智能网联汽车的安全威胁研究

doi:10.11959/j.issn.2096-3750.2019.00134

Abstract

Abstract:

Intelligent connected vehicle (ICV) is becoming the mainstream of automotive industry in the future,and automobile safety has gradually become a problem that cannot be ignored in the automotive industry.The threat attack surfaces in ICV were analyzed in detail,and some representative attack methods were summarized.On this basis,a practical case of using the vulnerabilities of controller area network bus and telematics service provider to attack the Luxgen U5 car was discussed.The experimental results show that there are many attack surfaces that can be used in ICV.Finally,some feasible defensive measures against the threats in ICV were put forward.

Key words: intelligent connected vehicle, telematics service provider, controller area network bus, electronic control unit, security threat

CLC Number:

TP393

Yijie XUN,Jiajia LIU,Jing ZHAO. Research on security threat of intelligent connected vehicle[J]. Chinese Journal on Internet of Things, 2019, 3(4): 72-81.

Figures/Tables 8

References 24

[1]	XUN Y J , LIU J J , NING J ,et al. An experimental study towards the in-vehicle network of intelligent and connected vehicles[C]// 2018 IEEE Global Communications Conference. IEEE, 2018.
[2]	XUN Y J , SUN Y Y , LIU J J . An experimental study towards driver identification for intelligent and connected vehicles[C]// 2019 IEEE International Conference on Communications. IEEE, 2019.
[3]	LIU J J , ZHANG S B , SUN W ,et al. In-vehicle network attacks and countermeasures:challenges and future directions[J]. IEEE Network, 2017,31(5): 50-58.
[4]	ENEV M , TAKAKUWA A , KOSCHER K ,et al. Automobile driver fingerprinting[J]. Proceedings on Privacy Enhancing Technologies, 2016(1): 34-50.
[5]	NIE S , LIU L , DU Y . How we remotely compromised the gateway,BCM,and autopilot ECUS of tesla cars[C]// 2017 Black Hat. 2017.
[6]	ZENG K C , LIU S , SHU Y ,et al. All your GPS are belong to us:towards stealthy manipulation of road navigation systems[C]// 27th USENIX Security Symposium. 2018: 1527-1544.
[7]	MILLER C , VALASEK C . Remote exploitation of an unaltered passenger vehicle[C]// Defcon, 2015: 1-91.
[8]	BOSCH R . CAN Specification Version 20[S] 1991.
[9]	程军, 崔继波, 苟凯英 . 车辆控制系统CAN总线通信的实施方法[J]. 汽车工程, 2003(5): 300-305.
	CHENG J , CUI J B , GOU K Y . Implementation method of CAN bus communication in vehicle control system[J]. Automobile Engineering, 2003,(5): 300-305.
[10]	LI Y S , LUO Q , LIU J J ,et al. TSP security in intelligent and connected vehicles:challenges and solutions[J]. IEEE Wireless Communications, 2019,26(3).
[11]	CHECKOWAT S , MCCOY D , KANTOR B ,et al. Comprehensive experimental analyses of automotive attack surfaces[C]// USENIX Security Symposium. 20114: 447-462.
[12]	NIE S , LIU L , DU Y . Free-fall:hacking Tesla from wireless to can bus[C]// 2017 Black Hat. 2017: 1-16.
[13]	CHENG Q A , YIN Y , FENG Y ,et al. Exposing congestion attack on emerging connected vehicle based traffic signal control[C]// 2018 Network and Distributed Systems Security (NDSS) Symposium. 2018.
[14]	LUO Q , CAO Y , LIU J ,et al. Localization and navigation in autonomous driving:threats and countermeasures[J]. IEEE Wireless Communications, 2019,26(4): 38-45.
[15]	BENADJILA R , RENARD M , LOPES-ESTEVES J ，et al. One car,two frames:attacks on Hitag-2 remote keyless entry systems revisited[C]// 11th USENIX Workshop on Offensive Technologies (WOOT 17). 2017.
[16]	GARCIA F D , OSWALD D , KASPER T ,et al. Lock it and still lose iton the (in)security of automotive remote keyless entry systems[C]// 25th USENIX Security Symposium (USENIX Security 16). 2016.
[17]	ISHTIAQ ROUFA R M , MUSTAFAA H , TRAVIS TAVLORA S O ,et al. Security and privacy vulnerabilities of in-car wireless networks:a tire pressure monitoring system case study[C]// 19th USENIX Security Symposium. 2010: 11-13.
[18]	SOMANI G , GAUR M S , SANGHI D ,et al. DDoS attacks in cloud computing:issues,taxonomy,and future directions[J]. Computer Communications, 2017,107: 30-48.
[19]	RISTENPART T , TROMER E , SHACHAM H ,et al. Hey,you,get off of my cloud:exploring information leakage in third-party compute clouds[C]// Proceedings of the 16th ACM conference on Computer and Communications Security. ACM, 2009: 199-212.
[20]	GEORGIEV M , IYENGAR S , JANA S ,et al. The most dangerous code in the world:validating SSL certificates in non-browser software[C]// Proceedings of the 2012 ACM conference on Computer and Communications Security. ACM, 2012: 38-49.
[21]	LIANG X , SHETTY S , ZHANG L ,et al. Man in the cloud (MITC) defender:SGX-based user credential protection for synchronization applications in cloud computing platform[C]// 2017 IEEE 10th International Conference on Cloud Computing(CLOUD). IEEE, 2017: 302-309.
[22]	GARIP M T , GURSOY M E , REIHER P ,et al. Congestion attacks to autonomous cars using vehicular botnets[C]// NDSS Workshop on Security of Emerging Networking Technologies (SENT). 2015.
[23]	张德干, 赵彭真, 高瑾馨 ,等. 面向车联网的智能数据传输新方法[J]. 物联网学报, 2019,3(2): 89-99.
	ZHANG D G , ZHAO P Z , GAO J X ,et al. A new intelligent data transmission method for intelligent and connected vehicles[J]. Chinese Journal on Internet of Things, 2019,3(2): 89-99.
[24]	余辰, 张丽娟, 金海 . 大数据驱动的智能交通系统研究进展与趋势[J]. 物联网学报, 2018,2(1): 56-63.
	YU C , ZHANG L J , JIN H . Research progress and trend of intelligent transportation system driven by big data[J]. Chinese Journal on Internet of Things, 2018,2(1): 56-63.

