CN111130781A - Active security defense method and device for communication control of Internet of vehicles - Google Patents

Active security defense method and device for communication control of Internet of vehicles Download PDF

Info

Publication number
CN111130781A
CN111130781A CN202010187619.3A CN202010187619A CN111130781A CN 111130781 A CN111130781 A CN 111130781A CN 202010187619 A CN202010187619 A CN 202010187619A CN 111130781 A CN111130781 A CN 111130781A
Authority
CN
China
Prior art keywords
instruction
vehicle
random
control
communication control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010187619.3A
Other languages
Chinese (zh)
Inventor
邓高见
马多耀
李宜花
黄雄栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongke Tianyu Suzhou Technology Co ltd
Original Assignee
Zhongke Tianyu Suzhou Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongke Tianyu Suzhou Technology Co ltd filed Critical Zhongke Tianyu Suzhou Technology Co ltd
Priority to CN202010187619.3A priority Critical patent/CN111130781A/en
Publication of CN111130781A publication Critical patent/CN111130781A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention relates to a vehicle networking communication control active security defense method and a device, which mainly comprise the following steps: the vehicle-mounted end presets a differential key before distribution; before the vehicle management control end communicates with the vehicle, a random instruction is generated by using a dynamic algorithm and is returned to the vehicle-mounted end along with the control instruction; after receiving the control instruction, the vehicle-mounted end firstly calls the same dynamic algorithm to generate a random instruction, the random instruction is matched with the received random instruction, if the verification is passed, the instruction is executed, and if the verification is failed, the execution of a postscript instruction is refused; and returning the instruction operation result to the active segment. The invention can realize the communication control safety of the vehicle management control end and the vehicle-mounted end under the environment of intelligent vehicle networking, the communication instruction is effective only in a certain time window, an attacker cannot imitate the instruction to control the vehicle, and the network attack of the vehicle networking can be effectively resisted.

