CN110377002B

CN110377002B - Self-adaptive in-vehicle CAN bus safety control method and system

Info

Publication number: CN110377002B
Application number: CN201910493594.7A
Authority: CN
Inventors: 李兴华; 陈颖; 钟成; 张会林; 姜奇; 翁健; 马建峰
Original assignee: Xidian University; Jinan University
Current assignee: Xidian University; Jinan University
Priority date: 2019-06-06
Filing date: 2019-06-06
Publication date: 2021-07-30
Anticipated expiration: 2039-06-06
Also published as: CN110377002A

Abstract

The invention belongs to the technical field of networked automobile information processing, and discloses a self-adaptive in-vehicle CAN bus security control method and a self-adaptive in-vehicle CAN bus security control system, wherein a plurality of influencing factors are selected through analysis on message characteristics and an in-vehicle network environment, a security strategy is selected in a self-adaptive manner, and the security strategy is adjusted in a self-adaptive manner according to a dynamic in-vehicle network environment while the security requirement of a message is met; the communication frequency of ECU nodes in the vehicle is abstracted into an undirected graph, the communication frequency is taken as the edge weight of the graph, the communication frequency is divided into a hierarchical domain structure according to the communication frequency between the ECUs by adopting a Markov clustering method, the nodes are subjected to key management by using a tree domain key structure, and meanwhile, a differentiated security strategy and a corresponding communication protocol are selected by combining a self-adaptive security strategy selection method. The invention has limited overhead and is suitable for ECU nodes with limited computing capability and CAN bus networks with high real-time requirements.

Description

Self-adaptive in-vehicle CAN bus safety control method and system

Technical Field

The invention belongs to the technical field of networked automobile information processing, and particularly relates to a self-adaptive in-vehicle CAN bus safety control method and system.

Background

Currently, the closest prior art:

the safety problem of the internet automobile is increasingly prominent while the development of important technologies such as intelligent transportation and smart cities is promoted. As a core bus network of an internet-connected automobile, a CAN bus is mainly responsible for transmission of sensor information and control instructions, and a research focus is placed on safety protection of the CAN bus.

With the rapid development of mobile internet and industrial intelligence, the automobile industry is continuously transformed into intelligence and networking, and gradually moves into the internet of vehicles era. Especially, 5G communication technology and unmanned technology are mature day by day, so that unmanned driving gradually replaces traditional driver driving and becomes a future development trend. The safety requirements of the unmanned technology are more important and urgent while bringing new changes to traffic systems and urban life. In recent years, the attack events of the intelligent networked automobile are frequent, and the driving safety problem of the networked automobile, especially unmanned automobile, is widely concerned.

As a core bus Network of an intelligent networked automobile, a Controller Area Network (CAN) bus is responsible for transmission of sensor information and Control instructions, and an Electronic Control Unit (ECU) is used as a basic Control Unit in the automobile to complete corresponding action instructions according to message information on the CAN bus. However, with the improvement of the interconnection degree between the intelligent networked automobile and the external network, an attacker CAN invade the CAN bus network in the automobile through an On-Board Diagnostics (OBD), a Bluetooth, a cellular network and the like, eavesdrop the bus message, analyze the actual significance of the message through reverse engineering technologies such as a fuzzy test and the like, replay and forge the message, control important ECU nodes and threaten driving safety. Therefore, how to realize the secure transmission of the message on the CAN bus becomes a key problem to be solved urgently.

The current CAN bus safety scheme CAN be divided into two types of bus abnormity detection and bus message authentication and encryption. The abnormal detection scheme of the CAN bus has false alarm rate and belongs to passive defense; the CAN bus message authentication encryption scheme based on cryptography CAN provide protection before attack occurs, and belongs to active defense. The following two problems still remain:

(1) in the existing scheme, a single safety mechanism is difficult to give consideration to both safety and network performance, and because the safety requirements of messages have difference and the network environment in a vehicle is dynamically changeable, if a fixed safety mechanism is adopted, a large amount of bus resources are occupied, unnecessary calculation and storage overhead and communication time delay are increased, and the network performance is reduced. The difference of the message security requirements refers to that the messages such as sensor parameter information are possibly intercepted to reveal driving security related information, so that the confidentiality requirements are higher; and the authentication requirement of the control instruction in the vehicle is higher for preventing an attacker from forging and modifying. The dynamic network environment means that under the condition that the bus load in the vehicle is large, in order to ensure stable communication, a safety scheme which does not increase the bus load is adopted as much as possible; and when the intrusion detection system in the vehicle finds the abnormality, a scheme with higher safety is selected to improve the safety level.

(2) Because the calculation and storage capacity of the ECU node in the vehicle is limited, the traditional key management scheme is difficult to be directly applied to the network in the vehicle, and the existing scheme consumes a large amount of calculation time and storage overhead at present and is not suitable for the high-real-time CAN bus and the ECU node with limited storage capacity.

In summary, the problems of the prior art are as follows:

(1) the existing scheme does not consider the difference of message safety requirements and the dynamic property of the network environment in the vehicle, and is difficult to consider the safety and the network performance;

(2) the existing CAN bus authentication encryption scheme lacks an efficient key management scheme and is not suitable for ECU nodes with limited computing and storing capacities.

The difficulty of solving the technical problems is as follows:

(1) since the maximum load of the data frame of the CAN bus is only 8 bytes, MAC with enough length cannot be provided

(2) The particularity of the network environment in the vehicle and the real-time requirement of the CAN bus are high

(3) In-vehicle ECU node has limited calculation and storage capacity

The significance of solving the technical problems is as follows:

with the rapid development of mobile internet and industrial intelligence, the traditional automobile industry is continuously transformed into intelligence and networking, and gradually enters the intelligent automobile networking era. The internet automobile has the advantages that while important technologies such as intelligent transportation and smart cities are promoted to develop, safety problems of the internet automobile are increasingly prominent, and network attack incidents are continuously emerging. As a core bus network of the intelligent networked automobile, a CAN bus is responsible for transmission of in-automobile sensor information and control instructions, and the safety protection of the in-automobile sensor information and the control instructions becomes the key point for people to research the intelligent networked automobile. Therefore, how to realize the safe transmission of the message on the CAN bus becomes a key problem to be solved urgently. Under the background, the patent provides a self-adaptive lightweight CAN bus safety mechanism to realize the safe transmission of CAN bus messages.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides a self-adaptive in-vehicle CAN bus safety control method and a self-adaptive in-vehicle CAN bus safety control system.

The invention is realized in this way, a self-adaptive in-vehicle CAN bus safety control method, which comprises the following steps:

selecting a plurality of influence factors through analyzing the characteristics of the message and the in-vehicle network environment, and adaptively selecting a security strategy by utilizing an analytic hierarchy process and a fuzzy decision idea, so that the security requirement of the message is met, and the security strategy is adaptively adjusted according to the dynamic in-vehicle network environment;

communication frequency of ECU nodes in the vehicle is abstracted into an undirected graph, the communication frequency is used as edge weight of the graph, the communication frequency is divided into a hierarchical domain structure according to the communication frequency between the ECUs by adopting a Markov clustering method, a tree domain key structure is used for carrying out key management on the nodes, and meanwhile, a differentiated security strategy and a corresponding communication protocol are selected by combining a self-adaptive security strategy selection method, so that the security control of the CAN bus in the vehicle is realized.

Further, the CAN bus security policy selection method based on fuzzy decision comprises the following steps:

step one, determining a factor set: selecting factors related to message security requirements and dynamic in-vehicle network environments and influencing the determination of security strategies, and constructing a factor set U; the value ranges of the message factors and the network environment factors are both (0, 1)]In the method, the message factor and the network environment factor are sequentially expressed as u₁,u₂,...,u₇And added to the factor set U, U ═ U₁,u₂,...,u₇}；

Step two, determining a strategy set:

policy set P represents a set of optional policies, denoted P ═ P₁,P₂,P₃,P₄,P₅,P₆In which P is₁Representing a clear broadcast transmission, P₂Representing transmission of ciphertext, P₃HMAC authentication, P, representing plaintext transmission and employing truncation₄HMAC authentication, P, representing clear text transmission and using 64bits₅HMAC authentication, P, representing ciphertext transmission and employing truncation₆Representing ciphertext transmission and adopting HMAC authentication of 64 bits;

step three, selecting a differentiated security strategy based on fuzzy decision: firstly, determining the weight of an influence factor by adopting an analytic hierarchy process, then determining a membership function of a security strategy to a comment set, constructing a fuzzy evaluation matrix, carrying out fuzzy comprehensive evaluation on the strategy, and finally selecting a more reasonable security strategy for output.

