一种新的车载网络认证与密钥协议方案

IF 7.1 2区计算机科学 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Transactions on Vehicular Technology Pub Date : 2025-02-11 DOI:10.1109/TVT.2025.3540442

Chengzhe Lai;Jiping Ma;Xinwei Wang;Haibo Zhou;Dong Zheng

{"title":"一种新的车载网络认证与密钥协议方案","authors":"Chengzhe Lai;Jiping Ma;Xinwei Wang;Haibo Zhou;Dong Zheng","doi":"10.1109/TVT.2025.3540442","DOIUrl":null,"url":null,"abstract":"Controller area network (CAN) bus is the most widely used protocol for in-vehicle networks, but it lacks security mechanism in design and is susceptible to various attacks. In addition, the on-board diagnostic port (OBD-II) is the physical access point of the CAN bus. However, adversaries can inject messages into the CAN bus through this port, thereby maliciously controlling the vehicle. Aiming at the above problems, this paper proposes a novel authentication and key agreement scheme for in-vehicle networks. Specifically, the proposed scheme considers the issue of secure communication on the CAN bus and the device access issue of the OBD-II port. Static random access memory physical unclonable function (SRAM PUF) is used to perform electronic control unit (ECU) authentication, group key distribution and data frame authentication, ensuring the authenticity of the ECU and the confidentiality and integrity of the data frame. It can also resist replay, physical and other attacks. Besides, we design the authentication and key agreement protocols of external devices in two scenarios respectively to prevent external devices from injecting malicious messages into the CAN bus through the OBD-II port. Finally, we use Scyther and Go language to verify the proposed scheme. The verification results demonstrate that the proposed scheme is not only able to achieve various security goals, but also proves the correctness of its logic. Compared with existing group-based schemes, this scheme has moderate computational and communication overhead overall, but has obvious advantages in key update and authentication of external devices, which can fulfill the low-latency and resource-constrained requirements of in-vehicle networks.","PeriodicalId":13421,"journal":{"name":"IEEE Transactions on Vehicular Technology","volume":"74 6","pages":"9630-9644"},"PeriodicalIF":7.1000,"publicationDate":"2025-02-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Novel Authentication and Key Agreement Scheme for In-Vehicle Networks\",\"authors\":\"Chengzhe Lai;Jiping Ma;Xinwei Wang;Haibo Zhou;Dong Zheng\",\"doi\":\"10.1109/TVT.2025.3540442\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Controller area network (CAN) bus is the most widely used protocol for in-vehicle networks, but it lacks security mechanism in design and is susceptible to various attacks. In addition, the on-board diagnostic port (OBD-II) is the physical access point of the CAN bus. However, adversaries can inject messages into the CAN bus through this port, thereby maliciously controlling the vehicle. Aiming at the above problems, this paper proposes a novel authentication and key agreement scheme for in-vehicle networks. Specifically, the proposed scheme considers the issue of secure communication on the CAN bus and the device access issue of the OBD-II port. Static random access memory physical unclonable function (SRAM PUF) is used to perform electronic control unit (ECU) authentication, group key distribution and data frame authentication, ensuring the authenticity of the ECU and the confidentiality and integrity of the data frame. It can also resist replay, physical and other attacks. Besides, we design the authentication and key agreement protocols of external devices in two scenarios respectively to prevent external devices from injecting malicious messages into the CAN bus through the OBD-II port. Finally, we use Scyther and Go language to verify the proposed scheme. The verification results demonstrate that the proposed scheme is not only able to achieve various security goals, but also proves the correctness of its logic. Compared with existing group-based schemes, this scheme has moderate computational and communication overhead overall, but has obvious advantages in key update and authentication of external devices, which can fulfill the low-latency and resource-constrained requirements of in-vehicle networks.\",\"PeriodicalId\":13421,\"journal\":{\"name\":\"IEEE Transactions on Vehicular Technology\",\"volume\":\"74 6\",\"pages\":\"9630-9644\"},\"PeriodicalIF\":7.1000,\"publicationDate\":\"2025-02-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Vehicular Technology\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10879319/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Vehicular Technology","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10879319/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