Description

Active security defense method and device for communication control of Internet of vehicles
Technical Field
The invention relates to a method and a device for defending the security of Internet of vehicles, in particular to a method and a device for defending the security of the communication control initiative of the Internet of vehicles, belonging to the field of information security.
Background
With the development of artificial intelligence and the development of the internet +, the car networking gradually turns to intellectualization, the unmanned technology is mature day by day, and the architecture of cloud network end control is formed. However, wireless communication is adopted in the internet of vehicles, so that the safety capability is weak, and a huge safety risk exists. If the network attack cannot be effectively defended, the communication process of the vehicle and the control platform is greatly threatened, so that data leakage is caused, a traffic accident is seriously caused, casualties occur, economic loss is brought, and even social stability and national security are threatened.
In the traditional network security passive protection method based on boundary protection, due to the lack of a security strategy of dynamic protection, the protocol vulnerability of communication transmission is exposed to attackers for a long time. This static, homogeneous, invariant network weakness presents a security risk for long-term eavesdropping, scanning, and penetration by attackers. The new attack means of national-level countermeasure such as APT attack (advanced persistent Threat) also poses a Threat to vehicle network security. The APT attack core technology utilizes a 0-day bug (also called a zero-day bug) or an undisclosed bug, is a combination of a plurality of attack means, and has slow attack process, pertinence, continuity and concealment.
In view of this, how to change the static defense in the communication process of the internet of vehicles, changing passive defense into active defense is an important method and technology for improving the communication control safety of the internet of vehicles. By increasing the diversity and the transient of the instructions in the communication control process, the attack difficulty and the cost can be effectively improved, and the communication damages such as eavesdropping attack, forged instruction attack and the like can be prevented.
Disclosure of Invention
In view of this, the invention discloses a method and a device for vehicle networking communication control active security defense, which mainly comprises the following steps: the vehicle-mounted end presets a differential key before distribution; before the vehicle management control end communicates with the vehicle, a random instruction is generated by using a dynamic algorithm and is returned to the vehicle-mounted end along with the control instruction; after receiving the control instruction, the vehicle-mounted end firstly calls the same dynamic algorithm to generate a random instruction, the random instruction is matched with the received random instruction, if the verification is passed, the instruction is executed, and if the verification is failed, the execution of a postscript instruction is refused; and returning the instruction operation result to the active segment. The invention can realize the communication control safety of the vehicle management control end and the vehicle-mounted end under the environment of intelligent vehicle networking, the communication instruction is effective only in a certain time window, an attacker cannot imitate the instruction to control the vehicle, and the network attack of the vehicle networking can be effectively resisted.
The technical scheme of the invention is as follows: a vehicle networking communication control active security defense method comprises the following steps:
1) the vehicle-mounted end presets a differential key before distribution;
2) before the vehicle management control end communicates with the vehicle, a random instruction is generated by using a dynamic algorithm and is returned to the vehicle-mounted end along with the control instruction;
3) after receiving the control instruction, the vehicle-mounted end firstly calls the same dynamic algorithm to generate a random instruction, the random instruction is matched with the received random instruction, if the verification is passed, the instruction is executed, and if the verification is failed, the execution of a postscript instruction is refused;
4) and returning the instruction operation result to the vehicle management control end.
Furthermore, the active security defense method for communication control in the internet of vehicles is characterized in that the dynamic algorithm is a randomized algorithm f (T, Kc) based on time T and a preset key Kc, a random number generated by the algorithm changes along with the change of a time window Tws, and the random number remains unchanged in the same time window.
Furthermore, the active security defense method for communication control in the internet of vehicles is characterized in that the dynamic instruction verification method comprises the following processes:
1) the vehicle-mounted end firstly takes out the system time and the shared secret key, and f (T, Kc) is calculated to obtain a random instruction Rs;
2) the random instruction Rs and the control instruction Cc are connected in series to obtain a communication control instruction Cnet;
3) after the vehicle-mounted terminal receives the communication control instruction, a random instruction Rs is extracted, and the local time T is extractedAnd sharing the secret key, calculating f (again)T,Kc)=Rs;
4) If R iss = Rs, a subsequent control command Cc is executed, if Rs! = Rs, the terminal executes the subsequent instruction;
5) and feeding back the execution result to the vehicle management control end.
Furthermore, the active security defense method for the communication control of the internet of vehicles is characterized in that the dynamic instruction module modifies instructions of reading, writing, opening, closing, copying, deleting, cutting, moving and the like of data.
Furthermore, the active security defense method for communication control of the internet of vehicles is characterized in that the communication control command can be unidirectional or bidirectional, and the vehicle management control end issues a command to the vehicle-mounted end and can also report data to the vehicle management control end.
