车内控制器局域网总线安全评估机制研究  被引量：4

作　　者：张海春 姜荣帅 鲁赵骏 刘政林[1] ZHANG Haichun;JIANG Rongshuai;LU Zhaojun;LIU Zhenglin(School of Optical and Electronic Information,Huazhong University of Science and Technology,Wuhan 430074,China;School of Cyber Science and Engineering,Huazhong University of Science and Technology,Wuhan 430074,China)

机构地区：[1]华中科技大学光学与电子信息学院,湖北武汉430074 [2]华中科技大学网络空间安全学院,湖北武汉430074

出　　处：《华中科技大学学报（自然科学版）》2022年第1期1-6,共6页Journal of Huazhong University of Science and Technology(Natural Science Edition)

基　　金：国家自然科学基金资助项目(61874047)。

摘　　要：为了评估车内网络的安全状况,在分析控制器局域网(CAN)总线协议安全性的基础上提出了一种覆盖所有类型CAN总线数据帧的安全评估机制.该机制采用四个基本评估向量对车内CAN总线进行非逆向评估;采用基于数据域特征的CAN总线数据帧逆向分析技术对车内CAN总线进行逆向安全评估,可以同时分析周期性数据帧与非周期性数据帧,弥补了基于CAN ID频率的逆向分析技术只能分析非周期性数据帧的不足.模拟实际驾驶环境,在福特某型号车辆上的实验结果表明:该安全评估机制可以快速且准确地评估车窗、转向灯、中控锁等物理控制指令以及刹车、油门、离合等状态控制指令面临监听、重放、篡改等攻击时的安全风险.相比于目前已有的车内CAN总线安全评估机制,提出的安全评估机制覆盖面更广、效率更高.To evaluate the security status of the in-vehicle network,a security evaluation mechanism covering all types of controller area network(CAN)bus data frames was proposed based on the analysis of the security of the CAN bus protocol.The mechanism used four basic evaluation vectors to conduct non-reverse evaluation of the in-vehicle CAN bus,and adopted the reverse analysis technology of CAN data frames based on the characteristics of the data domain to carry out the reverse security evaluation of the invehicle CAN bus,which could simultaneously analyze both the periodic frames and non-periodic frames,making up for the insufficiency of CAN ID frequency-based reverse analysis technology that could only analyze non-periodic data frames.Actual driving environment was simulated,and experimental results on a certain Ford model vehicle show that the security evaluation mechanism can quickly and accurately figure out that physical control commands such as windows,turn signals,and central control locks,as well as state control commands such as brakes,accelerators,and clutches are faced with security risks such as monitoring,replaying,tampering,and other attacks.Compared with the existing in-vehicle CAN bus security evaluation mechanism,the proposed mechanism has wider coverage and higher efficiency.

关 键 词：车内CAN总线 网络安全 评估向量 逆向分析 安全评估 

分 类 号：U461.91[机械工程—车辆工程]