Nothing Special   »   [go: up one dir, main page]

CN105897713A - Method and device for designing inter vehicle communication system security protocol - Google Patents

Method and device for designing inter vehicle communication system security protocol Download PDF

Info

Publication number
CN105897713A
CN105897713A CN201610221974.1A CN201610221974A CN105897713A CN 105897713 A CN105897713 A CN 105897713A CN 201610221974 A CN201610221974 A CN 201610221974A CN 105897713 A CN105897713 A CN 105897713A
Authority
CN
China
Prior art keywords
vehicle
security
module
signature
inter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610221974.1A
Other languages
Chinese (zh)
Inventor
潘晨劲
赵江宜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Foochow Hua Ying Heavy Industry Machinery Co Ltd
Original Assignee
Foochow Hua Ying Heavy Industry Machinery Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Foochow Hua Ying Heavy Industry Machinery Co Ltd filed Critical Foochow Hua Ying Heavy Industry Machinery Co Ltd
Priority to CN201610221974.1A priority Critical patent/CN105897713A/en
Publication of CN105897713A publication Critical patent/CN105897713A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method and a device for designing an inter vehicle communication system security protocol. The method comprises the following steps: a security assembly module registers an inter-layer proxy in a communication protocol stack, a specific message type is subscribed, and the security assembly module checks and changes the information returned by the inter-layer proxy or sends the information back to the inter-layer proxy. The problem of extracting data from the communication protocol stack according to requirements is solved.

