基于加密算法的车载ECU安全部署设计
Design of Secure Deployment for On-Board ECU Based on Encryption Algorithm
摘要: 由于现代汽车智能化的快速发展,软件定义汽车的愿想正逐渐成为现实,汽车制造商需要通过快速迭代软件来提升产品竞争力,由此带来的用户数据泄露、软件被恶意攻击等风险也日益增加,同时制造商与用户对于软件安全的重视程度也随之增加。软件部署技术必须能够安全有效抵御这些威胁,本文设计了一套软件部署流程,在流程中增加了软件安全算法,使需要更新的软件能安全可靠地部署到规定的内存区域中。为确保ECU固件升级时,数据传输的安全性,在进入Bootloader模式时需要经过诊断27服务的安全验证,防止外部用户非法篡改内部数据,为此,设计了诊断27服务的加密验证方案。同时设计使用椭圆曲线和Hash256算法的组合来对需要部署的车载软件包进行加密和解密,确保外部需要下载的软件包为正确的版本。对于已经被恶意篡改的软件包,需要被丢弃。对需要测试的功能点进行了测试用例的编写,结合软件和硬件需求,在Canoe软件搭建了一套完整的软硬件实验平台,对测试用例的相关功能点进行了正常工况和异常工况的测试。
Abstract: Due to the rapid development of modern automotive intelligence, the vision of software-defined vehicles is gradually becoming a reality. Automakers need to enhance product competitiveness by rapidly iterating software. However, this brings increasing risks such as user data leakage and malicious software attacks. At the same time, both manufacturers and users are paying more attention to software security. Software deployment technology must be able to effectively and safely resist these threats. This paper designs a software deployment process, adding software security algorithms to ensure that the software to be updated can be safely and reliably deployed to the designated memory area. To ensure the security of data transmission during ECU firmware upgrades, a security verification of the Diagnostic 27 service is required when entering the Bootloader mode to prevent external users from illegally tampering with internal data. For this purpose, an encryption verification scheme for the Diagnostic 27 service is designed. At the same time, a combination of elliptic curve and Hash256 algorithms is used to encrypt and decrypt the vehicle software packages to be deployed, ensuring that the software packages downloaded externally are the correct version. Software packages that have been maliciously tampered with need to be discarded. Test cases were written for the functional points to be tested. Combined with software and hardware requirements, a complete software and hardware experimental platform was built in the Canoe software, and the relevant functional points of the test cases were tested under normal and abnormal conditions.
参考文献
|
[1]
|
赵志宏. 智能网联汽车下一代信息安全关键技术研究与应用[R]. 2020-08-06.
|
|
[2]
|
徐莹慧. 基于车载CAN总线的网络流量预测和冗余带宽预测算法研究[D]: [硕士学位论文]. 长春: 吉林大学, 2024
|
|
[3]
|
方柯. 智能网联汽车软件安全开发分析[J]. 时代汽车, 2024(13): 22-24.
|
|
[4]
|
张海强. 智能网联汽车安全远程升级技术的研究与实现[D]: [硕士学位论文]. 成都: 电子科技大学, 2018.
|
|
[5]
|
Kim, S., Yeo, G., Kim, T., et al. (2022) ShadowAuth: Backward-Compatible Automatic CAN Authentication for Legacy ECUs. Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, Nagasaki, 30 May-3 June 2022, 534-545. [Google Scholar] [CrossRef]
|
|
[6]
|
Sharma, D. and Kumar, S. (2023) Key Generation in Cryptography Using Elliptic-Curve Cryptography and Genetic Algorithm. Engineering Proceedings, 59, Article 59. [Google Scholar] [CrossRef]
|
|
[7]
|
Mu, C.Z. (2024) Application of Optimizing Advanced Encryption Standard Encryption Algorithm in Secure Communication of Vehicle Controller Area Network Bus. Frontiers in Mechanical Engineering, 10, Article 1407665. [Google Scholar] [CrossRef]
|
|
[8]
|
罗禹. 基于加密算法的车载CAN总线安全通信研究[D]: [硕士学位论文]. 长沙: 湖南师范大学, 2020.
|
|
[9]
|
肖波. 控制器软件远程升级研究[J]. 工程机械, 2021, 52(9): 1-4, 7.
|
|
[10]
|
李一. 汽车CAN总线中的信息安全与通信协议研究[D]: [硕士学位论文]. 上海: 华东师范大学, 2022.
|
|
[11]
|
宋昊江. 车载ECU可信固件更新安全策略研究[D]: [硕士学位论文]. 十堰: 湖北汽车工业学院, 2023.
|
|
[12]
|
许小伟, 程宇, 钱枫, 等. 基于AES的车联网通信加密算法[J]. 计算机与现代化, 2024(9): 45-51.
|
|
[13]
|
谢振杰, 刘奕明, 罗友强, 等. 国密算法SM9的计算性能改进方法[J]. 信息安全研究, 2025, 11(1): 5-11.
|
|
[14]
|
张大松, 姜洪朝, 刘智国. 基于SHA-256的可信启动完整性校验程序设计与验证[J]. 网络安全技术与应用, 2022(3): 49-51.
|