Metrics

Recommended 0

No Suggested Reading articles found!

距离	入侵入口	被攻击设备	攻击方法/威胁	文献
远距离通信	蜂窝网络	T-BOX	未经授权的权限升级不安全的系统接口和配置	7,11]
	Wi-Fi	ECU	不安全的身份验证未经授权的权限升级	5,12]
	OBU/RSU	IVI	数据欺骗	13]
	GPS	IVI	流量劫持	6]
近距离车外通信	蓝牙	IVI	不安全的系统接口和配置	14]
		ECU	无线电信号干扰	11]
	高频无线电	RKE	软件定义无线电欺骗	15-16]
		TPMS	无线电信号干扰	17]
车辆内部网络	USB	IVI	数据欺骗	11]
	CAN接口	ECU	未经授权的权限升级不安全的系统接口和配置边信道攻击	4,7]

Research on security threat of intelligent connected vehicle

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 24

Related Articles 15

Metrics

Recommended 0

[1]	Guanglei GENG, Bo GAO, Ke XIONG, Pingyi FAN, Yang LU, Yuwei WANG. A survey of federated learning for 6G networks [J]. Chinese Journal on Internet of Things, 2023, 7(2): 50-66.
[2]	Chao HU, Bangyan LU, Yanbing YANG, Zhe CHEN, Lei ZHANG, Liangyin CHEN. Human activity recognition system based on low-cost IoT chip ESP32 [J]. Chinese Journal on Internet of Things, 2023, 7(2): 133-142.
[3]	Zhihong WANG, Supeng LENG, Kai XIONG. Multi-agent resource allocation strategy for UAV swarm-based cooperative sensing [J]. Chinese Journal on Internet of Things, 2023, 7(1): 18-26.
[4]	Nongyu WEI, Zilong JIANG, Fangjiong CHEN. AODV protocol for acoustic-radio integrated network based on location information and energy balance [J]. Chinese Journal on Internet of Things, 2023, 7(1): 27-36.
[5]	Cenhuishan LIAO, Junyan CHEN, Guanping LIANG, Xiaolan XIE, Xiaoye LU. Quality of service optimization algorithm based on deep reinforcement learning in software defined network [J]. Chinese Journal on Internet of Things, 2023, 7(1): 73-82.
[6]	Bei TANG, Qian WANG, Siguang CHEN. Radio frequency energy harvesting-combined collaborative energy-saving computation offloading mechanism [J]. Chinese Journal on Internet of Things, 2023, 7(1): 83-92.
[7]	Yao LIU, Yueyuan HE, Hongjing ZHOU, Chaoliang LI, Chuang LI. Partial computation offloading method based on joint resource allocation for mobile edge computing [J]. Chinese Journal on Internet of Things, 2023, 7(1): 140-148.
[8]	Wenxuan HAN, Hailong ZHU, Xinxin HE, Yanjue LI, Changchuan YIN. A TSN traffic scheduling algorithm combined with enqueue shaping [J]. Chinese Journal on Internet of Things, 2022, 6(4): 117-127.
[9]	Huanhuan ZHANG, Anfu ZHOU, Huadong MA. Reinforcement learning-based real-time video streaming control and on-device training research [J]. Chinese Journal on Internet of Things, 2022, 6(4): 1-13.
[10]	Yingyun GUO, Bo GAO, Zhifei ZHANG, Yu ZHANG, Ke XIONG. An incentive mechanism with bandwidth allocation for federated learning [J]. Chinese Journal on Internet of Things, 2022, 6(4): 82-92.
[11]	Fangyuan XING, Shibo HE, Mingyang SUN, Jiming CHEN. Carbon emission monitoring based on internet of things with cloud-tube-edge-end structure [J]. Chinese Journal on Internet of Things, 2022, 6(4): 53-64.
[12]	Jin QI, Wei WANG, Mengxi CHEN, Bin XU, Zhenjiang DONG, Yanfei SUN. Concept, architecture and key technologies of industrial internet [J]. Chinese Journal on Internet of Things, 2022, 6(2): 38-49.
[13]	Jiandong XU, Ruisong LI, Hao CHANG, Yi YANG, Sheng ZHANG, Tianling REN. Recent progresses and challenges in smart contact lens [J]. Chinese Journal on Internet of Things, 2022, 6(1): 1-12.
[14]	Ning LUAN, Ke XIONG, Yu ZHANG, Ruisi HE, Gang QU, Bo AI. 6G: typical applications, key technologies and challenges [J]. Chinese Journal on Internet of Things, 2022, 6(1): 29-43.
[15]	Kailei ZHU, Aijing SUN. WSN clustering routing algorithm based on Cuckoo Search algorithm optimized K-means [J]. Chinese Journal on Internet of Things, 2022, 6(1): 73-81.