Description

Vehicle-to-vehicle communication security of system Protocol Design Method and device
Technical field
The present invention relates to communication technical field, particularly relate to a kind of vehicle-to-vehicle communication security of system Protocol Design side Method and device.
Background technology
Different communication equipment in vehicle-to-vehicle communication system (it is connected to mobile phone or the desktop computer of the Internet, And the equipment in vehicle-to-vehicle communication network) between have significant difference, determine the distinctive limit of vehicle-to-vehicle communication System and condition:
(1) vehicle has the longest life-span, it is difficult to change onboard system to tackle new wind on the horizon Danger.
(2) car owner has fixing physical interface and conducts interviews and control completely to car, and most users can Can attempt amendment or " enhancing " their vehicle, there is the risk that hardware is distorted.
(3) safety method of vehicle must be able to automatically run, it is not necessary to the intervention of user or feedback.
(4) robustness requirement and time requirement of real-time.
(5) relevant supporting laws and regulations are formulated.
More than affect the realization of the security system of vehicle-to-vehicle communication.
Summary of the invention
For this reason, it may be necessary to provide one flexibly, adaptable and extendible, support follow-up The security mechanism of the vehicle-to-vehicle communication adjusted.
For achieving the above object, inventor provide a kind of vehicle-to-vehicle communication security of system Protocol Design Method, Comprising the steps, security component module registers inter-layer agent in communication protocol stack, subscribes to and specifically disappears Breath type, in interlayer generation, is consulted, revises or beamed back to the information that inter-layer agent is returned by security component module Reason.
Further, also include step, the signature of instruction type of message is checked, by invalid signature Instruction message abandon or labelling.
Further, also including step, hardware security module is security component mould by application programming interfaces Block provides key, digital signature or timestamp.
Preferably, described hardware security module uses elliptic curve cipher to provide signature, key;Also include Step, when neighbours' vehicle does not changes, the message of transmission not attaching signature or certificate.
Specifically, also including step, on-vehicle safety module enters vehicle based on accessing rule list to outside Data stream is controlled, and on-vehicle safety module is dynamically updated described access rule list.
A kind of vehicle-to-vehicle communication security of system Protocol Design device, including security component module, described secure group Part module, for registering inter-layer agent in communication protocol stack, subscribes to specific type of message, security component The information that inter-layer agent is returned by module is consulted, is revised or beam back inter-layer agent.
Further, described security component module is additionally operable to, and checks the signature of instruction type of message, The instruction message of invalid signature is abandoned or labelling.
Further, also include that hardware security module, described hardware security module are used for passing through application program Interface provides key, digital signature or timestamp for security component module.
Preferably, described hardware security module uses elliptic curve cipher to provide signature, key;
Described security component module is additionally operable to when neighbours' vehicle does not changes, send not attaching signature, Or the message of certificate.
Specifically, also including on-vehicle safety module, described on-vehicle safety module is for based on accessing rule list The data stream that outside enters vehicle is controlled, and on-vehicle safety module is additionally operable to be dynamically updated described visit Ask rule list.
Being different from prior art, technique scheme has the highest robustness, motility and adapts to Property, the problem solving vehicle-to-vehicle communication security of system Protocol Design.
Accompanying drawing explanation
Fig. 1 is the method flow diagram described in the specific embodiment of the invention;
Fig. 2 is the baseline framework Deployment view described in the specific embodiment of the invention;
Fig. 3 is the apparatus module figure described in the specific embodiment of the invention.
Description of reference numerals:
300, security component module;
302, hardware security module;
304, on-vehicle safety module.
Detailed description of the invention
By describing the technology contents of technical scheme, structural feature in detail, being realized purpose and effect, below In conjunction with specific embodiments and coordinate accompanying drawing to be explained in detail.
Before the framework of security system of vehicle-to-vehicle communication being described in detail in detail and realizes, first, introduce vehicle-to-vehicle communication system Difference between system and other general information technology system.Secondly, the baseline of this set security system is introduced Framework, it is preferred that emphasis is technology realizes and concrete deployment, and the most existing communication protocol stack is the most integrated, The application of hardware security module, and vehicle-to-vehicle communication board units is to the secure connection of vehicle bus system, And analyze performance and the communication overhead of proposed security mechanism, it is proposed that it is excellent that effective and safe communicates Change.Finally, some themes relevant to the communication system security research of future car border are introduced: 1, different pieces of information The different safety methods of mode of propagation, such as, be polymerized, broadcast the safety method different with unicast communication needs; 2, vehicle-to-vehicle communication system and other network or the attachment security problem with mobile business equipment.3, safety Location and the problem of vehicle-to-vehicle communication privacy solution.
The security mechanism of vehicle-to-vehicle communication should be flexibly, adaptable and extendible, supports The follow-up change being adapted to safety requirements.A kind of roll-over protective structure based on assembly in vehicle-to-vehicle communication system Structure, it is allowed within the whole use cycle of vehicle, add, change and reconfigure assembly (such as, Replace AES).Security system can be integrated on all of platform, even single car category Different editions and mutation.Communication protocol stack and safety method can by different team or supplier designs, But having that unified definition is clear again can be with the interface of interface flexibility." mounting framework " meets requirements above, Elaborate the particular kind of relationship of interface between each layer of vehicle-to-vehicle communication system, introduce event call-back mechanism to assisting View stack, it is allowed to add security strategy, without changing whole communication system.Onboard safety systems needs Meeting the real-time or requirement of near real-time, the bottom cryptographic primitives required near real-time, encryption hardware needs Optimize, balance could be obtained between safety and performance.