Further, the influence factors selected in the step one further include:

(1) demand for confidentiality

Due to the fact that the oil temperature related to driving safety and the messages of the vehicle speed sensor parameters are intercepted and cracked by an attacker, important information of the driving safety or information of user privacy and the like are exposed; dividing confidentiality requirements into four grades from high to low through expert rating

Indicating message msg_iNeed for confidentialityAsk for, order

When in use

When the message is received, the confidentiality requirement of the message is the highest;

(2) requirement for authentication

Am (A) to

Indicating message msg_iIn which the authentication is required, wherein

The expert or the manufacturer analyzes the message content, the receiving and sending ECU and the like, and the authentication requirements of the message are divided into four grades from high to low; order to

When the message is received, the authentication requirement of the message is the highest;

(3) real-time requirements

Is provided with

Indicating message msg_iIn real time, wherein

Setting a real-time requirement level according to a message ID, wherein the message ID is a hexadecimal number of 11bits, and an initial bit is y, then

The value of (A) is as shown in formula (1); when in use

Representing real time messagesThe sexual demand is highest;

(4) length class of message

Indicating message msg_iLength class of (d); the length of the message is l bit_s，

Is represented by the formula (2), wherein

Indicating that the message length grade is highest;

(5) bus load ratio B_t: the gateway ECU monitors the bus load rate in a certain time period T and counts the time length T of the bus load rate in the time period T being more than 50 percent₁In proportion to the total duration t (t ≠ 0) by the bus load ratio B_tIs represented by B_t＝t₁/t,B_t∈(0,1]The closer the value is to 1, the higher the bus duty ratio in the time period;

(6) channel busy-idle ratio CBR_t: defining channel busy-to-idle ratio CBR_tTo monitor the proportion of the time when the channel is busy in the time T,

CBR_t∈(0,1]n is the number of channel detections, k _i1 when the channel is busy and 0 when the channel is idle; when CBR is used_tThe larger the value of (A), the more busy the channel is;

(7) current network security state level S_t: let S_tIn-vehicle network fed back by in-vehicle intrusion detection system in current time period TA security level; the IDS feeds back the current network security state to the gateway ECU, wherein S_tThe current network state is sequentially represented by four levels from high to low, where s is (n-k)/n, k is 0,1,2,3, and n is 4; when S is_tWhen the network security state level is 1, the network security state level is the highest.

Further, the third step further comprises:

1) determining the weight of each influence factor of the factor set based on an AHP method:

establishing a hierarchical model of a CAN bus security mechanism, wherein a factor set U ═ U₁,U₂}，U₁Representing a set of message factors, U₂Is a network environment factor set;

comparing every two factors of the same layer, and performing importance evaluation by experts or manufacturers to determine the relative importance degree of the factors; from top to bottom, a contrast matrix M is established_u＝(m_ij)_n×n,m_ijIs greater than 0; wherein m is_ijRepresenting factor u_iAnd factor u_jN is the number of factors, as shown in formula (3):

M_ufor a consistent matrix, satisfy: m is_ji＝1/m_ijAnd is

After determining the contrast matrix, determining the factor weight; if criteria layer weight

Sub-criteria layer pair factor U₁,U₂Are respectively weighted as W₁And W₂Then, according to the weighting method, the final weight of all factors is α ═ W₁·α₁,W₂·α₂]；

2) Determining a membership function, and constructing a fuzzy evaluation matrix R:

security policy pair by expert or manufacturer by analyzing various factorsFor each factor, a policy score level matrix G ═ (G) is constructed_ij)_6×4Wherein g is_ijIndicating that the strategy P takes different values when the factors take respectively_iScore of (a); to pair

Constructing a strategy scoring matrix G₁Wherein g is_ijTo represent

When {0.25,0.5,0.75,1} is taken in sequence, each strategy P_iThe score condition of (1);

determining a membership function of the security policy to each element of a comment set, setting the comment set as a set consisting of all evaluation results, and using V as { V ═ V }₁,v₂,...,v_mDenotes, m is the total number of evaluation results; selecting V as poor, good and good; by degree of membership r_ijTo express a policy P_iAt factor u_iFor comment set element v under influence of_jOf wherein r is_ij∈[0,1]；r_ijThe closer to 1, the more P is indicated_iFor v_jThe higher the degree of membership. The invention selects a reduced half trapezoid distribution membership function, wherein j ═ {1,2,3,4} respectively represents v_jThe possible four values { poor, good }, then the corresponding r_ijIn order of r_i1,r_i2,r_i3,r_i4In the formula a₁＜a₂＜a₃＜a₄，g_ijThe score representing the strategy is derived from a strategy scoring matrix G;

after acquiring the parameter information of a certain message and the network environment parameters in the time period, the gateway ECU sequentially acquires a strategy set P according to the strategy scoring matrix G of each factor_i(i ═ 1, 2.. 6) corresponding fraction g_ijSubstituting the function into membership function to form fuzzy evaluation matrix R of each security policy in turn, wherein

3) Carrying out fuzzy comprehensive evaluation on the strategy:

according to equation (8), P is calculated_iFor v_jDegree of membership of (B) ═ B₁,b₂,...,b_m) Strategy P_iThe fuzzy evaluation result vector of (1); wherein b is_iRepresents P_iFor v_jComprehensively considering the influence of each factor to determine P_iFor comment set v_jDegree of membership of; sequentially calculating each security policy pair comment set v_jDegree of membership of;

4) selecting a security strategy according to a maximum membership principle:

in obtaining P_iFuzzy evaluation vector B of_i＝(b_i1,b_i2,b_i3,b_i4) Then, determining a strategy P according to the maximum membership rule_iThe evaluation result of (2) when

When is, P_iOverall belonging to the r-th grade; determining P in sequence_i(i ═ 1,2,. 6); selecting a strategy in the highest evaluation from all strategies; if the policy under the highest level evaluation isIf the number of the strategies is more than two, the strategy with higher membership degree is selected as the output of the fuzzy decision; and the gateway ECU broadcasts the selected security strategy of the message to the bus, and the sending and receiving ECU related to the message updates the strategy of the message in the next time period T.

Further, the method for determining the factor weight in the step 1) comprises the following steps:

inputting: contrast matrix M_u＝(m_ij)_n×n；

And (3) outputting: a weight vector;

i) will matrix M_uNormalizing by columns to obtain a matrix M_u'＝(m'_ij)_n×nWherein

ii) combining the matrix M_u' summing by rows to obtain vectors

Wherein

iii) relative amount

Normalizing to obtain a characteristic vector W ═ W₁,w₂,...,w_n]^TWherein

iv) finding the maximum root of features

v) consistency check, calculating consistency index CI and consistency ratio CR against random consistency index RI, where CI is ═ lambda [ (. lambda. ]_max-n)/(n-1), CR ═ CI/RI. When CR is more than or equal to 0.1, M is required_uReassigning the elements in the step (a), continuously adjusting the elements and jumping to the step (i);

vi) normalizing the vector W to obtain the layer weight α ═ α₁,α₂,...,α_n]^TWherein

Further, in the present invention,

the ECU domain-division key management and security protocol selection method comprises the following steps: firstly, dividing domains for ECU nodes according to the communication frequency of the ECU based on the idea of MCL clustering to reduce the communication overhead of the nodes between domains;

then, a tree domain key structure based on a logic key tree is established and key distribution is completed;

and finally, designing a differentiated security policy and a communication protocol thereof by combining a self-adaptive security policy selection method.

Further, the ECU domain based on MCL clustering includes:

inputting: an ECU communication frequency weighted undirected graph is provided, and n is the total number of nodes;

and (3) outputting: a result set of ECU domains;

1) establishing an adjacency matrix C (C) by the ECU node communication graph G (V, E)_ij)_n×nWherein c is_ijIs an ECU_iAnd ECU_jFrequency of communication between CF_ij；

2) The diagonal elements of the matrix C are increased by 1, i.e. when i equals j, C _ij1 is ═ 1; the communication frequency is normalized by columns, and a probability matrix C ═ C 'of the communication frequency is calculated'_ij)_n×nWherein

3) Selecting a parameter e, multiplying the matrix C 'by the power, namely C ═ C')^e；

4) Selecting a parameter r, multiplying each element in the matrix C 'by the power of r, and normalizing according to columns to obtain a matrix C ═ C'_ij)_n×nWherein

5) IterationStep 3), step 4) until the matrix C ″ ═ C ″, is performed "_ij)_n×nConverging;

6) outputting a clustering result set of ECU nodes;

and circulating the steps, taking the output of each round as the input of the next round, namely, constructing a new graph G by using the ECU node clustering result set of the ith output_i(V_i,E_i) And each set is used as a vertex in the graph, the sum of the communication frequencies of the ECU of the whole set and the ECU nodes of the other sets is used as the weight of an edge, MCL clustering is carried out again until a cluster is finally formed, and the tree-shaped logic structure of the ECU node domains is established according to the clustering result set each time.

Further, the domain key distribution and management method based on LKH comprises the following steps:

according to the domain division result set of the ECU, an LKH tree-shaped domain-based key structure is established, and the unique 8-bit binary number identifier is used for the ECU and is expressed as the ECU_i(ii) a Establishing a tree-shaped domain key logic structure based on LKH, wherein leaf nodes represent ECU, virtual nodes represent domains, and brother nodes of the same parent node belong to the same domain; each ECU saves all keys on the path from the leaf node to the root node;

the key number of the domain is represented, wherein i and j respectively represent ID of a starting node and an ending node in the domain if the key numbers are sequenced according to the ECU ID, and s represents the layer number of the key tree;

after a tree domain key logic structure is established, a gateway ECU distributes keys; pre-shared secret key of ECU node and gateway ECU of domain n

And the downloading of the key is through a secure channel; the gateway ECU is used as a control node and stores all keys; the process of loading the pre-shared key is only carried out when the automobile leaves a factory and a certain ECU is replaced; when the vehicle is started, the gateway ECU distributes keys according to a fixed sequence according to the logic structure of the tree domain keys; ECU (electronic control Unit)_i∈Y_nWherein Y is_nRepresents a domain n;

the method comprises the following specific steps.

