How to guarantee the network security architecture of the car era era car
As a commuter tool, the car can listen to the radio and release the CD. It is a great time for the "multimedia" era to be gone. Nowadays, the car can be said to be internal and external communication: not only can be connected with the equipment inside the car, but also can access the Internet service conveniently and quickly. They are usually equipped with 50-70 electronic control units (ECUs) to realize the different functions of mobile internet. The passengers in the car can not only download streaming media content from the Internet at any time, but also keep in touch with friends, and even online shopping is not a problem. under.
Of course, everything has two sides. Advanced in-vehicle networking technology can indeed bring a convenient experience to users, but it is undeniable that a large number of "bugs" will climb into the car along the Internet. A car that connects to the Internet directly or indirectly is likely to be exposed to malware code and data attacks, allowing the vehicle to run under control, slamming on the brakes, automatically opening and closing the door without permission, and even causing important things like SRS. The failure of the security system.
Of course, automakers are also very "emergency", and what seems to be effective now is to establish an effective security system architecture and methodology.
Automotive network security architecture headed by "Control Center"
Traditional automotive networks are limited by electronic control units within the vehicle that are connected to automotive networks such as Controller Area Network (CAN), Automotive Network Standard (FlexRay), and Internal Internet (LIN). However, today's car networking technology enables cars to connect to in-vehicle electronics and car manufacturer ports that provide automatic emergency call (e-all), remote diagnostics, and data exchange. In the near future, cars and cars can also freely “communicate” and seamlessly exchange operating system ecological data.
With the continuous improvement of infotainment systems and connectivity technologies, the density of in-vehicle data has changed dramatically in nature, quantity, and direction. These data can be classified as follows:
1. 1. Received data: Data obtained by a car from an external environment via sensors or the Internet.
Traditional in-vehicle software only needs to process the data that the ECU receives through sensors or other electronic control units. However, the ECU was not designed to detect every CAN upload packet at the beginning. Since the received data contains content downloaded from the cloud on the one hand, and the data on the network connection port where malware is implanted into the car network, it may also be included, thus greatly increasing the risk of the car network being "black."
2. 2. Processed data: The processed data is calculated by different parts of the ECU or the user data group flowing through the ECU of the in-vehicle entertainment system.
Since the received data may not be secure, this may result in an error in data processing. At the same time, car networking and infotainment systems are prone to crashes when subjected to code tampering and user data manipulation.
3. 3. Data sent: Car and user data may need to be processed in the cloud to provide a wide range of services including personalized insured solutions, customized news content and advertising.
As cars become more connected to external devices and the external environment, the nature of security risks and the potential threats are gradually changing. For example, cars interact with the environment through sensors and brakes. Therefore, the safety of automotive networks requires consideration of both data and environmental security. Moreover, the prevention and real-time monitoring of security threats also need to attract more attention.
These potential risks can be divided into the following categories:
1. 1. Security: Security breaches will weaken the security of critical systems and put passengers, outside pedestrians and the surrounding environment at risk;
2. 2. Disruption: Non-critical safety systems are affected and will result in the car being refused service or performing unnecessary operations.
3. 3. Privacy: Security breaches can lead to the disclosure of personal information and abuse or tampering.
4. 4. Economy: Economic losses may be in the form of tampering authorization or extortion.
Security vulnerabilities are increasing with the increase in the number of interfaces that allow cars and external devices or network connections. The first key architectural approach is to reduce the number of interfaces and integrate the remaining interfaces into a “control center” that will serve as a secure, intelligent connection between the vehicle's internal network and external devices/networks. The door. In this way, the car can be better protected from malware, and the loss and exposure of sensitive information is also prevented.
Of course, the establishment of a vehicle network security architecture headed by a “control center” can take a variety of strategies when dealing with security risks. Secure access to the rest of the network is provided by setting up a firewall.
The Control Center network security architecture has several key elements:
1. Protected key entry: connection based on wired or wireless interface;
2. "Closed System": A pre-configured firewall that provides limited access;
3. Tight User Access Control: Do not allow any unauthorized users to access private data.
Automotive Network Security Design Methodology
In addition to a reliable network security system architecture, an effective engineering solution is critical to reducing security risks at every step of the system design. Automotive manufacturers and their engineers need to consider the following engineering solutions and design steps to ensure the safety of the car network connection:
1. Interface risk analysis
The interface risk analysis process involves checking all system interfaces associated with the cloud or device connected to the car. The first step is to identify all interface terminals, including network terminals, devices, and wireless interfaces and bus connectors. The second and third steps are to identify the potential security issues involved in the attack and attack. Once the interface is analyzed, the appropriate system design method can be directly launched.
2. Functional safety analysis
The vehicle functional safety standard ISO 26262 provides a means of safety requirements within a system or subsystem. It specifically describes methods for safety analysis such as hazard analysis and risk assessment, failure mode and impact analysis (FMEA), fault tree analysis, and hazard analysis.
The automotive industry should adopt a functional safety concept to evaluate safety analysis. When security assurance is implemented, a security status report containing “evidence” should be established, including evidence of security conduct; identification and analysis of risks, threats and vulnerabilities; and compliance with security standards.
3. Defensive programming
Defensive programming is a driving force behind the key role of embedded security systems. It guarantees that software functions will function even when used for unforeseen purposes. In a secure environment, such unforeseen uses may result from falsified data received from sensors or automotive networks. Defensive programming has several specific operating principles, such as "unless you can prove the security of the data, then all data can be contagious", even in the case of malicious input can prevent software security failures, is a powerful Protection measures.
With the continuous development of the Internet of Vehicles technology, the degree of networking and the capacity of data exchange between internal and external vehicles will increase in the future. However, in order for the car to be invulnerable in the face of malicious attacks on the network, the architecture of the car security system must be strengthened. Therefore, the car safety solutions headed by the "control center" and the powerful engineering methodology can fully guarantee that the car will not "lost" when it is connected.