In order to enable vehicle-to-vehicle communication system to stand following unknown attack, put prevention first except traditional Method, it is necessary to possess detection attack function, such as intrusion detection capability, and under fire after extensive Reactivation power.In long-term operation, target is the toughness of strengthening system.
Refer to Fig. 1, for the flow chart of the present invention a kind of vehicle-to-vehicle communication security of system Protocol Design Method, bag Including following steps, S101 security component module registers inter-layer agent in communication protocol stack, subscribes to specific Type of message, the information that inter-layer agent is returned by security component module is consulted, is revised or beam back interlayer Agency.During wherein inter-layer agent refers to communication protocol in the data interaction of multilamellar, the agency of inter-layer data Node, by registering multiple inter-layer agents at multiple agent nodes, it is possible to reaches to set up the data shelf of mounting The effect of structure, solves the problem extracting data according to actual needs from communication protocol stack, it is provided that suitable The vehicle-to-vehicle communication security of system protocol infrastructure that answering property is the strongest.
In our method, the security system of vehicle-to-vehicle communication, define one and be made up of disparate modules Framework.Each module solves the problem in terms of some safety and privacy, comprises a part of systemic-function real Existing assembly.Baseline Profiles provides an instantiation of baseline framework, sets up in perfect mechanism and adds On the basis of close primitive, easily it is deployed in vehicle-to-vehicle communication system.
The baseline framework of this security system solves the problem of different aspect, such as secure communication protocols, privacy Protection and on-vehicle safety.Vehicle-to-vehicle communication security system can not be based on a fixing platform, and should It is flexibly, new opplication and the new technique of following vehicle-to-vehicle communication can be accepted.
In order to realize motility, the baseline framework of security system is made up of module, and each module is each responsible for The specific part of system.Module is made up of multiple assemblies processing particular task respectively.Such as, safety is logical Letter module is responsible for realizing secure communication protocols, is made up of multiple assemblies, and each assembly realizes a single association View.When application-specific needs some assembly, and assembly will be instantiated, between assembly, use define to connect Mouth is in communication with each other.
As shown in Fig. 2 baseline framework Deployment view, security manager is the core of system architecture, joins Put the assembly of other security modules all, and set up the connection of encryption support module.In order to tackle difference Situation, security manager safeguards different set of strategies, and strategy can enable or disable some assemblies, Or adjust their configuration, such as, strengthen or weaken the parameter that assumed name changes in some cases.
Preferably, described hardware security module uses elliptic curve cipher to provide signature, key;Also include Step, when neighbours' vehicle does not changes, the message of transmission not attaching signature or certificate.
Specifically, also including step, on-vehicle safety module enters vehicle based on accessing rule list to outside Data stream is controlled, and on-vehicle safety module is dynamically updated described access rule list.
Communication stack is integrated
In order to independent of actual communication protocol stack, the integrated of security system to protocol stack is based on " mounting " Concept.The framework that similar Linux NETfilter kernel subsystems is similar.Inter-layer agent is inserted in communication protocols Discussing some in the middle of stack, each inter-layer agent safeguards the callback handler of one group of some event notification.
During initialization, security system assembly can be registered to an inter-layer agent, subscribes to specific message Type and direction (protocol stack is up or down).Implement an event sniffer interface, use location registration process Program is connected to an inter-layer agent.Some assemblies may need to be registered to multiple inter-layer agent, subscribes to not Packet with type.When message arrives an inter-layer agent, and an event call-back is triggered to all notes The volume assembly of this type of message, the button.onrelease of these assemblies is called.Readjustment include one right Receiving the reference information of message, then assembly can check or revise it.The return value of assembly indicates Whether whether message is modified, if need to be reinserted into protocol stack, or simply lost by inter-layer agent Abandon.By accessing specific inter-layer agent interface, it is possible to quickly obtain the data-message between communication protocol stack. In a further embodiment, also including step, the signature of instruction type of message is checked by S102, The instruction message of invalid signature is abandoned or labelling.Such as safety instruction assembly, is connected in MAC layer Inter-layer agent, and check the signature of all incoming instruction message, the instruction of invalid signature will be dropped or Labelling.Use this mounting framework, it is possible to pellucidly with minimum amendment cost, by security function collection Become to existing network protocol stack.And event is triggered by communication protocol stack, security system is with command calls Mode is conducted interviews by the application programming interfaces defined.Command calls is similar, and " instruction MAC layer is arranged Its MAC Address is a new assumed name " this.
Network protocol stack has been done specific hypothesis by the concept " mounted ".It assumes that the frame of a layering Structure, inter-layer agent may be inserted between layer, and protocol stack needs to realize a specific command interface, such as Change to MAC Address.Put down to the framework of our security system be transplanted to much different communication Platform, system also provides an additional convergence layer, defines an abstract interface, agent communication system Calling between system and security component.When the platform that system transplantation to is new, except adapting to different bags Outside form, only inter-layer agent and convergence layer needs to revise, and the safety of other all component and communication party Face is all without being affected.
Hardware security module
In further embodiment, also including step S104, hardware security module passes through application programming interfaces Key, digital signature or timestamp is provided for security component module.
Wherein, the hardware security module on vehicle is used for the storage to private key and for using private key on hardware The operation of encryption provides physical protection environment.