(1) Gateway ECU selects two random number seeds

For generating Y_nIs given to the session key EK within the domain_nAnd an authentication key AK_n(ii) a By Y_nEncryption key pre-shared by internal ECU and gateway ECU

The encrypted random number seed is broadcasted, as in (9) (10);

(2)Y_nafter receiving the message, the node uses the corresponding key to decrypt to obtain

And respectively calculate Y_nSession key EK of_nAnd authentication key AK_nAs shown in formulas (11) (12); where KDF () represents a one-way hash function for key derivation;

(3) to verify whether the secret key EK is successfully shared_nAnd AK_nThe gateway ECU uses the EK generated in step (1)_nAnd AK_nSeparately encrypted CTR_nAnd broadcasting; wherein, CTR_nStored by gateway ECU for key distribution and Y_nThe associated counter is as in equation (13) (1)4)；

(4)Y_nThe inner node receives the message and decrypts the message by using the corresponding key generated in the step (2) to obtain the CTR_nValue and self-stored counter value CTR'_nComparing, if equal, considering that the corresponding key is successfully shared; otherwise, the ECU node needs to send an error frame to the gateway ECU indicating that the key is not successfully shared.

The gateway ECU distributes the session keys EK in sequence by taking the domain as a unit_nAnd authentication key AK_n(ii) a And when the vehicle is ignited and within a certain time period T, the gateway ECU distributes the key according to the domain again, and updates the session key and the authentication key.

Further, the method for selecting the differentiated safety protocol comprises the following steps:

let the policy set be P ═ P₁,P₂,P₃,P₄,P₅,P₆In which P is₁Representing a clear broadcast transmission, P₂Representing transmission of ciphertext, P₃HMAC authentication, P, representing plaintext transmission and employing truncation₄HMAC authentication, P, representing clear text transmission and using 64bits₅HMAC authentication, P, representing ciphertext transmission and employing truncation₆Representing ciphertext transmission and using 64bits of HMAC authentication. ECU (electronic control Unit)_iTo ECU_jSends a message, and the ECU_i,ECU_j∈Y_n；

(1) Policy P₁Plaintext broadcast transmission: broadcasting the plaintext of the original message without any processing;

(2) policy P₂Ciphertext transmission: ECU (electronic control Unit)_iUpdating message counters

And selecting the corresponding passwordKey EK_nEncrypted plaintext M and

the ciphertext C is then obtained and sent to the bus, where

ECU_jDetermining corresponding security policy according to the message ID, and selecting corresponding key EK according to the sender ID_nObtain plaintext M after decryption and

will be provided with

With self-stored counters

And (6) carrying out comparison. If it is

Then update

Then receiving the message, otherwise discarding;

(3) policy P₃Indicating HMAC authentication with truncation: ECU (electronic control Unit)_jIt is necessary to verify whether the message is modified and actually originated from the ECU_iAuthenticating using the HMAC; setting the length of the original message as l bits, strategy P₃Selecting front (64-l) bits for generating the HMAC; provided with an ECU_i,ECU_j∈Y_n，ECU_iUpdating a counter

Using authentication key AK_nGenerating

(64-l) bits taken, with M and

sent to the bus together;

ECU_jdetermining corresponding security policy and authentication key AK_nThen, calculate

Comparing with the received HMAC, if the received HMAC is consistent, comparing

Stored with oneself

If it is

Updating

Then receiving the message, otherwise discarding the message;

(4) policy P₄HMAC authentication using 64bits, authentication process and P₃The consistency is achieved; the difference is that the generated HMAC takes the first 64bits and sends the messages to the CAN bus in a single message;

(5) policy P₅Ciphertext is transmitted and authentication is performed by adopting truncated HMAC: ECU (electronic control Unit)_iUpdating message counters

Selects corresponding key EK_nEncrypting messages, i.e.

And generate HMAC, i.e.

Setting the length of the original message as l bits, strategy P₅The first (64-l) bits to generate HMAC are selected. Sending the ciphertext C and the truncated HMAC to the bus together;

ECU_jin determining a security policy and corresponding key EK_nAnd AK_nAfter that, EK is used_nAfter decryption, M and

and generate HMAC', i.e.

Comparing with the received HMAC, if the received HMAC is consistent with the received HMAC, comparing

And

if it is

Updating

Then receiving the message, otherwise discarding;

(6) policy P₆Ciphertext is transmitted and HMAC authentication with 64bits is adopted: HMAC generation and encryption and decryption process and P₅Consistently, the only difference is that the generated HMAC is sent in a single message.

Another object of the present invention is to provide an adaptive in-vehicle CAN bus safety control system implementing the adaptive in-vehicle CAN bus safety control method.

In summary, the advantages and positive effects of the invention are:

the invention provides a self-adaptive in-vehicle CAN bus safety mechanism, which firstly comprehensively considers message requirements and in-vehicle network factors and realizes a self-adaptive selection safety strategy based on the idea of fuzzy decision. And then dividing the ECU into a hierarchical domain structure according to the communication frequency between the ECUs for key distribution, and designing a differentiated security strategy and a corresponding communication protocol. Finally, the feasibility and the safety of the scheme are verified through theoretical analysis, and the fact that the scheme is limited in required overhead is proved through experiments, so that the method is suitable for the ECU node with limited computing capacity and the CAN bus network with high real-time requirement.

Aiming at the problem that the existing scheme is difficult to be suitable for differentiated message security requirements and dynamic in-vehicle network environments, a security strategy selection scheme based on fuzzy decision is provided. By analyzing the characteristics of the message and the in-vehicle network environment, a plurality of influence factors are selected in a targeted manner, and the security strategy is selected in a self-adaptive manner by utilizing an analytic hierarchy process and a fuzzy decision idea, so that the security requirement of the message is met, and the security strategy is adjusted in a self-adaptive manner according to the dynamic in-vehicle network environment.

Aiming at the problem that an effective key management scheme is lacked in the authentication and encryption of the CAN bus at present, the communication frequency of ECU nodes in a vehicle is abstracted into an undirected graph, the communication frequency is taken as the edge weight of the graph, a Markov Cluster (MCL) method is adopted to divide the ECU nodes into a hierarchical domain structure according to the communication frequency between the ECUs, and the tree domain key structure is used for carrying out key management on the nodes, so that the communication overhead caused by node cross-domain communication is reduced. Meanwhile, a differential security policy and a corresponding communication protocol are designed by combining a self-adaptive security policy selection scheme.

For the scheme provided by the invention, comprehensive theoretical analysis is firstly carried out on the aspects of feasibility, safety and the like. And then, the effectiveness of the adaptive fuzzy decision is verified through experiments, and the performance analysis is carried out on the ECU domain division and the key management scheme. Compared with the existing scheme, the result shows that the invention requires less storage and calculation overhead, and is suitable for the ECU nodes with limited calculation capability and the CAN bus network with high real-time requirement.

Drawings

Fig. 1 is a flowchart of a method for controlling security of an adaptive CAN bus according to an embodiment of the present invention.

Fig. 2 is a hierarchical model diagram of a CAN bus security mechanism provided in an embodiment of the present invention.

Fig. 3 is a structure diagram of an LKH-based tree domain key according to an embodiment of the present invention.

FIG. 4 shows a security policy P provided by an embodiment of the present invention₂Is performed.

FIG. 5 isThe embodiment of the invention provides a security policy P₃Is performed.

FIG. 6 shows a security policy P provided by an embodiment of the present invention₅Is performed.

Fig. 7 is a diagram of applying the present invention to a CAN extended frame according to an embodiment of the present invention.

Fig. 8 is a ratio chart for changing bus load ratio according to various security policies provided by the embodiment of the present invention.

In the figure: (a) under the condition that the channel busy-idle ratio and the network security state are not changed, the bus load ratio is 0.25. (b) Under the condition that the channel busy-idle ratio and the network security state are not changed, the bus load ratio is 1, which is a schematic diagram.

Fig. 9 is a ratio situation diagram for each security policy of changing the channel busy-idle ratio according to the embodiment of the present invention.

In the figure: (a) it means that under the condition that the bus load ratio and the network safety state are not changed, when the channel busy-idle ratio is increased, the strategy P₄，P₆The proportion of all messages in the whole bus network is 37.77%. (b) It means that under the condition that the bus load ratio and the network safety state are not changed, when the channel busy-idle ratio is increased, the strategy P₄，P₆The proportion of all messages in the whole bus network is 4.46%.

Fig. 10 is a comparison chart of various security policies for changing the security state of the network according to the embodiment of the present invention.

In the figure, (a), under the condition that the bus load ratio and the channel busy-idle ratio are not changed, if the network security level is reduced, the network security level in the vehicle needs to be improved, and the message is authenticated or encrypted. According to the scheme provided by the invention, the security policy P of encrypted transmission₂,P₅,P₆Is 70.86%. (b) Under the condition that the bus load ratio and the channel busy-idle ratio are not changed, if the network security level is reduced, the network security level in the vehicle needs to be improved, and the message is authenticated or encrypted. According to the scheme provided by the invention, the security policy P of encrypted transmission₂,P₅,P₆The ratio of (a) to (b) is 95.44%.