Furthermore, the active security defense method for the communication control of the internet of vehicles is characterized in that the dynamic algorithm can be synchronized in online time or offline counting.
The invention also provides an active security defense device for communication control of the Internet of vehicles, which comprises a shared secret key distribution module, a vehicle management dynamic algorithm module, a vehicle management control end instruction sending and receiving module, a vehicle-mounted end dynamic algorithm module and a vehicle-mounted end instruction sending and receiving module,
the shared key distribution module presets a differential key for the vehicle-mounted end before distribution, and registers and updates the differential key to the vehicle management control end;
the vehicle management dynamic algorithm module generates a random instruction by using a dynamic algorithm before communicating with a vehicle, and returns the random instruction to the vehicle-mounted end along with a control instruction;
the vehicle management control end instruction sending and receiving module is used for sending and receiving vehicle management control end instructions and return messages;
the vehicle-mounted end instruction sending and receiving module is used for receiving and sending a vehicle-mounted end instruction and a return message;
and after the vehicle-mounted end receives the control command, the vehicle-mounted end firstly calls the same dynamic algorithm to generate a random command and matches the random command with the received random command, if the verification is passed, the command is executed, and if the verification is failed, the execution of the post-recording command is refused.
The invention has the following positive effects:
the invention provides an active security defense method and device for communication control of Internet of vehicles, which are characterized in that dynamic random instructions are added into communication control instructions, so that the instructions have the characteristics of diversity and instantaneity, and the cost of attack eavesdropping and counterfeiting is provided. The invention can realize the communication control safety of the vehicle management control end and the vehicle-mounted end under the environment of intelligent vehicle networking, the communication instruction is effective only in a certain time window, an attacker cannot imitate the instruction to control the vehicle, and the network attack of the vehicle networking can be effectively resisted.
Drawings
FIG. 1 is a schematic diagram of an architecture of an active security defense method and device for vehicle networking communication control according to the present invention.
Detailed Description
The invention is further described below with reference to the figures and examples.
The invention discloses a vehicle networking communication control active security defense method in one embodiment, which comprises the following steps:
1) the vehicle-mounted end presets a differential key before distribution;
2) before the vehicle management control end communicates with the vehicle, a random instruction is generated by using a dynamic algorithm and is returned to the vehicle-mounted end along with the control instruction;
3) after receiving the control instruction, the vehicle-mounted end firstly calls the same dynamic algorithm to generate a random instruction, the random instruction is matched with the received random instruction, if the verification is passed, the instruction is executed, and if the verification is failed, the execution of a postscript instruction is refused;
4) and returning the instruction operation result to the vehicle management control end.
The following describes a method and an apparatus for active security defense of communication control in internet of vehicles in the accompanying drawings by specific examples.
As shown in figure 1, the vehicle networking communication control active security defense device comprises a shared secret key distribution module, a vehicle management dynamic algorithm module, a vehicle management control end instruction sending and receiving module, a vehicle-mounted end dynamic algorithm module and a vehicle-mounted end instruction sending and receiving module,
the shared key distribution module presets a differential key for the vehicle-mounted end before distribution, and registers and updates the differential key to the vehicle management control end;
the vehicle management dynamic algorithm module generates a random instruction by using a dynamic algorithm before communicating with a vehicle, and returns the random instruction to a vehicle-mounted end along with a control instruction, wherein the dynamic algorithm is a randomized algorithm f (T, Kc) based on time T and a preset key Kc, the random number generated by the algorithm changes along with the change of a time window Tws, and the random number is kept unchanged in the same time window;
the vehicle management control end instruction sending and receiving module is used for sending and receiving vehicle management control end instructions and return messages;
the vehicle-mounted end instruction sending and receiving module is used for receiving and sending a vehicle-mounted end instruction and a return message;
after the vehicle-mounted end receives the control command, the vehicle-mounted end firstly calls the same dynamic algorithm to generate a random command and matches the random command with the received random command, and the dynamic command verification method comprises the following steps:
1) the vehicle-mounted end firstly takes out the system time and the shared secret key, and f (T, Kc) is calculated to obtain a random instruction Rs;
2) the random instruction Rs and the control instruction Cc are connected in series to obtain a communication control instruction Cnet;
3) after the vehicle-mounted terminal receives the communication control instruction, a random instruction Rs is extracted, and the local time T is extractedAnd sharing the secret key, calculating f (T) again,Kc)=Rs;
4) If R iss = Rs, a subsequent control command Cc is executed, if Rs! = Rs, the terminal executes the subsequent instruction;
5) and feeding back the execution result to the vehicle management control end.
The above-described embodiments of the present invention are intended to better understand the use of the present invention and should not be construed as limiting the scope of the present invention. Any modification, variation and equivalent replacement within the spirit and principle of the present invention shall fall within the protection scope of the claims of the present invention.