First, hardware security module allows for preventing from distorting, and makes hardware security module with special The special IC (ASIC) of anti-tamper function can meet requirement.Meanwhile, can avoid " high-end Tamper-resist module is the most expensive, and the tamper resistant device of low side does not has internal battery, it is impossible to provide one reliably Internal clocking, it is impossible to produce timestamp and trusted by other system participant " problem.
Second, hardware security module needs one can be that other module of security architecture provides answering of service Use routine interface.The necessary digital signature supporting of application programming interfaces and time-stamping service, decryption services, with And key and equipment control service.The cipher key management services of hardware security module uses ECDSA (ellipse in realizing Circular curve Digital Signature Algorithm) produce digital signature, (ashed information is reflected to use band HMAC-SHA1 Other code, hash algorithm authentication protocol based on key) and ECIES (the elliptic curve collection of AES-CBC Become encryption system) it is encrypted.
3rd, if the application programming interfaces design of physical security module is the most weak, it is easy under attack.Cause This can with type of service verification technique (application based on π calculus and an automated verification tools Proverif), The application programming interfaces of checking hardware security module.Short-term and long-term private are through a series of possible functions After calling, will not be found.By above-mentioned steps, perform digital signature and encryption and decryption service, carry The high practicality of the inventive method.
On-vehicle safety
In some specific embodiment, also including step S106, on-vehicle safety module is based on accessing rule The data stream that table enters vehicle to outside is controlled, and on-vehicle safety module is dynamically updated described access and advises Then table.Vehicle-to-vehicle communication system needs to access In-vehicle networking and sensor to observe vehicle and the current shape of environment State, onboard system signal is transferred in car by different networks and territory, and signal is generally limited to specific Network segment, prevent information from leaving specific field.This framework clearly and strict differentiation guarantee whole car Carrying communication system will not be by external attack, particularly its critical function (brake, engine or air bag Control) continue reliability service.One more open framework is (such as, it is allowed to read sensing from In-vehicle networking Device information or to the display of the warning information of external source and reaction) absolute demand guarantees that onboard system is subject to To protection, prevent any outside malice impact.
On-vehicle safety module is the interface between protection In-vehicle networking and wireless communication system, and it controls outside Access In-vehicle networking, vehicular control unit and vehicle sensory data, also ensure that simultaneously other V2V and Data needed for V2I application and the correctness of service.In order to realize, based on access rule list, outside is entered car Data stream be controlled, on-vehicle safety module is dynamically updated described access rule list function, vehicle-mounted Security module provides two primary clusterings: (i) fire wall, controls from applications to vehicle and backstage Data stream;(ii) intruding detection system, the state of monitor full time onboard system, and provide attack Real-time detection.
Which fire wall, based on one packet of strategy identification or application, based on accessing rule list, describes Application allows to access any data or service.In order to refuse the access of application-specific or disable some clothes Business, intruding detection system can dynamically add rule to firewall policy table.
Intruding detection system is based on automatic testing method, and the method means the behavior of normal onboard system It is clearly defined and specifies.If the state that event result in onboard system is not standard criterion , it is meant that potential dangerous situation detected.According to event source and type, take to react accordingly to make System returns to secure and safe state.
Optimization based on performance considers
Preferably, described hardware security module uses elliptic curve cipher to provide signature, key;Also include Step, when neighbours' vehicle does not changes, the message of transmission not attaching signature or certificate.This be by In, a critically important aspect in disposing in onboard system is exactly performance.Under cost limited case, Automobile cannot equip state-of-the-art desktop processor, and replaces with cheap He energy-conservation flush bonding processor. But, the cryptographic calculation of safe vehicle-to-vehicle communication the most substantially occupies the expense of processor and communication bandwidth. Vehicle frequently sends message (such as position and environmental condition), it is typical that every 100 milliseconds 1 instruction. With this speed, security overhead is very important, and calculating security overhead is the generation based on packet signature and certificate And checking.The instruction of each safety must use signature verification, and each vehicle must verify that, such as All neighbours' vehicles in the range of every 100 milliseconds.
RSA and DSA signature are for a long time as industry standard, but are not appropriate for the car border of high speed and low overhead The communication system combination of big X.509v3 certificate (particularly with).Oval song for same level of security Line password (ECC), i.e. ECC signs, and key and certificate, expense is then significantly less than RSA and DSA. Therefore, the same with IEEE1609.2 test standard, select to use EC-DSA signature, and use compression Certificate.
In order to reduce expense, all message can not also certificate of addition, and advise certificate cache with reduce Verification process expense.Unless vehicle neighbours create change, otherwise omit signature or signature verification, keep away Exempt from certificate based on content to install, to save expense.
Expense creates impact to vehicle-to-vehicle communication application.First is the reliability of communication: increase the big of beacon Little by generation interference, load more high channel performance the poorest.Second is to process expense: each receptor V Must verify that the signature of each packet received in principle, and generation less timely (of signing For as, each time slot, V generates 1 signature and verifies N number of message).By above-mentioned optimization method, Significantly reduce signature or certificate needs the network traffics that take, take in the case of neighbours do not change Disappear signature or certificate, has reached saving network flow and has improved the effect of data processing speed.