Fig. 11 is a time chart of key distribution provided by the embodiment of the present invention.

FIG. 12 is a graph of ECU node communication response times under different security policies provided by an embodiment of the present invention.

FIG. 13 is a graph comparing the present invention with LeiA and Woo, provided by an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The existing scheme does not consider the difference of message safety requirements and the dynamic property of the network environment in the vehicle, and is difficult to consider the safety and the network performance; the existing CAN bus authentication encryption scheme lacks an efficient key management scheme and is not suitable for ECU nodes with limited computing and storing capacities.

To solve the above problems, the present invention will be described in detail below with reference to the related operations.

The CAN bus mainly transmits messages such as control instructions and sensor parameter information, a plurality of ECU nodes connected with the bus compete to send the messages to the bus, and the control right of the bus is determined according to the priority of the messages. The priority depends on the message identifier, i.e. the message ID. And the ECU node with the high message sending priority sends a message to the bus, and the other nodes wait for the bus to be free and compete again. The way of bit-by-bit arbitration and plaintext broadcasting improves the real-time performance of data communication, but because the bus message does not contain the addresses of a sender and a receiver, only Cyclic Redundancy Check (CRC) is adopted to detect errors in the transmission process, and no security mechanisms such as encryption or authentication are provided, so that the possibility of an attacker invading the bus in the vehicle is provided. With the increasing interconnection degree between the ECU node in the vehicle and the external network, researchers propose various CAN bus message authentication, encryption and key management schemes of the ECU node in order to realize the safe transmission of the CAN bus message.

(1) Authentication of CAN bus messages

Implementing message authentication refers to the receiving ECU being able to verify the authenticity of the source of the message and the integrity of the content. Groza et al propose the use of a TESLA (time Efficient Stream losslence authentication) like broadcast authentication protocol. The sending ECU selects a Message Authentication Code (MAC) corresponding to a Message generated by a key k only known by the sending ECU and sends the MAC to a bus. And later, the key k is sent to the bus, and the receiving ECU receives the key k and then verifies the message according to the corresponding k. The authenticity of the source of the message is ensured by delaying the public key, but the scheme cannot realize instant message processing, inevitably brings authentication delay, and is difficult to apply to a CAN bus with high real-time performance and ECU nodes with time key. Nilsson et al propose a delayed authentication approach by combining MACs, dividing the generated MAC into four parts and transmitting using CRC fields of four messages for subsequent transmission. Such schemes, while not adding additional bus load, introduce authentication delays. And the CRC field is occupied, so that the errors of the message in the transmission process cannot be checked. Woo et al propose to truncate the MAC for authentication to 32bits, occupy the extended identifier and CRC field to send, thereby achieving message authentication without adding extra bus load. But a MAC of 32bits has difficulty in providing sufficient security. Radu et al propose a LeiA scheme for transmitting a generated MAC as a separate packet in order to ensure sufficient security. But this solution doubles at least the bus load, increasing the communication overhead. Kurachi et al propose a can protocol with authentication of other nodes in the network by a central monitoring node. Once unauthorized message transmission is found, the central monitoring node transmits error frames of higher priority in real time to prevent transmission of illegal messages. But this approach requires modification of the CAN controller. And if the monitor node is compromised or removed, the overall network security may also be compromised. In the prior art, by utilizing the physical layer characteristics of a CAN bus, such as a CAN + protocol, extra bits are inserted between sampling points of a CAN bus interface for transmitting authentication information, but the method needs a controller node with a higher sampling rate, needs to replace a CAN transceiver and a corresponding ECU node from a hardware level, and increases the cost of manufacturers.

(2) Encryption of CAN bus messages

The sending ECU uses the key to encrypt the message data field, which can only be decrypted by the receiving node that owns the key. However, the computation capability of the ECU node is limited, and the CAN bus has a high real-time requirement, and the encryption algorithm with high overhead is not suitable. The LCAP scheme encrypts the authentication information along with the data field using a stream cipher RC 4. Jukl et al propose to adopt tiny encryption algorithm in CAN bus, and the experiment proves that the scheme has small time delay and feasibility. In addition, Woo et al propose a differentiation idea, that is, in the CAN-FD bus, whether a message needs to be encrypted and authenticated is determined according to the security level of the ECU node, only the message sent by the ECU with the higher security level is encrypted for transmission, and the rest of the message is broadcasted in plaintext. The differentiation mode ensures the safe communication of the important ECU nodes, but the ECU nodes are only considered, so that the fine-grained safety protection cannot be provided, and the scheme is difficult to apply in a specific scene.

(3) Key management for ECU nodes

Herrewege et al propose a CANAuth protocol, which associates an authentication key with a message identifier, that is, each message ID corresponds to one authentication key, and the maximum number of keys required to be stored by each node is 2¹¹This is a not trivial challenge for ECU nodes with limited storage capacity. Groza et al propose the LiBra-CAN protocol. The ECU nodes are divided into a plurality of groups of the same size, each ECU node can belong to a plurality of groups, and authentication keys for generating the MAC are shared in each group. This approach may provide sufficient security in the case of a small number of malicious nodes within the group. However, the number of keys in the scheme is in an exponential relation with the number of nodes, and each ECU node needs to store a large number of keys. Lin et al propose a HMAC-based CAN bus message authentication scheme that prevents replay and counterfeit message attacks by ECU nodes sharing authentication keys and a synchronization message counter pairwise, but this scheme also requires the ECU nodes to store a large number of keys, which results in a large amount of computation and communication overhead.

The present invention is further described below with reference to specific embodiments.

As shown in fig. 1. The invention provides a self-adaptive CAN bus security control method, which comprises a security strategy selection method based on fuzzy decision and an ECU domain key management and security protocol.

The safety strategy selection method based on fuzzy decision comprises the following steps: factors such as differentiated message requirements and dynamic in-vehicle network environment are comprehensively considered, and a more reasonable security strategy is selected in a self-adaptive manner by using the idea of fuzzy decision making;

the ECU domain-division key management and security protocol control method comprises the following steps: and dividing the ECU nodes into domains according to the communication frequency and establishing a tree domain key structure. On the basis, a self-adaptive decision process is combined to design a differentiated security policy and a communication protocol thereof.

In the embodiment of the invention, the CAN bus security policy selection method based on fuzzy decision comprises the following steps:

A) determination of a set of factors

The method selects factors related to message security requirements and dynamic in-vehicle network environment and possibly influencing the decision of a security strategy, and constructs a factor set U. The selected influencing factors are as follows:

(1) demand for confidentiality

If such messages of sensor parameters such as oil temperature and vehicle speed related to driving safety are eavesdropped and cracked by an attacker, important information of driving safety or information such as user privacy may be exposed. The confidentiality requirement can be divided into four grades from high to low through expert rating, and the method is used for solving the problem that the confidentiality requirement is required to be classified into four grades from high to low

Indicating message msg_iThe confidentiality of

When in use

And then, the message is described to have the highest confidentiality requirement.

(2) Requirement for authentication

Authentication means that the receiving ECU can verify the integrity of the message content and the authenticity of the source. Is provided with

Indicating message msg_iIn which the authentication is required, wherein

The message content, the transmitting and receiving ECU and the like are analyzed by experts or manufacturers, and the authentication requirements of the message are divided into four grades from high to low. Order to

And then, the authentication requirement of the message is the highest. The invention adopts a message authentication code HMAC based on the hash to carry out message authentication.

(3) Real-time requirements

Is provided with

Indicating message msg_iIn real time, wherein

The real-time property refers to the priority of the message. The CAN bus determines the priority of the message according to the message ID during arbitration, the explicit level "0" covers the implicit level "1", and the ECU with the high priority preempts the bus. It CAN be concluded that the manufacturer sets the priority of certain messages higher in order to send them to the bus in time when designing the CAN bus communication matrix. Therefore, the real-time requirement level is set according to the message ID, the message ID is a hexadecimal number of 11bits, and the initial bit is y, then

The value of (A) is as shown in formula (1). When in use

The real-time requirement of the message is the highest.

(4) Length class of message

Is provided with

Indicating message msg_iLength scale of (2). When the security policy is selected, the length of the message can be referred to, and the MAC with a certain length is intercepted and transmitted together with the original message. The length of the message is set to be l bits,

is represented by the formula (2), wherein

Indicating the highest level of message length.

(5) Bus load ratio (B)_t): the bus load rate is the percentage of bus bandwidth occupied by bus transmission data within 1s, and represents the condition that the bus resource is used in the time period. The gateway ECU monitors the bus load rate in a certain time period T and counts the time length T of the bus load rate in the time period being more than 50 percent₁In proportion to the total duration t (t ≠ 0) by the bus load ratio B_tIs represented by, i.e. B_t＝t₁/t,B_t∈(0,1]The closer the value is to 1, the higher the bus duty ratio in the time period.

(6) Channel busy to idle ratio (CBR)_t): the channel busy-to-idle ratio is used to indicate the congestion level of the channel. Waiting for low priority messages the more busy the channel isThe longer the time. Defining channel busy-to-idle ratio (CBR)_t) For monitoring the proportion of time during which the channel is detected as busy, i.e. for monitoring time T

n is the number of channel detections, k_iThe channel is 1 when busy and 0 when idle. When CBR is used_tThe larger the value of (b), the more busy the channel is.

