Skip to main content
QUICK REVIEW

[论文解读] System Level Design Approaches to Security in Automotive Networks

Philipp Mundhenk, Andrew Paverd|arXiv (Cornell University)|Mar 10, 2017
Vehicular Ad Hoc Networks (VANETs)参考文献 1被引用 2
一句话总结

本文提出LASAN,一种轻量级、全生命周期的认证框架,通过实现组件认证与访问控制,在满足实时性约束的前提下保护车载网络的安全。该框架将密码学技术集成于车辆制造、维护及空中升级过程中,经形式化验证与仿真,证明其具备安全性与时间约束合规性。

ABSTRACT

With the increasing amount of interconnections between vehicles, the attack surface of internal vehicle networks is rising steeply. Although these networks are shielded against external attacks, they often do not have any internal security to protect against malicious components or adversaries who breach the network perimeter. To secure the in-vehicle network, all communicating components must be authenticated, and only authorized components should be allowed to send and receive messages. This is achieved using an authentication framework. Cryptography is widely used to authenticate communicating parties and provide secure communication channels (e.g., Internet communication). However, the real-time performance requirements of in-vehicle networks restrict the types of cryptographic algorithms and protocols that may be used. In particular, asymmetric cryptography is computationally infeasible during vehicle operation. In this work, we address the challenges of designing authentication protocols for automotive systems. We present Lightweight Authentication for Secure Automotive Networks (LASAN), a full lifecycle authentication approach. We describe the core LASAN protocols and show how they protect the internal vehicle network while complying with the real-time constraints and low computational resources of this domain. Unlike previous work, we also explain how this framework can be integrated into all aspects of the automotive lifecycle, including manufacturing, vehicle maintenance, and software updates. We evaluate LASAN in two different ways: First, we analyze the security properties of the protocols using established protocol verification techniques based on formal methods. Second, we evaluate the timing requirements of LASAN and compare these to other frameworks using a new highly modular discrete event simulator for in-vehicle networks, which we have developed for this evaluation.

研究动机与目标

  • 解决由于汽车网络互联性增强而带来的攻击面扩大问题,以及内部安全机制缺失的问题。
  • 设计一种认证框架,确保仅授权组件可在车载网络内通信。
  • 满足典型车载系统所要求的严格实时性与低计算资源约束。
  • 将认证框架无缝集成至汽车全生命周期,包括制造、维护与软件更新。
  • 验证所提出方案的安全属性与实时性能表现。

提出的方法

  • 设计LASAN作为基于轻量级密码原原子的全生命周期认证框架,适用于资源受限的车载环境。
  • 采用形式化方法验证核心LASAN协议的安全属性,确保对常见网络攻击具备抗性。
  • 开发高度模块化的离散事件仿真器,用于评估LASAN的时序行为与实时合规性。
  • 采用对称密钥密码学而非计算开销较大的非对称密码学,以满足实时性要求。
  • 设计协议套件以支持安全启动、动态重新认证及安全空中升级。
  • 将框架集成至车辆开发工作流程中,以支持安全的组件接入与全生命周期管理。

实验结果

研究问题

  • RQ1如何设计一种安全认证框架,使其在车载网络的实时约束下稳定运行?
  • RQ2何种密码学方法可在资源受限的车载ECU上实现强安全性与可行性之间的平衡?
  • RQ3如何实现认证框架在汽车全生命周期各阶段的无缝集成?
  • RQ4在真实网络条件下,所提出的协议套件具有怎样的时序特性?
  • RQ5与现有框架相比,LASAN在安全性和性能方面表现如何?

主要发现

  • LASAN在性能开销极小的前提下成功实现了组件的强认证,适用于实时车载系统。
  • 形式化验证表明,核心LASAN协议对重放攻击与冒充攻击等常见威胁具备抗性。
  • 离散事件仿真器表明,LASAN在各种网络负载场景下均能满足关键时序约束。
  • 与现有框架相比,LASAN在计算效率与全生命周期集成能力方面表现更优。
  • 该框架支持安全的组件接入与更新,实现全生命周期的可信管理,且不损害性能。
  • 采用对称密钥密码学而非非对称方法,使系统可在低功耗ECU上高效执行,同时保持强安全保证。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。