Here please see Figure 3, for a kind of vehicle-to-vehicle communication security of system Protocol Design device, including security component mould Block 300, described security component module 300, for registering inter-layer agent in communication protocol stack, is subscribed to specific Type of message, the information that inter-layer agent is returned by security component module 300 consults, revise or send out Return inter-layer agent.
Designed by said apparatus, reached information in quick obtaining communication protocol stack, subscribed to by registration Certain message types reaches the effect of secure communication changefully, has the highest adaptability, solves car border Communication system security Protocol Design problem.
In further embodiment, described security component module 300 is additionally operable to, to instruction type of message Signature checks, the instruction message of invalid signature is abandoned or labelling.Above-mentioned design is by invalid label Name carries out verifying the safety that improve device.
In some further embodiment, also include hardware security module 302, described hardware security module 302 for providing key, digital signature or timestamp by application programming interfaces for security component module.Carry The high safety of apparatus of the present invention, preferably solves vehicle-to-vehicle communication security of system Protocol Design problem.
In preferred embodiment, described hardware security module 302 use elliptic curve cipher provide signature, Key;
Described security component module 300 is additionally operable to, when neighbours' vehicle does not changes, send the most additional label Name or the message of certificate.Such scheme saves the communication resource that vehicle-to-vehicle communication signature takies with certificate, Improve the efficiency of vehicle-to-vehicle communication in device, preferably solve vehicle-to-vehicle communication security of system Protocol Design Problem.
Specifically, also including on-vehicle safety module 304, described on-vehicle safety module is for based on accessing rule The data stream that table enters vehicle to outside is controlled, and on-vehicle safety module is additionally operable to be dynamically updated described Access rule list.On-vehicle safety module provides two primary clusterings: (i) fire wall, controlling should from outside Use the data stream on vehicle and backstage;(ii) intruding detection system, the shape of monitor full time onboard system State, and provide the real-time detection attacked.Ensured the safety of internal data by above-mentioned module, improved The safety of this device.
It should be noted that in this article, the relational terms of such as first and second or the like is used merely to One entity or operation are separated with another entity or operating space, and not necessarily requires or imply Relation or the order of any this reality is there is between these entities or operation.And, term " includes ", " comprise " or its any other variant is intended to comprising of nonexcludability, so that include that one is The process of row key element, method, article or terminal unit not only include those key elements, but also include not There are other key elements being expressly recited, or also include setting for this process, method, article or terminal Standby intrinsic key element.In the case of there is no more restriction, by statement " including ... " or " comprising ... " The key element limited, it is not excluded that in including the process of described key element, method, article or terminal unit There is also other key element.Additionally, in this article, " being more than ", " being less than ", " exceeding " etc. are interpreted as not Including this number;More than " ", " below ", " within " etc. be interpreted as including this number.
Those skilled in the art are it should be appreciated that the various embodiments described above can be provided as method, device or meter Calculation machine program product.These embodiments can use complete hardware embodiment, complete software implementation or knot The form of the embodiment in terms of conjunction software and hardware.Whole or portion in the method that the various embodiments described above relate to Can instruct relevant hardware by program step by step to complete, described program can be stored in calculating In the storage medium that machine equipment can read, all or part of for perform described in the various embodiments described above method Step.Described computer equipment, includes but not limited to: personal computer, server, general purpose computer, Special-purpose computer, the network equipment, embedded device, programmable device, intelligent mobile terminal, intelligence man Occupy equipment, wearable intelligent equipment, vehicle intelligent equipment etc.;Described storage medium, including but do not limit In: RAM, ROM, magnetic disc, tape, CD, flash memory, USB flash disk, portable hard drive, storage card, note Recall rod, webserver storage, network cloud storage etc..
The various embodiments described above are with reference to according to the method described in embodiment, equipment (system) and computer program The flow chart of product and/or block diagram describe.It should be understood that flow process can be realized by computer program instructions Stream in each flow process in figure and/or block diagram and/or square frame and flow chart and/or block diagram Journey and/or the combination of square frame.Can provide these computer program instructions to computer equipment processor with Produce a machine so that the instruction performed by the processor of computer equipment is produced for realizing at stream The function specified in one flow process of journey figure or multiple flow process and/or one square frame of block diagram or multiple square frame Device.
These computer program instructions may be alternatively stored in the meter that computer equipment can be guided to work in a specific way Calculate in machine equipment readable memory so that the instruction being stored in this computer equipment readable memory produces Including the manufacture of command device, this command device realize one flow process of flow chart or multiple flow process and/ Or the function specified in one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded on computer equipment so that holds on a computing device Row sequence of operations step is to produce computer implemented process, thus the finger performed on a computing device Order provides for realizing at one flow process of flow chart or multiple flow process and/or one square frame or multiple of block diagram The step of the function specified in square frame.
Although being described the various embodiments described above, but those skilled in the art once learn Basic creative concept, then can make other change and amendment to these embodiments, so above institute Stating only embodiments of the invention, not thereby limit the scope of patent protection of the present invention, every utilization is originally Equivalent structure or equivalence flow process that description of the invention and accompanying drawing content are made convert, or directly or indirectly use In the technical field that other are relevant, within being the most in like manner included in the scope of patent protection of the present invention.