(7) Current network security status level (S)_t): let S_tAnd the network security level fed back by an Intrusion Detection System (IDS) in the current time period T. At present, various in-vehicle CAN bus intrusion detection schemes are proposed by scholars, such as based on message information entropy^[7]And data frame frequency^[9-10]And the like. Setting IDS to feed the current network security state back to gateway ECU, wherein S_tEach of the four levels of the current network state from high to low is sequentially represented by { s | s ═ n-k)/n, k ═ 0,1,2,3, and n ═ 4 }. When S is_tWhen the network security state level is 1, the network security state level is the highest.

In summary, the value ranges of the message factors and the network environment factors are both (0, 1)]In the above formula, the above factors are sequentially represented as u₁,u₂,...,u₇And added to the factor set U, i.e., U ═ U { (U) }₁,u₂,...,u₇}. With the development of the car networking technology, factors influencing the safety strategy can be added into the strategy set U, and the specific application condition is met.

B) Determination of a set of policies

In the present CAN bus authentication scheme proposed by researchers, the transmission modes of MAC are mainly divided into two types, namely, independent message transmission and transmission together with an original message: transmitting a 64bits MAC in a single message provides higher security but doubles the bus load. If the MAC address is transmitted together with the original message, although the bus load is not increased, the MAC with the limited length reduces the safety. The invention summarizes and provides six security strategies commonly used in the CAN bus in the vehicle according to the security requirements of the message. Let policy set P denote the set of optional policies provided by the present invention, denoted as P ═ P{P₁,P₂,P₃,P₄,P₅,P₆In which P is₁Representing a clear broadcast transmission, P₂Representing transmission of ciphertext, P₃HMAC authentication, P, representing plaintext transmission and employing truncation₄HMAC authentication, P, representing clear text transmission and using 64bits₅HMAC authentication, P, representing ciphertext transmission and employing truncation₆Representing ciphertext transmission and using 64bits of HMAC authentication. And a new security policy can be added into the policy set in practical application so as to meet the personalized security requirement.

C) Differential security policy selection based on fuzzy decision:

because the requirement of the message has certain ambiguity, for example, the high and low of confidentiality requirements have no obvious boundary, and the message has certain subjectivity; meanwhile, the transmission strategy which is reasonable is essentially a balance between the security and the network performance, and the concept of the transmission strategy also has certain ambiguity. The present invention therefore employs fuzzy decision making^[26]The method comprises the steps of designing a self-adaptive security strategy selection scheme, assuming that a gateway ECU has enough computing capacity, obtaining message requirements and in-vehicle network parameters in a certain time period T, and firstly adopting an analytic hierarchy process^[27](Analytic Hierarchy Process, AHP) determining the weight of the influence factor, then determining the membership function of the security strategy to the comment set, constructing a fuzzy evaluation matrix, carrying out fuzzy comprehensive evaluation on the strategy, and finally selecting a more reasonable security strategy for output. The steps are as follows.

(1) AHP method based weight determination of each influence factor of factor set

First, a hierarchical model of the CAN bus security mechanism is established, as shown in fig. 2. Wherein the factor set U ═ U₁,U₂}，U₁Representing a set of message factors, U₂Is a set of network environment factors.

By comparing the factors of the same layer pairwise, the relative importance degree of the factors is determined by evaluating the importance degree by an expert or a manufacturer. From top to bottom, a contrast matrix M is established_u＝(m_ij)_n×n,m_ijIs greater than 0. Wherein m is_ijRepresenting factor u_iAnd factor u_jN is the number of factors, as shown in formula (3):

here, M is required_uIs a consistent matrix, namely: m is_ji＝1/m_ijAnd is

This is because the assignment of weights to be satisfied is logically consistent. After determining the contrast matrix, the factor weights are determined as in algorithm 1.

And finally, determining the weight of each factor of the sub-criterion layer relative to the target layer. If criteria layer weight

Sub-criteria layer pair factor U₁,U₂Are respectively weighted as W₁And W₂Then, according to the weighting method, the final weight of all factors is α ═ W₁·α₁,W₂·α₂]。

(2) Determining membership function and constructing fuzzy evaluation matrix R

Firstly, an expert or a manufacturer constructs a strategy grading grade matrix G (G) for each factor by analyzing the influence of each factor on the safety strategy_ij)_6×4Wherein g is_ijIndicating that the strategy P takes different values when the factors take respectively_iIs scored. Such as a pair

Constructing a strategy scoring matrix G₁Wherein g is_ijTo represent

When {0.25,0.5,0.75,1} is taken in sequence, each strategy P_iThe score condition of (1).

And then determining the membership function of the security strategy to each element of the comment set. Let the comment set be a set of all the evaluation results, with V ═ V₁,v₂,...,v_mDenotes, m is the total number of evaluation results. The invention selects V ═ poor, good }. By degree of membership r_ijTo express a policy P_iAt factor u_iFor comment set element v under influence of_jOf wherein r is_ij∈[0,1]。r_ijThe closer to 1, the more P is indicated_iFor v_jThe higher the degree of membership. The invention selects a function of distribution membership degree of reduced hemitrapezoid, the expression is as formula (4-7), wherein j ═ {1,2,3,4} respectively represents v_jThe possible four values { poor, good }, then the corresponding r_ijIn order of r_i1,r_i2,r_i3,r_i4In the formula a₁＜a₂＜a₃＜a₄，g_ijThe score representing the policy is derived from the policy score matrix G.

(3) Fuzzy comprehensive evaluation of strategy

From equation (8), P is calculated as a whole_iFor v_jDegree of membership of (B) ═ B₁,b₂,...,b_m) I.e. strategy P_iThe fuzzy evaluation result vector of (1). Wherein b is_iRepresents P_iFor v_jI.e. determining P by comprehensively considering the influence of various factors_iFor comment set v_jDegree of membership. Sequentially calculating each security policy pair comment set v_jDegree of membership.

(4) Selecting a security policy according to a maximum membership rule

In obtaining P_iFuzzy evaluation vector B of_i＝(b_i1,b_i2,b_i3,b_i4) Then, determining a strategy P according to the maximum membership rule_iThe result of evaluation of (1), i.e. when

When is, P_iOverall belonging to the r-th rank. Determining P in sequence_i(i ═ 1,2,. 6) generally favors evaluation of the results. And selecting the strategy with the highest evaluation from all the strategies. And if the strategies under the highest evaluation level are multiple, selecting the strategy with higher membership degree as the output of the fuzzy decision. And the gateway ECU broadcasts the selected security strategy of the message to the bus, and the sending and receiving ECU related to the message updates the strategy of the message in the next time period T.

In the embodiment of the invention, the ECU domain-division key management and security protocol control method comprises the following steps:

the invention provides a high-efficiency ECU domain division and key management scheme. Firstly, in order to reduce the communication overhead of inter-domain nodes, the invention divides the domain of the ECU nodes according to the communication frequency of the ECU based on the thought of MCL clustering, then establishes a tree domain Key structure based on a Logic Key Hierarchy (LKH) and completes the Key distribution. And finally, designing a differentiated security policy and a communication protocol thereof by combining a self-adaptive security policy selection method.

As a preferred embodiment of the present invention, the ECU domain division based on MCL clustering includes:

how to design a reasonable and efficient ECU domain division rule is a problem to be solved by the subsection. The present invention first constructs a communication graph G (V, E) of ECU nodes, with the vertex V representing ECUs, the edge E representing communications between ECUs, and the weights on the edge representing the frequency of communications between nodes. Defining a communication frequency CF_ijAs ECU in unit time T_iAnd ECU_jThe number of communications therebetween. It should be noted that an ECU interfacing with an external network, such as an OBD, is more likely to be an entrance for an attacker to intrude into the in-vehicle CAN bus. Therefore, for ECUs that have an interface with an external network, a single ECU should be divided into one domain. The specific steps are shown in algorithm 2.

The algorithm is circulated, the output of each round is used as the input of the next round, namely, a new graph G is constructed by the ECU node clustering result set of the ith output_i(V_i,E_i) And each set is used as a vertex in the graph, the sum of the communication frequencies of the ECU of the whole set and the ECU nodes of the other sets is used as the weight of an edge, MCL clustering is carried out again until a cluster is finally formed, and the tree-shaped logic structure of the ECU node domains is established according to the clustering result set each time.

As a preferred embodiment of the present invention, the domain key distribution and management based on LKH includes:

because the CAN bus network in the vehicle has higher real-time requirement, the communication time delay is required to be minimized. In addition, the calculation capacity of the ECU nodes is limited, and in order to reduce the communication overhead brought by cross-domain communication as much as possible, the method establishes the LKH-based tree-shaped domain key structure according to the domain division result set of the ECU. First, since the number of ECUs is currently around 50 to 100, the ECUs are identified by a unique 8-bit binary number, denoted as an ECU_i(ii) a Next, a base is establishedTree domain key logic structure in LKH. The leaf nodes represent ECUs, the virtual nodes represent domains, and sibling nodes of the same parent node belong to the same domain. Each ECU needs to hold all keys on the path from the leaf node to the root node. Is provided with

And the key number of the domain is represented, wherein i and j respectively represent the ID of a starting node and an ending node in the domain if the key numbers are sorted according to the ECU ID, and s represents the layer number of the key tree. As shown in fig. 3. ECU (electronic control Unit)_iNeeds to store the intra-domain key of the domain 2

And intra-domain key of domain 3

After the tree domain key logic structure is established, the gateway ECU distributes keys. Suppose that the ECU node of domain n pre-shares a secret key with the gateway ECU

And the downloading of the key is over a secure channel. The gateway ECU acts as a control node, storing all keys. The process of loading the pre-shared key is only performed when the automobile leaves a factory and a certain ECU is replaced. When the vehicle starts, the gateway ECU distributes the keys according to the logic structure of the tree domain keys and the fixed sequence. Provided with an ECU_i∈Y_nWherein Y is_nRepresenting a domain n. The steps are as follows.

