–148683. doi: 10.1109/ACCESS.2019.2946632
    [7] OH I, KIM T, YIM K, et al. A novel message-preserving scheme with format-preserving encryption for connected cars in multi-access edge computing[J]. Sensors, 2019, 19(18): 3869. doi: 10.3390/s19183869
    [8] KANG M J and KANG J W. Intrusion detection system using deep neural network for in-vehicle network security[J]. PLoS One, 2016, 11(6): e0155781. doi: 10.1371/journal.pone.0155781
    [9] 贾先锋, 宁玉桥, 武智. 网联汽车车载网络通讯的安全分析[J]. 汽车实用技术, 2021, 46(9): 14–19. doi: 10.16638/j.cnki.1671-7988.2021.09.005

    JIA Xianfeng, NING Yuqiao, and WU Zhi. Safety analysis of network communication in automobile[J]. Automobile Applied Technology, 2021, 46(9): 14–19. doi: 10.16638/j.cnki.1671-7988.2021.09.005
    [10] 董琛. 车辆CAN总线入侵检测系统的研究与实现[D]. [硕士论文], 北京交通大学, 2019.

    DONG Chen. Research and implementation of intrusion detection system for in-vehicle CAN bus[D]. [Master dissertation], Beijing Jiaotong University, 2019.
    [11] 谭凯. 汽车CAN总线安全性模糊测试技术研究[D]. [硕士论文], 哈尔滨工业大学, 2020.

    TAN Kai. Research on fuzz testing technology of vehicle can bus security[D]. [Master dissertation], Harbin Institute of Technology, 2020.
    [12] PATSAKIS C, DELLIOS K, and BOUROCHE M. Towards a distributed secure in-vehicle communication architecture for modern vehicles[J]. Computers & Security, 2014, 40: 60–74. doi: 10.1016/j.cose.2013.11.003
    [13] WOLF M and GENDRULLIS T. Design, implementation, and evaluation of a vehicular hardware security module[C]. The 14th International Conference on Information Security and Cryptology, Seoul, Korea, 2011: 302–318.
    [14] WOO S, MOON D, YOUN T Y, et al. CAN ID Shuffling Technique (CIST): Moving target defense strategy for protecting in-vehicle CAN[J]. IEEE Access, 2019, 7: 15521–15536. doi: 10.1109/ACCESS.2019.2892961
    [15] BROWN R, MARTI A, JENKINS C, et al. Dynamic Address Validation Array (DAVA): A moving target defense protocol for CAN bus[C]. The 7th ACM Workshop on Moving Target Defense, New York, USA, 2020: 11–19.
    [16] YOON S, CHO J H, KIM D S, et al. Poster: Address shuffling based moving target defense for in-vehicle software-defined networks[C]. The 25th Annual International Conference on Mobile Computing and Networking, Los Cabos, Mexico, 2019: 103.
    [17] HU Hongchao, WU Jiangxing, WANG Zhenpeng, et al. Mimic defense: A designed-in cybersecurity defense framework[J]. IET Information Security, 2018, 12(3): 226–237. doi: 10.1049/iet-ifs.2017.0086
    [18] 邬江兴. 网络空间内生安全——拟态防御与广义鲁棒控制[M]. 北京: 科学出版社, 2020: 587–588.

    WU Jiangxing. Cyberspace Mimic Defense—Generalized Robust Control and Endogenous Security[M]. Beijing: Science Press, 2020: 587–588.
    [19] 邬江兴. 网络空间拟态防御研究[J]. 信息安全学报, 2016, 1(4): 1–10. doi: 10.19363/j.cnki.cn10-1380/tn.2016.04.001

    WU Jiangxing. Research on cyber mimic defense[J]. Journal of Cyber Security, 2016, 1(4): 1–10. doi: 10.19363/j.cnki.cn10-1380/tn.2016.04.001
    [20] 普黎明. 拟态云服务架构及关键技术研究[D]. [博士论文], 战略支援部队信息工程大学, 2021.

    PU Liming. Research on the key technologies of mimic cloud service architecture[D]. [Ph. D. dissertation], PLA Strategic Support Force Information Engineering University, 2021.
  • 加载中
图(8) / 表(4)
计量
  • 文章访问数:  721
  • HTML全文浏览量:  894
  • PDF下载量:  133
  • 被引次数: 0
出版历程
  • 收稿日期:  2021-11-18
  • 修回日期:  2022-05-05
  • 录用日期:  2022-05-17
  • 网络出版日期:  2022-05-23
  • 刊出日期:  2023-01-17

目录

    /

    返回文章
    返回