Claims (10)

1. a vehicle-to-vehicle communication security of system Protocol Design Method, it is characterised in that comprise the steps, Security component module registers inter-layer agent in communication protocol stack, subscribes to specific type of message, secure group The information that inter-layer agent is returned by part module is consulted, is revised or beam back inter-layer agent.
Vehicle-to-vehicle communication security of system Protocol Design Method the most according to claim 1, it is characterised in that Also include step, the signature of instruction type of message is checked, the instruction message of invalid signature is abandoned Or labelling.
Vehicle-to-vehicle communication security of system Protocol Design Method the most according to claim 2, it is characterised in that Also including step, hardware security module provides key, number by application programming interfaces for security component module Word signature or timestamp.
Vehicle-to-vehicle communication security of system Protocol Design Method the most according to claim 3, it is characterised in that Described hardware security module uses elliptic curve cipher to provide signature, key;Also include step, work as neighbours When vehicle does not changes, the message of transmission not attaching signature or certificate.
Vehicle-to-vehicle communication security of system Protocol Design Method the most according to claim 1, it is characterised in that Also including step, the data stream of outside entrance vehicle is controlled by on-vehicle safety module based on accessing rule list System, on-vehicle safety module is dynamically updated described access rule list.
6. a vehicle-to-vehicle communication security of system Protocol Design device, it is characterised in that include security component mould Block, described security component module, for registering inter-layer agent in communication protocol stack, subscribes to specific message Type, the information that inter-layer agent is returned by security component module is consulted, is revised or beam back inter-layer agent.
Vehicle-to-vehicle communication security of system Protocol Design device the most according to claim 6, it is characterised in that Described security component module is additionally operable to, and checks, the signature of instruction type of message by invalid signature Instruction message abandons or labelling.
Vehicle-to-vehicle communication security of system Protocol Design device the most according to claim 7, it is characterised in that Also including hardware security module, it is security component that described hardware security module is used for by application programming interfaces Module provides key, digital signature or timestamp.
Vehicle-to-vehicle communication security of system Protocol Design device the most according to claim 8, it is characterised in that Described hardware security module uses elliptic curve cipher to provide signature, key;
Described security component module is additionally operable to when neighbours' vehicle does not changes, send not attaching signature, Or the message of certificate.
Vehicle-to-vehicle communication security of system Protocol Design device the most according to claim 6, its feature exists In, also including on-vehicle safety module, described on-vehicle safety module is for entering outside based on access rule list The data stream entering vehicle is controlled, and on-vehicle safety module is additionally operable to be dynamically updated described access rule list.
CN201610221974.1A 2016-04-11 2016-04-11 Method and device for designing inter vehicle communication system security protocol Pending CN105897713A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610221974.1A CN105897713A (en) 2016-04-11 2016-04-11 Method and device for designing inter vehicle communication system security protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610221974.1A CN105897713A (en) 2016-04-11 2016-04-11 Method and device for designing inter vehicle communication system security protocol