(1) Gateway ECU selects two random number seeds

For generating Y_nIs given to the session key EK within the domain_nAnd an authentication key AK_n. By Y_nEncryption key pre-shared by internal ECU and gateway ECU

The encrypted random number seed is broadcasted, as in (9) (10);

And respectively calculate Y_nSession key EK of_nAnd authentication key AK_nAs shown in formulas (11) (12). Where KDF () represents a one-way hash function for key derivation;

(3) to verify whether the secret key EK is successfully shared_nAnd AK_nThe gateway ECU uses the EK generated in step (1)_nAnd AK_nSeparately encrypted CTR_nAnd broadcast. Wherein, CTR_nStored by gateway ECU for key distribution and Y_nThe associated counter is as in equations (13) (14);

(4)Y_nthe inner node receives the message and decrypts the message by using the corresponding key generated in the step (2) to obtain the CTR_nValue and self-stored counter value CTR'_nContrast, if equalThen the corresponding key is deemed to be successfully shared. Otherwise, the ECU node needs to send an error frame to the gateway ECU indicating that the key is not successfully shared.

The gateway ECU distributes the session keys EK in sequence by taking the domain as a unit_nAnd authentication key AK_n. And when the vehicle is ignited and within a certain time period T, the gateway ECU distributes the key according to the domain again, and updates the session key and the authentication key.

As a preferred embodiment of the present invention, the design of the differentiated security protocol includes:

the invention summarizes and provides six security strategies commonly used in the CAN bus according to the security requirements of the message. Let the policy set be P ═ P₁,P₂,P₃,P₄,P₅,P₆In which P is₁Representing a clear broadcast transmission, P₂Representing transmission of ciphertext, P₃HMAC authentication, P, representing plaintext transmission and employing truncation₄HMAC authentication, P, representing clear text transmission and using 64bits₅HMAC authentication, P, representing ciphertext transmission and employing truncation₆Representing ciphertext transmission and using 64bits of HMAC authentication. ECU (electronic control Unit)_iTo ECU_jSends a message, and the ECU_i,ECU_j∈Y_n. The specific flow of each strategy is as follows.

(1) Policy P₁Plaintext broadcast transmission: and broadcasting the plain text of the original message without any processing.

(2) Policy P₂Ciphertext is transmitted as in fig. 4. The specific process is as follows:

a.ECU_iupdating message counters

And selects the corresponding key EK_nEncrypted plaintext M and

the ciphertext C is then obtained and sent to the bus, where

b.ECU_jDetermining corresponding security policy according to the message ID, and selecting corresponding key EK according to the sender ID_nObtain plaintext M after decryption and

will be provided with

With self-stored counters

And (6) carrying out comparison. If it is

Then update

And then receiving the message, otherwise, discarding the message.

(3) Policy P₃Indicating HMAC authentication with truncation: as shown in fig. 5, the ECU_jIt is necessary to verify whether the message is modified and actually originated from the ECU_iHere, HMAC is used for authentication. Setting the length of the original message as l bits, strategy P₃The first (64-l) bits to generate HMAC are selected. Provided with an ECU_i,ECU_j∈Y_nThe specific process is as follows:

a.ECU_iupdating a counter

Using authentication key AK_nGenerating

(64-l) bits taken, with M and

sent to the bus together;

b.ECU_jdetermining corresponding security policy and authentication key AK_nThen, calculate

Comparing with the received HMAC, if the received HMAC is consistent, comparing

Stored with oneself

If it is

Updating

And then receiving the message, otherwise, discarding the message.

(4) Policy P₄HMAC authentication using 64bits, authentication process and P₃And (5) the consistency is achieved. Except that the generated HMAC is sent to the CAN bus as a separate message by taking 64bits ahead.

(5) Policy P₅Ciphertext is transmitted and authentication is performed by adopting truncated HMAC: as shown in fig. 6. The specific process is as follows:

a.ECU_iupdating message counters

Selects corresponding key EK_nEncrypting messages, i.e.

And generate HMAC, i.e.

Here, the length of the original message is set to l bits, and the strategy P₅The first (64-l) bits to generate HMAC are selected. Sending the ciphertext C and the truncated HMAC to the bus together;

b.ECU_jin determining a security policy and corresponding key EK_nAnd AK_nAfter that, EK is used_nAfter decryption, M and

and generate HMAC', i.e.

And

if it is

Updating

And then receiving the message, otherwise, discarding the message.

The invention is further described below in connection with the experiments.

1. Feasibility analysis:

the CAN bus message CAN be divided into a CAN standard frame and a CAN extended frame according to the length of the message ID. The CAN extended frame divides the ID identifier of 29bits into an identifier and an extended identifier, wherein the identifier field is mainly used for determining the priority of the message. If the scheme provided by the invention is applied to the CAN extension frame, the following modifications need to be made to the format of the CAN extension frame, as shown in fig. 7.

The extended identifier field of 18bits is divided into three parts: a control field of 4bits, a sender ID of 8bits and a reserved field of 6 bits. The control field is used to indicate the type of the packet, and includes a key distribution frame, a data transmission frame, a policy identification frame, and the like, and the specific definition is shown in table 1. Unused fields are temporarily reserved and available for future expansion. And the ID field of the sender of the 8bits is the unique identifier of the ECU node and is used for realizing the source authentication of the message.

TABLE 1 control field coding

The invention fully utilizes the extended identifier field of the CAN extended frame to identify the message type and the ID of the sender. The scheme has feasibility, because in the CAN bus, the extended identifier field of 18bits and the identifier field of 11bits coexist, and the priority of the message is determined according to the identifier field of 11bits, and the occupation of the extended identifier field does not interfere with the arbitration process of the CAN bus. Therefore, the invention has feasibility for modifying the CAN extended frame, is easy to implement and has certain expandability.

2 safety analysis

The invention analyzes the security of the message from message confidentiality, authentication, anti-replay attack and forward and backward security of the secret key.

(1) Message confidentiality: security policy P₂，P₅，P₆The AES-128 algorithm is adopted to ensure the confidentiality of the CAN bus message. Using a secret key with a gateway ECU

And random number seed

Generation of a session key EK_nAnd the attacker cannot obtain

The security of the AES-128 algorithm is proved^[30]I.e. the attacker cannot get from

Obtaining the EK_n. Therefore, the session key EK cannot be obtained_nIn case of (2), the attacker cannotAnd decrypting the message.

(2) Message authentication: the receiving ECU can verify the integrity of the message content and the authenticity of the source. Policy P₃，P₄，P₅，P₆And selecting the HMAC to perform message authentication. Since the attacker does not know the authentication key AK used by the HMAC generated by the message, the only way is to exhaust in the key space, at 2^xOne of the possibilities is to select an x bits string as the authentication key. If an attacker exhaustively sends the HMAC to the CAN BUS within a short time, the BUS network CAN transmit an error frame of CAN BUS OFF to indicate an error state of communication failure.

(3) And (3) preventing replay attack: sending and receiving ECU separately maintains message counters

And

for message synchronization and HMAC generation. Thus, the present invention is secure against replay attacks.

(4) Forward and backward security of keys: each time the key is updated it is time to update,

the ECU cannot know the previous and subsequent session keys and authentication keys. Even if the session key at the k-th time is exposed, the session key at the k-1-th time and the session key at the k + 1-th time cannot be obtained, because the random number seed of the key generated at the k-th time is irrelevant to the random numbers at the k-1-th time and the random numbers at the k + 1-th time, the forward and backward security of the key is well ensured. In a similar way, the invention can also ensure the forward and backward security of the authentication key.

3 analysis of the experiment

In the experiment, CANoe V10.0 software is used for simulating the CAN bus network environment in the vehicle, and CAPL language is used as a programming language in the software. The experimental environment is a PC, a Windows 764 bit system, i7-6700 master frequency 3.4GHz, a memory 8G, and Python language is used as a programming language. A CAN bus message data set collected in a certain time period of a certain brand of automobiles in China is selected to be used for simulating a real in-vehicle bus environment in a certain time period, wherein the data set comprises 731622 messages, and 51 messages CAN be classified according to message IDs.