Claims (7)

1. A vehicle networking communication control active security defense method comprises the following steps:
1) the vehicle-mounted end presets a differential key before distribution;
2) before the vehicle management control end communicates with the vehicle, a random instruction is generated by using a dynamic algorithm and is returned to the vehicle-mounted end along with the control instruction;
3) after receiving the control instruction, the vehicle-mounted end firstly calls the same dynamic algorithm to generate a random instruction, the random instruction is matched with the received random instruction, if the verification is passed, the instruction is executed, and if the verification is failed, the execution of a postscript instruction is refused;
4) and returning the instruction operation result to the vehicle management control end.
2. The active defense method for communication control in internet of vehicles according to claim 1, wherein the dynamic algorithm is a randomized algorithm f (T, Kc) based on time T and a preset key Kc, and the random number generated by the algorithm changes along with the change of a time window Tws, and the random number is kept constant in the same time window.
3. The vehicle networking communication control active security defense method according to the claims 1 and 2, characterized in that the dynamic instruction verification method comprises the following steps:
1) the vehicle-mounted end firstly takes out the system time and the shared secret key, and f (T, Kc) is calculated to obtain a random instruction Rs;
2) the random instruction Rs and the control instruction Cc are connected in series to obtain a communication control instruction Cnet;
3) after the vehicle-mounted terminal receives the communication control instruction, a random instruction Rs is extracted, and the local time T is extractedAnd sharing the secret key, calculating f (T) again,Kc)=Rs;
4) If R iss = Rs, a subsequent control command Cc is executed, if Rs! = Rs, the terminal executes the subsequent instruction;
5) and feeding back the execution result to the vehicle management control end.
4. The active defense method of internet of vehicles communication control of claim 1, wherein the dynamic command module modifies commands of reading, writing, opening, closing, copying, deleting, cutting, moving, etc. of data.
5. The active defense method for communication control of internet of vehicles according to claim 1, wherein the communication control command can be one-way or two-way, and the vehicle management control end issues the command to the vehicle management end, or the vehicle management end reports data to the vehicle management control end.
6. The active defense method for communication control in internet of vehicles according to claim 1 or 5, characterized in that the dynamic algorithm can be synchronized on-line time or off-line counting.
7. An active security defense device for communication control of Internet of vehicles comprises a shared secret key distribution module, a vehicle management dynamic algorithm module, a vehicle management control end instruction sending and receiving module, a vehicle-mounted end dynamic algorithm module and a vehicle-mounted end instruction sending and receiving module,
the shared key distribution module presets a differential key for the vehicle-mounted end before distribution, and registers and updates the differential key to the vehicle management control end;
the vehicle management dynamic algorithm module generates a random instruction by using a dynamic algorithm before communicating with a vehicle, and returns the random instruction to the vehicle-mounted end along with a control instruction;
the vehicle management control end instruction sending and receiving module is used for sending and receiving vehicle management control end instructions and return messages;
the vehicle-mounted end instruction sending and receiving module is used for receiving and sending a vehicle-mounted end instruction and a return message;
and after the vehicle-mounted end receives the control command, the vehicle-mounted end firstly calls the same dynamic algorithm to generate a random command and matches the random command with the received random command, if the verification is passed, the command is executed, and if the verification is failed, the execution of the post-recording command is refused.
CN202010187619.3A 2020-03-17 2020-03-17 Active security defense method and device for communication control of Internet of vehicles Pending CN111130781A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010187619.3A CN111130781A (en) 2020-03-17 2020-03-17 Active security defense method and device for communication control of Internet of vehicles

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010187619.3A CN111130781A (en) 2020-03-17 2020-03-17 Active security defense method and device for communication control of Internet of vehicles

Publications (1)

Publication Number Publication Date
CN111130781A true CN111130781A (en) 2020-05-08

Family

ID=70494026

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010187619.3A Pending CN111130781A (en) 2020-03-17 2020-03-17 Active security defense method and device for communication control of Internet of vehicles

Country Status (1)