Publications (1)

Publication Number Publication Date
CN105897713A true CN105897713A (en) 2016-08-24

Family

ID=57013150

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610221974.1A Pending CN105897713A (en) 2016-04-11 2016-04-11 Method and device for designing inter vehicle communication system security protocol

Country Status (1)

Country Link
CN (1) CN105897713A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881486A (en) * 2018-08-01 2018-11-23 北京航空航天大学 Intelligent network connection vehicle remote communication means and system based on trusted technology
CN111615078A (en) * 2020-04-20 2020-09-01 深圳联友科技有限公司 Communication method and device of C-V2X protocol stack

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080288954A1 (en) * 2002-12-17 2008-11-20 Axel Fuchs System, method and computer program product for sharing information in a distributed framework
US20090212928A1 (en) * 2005-06-15 2009-08-27 Volkswagen Ag Method and Device for Secure Communication of a Component of a Vehicle with an External Communication Partner via a Wireless Communication Link
CN101843033A (en) * 2007-08-28 2010-09-22 Abb研究有限公司 Real-time communication security for automation networks
CN102065003A (en) * 2010-08-24 2011-05-18 吉林大学 Method, system and equipment for realizing trusted secure routing of vehicular information system
CN103684963A (en) * 2013-11-18 2014-03-26 重庆邮电大学 Framework system and implementation method of middleware applied to car networking
CN103929428A (en) * 2014-04-24 2014-07-16 吴刚 Method for achieving communication safety of vehicle-mounted electronic information system
CN203870689U (en) * 2014-06-08 2014-10-08 山东天海科技股份有限公司 Monitoring system on basis of Beidou positioning system for internet of vehicles

