|
|
- 2017
车载控制器局域网络总线的 动态口令身份认证方法
|
Abstract:
针对车载控制器局域网络(CAN)总线存在缺陷、严重威胁车载信息安全的问题,提出了一种基于挑战/应答模式的车载CAN总线动态口令身份认证方法。该方法考虑到CAN总线是使用极为广泛的标准车载总线及广播形式发送消息的特点,通过利用身份认证技术来确认消息的身份,保证了总线上消息传输的可信任性;根据对身份认证实现模式的研究,采用基于挑战/应答模式的动态认证方法,由于每次认证的挑战值都是随机的,因此每次生成的口令都是不同的;在每次通信时,所使用的认证码都是根据口令生成的,并通过哈希函数生成下次使用的口令。实验结果表明,与传统的CAN总线的方法相比,使用该方法后可以在保证CAN总线真实性的同时,保证传输消息的完整性,从而大幅度提高了车载信息安全级别。
A method for identifying authentication of dynamic passwords for in??vehicle controller area network (CAN) buses is proposed based on the challenge/response mode to deal with the problem that in??vehicle CAN buses are defective, which poses a serious threat to the in??vehicle information security. The method makes use of the peculiarity that the in??vehicle CAN buses are the widely used standard vehicle bus and broadcast messages, and uses the identity authentication technique to confirm the identity of a message, thus ensures the trustworthiness of the message transmission. According to the research on the implementation patterns of identity authentication, the dynamic authentication method is employed. Since the challenge value of every authentication is random, each generated password is different. The authentication code used in each communication is generated based on a password, and the hash function is used to generate a new password for next use. Experiments and a comparison with the traditional CAN show that the proposed method ensures both the integrity of the messages and the authenticity of the CAN bus. Hence, the degree of security of vehicle information is substantially raised through using the proposed method
| [1] | [3]YANG T, KONG L, XIN W, et al. Resisting relay attacks on vehicular passive keyless entry and start systems [C]∥Proceedings of the 2012 9th International Conference on Fuzzy Systems and Knowledge Disco??very. Piscataway, NJ, USA: IEEE, 2012: 2232??2236. |
| [2] | [4]European Commission Within the Seventh Framework Programme. E??safety vehicle intrusion protected applications (EVITA) project [EB/OL]. (2008??07??31)[2016??11??24]. http∥www??evita??project. org. |
| [3] | LI Fang, LIU Luyuan, LV Weijie. The analysis of bit timing and synchronization mechanism of CAN bus [J]. Electronic Engineering and Product World, 2005(5): 106??107. |
| [4] | [12]BONNEAU J, HERLEY C, OORSCHOT P C V, et al. The quest to replace passwords: a framework for comparative evaluation of web authentication schemes [C]∥Proceedings of the IEEE Symposium on Security and Privacy. Piscataway, NJ, USA: IEEE Computer Society, 2012: 553??567. |
| [5] | [1]MILLER C, VALASEK C. A survey of remote automo??tive attack surfaces [EB/OL]. (1998??09??10)[2016??11??24]. http: ∥ioactive??com/pdfs/IOActive_Remote_Attack_Surfaces??pdf. |
| [6] | [2]HAN K, POTLURI S D, KANG G S. On authentica??tion in a connected vehicle: Secure integration of mobile devices with vehicular networks [C]∥Proceedings of the ACM/IEEE International Conference on Cyber??Physical Systems. Piscataway, NJ, USA: IEEE, 2013: 160??169. |
| [7] | [13]HU M, TENG G, WANG C, et al. Research of identity authentication of the mobile terminal voting system [C]∥Proceedings of the 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing. Washington, DC, USA: IEEE Computer Society, 2013: 198??201. |
| [8] | [14]胡向东. 应用密码学 [M]. 2版. 北京: 电子工业出版社, 2011: 87??88. |
| [9] | [15]JIANG Shunrong, ZHU Xiaoyan, WANG Liangmin. An efficient anonymous batch authentication scheme based on HMAC for VANETs [J]. IEEE Transactions on Intelligent Transportation Systems, 2016, 17(8): 2193??2204. |
| [10] | [5]VIJAYALAKSHMI N, SASIKUMAR R. An ID??based privacy preservation for VANET [C]∥Proceedings of the International Conference on Computing and Communications Technologies. Piscataway, NJ, USA: IEEE, 2015: 164??167. |
| [11] | [6]CHANG C C, CHENG T G, HSUEH W H. A robust and efficient dynamic identity??based multi??server authentication scheme using smart cards [J]. International Journal of Communication Systems, 2016, 29(2): 290??306. |
| [12] | [7]李飞. 基于ARM的嵌入式系统网络接入安全研究 [D]. 武汉: 武汉工程大学, 2013: 25??33. |
| [13] | [8]WOO S, JO H J, LEE D H. A practical wireless attack on the connected car and security protocol for in??vechile CAN [J]. IEEE Transactions on Intelligent Transportation Systems, 2015, 16(2): 1??14. |
| [14] | [9]HOPPE T, KILTZ S, DITTMANN J. Security threats to automotive CAN networks practical examples and selected short??term countermeasures [M]∥Computer Safety, Reliability, and Security. Berlin, Germany: Springer??Verlag, 2008: 235??248. |
| [15] | [10]于赫. 网联汽车信息安全问题及CAN总线异常检测技研究 [D]. 长春: 吉林大学, 2016: 15??31. |
| [16] | [11]李芳, 刘鲁源, 吕伟杰. CAN总线位定时和同步机制的分析 [J]. 电子产品世界, 2005(5): 106??107. |
