Shulou(Shulou.com)06/02 Report--

With the continuous development and innovation of automobile manufacturing technology and network communication technology, automobile networking has become a new development direction. under this background, the concept of vehicle networking comes into being. In fact, vehicle networking is the use of a variety of communication network technologies to achieve various functions, such as vehicle-to-person communication, vehicle-to-vehicle communication, as well as networking applications, navigation and positioning, etc., which can not only provide convenient and fast car use services for drivers, but also enhance driving fun, improve the overall safety of travel, and alleviate traffic pressure to a certain extent. It should be pointed out that although vehicle networking can bring a lot of convenience, it is easy to be controlled and manipulated remotely and vulnerable to security threats.

Security threat of vehicle networking

1. The wireless sensor network in the car is vulnerable to attack.

In order to maximize the safety and convenience of cars, sensor network communication equipment will be installed on many cars according to the actual needs. In this kind of equipment, no matter the communication between cars and roads, or TPMS, wireless intelligent key, all have more practical and advanced short-distance wireless communication function, but it needs to be emphasized that the communication information under this function framework is easy to be eavesdropped and maliciously interrupted.

2. Vehicle bus network uses standard network to realize interconnection, which is easy to be subjected to penetration control and loophole analysis.

The main ways of vehicle bus communication are LIN, CAN and so on. For high-speed CAN bus, it is mainly connected with the ECU related to vehicle driving, such as combined instrument, ABSECU, engine ECU and so on. As for the low-speed LIN bus, it is mainly connected with those ECU which do not require high data transmission rate, such as wiper, tire pressure monitoring, door lock, electric window and so on. Because LIN, CAN and other bus networks are typical broadcast networks, in addition, the corresponding protocol standards are in a public state, and with the help of communication messages for analysis and detection, therefore, using bus nodes or OBD interfaces to access the above sensor network, we can forge ECU control information, or sensors collect information, resulting in disorder in the actual operation of the electronic system.

The concrete Protection thought of vehicle Network Security

1. Research on the core technology of vehicle domain network information security.

In view of the information security threats that may be encountered in the operation of the vehicle area network, it is necessary to carry out comprehensive and in-depth research on some core technologies, such as vehicle unified identity authentication technology, automotive electronic equipment intrusion detection technology, automobile embedded operating system security reinforcement technology, vehicle domain network vulnerability scanning technology, automotive electronic equipment access control technology and vehicle domain network security testing technology.

2. Research on the information security equipment of vehicle network.

As far as the bus of vehicle network is concerned, there are mainly three types, one is infotainment, the other is safety and comfort, and the third is power drive. As for the security attacks on the vehicle area network, most of them come from infotainment devices, and only a few come from security devices. It should be noted that in the entire vehicle safety architecture, the most need to provide protection is the power drive equipment, therefore, the power drive network can be taken as the focus of research and development, in addition, the security isolation of other networks can also be taken as the center to better maintain the safety of the related equipment of the vehicle area network.

3. Research on the cloud security platform of high security level vehicle networking.

This paper studies the information security protection strategies corresponding to the transmission, terminal, data base, network and other links related to the vehicle networking cloud security platform, and studies the corresponding core technologies, actively develop a higher security level and more practical vehicle networking system, so as to maximize the improvement of the automobile product service level of the whole vehicle factory and achieve the improvement of its safety level.

4. Study the authentication and encryption system of vehicle network.

In-depth and comprehensive research on the authentication and encryption system of vehicle networking can improve its communication security and contribute to the enhancement of the security factor of the whole network. At this stage, many studies focus on PKI technology and integrate it into the vehicle network in a more reasonable way to authenticate the identity of vehicle users and encrypt and decrypt the information they transmit.

Practice of Automotive Information Security based on Multi-dimensional Security Intelligent Network

Combined with the national strategic guidance, technical research and actual case analysis, vehicle network security, multi-dimensional security escort for intelligent vehicles, a unique IoT security compiler, the integration of code virtualization encryption technology, suitable for resource-constrained embedded systems, launched a multi-dimensional security technology based on the underlying algorithm.

1. The principle of multi-dimensional security virtualization technology

Code virtualization is based on the middle layer LLVM IR of LLVM compiler. By designing a unique encrypted virtual CPU interpreter and complete virtual instructions, the original CPU instructions are encrypted and transformed into virtual instructions that can only be interpreted and executed by the KiwiVM virtual interpreter, which can completely hide the function code logic and the dependencies between functions and variables, so that the code can not be reverse engineered.

Code virtualization replaces the final entry of the function with JUMPOUT, and only the standardized virtualization loading instructions are exposed to the outside world. The attacker cannot reverse the private instruction set of the virtual machine, thus preventing the attacker from analyzing the code logic of the original function.

Virtualized encryption effect

Without virtualization protection of firmware, an attacker can translate the original machine code of a program into assembly code or high-level code that is easier to read and understand through a disassembler or decompiler. The IoT firmware in hardware is essentially a binary file, which can be easily decompiled by tools such as IDA Pro to generate C code similar to the source code, as shown in the following figure.

Decompiled unvirtualized code

Decompile virtualized code

The virtualized core code can no longer be analyzed in reverse, so as to avoid potential loopholes being excavated, core technologies stolen, key leaks and other problems.

2. Advantages of multi-dimensional secure virtualization technology

Flagship encryption

The encrypted code is transformed into a custom private instruction format, and the encryption process is irreversible, which is more secure than the traditional code obfuscation technology.

Function-level virtualization

Taking the functions of C and C++ source files as units for virtualization, it has the characteristics of fine granularity, high controllability and strong concealment.

Full platform and full architecture

Virtualize based on LLVM-IR intermediate code, and then link to generate the target file after encryption is completed. It is compatible with all CPU architectures, including common X86, X64, ARM, ARM64, and unusual MIPS architectures, as well as IOS, Android, IoT, Linux and other system platforms.

No compatibility problem

The virtualization compiler virtualizes before the link generates the target file, does not depend on the specific system environment, and its compatibility is the same as the original application.

Low performance and volume loss

After special IoT environment adaptation, virtualized performance and submission loss are small, and it is suitable for all kinds of low computing power devices.

Flexible and simple deployment

Support offline deployment, and the virtualized system can be used through simple configuration without destroying the original compilation process.

In the future intelligent transportation architecture, vehicle networking is its core and has a broad prospect. The security of vehicle networking is the basic premise to ensure that it can be widely used and promoted, so it is the focus of the general audience.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.