摘要

控制器局域网（CAN）总线是目前应用最广泛的车载网络协议，但它在设计上缺乏安全机制，容易受到各种攻击。此外，车载诊断端口（OBD-II）是CAN总线的物理接入点。然而，攻击者可以通过该端口将消息注入can总线，从而恶意控制车辆。针对上述问题，本文提出了一种新的车载网络认证与密钥协议方案。具体来说，该方案考虑了CAN总线上的安全通信问题和OBD-II端口的设备访问问题。静态随机存取存储器物理不可克隆功能（SRAM PUF）用于ECU （electronic control unit）认证、组密钥分发和数据帧认证，保证ECU的真实性和数据帧的保密性和完整性。它还可以抵抗重放，物理和其他攻击。另外，我们分别设计了两种场景下外部设备的认证协议和密钥协议，防止外部设备通过OBD-II端口向CAN总线注入恶意消息。最后，我们使用Scyther和Go语言对所提出的方案进行了验证。验证结果表明，该方案不仅能够实现各种安全目标，而且证明了其逻辑的正确性。与现有的基于组的方案相比，该方案总体上计算和通信开销适中，但在密钥更新和外部设备认证方面具有明显优势，能够满足车载网络低时延、资源受限的要求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Novel Authentication and Key Agreement Scheme for In-Vehicle Networks

Controller area network (CAN) bus is the most widely used protocol for in-vehicle networks, but it lacks security mechanism in design and is susceptible to various attacks. In addition, the on-board diagnostic port (OBD-II) is the physical access point of the CAN bus. However, adversaries can inject messages into the CAN bus through this port, thereby maliciously controlling the vehicle. Aiming at the above problems, this paper proposes a novel authentication and key agreement scheme for in-vehicle networks. Specifically, the proposed scheme considers the issue of secure communication on the CAN bus and the device access issue of the OBD-II port. Static random access memory physical unclonable function (SRAM PUF) is used to perform electronic control unit (ECU) authentication, group key distribution and data frame authentication, ensuring the authenticity of the ECU and the confidentiality and integrity of the data frame. It can also resist replay, physical and other attacks. Besides, we design the authentication and key agreement protocols of external devices in two scenarios respectively to prevent external devices from injecting malicious messages into the CAN bus through the OBD-II port. Finally, we use Scyther and Go language to verify the proposed scheme. The verification results demonstrate that the proposed scheme is not only able to achieve various security goals, but also proves the correctness of its logic. Compared with existing group-based schemes, this scheme has moderate computational and communication overhead overall, but has obvious advantages in key update and authentication of external devices, which can fulfill the low-latency and resource-constrained requirements of in-vehicle networks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Vehicular Technology 工程技术-电信学

CiteScore

6.00

自引率

8.80%

发文量

1245

审稿时长

6.3 months

期刊介绍： The scope of the Transactions is threefold (which was approved by the IEEE Periodicals Committee in 1967) and is published on the journal website as follows: Communications: The use of mobile radio on land, sea, and air, including cellular radio, two-way radio, and one-way radio, with applications to dispatch and control vehicles, mobile radiotelephone, radio paging, and status monitoring and reporting. Related areas include spectrum usage, component radio equipment such as cavities and antennas, compute control for radio systems, digital modulation and transmission techniques, mobile radio circuit design, radio propagation for vehicular communications, effects of ignition noise and radio frequency interference, and consideration of the vehicle as part of the radio operating environment. Transportation Systems: The use of electronic technology for the control of ground transportation systems including, but not limited to, traffic aid systems; traffic control systems; automatic vehicle identification, location, and monitoring systems; automated transport systems, with single and multiple vehicle control; and moving walkways or people-movers. Vehicular Electronics: The use of electronic or electrical components and systems for control, propulsion, or auxiliary functions, including but not limited to, electronic controls for engineer, drive train, convenience, safety, and other vehicle systems; sensors, actuators, and microprocessors for onboard use; electronic fuel control systems; vehicle electrical components and systems collision avoidance systems; electromagnetic compatibility in the vehicle environment; and electric vehicles and controls.