基于国密算法的车载以太网控制器身份认证方法

doi:10.11959/j.issn.2096-109x.2022079

Abstract

Abstract:

With the development of intelligent and connected cars, cyber security of automotive ethernet becomes the focus of automotive industry.Authentication is one of the key technologies for automotive ethernet security.The existing authentication methods have shortcomings to meet the requirements of both safety and electronic controllers’ performance.Besides, national cryptographic algorithms are becoming a trend for automotive network security, while the related research in automotive ethernet area is still in starting phase.In order to balance the limited computing performance of electronic controllers and high security requirements of automotive ethernet, a two-stage trust chain authentication method based on national cryptographic algorithms was proposed.The method can be used in different automotive ethernet topologies.A trust chain was built up based on authentication credentials, which linked the two authentication stages, namely the initial stage and the vehicle using stage.The initial stage was triggered by diagnosis instrument at end of line or controller replacement.It deployed complete authentication based on SM2 algorithm and certificates in the initial stage.The vehicle using stage was triggered by ethernet gateway at vehicle power-on or network wakeup.In this stage, the method deployed fast authentication based on SM4 algorithm and authentication credential trust chain.The authentication credentials for trust chain were generated by credential functions.In order to ensure security, each credential was generated based on last successful authentication parameters dynamically.The test results on automotive ethernet controllers show that the method has lower computing cost and higher security level, and it can guarantee both performance and security.

Key words: automotive ethernet, authentication, two-stage trust chain, state cryptographic algorithms

CLC Number:

TP393

Hui GUO, Yong LUO, Xiaolu GUO. Automotive ethernet controller authentication method based on national cryptographic algorithms[J]. Chinese Journal of Network and Information Security, 2022, 8(6): 20-28.

Figures/Tables 16

接收方/发送方	以太网网关	域控制器1	域控制器2	域控制器n
以太网网关	—	${f^{'}}_{1} (N)$	${f^{'}}_{2} (N)$	${f^{'}}_{n} (N)$
域控制器1	$f_{1} (N)$	—	${f^{'}}_{21} (N)$	${f^{'}}_{n 1} (N)$
域控制器2	$f_{2} (N)$	$f_{21} (N)$	—	${f^{'}}_{n 2} (N)$
域控制器n	$f_{n} (N)$	$f_{n 1} (N)$	$f_{n 2} (N)$	—

References 19

[1]	MATHEUS K . Automotive ethernet[M]. Cambridge: Cambridge University Press, 2015.
[2]	呼布钦, 秦贵和, 刘颖 ,等. 下一代汽车网络:车载以太网技术现状与发展[J]. 计算机工程与应用, 2016(24): 29-36.
	HU B Q , QIN G H , LIU Y ,et al. Next generation automotive network:technology status and development of automotive ethernet in-vehicle network[J]. Computer Engineering and Applications, 2016,(24): 29-36.
[3]	李克强, 戴一凡, 李升波 ,等. 智能网联汽车(ICV)技术的发展现状及趋势[J]. 汽车安全与节能学报, 2017,8(1): 1-14.
	LI K Q , DAI Y F , LI S B ,et al. State-of-the-art and technical trends of intelligent and connected vehicles[J]. Automotive Safety and Energy. 2017,8(1): 1-14.
[4]	LIN C W , YU H . Cooperation or competition? Coexistence of safety and security in next-generation ethernet-based automotive networks[C]// IEEE Design Automation Conference. 2016.
[5]	RAY S , WEN C , BHADRA J ,et al. Extensibility in automotive security:current practice and challenges[C]// Proceedings of the Design Automation Conference, 2017.
[6]	罗超 . 面向联网汽车车内网络的防御技术研究与实现[D]. 成都:电子科技大学, 2020.
	LUO C . Research and implementation of defense technology for in-vehicle network of connected vehicle[D]. Chengdu:UESTC, 2020.
[7]	IEEE standard for local and metropolitan area networks[R]. 2004.
[8]	FUNK P , BLAKEWILSON S . EAP tunneled TLS authentication protocol (EAP-TTLS)[R]. 2004.
[9]	ZELLE D , CHRISTOPH K , HUBERT S ,et al. On using TLS to secure in-vehicle networks[P]. Availability,Reliability and Security, 2017.
[10]	KOHL J , NEUMAN C . The kerberos network authentication service (V5)[S]. RFC Editor, 1993.
[11]	MUNDHENK P , PAVERD A , MROWCA A ,et al. Security in automotive networks[J]. ACM Transactions on Design Automation of Electronic Systems, 2017.
[12]	程安宇 . 乘用车网络控制系统中调度算法的研究与实现[D]. 武汉:武汉大学, 2014.
	CHENG A Y . The research and implementation of scheduling algorithm in passenger vehicle network control system[D]. Wuhan:WHU, 2014.
[13]	GB/T 32918-2016. 信息安全技术 SM2 椭圆曲线公钥密码算法[S]. 北京:中国质检出版社, 2016.
	GB/T 32918-2016. Information security technology— public key cryptographic algorithm SM2 based on elliptic curves[S]. Beijing:China Quality Press, 2016.
[14]	GB/T 32905-2016. 信息安全技术SM3 密码杂凑算法[M]. 北京: 中国质检出版社, 2016.
	GB/T 32905-2016. Information security technology— SM3 cryptographic hash algorithm[S]. Beijing:China Quality Press, 2016.
[15]	GB/T 32907-2016. 信息安全技术 SM4 分组密码算法[M]. 北京: 中国质检出版社, 2016.
	GB/T 32907-2016. Information security technology— SM4 block cipher algorithm[S]. Beijing:China Quality Press, 2016.
[16]	吴志红, 赵建宁, 朱元 ,等. 国密算法和国际密码算法在车载单片机上应用的对比研究[J]. 信息网络安全, 2019(8): 68-75.
	WU J H , ZHAO J N , ZHU Y ,et al. Comparative study on application of chinese cryptographic algorithms and international cryptographic algorithms in vehicle microcontrollers[J]. Netinfo Security, 2019(8): 68-75.
[17]	修佳鹏, 田超宇, 杨正球 ,等. SecOC 安全机制中国密算法应用方案研究[J]. 信息安全研究, 2020,6(9): 775-782.
	XIU J P , TIAN C Y , YANG Z Q ,et al. Research on application scheme of national secret algorithm SecOC security mechanism[J]. Journal of Information Security Research. 2020,6(9): 775-782.
[18]	AL-JARRAH O Y , MAPLE C , DIANATI M ,et al. Intrusion detection systems for intra-vehicle networks:a review[J]. IEEE Access, 2019: 1-10.
[19]	胡鑫鑫, 刘彩霞, 刘树新 ,等. 移动通信网鉴权认证综述[J]. 网络与信息安全学报, 2018,4(12): 1-15.
	HU X X , LIU C X , LIU S X ,et al. Overview of mobile communication network authentication[J]. Chinese Journal of Network and Information Security, 2018,4(12): 1-15.