Country Link
CN (1) CN111130781A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117425153A (en) * 2023-12-18 2024-01-19 新华三网络信息安全软件有限公司 Risk detection method and device for Internet of vehicles terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166907A (en) * 2011-05-05 2013-06-19 *** Relative synchronization authentication method, authentication system and device
CN104579686A (en) * 2015-01-15 2015-04-29 上海动联信息技术股份有限公司 Seed matching method for mobile phone token
CN104992331A (en) * 2015-07-17 2015-10-21 上海众人网络安全技术有限公司 Mobile terminal virtual offline payment system and payment method
CN106506529A (en) * 2016-12-06 2017-03-15 上海众人网络安全技术有限公司 A kind of mutual authentication method and system
US20190116161A1 (en) * 2016-03-31 2019-04-18 Byd Company Limited Secure communication method and apparatus for vehicle, multimedia system for vehicle, and vehicle
CN110457948A (en) * 2019-08-13 2019-11-15 中科天御(苏州)科技有限公司 A kind of dynamic data means of defence and system based on store instruction randomization

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166907A (en) * 2011-05-05 2013-06-19 *** Relative synchronization authentication method, authentication system and device
CN104579686A (en) * 2015-01-15 2015-04-29 上海动联信息技术股份有限公司 Seed matching method for mobile phone token
CN104992331A (en) * 2015-07-17 2015-10-21 上海众人网络安全技术有限公司 Mobile terminal virtual offline payment system and payment method
US20190116161A1 (en) * 2016-03-31 2019-04-18 Byd Company Limited Secure communication method and apparatus for vehicle, multimedia system for vehicle, and vehicle
CN106506529A (en) * 2016-12-06 2017-03-15 上海众人网络安全技术有限公司 A kind of mutual authentication method and system
CN110457948A (en) * 2019-08-13 2019-11-15 中科天御(苏州)科技有限公司 A kind of dynamic data means of defence and system based on store instruction randomization

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117425153A (en) * 2023-12-18 2024-01-19 新华三网络信息安全软件有限公司 Risk detection method and device for Internet of vehicles terminal
CN117425153B (en) * 2023-12-18 2024-03-26 新华三网络信息安全软件有限公司 Risk detection method and device for Internet of vehicles terminal

Similar Documents

Publication Publication Date Title
Chen et al. Towards secure intra-vehicle communications in 5G advanced and beyond: Vulnerabilities, attacks and countermeasures
He et al. Security analysis of a space-based wireless network
DE112010002837T5 (en) METHOD AND DEVICE FOR DISTRIBUTING SAFETY KEYS (N)
CN104954350A (en) Account information protection method and system thereof
Wang et al. A survey of blockchain-based cybersecurity for vehicular networks
CN107086891A (en) The phase compensation implementation method of continuous variable quantum key distribution system
CN102868702B (en) System login device and system login method
CN107623912A (en) The method and device of secure communication between a kind of car networking terminal
CN112752236A (en) Block chain-based networking automobile authentication method, equipment and storage medium
Goncalves et al. Synthesizing datasets with security threats for vehicular ad-hoc networks
Mohd et al. Simulation and analysis of DDoS attack on connected autonomous vehicular network using OMNET++
CN111130781A (en) Active security defense method and device for communication control of Internet of vehicles
Dadam et al. Onboard Cybersecurity Diagnostic System for Connected Vehicles
CN114071462B (en) Unmanned aerial vehicle group satellite navigation defense decoy method
Wolf et al. Securing cacc: Strategies for mitigating data injection attacks
CN109246704A (en) Safety auditing system and method for remotely connecting
Zhang et al. An intrusion detection method of data tampering attack in communication-based train control system
Shibly et al. Personalized federated learning for automotive intrusion detection systems
CN113709733B (en) Key distribution method applied to security train tail equipment
Liu et al. Secure and safe automated vehicle platooning
Xu et al. Attack identification for software-defined networking based on attack trees and extension innovation methods
Li et al. A Bayesian game based defense scheme for CBTC systems under Man-in-the-middle attacks
CN103051639A (en) Online game gameguard system capable of realizing anti-offline plugin and online game gameguard method
CN114048509A (en) Rail transit comprehensive monitoring method and device and electronic equipment
CN106789899A (en) A kind of cross-domain message method and device based on HTML5

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination