基于动态ID跳变的CAN总线安全调度算法

doi:10.12068/j.issn.1005-3026.2022.03.007

东北大学学报（自然科学版） ›› 2022, Vol. 43 ›› Issue (3): 350-358.DOI: 10.12068/j.issn.1005-3026.2022.03.007

基于动态ID跳变的CAN总线安全调度算法

丁山，臧仕义，曹殿明，佘黎煌

(东北大学计算机科学与工程学院，辽宁沈阳110169)

修回日期:2021-03-11 接受日期:2021-03-11 发布日期:2022-05-18
通讯作者: 丁山
作者简介:丁山 (1967-) ，男，湖南攸县人，东北大学副教授.
基金资助:
中央高校基本科研业务费专项资金资助项目(N181604007).

Security Scheduling Algorithm of CAN Bus Based on Dynamic ID Hopping

DING Shan， ZANG Shi-yi， CAO Dian-ming， SHE Li-huang

School of Computer Science ＆ Engineering， Northeastern University， Shenyang 110169， China.

Revised:2021-03-11 Accepted:2021-03-11 Published:2022-05-18
Contact: DING Shan
About author:-
Supported by:
-

摘要/Abstract

摘要： CAN(controller area network)总线是应用最广泛的现场总线，由于缺乏认证及消息检验机制，使得现在的CAN总线具有极大的安全隐患，需要为CAN总线设计防御机制.针对此情况，本文设计了一种优先级跳变机制，将通过散列函数进行一次性标识符动态跳变的方式引入到实时调度算法中.使用遗传算法计算固定优先级，求出优先级可妥协范围，将各帧进行分组，将数据帧的ID段进行分段重构，ID段前部分决定优先级并进行优先级跳变，ID段的后部分进行一次性动态跳变.实验结果表明，使用动态优先级和一次性ID跳变的方式进行跳变，相较于已有的ID跳变机制其安全性有了较大的提升.

关键词: CAN(控制器局域网络)总线;遗传算法;ID重构;动态ID跳变;实时调度

Abstract: CAN(controller area network) bus is the most widely used field bus. Due to the lack of authentication and message checking mechanism， CAN bus has great security risks， so it is necessary to design a defense mechanism for CAN bus. In this paper， a priority hopping mechanism is designed， which introduces the dynamic hopping of identifiers by Hash function into a real-time scheduling algorithm. The fixed priority is calculated by a genetic algorithm， and the compromise range of priority is found out. Each frame is grouped， and the ID segment of data frame is segmented and reconstructed. The former part of the ID segment determines the priority and performs priority hopping， while the latter part of the ID segment hops dynamically at one time. Experimental results show that using dynamic priority and one-time ID Hopping to hop has a greater security improvement than the existing ID Hopping mechanism.

Key words: CAN(controller area network)bus; genetic algorithm; ID reconstruction; dynamic ID Hopping; real-time scheduling

中图分类号:

TP393

丁山，臧仕义，曹殿明，佘黎煌. 基于动态ID跳变的CAN总线安全调度算法[J]. 东北大学学报（自然科学版）, 2022, 43(3): 350-358.

DING Shan， ZANG Shi-yi， CAO Dian-ming， SHE Li-huang. Security Scheduling Algorithm of CAN Bus Based on Dynamic ID Hopping[J]. Journal of Northeastern University(Natural Science), 2022, 43(3): 350-358.

参考文献

[1]Wolf M，Weimerskirch A，Paar C.Security in automotive bus systems［C］//Workshop on Embedded Security in Cars.Bochum:IEEE，2004:1-13.
[2]吴尚则.基于车载CAN总线网络的身份认证方法研究［D］.长春:吉林大学，2018.(Wu Shang-ze.Research on identity authentication method based on CAN bus network ［D］.Changchun:Jilin University，2018.)
[3]Groza B，Murvay S.Efficient protocols for secure broadcast in controller area networks［J］.IEEE Transactions on Industrial Informatics，2013，9(4):2034-2042.
[4]Larson U E，Nilsson D K，Jonsson E.An approach to specification-based attack detection for in-vehicle networks［C］//2008 IEEE Intelligent Vehicles Symposium.Eindhoven:IEEE，2008:220-225.
[5]Humayed A，Luo B.Using ID-hopping to defend against targeted DoS on CAN［C］//Proceedings of the 1st International Workshop on Safe Control of Connected and Autonomous Vehicles.Pittsburgh，PA:ACM，2017:19-26.
[6]Lukasiewycz M，Mundhenk P，Steinhorst S.Security-aware obfuscated priority assignment for automotive CAN platforms［J］.ACM Transactions on Design Automation of Electronic Systems，2016，21(2):1-27.
[7]Wu W，Kurachi R，Zeng G，et al.IDHCC:a security-enhanced ID hopping CAN controller design to guarantee real-time［C］//Proceedings of the 2nd Workshop Security Dependability Criterion Embedded Real-Time System.Paris:ACM，2017:14-21.
[8]Di Natale M，da Silva C L M，Santos M M D.On the applicability of an MILP solution for signal packing in CAN-FD［C］//2016 IEEE 14th International Conference on Industrial Informatics(INDIN).Poitiers:IEEE，2016:1202-1205.
[9]Kleberger P，Olovsson T，Jonsson E.Security aspects of the in-vehicle network in the connected car［C］//2011 IEEE Intelligent Vehicles Symposium(IV).Baden-Baden:IEEE，2011:528-533.
[10]Kang K D，Baek Y，Lee S，et al.An attack-resilient source authentication protocol in controller area network［C］//2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems(ANCS).Beijing:IEEE，2017:109-118.
[11]Jiang S，Zhu X，Wang L.An efficient anonymous batch authentication scheme based on HMAC for VANETs［J］.IEEE Transactions on Intelligent Transportation Systems，2016，17(8):2193-2204.
[12]Greene K，Rodgers D，Dykhuizen H，et al.A defense mechanism against replay attack in remote keyless entry systems using timestamping and XOR logic［J］.IEEE Consumer Electronics Magazine，2020，10(1):101-108.
[13]An Y H.Security improvements of dynamic ID-based remote user authentication scheme with session key agreement［C］//15th International Conference on Advanced Communications Technology(ICACT).Pyeong Chang:IEEE，2013:1072-1076.

[1]	张露文，刘洪娟. 考虑防护和隔离的传染病传播建模与分析[J]. 东北大学学报（自然科学版）, 2023, 44(4): 486-494.
[2]	李贞妮, 李晶皎, 王骄, 杨丹. 基于FPGA的2D-Torus片上网络无死锁路由算法[J]. 东北大学学报（自然科学版）, 2021, 42(1): 1-6.
[3]	刘振宇，宋晓莹. 一种可用于分类型属性数据的多变量决策树算法[J]. 东北大学学报:自然科学版, 2020, 41(11): 1521-1527.
[4]	曾荣飞，张德永，王兴伟，黄敏. 一种面向IPv6的定制化路由备份机制[J]. 东北大学学报:自然科学版, 2020, 41(10): 1369-1376.
[5]	赵海，郑春阳，王进法，司帅宗. 面向蓄意攻击的网络异常检测方法[J]. 东北大学学报:自然科学版, 2020, 41(10): 1376-1381.
[6]	井元伟，亓雪蕾，申金栋，井江山. TCP/AWM网络系统的H_∞拥塞跟踪控制[J]. 东北大学学报:自然科学版, 2020, 41(10): 1388-1393.
[7]	曾荣飞，高原，王兴伟，张榜. SDN中DDoS攻击的高效联合检测和防御机制[J]. 东北大学学报:自然科学版, 2020, 41(9): 1217-1222.
[8]	姚巍，赵海，朱剑，陈香伊. 基于traceroute的多特征子网发现与分析[J]. 东北大学学报:自然科学版, 2020, 41(8): 1075-1082.
[9]	杨望，江咏涵，张三峰. 基于网页结构与语言特征的垃圾网页链接检测方法[J]. 东北大学学报:自然科学版, 2020, 41(8): 1091-1096.
[10]	李贞妮，王骄，李晶皎，王泽坤. 一种新的基于FPGA的立体图像差异性算法[J]. 东北大学学报:自然科学版, 2020, 41(6): 778-783.
[11]	姜旭艳，严锦立，全巍，孙志刚. SSA:一种面向CQF模型的TSN资源调度算法[J]. 东北大学学报:自然科学版, 2020, 41(6): 784-791.
[12]	武刚，吴成东. 基于半定规划的无线传感器网络节点定位算法[J]. 东北大学学报:自然科学版, 2019, 40(10): 1381-1385.
[13]	井元伟，李赞华，刘婷. 一类TCP网络系统的Minimax拥塞控制[J]. 东北大学学报:自然科学版, 2019, 40(8): 1065-1069.
[14]	茹敬雨，贾子熙，吴成东. 一种基于阳光的运动轨迹简化算法[J]. 东北大学学报:自然科学版, 2019, 40(8): 1070-1075.
[15]	叶正旺，温涛，刘振宇，付崇国. 基于信任模型的WSNs安全数据融合算法[J]. 东北大学学报:自然科学版, 2019, 40(6): 789-794.

基于动态ID跳变的CAN总线安全调度算法

Security Scheduling Algorithm of CAN Bus Based on Dynamic ID Hopping

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价