Metrics

Recommended 0

No Suggested Reading articles found!

编号	攻击类型	攻击路径	攻击影响
1	篡改	篡改通信程序/数据	植入恶意代码/数据
2	窃听	接入窃听控制器	窃取秘密数据
3	拒绝服务	发送大量无效消息	无法正常通信
4	重放	播放录制消息	触发错误的响应
5	注入	注入错误消息	触发错误的响应
6	拦截	断开连接/时延发送	无法/时延正常通信

运算	平均耗时
SM2签名	0.9 s
SM2验签	1.3 s
SM4-CBC	44 μs
SM4-CMAC	106 μs

阶段	平均耗时
进入初始化模式	3.3 s
初始化身份认证	3.4 s
使用阶段身份认证	75.4 ms

Automotive ethernet controller authentication method based on national cryptographic algorithms

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 19

Related Articles 15

Metrics

Recommended 0

[1]	Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134.
[2]	Jin CAO, Xiaoping SHI, Ruhui MA, Hui LI. Fusion of satellite-ground and inter-satellite AKA protocols for double-layer satellite networks [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 18-31.
[3]	Jun LIU, Lin YUAN, Zhishang FENG. Survey of key management schemes for cluster networks [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 52-69.
[4]	Min XIAO, Tao YAO, Yuanni LIU, Yonghong HUANG. Dynamic and efficient vehicular cloud management scheme with privacy protection [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 70-83.
[5]	Qi JIANG, Ru FENG, Ruijie ZHANG, Jinhua WANG, Ting CHEN, Fushan WEI. GRU-based multi-scenario gait authentication for smartphones [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 26-39.
[6]	Cong YI, Jun HU. Novel continuous identity authentication method based on mouse behavior [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 179-188.
[7]	Liquan CHEN, Xiao LI, Zheyi YANG, Sijie QIAN. Blockchain-based high transparent PKI authentication protocol [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 1-11.
[8]	Jianlin NIU, Zhiyu REN, Xuehui DU. Cross-domain authentication scheme based on consortium blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 123-133.
[9]	Weicheng ZHANG, Hongquan WEI, Shuxin LIU, Liming PU. Fast handover authentication scheme in 5G mobile edge computing scenarios [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 154-168.
[10]	Zijun XU, Jianwei LIU, Geng LI. Research on network slicing security for 5G mMTC [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 95-105.
[11]	Guanqun YANG, Yin LIU, Hao XU, Hongwei XING, Jianhui ZHANG, Entang LI. Credible distributed identity authentication system of microgrid based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 88-98.
[12]	Yueyang YE, Xinglan ZHANG. Research on anonymous identity authentication technology in Fabric [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 134-140.
[13]	Xiaolin ZHANG,Dawu GU,Chi ZHANG. Issues of identity verification of typical applications over mobile terminal platform [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 137-151.
[14]	Hao WANG,Tianhao WU,Konglin ZHU,Lin ZHANG. Anonymous vehicle authentication scheme based on blockchain technology in the intersection scenario [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 27-35.
[15]	Xu ZHANG,Xin MA. Lightweight mobile Ad Hoc network authentication scheme based on blockchain [J]. Chinese Journal of Network and Information Security, 2020, 6(4): 14-22.