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080288954A1 (en) * 2002-12-17 2008-11-20 Axel Fuchs System, method and computer program product for sharing information in a distributed framework
US20090212928A1 (en) * 2005-06-15 2009-08-27 Volkswagen Ag Method and Device for Secure Communication of a Component of a Vehicle with an External Communication Partner via a Wireless Communication Link
CN101843033A (en) * 2007-08-28 2010-09-22 Abb研究有限公司 Real-time communication security for automation networks
CN102065003A (en) * 2010-08-24 2011-05-18 吉林大学 Method, system and equipment for realizing trusted secure routing of vehicular information system
CN103684963A (en) * 2013-11-18 2014-03-26 重庆邮电大学 Framework system and implementation method of middleware applied to car networking
CN103929428A (en) * 2014-04-24 2014-07-16 吴刚 Method for achieving communication safety of vehicle-mounted electronic information system
CN203870689U (en) * 2014-06-08 2014-10-08 山东天海科技股份有限公司 Monitoring system on basis of Beidou positioning system for internet of vehicles

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881486A (en) * 2018-08-01 2018-11-23 北京航空航天大学 Intelligent network connection vehicle remote communication means and system based on trusted technology
CN111615078A (en) * 2020-04-20 2020-09-01 深圳联友科技有限公司 Communication method and device of C-V2X protocol stack
CN111615078B (en) * 2020-04-20 2023-02-24 深圳联友科技有限公司 Communication method and device of C-V2X protocol stack

Similar Documents

Publication Publication Date Title
US11509666B2 (en) Automated security policy generation for controllers
Dibaei et al. Attacks and defences on intelligent connected vehicles: A survey
Chattopadhyay et al. Autonomous vehicle: Security by design
Gupta et al. Authorization framework for secure cloud assisted connected cars and vehicular internet of things
US10949528B1 (en) System and method for secure, policy-based access control for mobile computing devices
CN106878008B (en) A kind of vehicle-mounted T Box and user mobile phone information interaction security Verification System and method
Kargl et al. Secure vehicular communication systems: implementation, performance, and research challenges
CN103559437B (en) Access control method and system for Android operation system
CN1869927B (en) Device controller, method for controlling a device, and program therefor
Cheng et al. Security patterns for automotive systems
Dellios et al. Information security compliance over intelligent transport systems: Is it possible?
CN102624721A (en) Feature code verification platform system and feature code verification method
Oyler et al. Security in automotive telematics: a survey of threats and risk mitigation strategies to counter the existing and emerging attack vectors
Cheng et al. Security patterns for connected and automated automotive systems
CA2954984A1 (en) Systems and methods for enhancing mobile security via aspect oriented programming
Galego et al. Cybersecurity in smart cities: Technology and data security in intelligent transport systems
CN105897713A (en) Method and device for designing inter vehicle communication system security protocol
Singh et al. Cybersecurity in automotive technology
Klement et al. Man-in-the-OBD: A modular, protocol agnostic firewall for automotive dongles to enhance privacy and security
Hamad et al. Intrusion response system for vehicles: Challenges and vision
Efstathiadis et al. Smart cars and over-the-air updates
US20190334998A1 (en) Sensor For Detecting Measured Values; Method, Device And Computer-Readable Storage Medium With Instructions For Processing Measured Values From A Sensor
Agarwal et al. Forecasting-based Authentication Schemes for Network Resource Management in Vehicular Communication Network
Dewangan et al. Cyber Threats and Its Mitigation to Intelligent Transportation System
Iclodean et al. Safety and cybersecurity

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160824

RJ01 Rejection of invention patent application after publication