3. 1 validity of adaptive fuzzy decision

The method adopts the PC to simulate the self-adaptive fuzzy decision process of the gateway ECU node, and observes the influence of the change of the network environment on the selection of the security strategy by changing the parameters of the network in the vehicle. Simulating a bus network environment in a certain time period T according to the CAN bus message data set, and randomly generating [0,1 ] for 51 message types with different message IDs]The real number in the message is used for simulating confidentiality requirement and authentication requirement of the message. And determining the real-time requirement of the message according to the message ID, and determining the length grade of the message according to the length of the data field. According to the CAN bus level model, a standard level contrast matrix M is selected and constructed in the experiment_u1Comparison matrix M of sub-criterion layers_u2,M_u3. According to the AHP method, calculating and obtaining corresponding weight

And W₁,W₂And the total weight alpha of each element of the factor set, wherein the specific data is as follows:

W₂＝[0.4286,0.1429,0.4286]α＝[0.0236,0.076,0.1519,0.0818,0.2857,0.0953,0.2857]

and then selecting and constructing a strategy scoring matrix. After the experiment preparation work is finished, the occupation conditions of all safety strategies are observed by changing the network parameters in the vehicle according to the bus environment in the real data set simulation in a certain time period T. Network parameter B_t,CBR_t,S_tAll possible values of {0.25,0.5,0.75,1}, where vectors are used

β＝{β₁,β₂,β₃Represents { B }_t,CBR_t,S_tA set of possible values of. The detailed experimental results are as follows.

Fig. 8(a) (b) can see that under the condition that the channel busy-idle ratio and the network security state are not changed, the bus load ratio is increased from 0.25 of the graph (a) to 1 shown in the graph (b), and the security policy P of additionally transmitting 64bits of MAC is needed₄，P₆The proportion of all messages in the whole bus network is reduced from 64.52% to 37.77%, which shows that when the bus load is increased, the self-adaptive scheme can reduce the selection of the security policy requiring additional MAC transmission, and the additional bus load is not increased as much as possible.

FIG. 9(a) (b) shows that when the channel busy-idle ratio is increased, the policy P is applied when the bus load ratio and the network security status are not changed₄，P₆The proportion of all messages in the whole bus network is reduced from 37.77% to 4.46%. This shows that when the channel busy-to-idle ratio is increased, in order to send the message as soon as possible and improve the real-time performance, the adaptive scheme will reduce the selection of the security policy requiring additional MAC transmission.

As can be seen from fig. 10(a) and (b), under the condition that the bus load ratio and the channel busy/idle ratio are not changed, if the network security level is lowered, the network security level in the vehicle needs to be raised, and the message needs to be authenticated or encrypted. According to the scheme provided by the invention, the security policy P of encrypted transmission₂,P₅,P₆The percentage of the network security state is improved by 95.44% from 70.86%, which shows that when the level of the network security state is reduced, the invention carries out encryption transmission on the message to prevent an attacker from eavesdropping the attack and ensure the confidentiality of message transmission.

4. In the ECU node domain division and domain key management of the present invention,

the invention respectively analyzes and compares the performance of the ECU key management scheme from two aspects of storage overhead and calculation overhead.

(1) Storage overhead: refers to the number of keys that each ECU node needs to store. The present invention contrasts the present invention with existing solutions. For convenience of calculation, the total number of the ECU nodes is n, the tree-shaped domain key structure is a full m-ary tree (m is greater than or equal to 2) of n nodes, each ECU node needs to store all domain keys on a path from a leaf node where the ECU node is located to a root node, and 2 intra-domain keys of each domain include EK and AK. As can be seen from table 2, the tree domain key structure adopted in the present invention reduces the number of keys stored in each ECU node and the total number of keys.

TABLE 2 comparison of key quantities for each scheme

(2) And (3) calculating the overhead: refers to the computation time required to average each ECU node during the key update process. It is assumed here that the ECU nodes in the in-vehicle network have the same clock frequency. The time required for the gateway ECU to distribute the keys is measured by changing the data transmission rate of the CAN bus. The time required by the key distribution process comprises the following steps: 1) the gateway ECU encrypts and broadcasts the random number; 2) message transmission; 3) the ECU node decrypts the data frame and generates a key; 4) the gateway ECU encrypts and broadcasts the counter; 5) the sum of the times that the ECU node decrypts the data frame and compares. As can be seen from fig. 11, as the ECU node clock frequency increases and the bus data transmission rate increases, the key distribution time decreases accordingly. According to the invention, because the form of domain division is adopted, the gateway ECU broadcasts the message, the initial key distribution time is not increased along with the increase of the number of the ECUs, and the method has good feasibility while not increasing extra storage overhead.

5. Performance analysis of security policies

This subsection uses CANoe V10.0 emulation software to simulate the in-vehicle CAN bus, building a dynamic link library to implement security policies in the CANoe. And (3) assuming that the ECUs in the vehicle interior network have the same clock frequency, changing the data transmission rate of the CAN bus, and measuring the communication response time of the ECUs. Wherein the communication response time comprises: 1) the sender executes the security policy and then sends the security policy; 2) message transmission; 3) and after receiving the data frame, the receiver performs HMAC verification or decryption.

Fig. 12 shows the communication response time required for each security policy when the ECU node clock frequency is different and the bus data transfer rate is different. Wherein the strategy P₁By adopting the broadcast message, the communication response time only comprises 2) time delay of message transmission, so that the invention only measures the ECU communication response time of other 5 security strategies. It can be seen that as the bus data transfer rate increases, the communication response time required by the ECU nodes gradually decreases. Meanwhile, the higher the clock frequency, the less communication response time is required for the ECU node. Therefore, according to the difference of the computing power of the ECU and the size of the bus data transmission rate, the scheme provided by the invention can adaptively select the differentiated security strategy, thereby reducing the communication time delay and the computing overhead.

6. Comparative experiment

The adaptive security mechanism provided by the invention is compared with the LeiA scheme and the scheme provided by Woo et al. Randomly selecting time sequence T ═ T in CAN bus message data set₁,t₂,...,t₈Measured at t_iBus load over a period of time and bus load using LeiA, Woo and the invention and communication response time of ECU nodes. The ECU node frequency is set to be 150MHz in the experiment, the data transmission rate of the bus is set to be 1Mbps, and the number of messages in the randomly selected time sequence is shown in Table 3.

Table 3 the time series selected by the experiment contains the number of messages

As in fig. 13(a), the bus load is constantly changing over time. The Woo scheme uses the MAC of 32bits and transmits the MAC together with the message, and the bus load is not increased, so the change trend of the scheme is coincident with the change of the bus load; the LeiA scheme doubles the bus load by transmitting a 64-bits MAC as an extra message. The scheme of the invention adopts self-adaptive fuzzy decision, selects MAC with 32bits or 64bits according to the message requirement and the network environment, although a certain bus load is increased, the scheme is far lower than the LeiA scheme. From fig. 13(b), the response time of the ECU node in the proposed solution is also between LeiA and Woo, and does not increase the communication response time of the ECU node much.

Table 4 compares the LeiA scheme, Woo scheme with the present invention between security and network performance. Where security includes whether encryption is used and the length of the MAC used for authentication. Network performance includes impact on bus load and communication response time of the ECU. It can be seen that the present invention compares to the LeiA scheme. The influence on the bus load is small, and the communication delay is small; longer MACs are provided and security is higher compared to the Woo scheme. This is because the invention adds adaptive strategy selection, taking into account network performance and security.

Table 4 LeiA, Woo and security versus network performance for the invention

The present invention will be further described with reference to effects.

The following problems exist in the existing CAN bus safety scheme: (1) a single safety mechanism is difficult to meet the differentiated message safety requirements and the dynamic in-vehicle network environment, and the existing scheme is difficult to consider both the safety and the network performance; (2) the existing CAN bus encryption and authentication scheme lacks an efficient key management scheme and is difficult to be applied to ECU nodes with limited computing capacity. The invention provides a self-adaptive CAN bus safety mechanism, which mainly comprises: (1) the method comprises the steps of comprehensively considering message requirements and bus network factors in the vehicle, providing a safety strategy selection scheme based on an analytic hierarchy process and fuzzy decision, and adaptively selecting a more reasonable safety strategy aiming at differentiated messages and dynamically changed network environments in the vehicle; (2) and dividing the ECU nodes into hierarchical domains according to the communication frequency among the ECUs, and performing key management. Differential security strategies and corresponding communication protocols are designed; (3) the scheme provided by the invention is subjected to feasibility and security analysis, the effectiveness of self-adaptive fuzzy decision is verified, and the performance analysis is performed on the ECU domain division and key management scheme. Compared with the existing scheme, the result shows that the method has very limited storage overhead and calculation overhead, and is suitable for the ECU nodes with limited calculation capacity and the CAN bus network with high real-time requirement.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims

1. The self-adaptive in-vehicle CAN bus safety control method is characterized by comprising the following steps:

selecting a plurality of influence factors through analyzing the characteristics of the message and the in-vehicle network environment, and adaptively selecting a security strategy by utilizing an analytic hierarchy process and a fuzzy decision idea, so that the security requirement of the message is met, and the security strategy is adaptively adjusted according to the dynamic in-vehicle network environment; the CAN bus security strategy selection method based on fuzzy decision comprises the following steps:

