基于HMAC和TEA算法的CAN总线身份认证方法研究  被引量：14

作　　者：张之森 李芳[1,2] 王丽芳 吴艳[2] ZHANG Zhi-sen;LI Fang;WANG Li-fang;WU Yan(Institute of Electrical Engineering, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China)

机构地区：[1]中国科学院电工研究所,北京100190 [2]中国科学院大学,北京100049

出　　处：《电工电能新技术》2021年第9期57-63,共7页Advanced Technology of Electrical Engineering and Energy

基　　金：国家重点研发计划项目(2017YFB0102502)。

摘　　要：随着汽车智能化以及车联网的发展,如何保护车载网络系统的安全成为需要迫切解决的焦点问题,CAN总线作为目前应用极为广泛的车载总线,它的安全性很大程度决定了车载信息安全程度。本文提出了一种结合HMAC-SHA256和TEA加密算法的认证方式,基于挑战/应答模式的动态身份认证方法,结合CAN总线自身的特点,在认证过程中使用动态口令完成身份认证。为了验证本文所提出的认证方法的有效性,在Matlab/Simulink中进行了认证模型的搭建以及认证过程的仿真与分析,通过数据流的记录以及网络攻击模型的攻击实验表明,本文所提出的认证方法可以实现多节点验证,并且可以有效应对重放攻击,是一种安全可靠的认证方法,提高了CAN总线的安全性。With the development of vehicle intelligence and the Internet of Vehicles,how to protect the safety of the vehicle network system has become a focus issue that needs to be solved urgently.CAN(Controller Area Network)bus is currently a very widely used vehicle-mounted bus,and its security largely determines the degree of vehicle-mounted information security.CAN bus lacks adequate protection mechanisms and is vulnerable to external attacks such as replay attacks,modifying attacks and so on.This paper proposes an authentication method that combines HMAC(Hash-based Message Authentication Code)-SHA256 and TEA(Tiny Encryption Algorithm)algorithms.This method is based on dynamic identity authentication in challenge/response made and combined with the characteristics of the CAN bus itself and it achieves the identity authentication between the gateway and multiple ECUs.In the authentication process,dynamic passwords are used to complete identity authentication.In order to verify the validity of the authentication method proposed in this article,we built the authentication model in Matlab/Simulink and analyzed the authentication process in Matlab/canTool.Through data stream recording,and attack experiments using network attack models,it is shown that the authentication method proposed in this paper can achieve multi-node verification.Through comparison with MAC and Challenge/Response method,it can effectively deal with the replay attacks.This method is a safe and reliable authentication method,which improves the safety of the CAN bus.

关 键 词：网络安全 CAN总线 HMAC-SHA256 重放攻击 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]