Step two, determining a strategy set:

step three, selecting a differentiated security strategy based on fuzzy decision: firstly, determining the weight of an influence factor by adopting an analytic hierarchy process, then determining a membership function of a security strategy to a comment set, constructing a fuzzy evaluation matrix, carrying out fuzzy comprehensive evaluation on the strategy, and finally selecting a more reasonable security strategy for output;

abstracting the communication frequency of ECU nodes in the vehicle into an undirected graph, taking the communication frequency as the edge weight of the graph, dividing the undirected graph into hierarchical domain structures according to the communication frequency between the ECUs by adopting a Markov clustering method, carrying out key management on the nodes by using a tree-shaped domain key structure, and simultaneously carrying out differentiated security policy and corresponding communication protocol selection by combining a self-adaptive security policy selection method to realize the security control of a CAN bus in the vehicle; the ECU domain-division key management and security protocol selection method comprises the following steps:

firstly, dividing domains for ECU nodes according to the communication frequency of the ECU based on the idea of MCL clustering to reduce the communication overhead of the nodes between domains; then, a tree domain key structure based on a logic key tree is established and key distribution is completed; finally, a self-adaptive security policy selection method is combined to design a differentiated security policy and a communication protocol thereof;

the domain key distribution and management method based on LKH comprises the following steps:

And is sealedThe downloading of the key is through a secure channel; the gateway ECU is used as a control node and stores all keys; the process of loading the pre-shared key is only carried out when the automobile leaves a factory and a certain ECU is replaced; when the vehicle is started, the gateway ECU distributes keys according to a fixed sequence according to the logic structure of the tree domain keys; ECU (electronic control Unit)_i∈Y_nWherein Y is_nRepresents a domain n; the method comprises the following specific steps:

(1) gateway ECU selects two random number seeds

The encrypted random number seed is broadcasted, as in (9) (10);

(3) to verify whether the secret key EK is successfully shared_nAnd AK_nThe gateway ECU uses the EK generated in step (1)_nAnd AK_nSeparately encrypted CTR_nAnd broadcasting; wherein, CTR_nStored by gateway ECU for key distribution and Y_nThe associated counter is as in equations (13) (14);

(4)Y_nthe inner node receives the message and decrypts the message by using the corresponding key generated in the step (2) to obtain the CTR_nValue and self-stored counter value CTR'_nComparing, if equal, considering that the corresponding key is successfully shared; otherwise, the ECU node needs to send an error frame to the gateway ECU, which indicates that the secret key is not successfully shared;

the gateway ECU distributes the session keys EK in sequence by taking the domain as a unit_nAnd authentication key AK_n(ii) a When the vehicle is ignited and within a certain time period T, the gateway ECU distributes the key according to the domain again, and updates the session key and the authentication key;

the method for selecting the differentiated safety protocol comprises the following steps:

let the policy set be P ═ P₁,P₂,P₃,P₄,P₅,P₆In which P is₁Representing a clear broadcast transmission, P₂Representing transmission of ciphertext, P₃HMAC authentication, P, representing plaintext transmission and employing truncation₄HMAC authentication, P, representing clear text transmission and using 64bits₅HMAC authentication, P, representing ciphertext transmission and employing truncation₆Representing ciphertext transmission and adopting HMAC authentication of 64 bits; ECU (electronic control Unit)_iTo ECU_jSends a message, and the ECU_i,ECU_j∈Y_n；

And selects the corresponding key EK_nEncrypted plaintext M and

the ciphertext C is then obtained and sent to the bus, where

will be provided with

With self-stored counters

Carrying out comparison; if it is

Then update

Then receiving the message, otherwise discarding;

(3) policy P₃Indicating HMAC authentication with truncation: ECU (electronic control Unit)_jIt is necessary to verify whether the message is modified and actually originated from the ECU_iAuthenticating using the HMAC; let the length of the original message be lbits, and strategy P₃Selecting precursors for HMAC generation(64-l) bits; provided with an ECU_i,ECU_j∈Y_n，ECU_iUpdating a counter

Using authentication key AK_nGenerating

(64-l) bits taken, with M and

sent to the bus together;

Comparing with the received HMAC, if the received HMAC is consistent, comparing

Stored with oneself

If it is

Updating

Then receiving the message, otherwise discarding the message;

Selects corresponding key EK_nEncrypting messages, i.e.

And generate HMAC, i.e.

Let the length of the original message be lbits, and strategy P₅Selecting front (64-l) bits for generating the HMAC, and sending the ciphertext C and the truncated HMAC to a bus;

and generate HMAC', i.e.

And

if it is

Updating

Then receiving the message, otherwise discarding;

2. The adaptive in-vehicle CAN bus security control method of claim 1,

the influence factors selected in the first step further comprise:

(1) demand for confidentiality

Indicating message msg_iThe confidentiality of

When in use

(2) requirement for authentication

Am (A) to

Indicating message msg_iIn which the authentication is required, wherein

(3) real-time requirements

Is provided with

Indicating message msg_iIn real time, wherein

The value of (A) is as shown in formula (1); when in use

The real-time requirement of the message is highest;

(4) length class of message

Indicating message msg_iLength class of (d); the length of the message is lbits,

is represented by the formula (2), wherein

Indicating that the message length grade is highest;

n is the number of channel detections, k_i1 when the channel is busy and 0 when the channel is idle; when CBR is used_tThe larger the value of (A), the more busy the channel is;

(7) current network security state level S_t: let S_tThe network security level in the vehicle fed back by the intrusion detection system in the vehicle in the current time period T is obtained; the IDS feeds back the current network security state to the gateway ECU, wherein S_tThe current network state is sequentially represented by four levels from high to low, where s is (n-k)/n, k is 0,1,2,3, and n is 4; when S is_tWhen the network security state level is 1, the network security state level is the highest.

3. The adaptive in-vehicle CAN bus security control method of claim 1, wherein step three further comprises:

by the same layerComparing every two elements, and carrying out importance evaluation by experts or manufacturers to determine the relative importance degree of the elements; from top to bottom, a contrast matrix M is established_u＝(m_ij)_n×n,m_ijIs greater than 0; wherein m is_ijRepresenting factor u_iAnd factor u_jN is the number of factors, as shown in formula (3):

M_ufor a consistent matrix, satisfy: m is_ji＝1/m_ijAnd is

constructing a strategy grading grade matrix G (G) for each factor by analyzing the influence of each factor on the security strategy by an expert or a manufacturer_ij)_6×4Wherein g is_ijIndicating that the strategy P takes different values when the factors take respectively_iScore of (a); to pair

Constructing a strategy scoring matrix G₁Wherein g is_ijTo represent

determining a membership function of the security policy to each element of a comment set, setting the comment set as a set consisting of all evaluation results, and using V as { V ═ V }₁,v₂,...,v_mDenotes, m is the total number of evaluation results; selecting V as poor, good and good; by degree of membership r_ijTo express a policy P_iAt factor u_iFor comment set element v under influence of_jOf wherein r is_ij∈[0,1]；r_ijThe closer to 1, the more P is indicated_iFor v_jThe higher the degree of membership; the invention selects a reduced half trapezoid distribution membership function, wherein j ═ {1,2,3,4} respectively represents v_jThe possible four values { poor, good }, then the corresponding r_ijIn order of r_i1,r_i2,r_i3,r_i4In the formula a₁＜a₂＜a₃＜a₄，g_ijThe score representing the strategy is derived from a strategy scoring matrix G;

after acquiring the parameter information of a certain message and the network environment parameters in the time period, the gateway ECU sequentially acquires a strategy set P according to the strategy scoring matrix G of each factor_i(i ═ 1, 2.. 6) corresponding fraction g_ijSubstituting the function of membership degree to form fuzzy judgment moment of each security policy in turnArray R, wherein

3) Carrying out fuzzy comprehensive evaluation on the strategy:

4) selecting a security strategy according to a maximum membership principle:

When is, P_iOverall belonging to the r-th grade; determining P in sequence_i(i ═ 1,2,. 6); selecting a strategy in the highest evaluation from all strategies; if the strategies under the highest-level evaluation are multiple, selecting the strategy with higher membership degree as the output of the fuzzy decision; and the gateway ECU broadcasts the selected security strategy of the message to the bus, and the sending and receiving ECU related to the message updates the strategy of the message in the next time period T.

4. The adaptive in-vehicle CAN bus safety control method according to claim 3, wherein the method for determining the factor weight in step 1) comprises:

inputting: contrast matrix M_u＝(m_ij)_n×n；

And (3) outputting: a weight vector;

ii) combining the matrix M_u' summing by rows to obtain vectors

Wherein

iii) relative amount

Normalizing to obtain a characteristic vector W ═ W₁,w₂,...,w_n]^TWherein

iv) finding the maximum root of features

v) consistency check, calculating consistency index CI and consistency ratio CR against random consistency index RI, where CI is ═ lambda [ (. lambda. ]_max-n)/(n-1), CR ═ CI/RI; when CR is more than or equal to 0.1, M is required_uReassigning the elements in the step (a), continuously adjusting the elements and jumping to the step (i);

vi) normalizing the vector W to obtain the layer weight α ═ α₁,α₂,...,α_n]T, wherein

5. The adaptive in-vehicle CAN bus security control method of claim 1, wherein the ECU zoning based on MCL clustering comprises:

and (3) outputting: a result set of ECU domains;

2) The diagonal elements of the matrix C are increased by 1, i.e. when i equals j, C_ij1 is ═ 1; the communication frequency is normalized by columns, and a probability matrix C ═ C 'of the communication frequency is calculated'_ij)_n×nWherein

5) Iterative steps 3), 4) are performed until the matrix C ″ ═ C ″._ij)_n×nConverging;

6) outputting a clustering result set of ECU nodes;

6. An adaptive in-vehicle CAN bus security control system implementing the adaptive in-vehicle CAN bus security control method of claim 1.