Vehicle-mounted network security protection system and application method thereof

A vehicle-mounted network and protection system technology, which is applied in the field of vehicle-mounted network information security protection systems of intelligent networked vehicles, can solve the problems of low adaptability, counterfeit communication nodes, and failure of vehicle-mounted network information security protection to form a systematic and comprehensive network information security problems such as methods and systems to achieve the effect of reducing the difficulty of implementation and realizing unified management

Inactive Publication Date: 2021-08-10
北京云驰未来科技有限公司
View PDF0 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] 1) The traditional automobile bus realizes inter-node communication based on message broadcasting and priority-based arbitration mechanism; the intruder monitors the bus message and cracks the protocol by dismantling the vehicle; after that, it can remotely invade the same type of vehicle through the vehicle network; obtain After managing authority, impersonate communication nodes, send illegal commands or monopolize the bus bandwidth with high priority to implement flooding attacks; bring great safety hazards to the safe driving of cars;
[0004] 2) A car contains a large number of automotive electronic control units (ECUs) and vehicle information system units, each of which undertakes different functional responsibilities. The supplier system is huge. Although it follows a unified functional safety standard, there is no corresponding information security implementation specification ;
[0005] 3) The technical field of automotive embedded systems has its own uniqueness and specializa

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] This embodiment aims to provide a system for network information security protection on an embedded system, the system has a security engine module, an application program interface module, an authentication module, a secure communication module, a data encryption module, an attack protection module, Intrusion detection module, log system module.

[0038] The security engine module is the dispatching center of the vehicle-mounted network information security protection system. By taking over the vehicle-mounted network communication protocol stack, the processing flow and management rule set of the vehicle-mounted network message are established; the vehicle-mounted network communication protocol stack includes the vehicle-mounted Ethernet communication protocol stack and a vehicle-mounted CAN bus communication protocol stack; the processing flow and management rule set include a packet filtering mechanism, a redirection mechanism, a hook mechanism, and a callback mechan...

Embodiment 2

[0041] On the basis of the first embodiment, this embodiment provides a method for using the network information security protection system.

[0042] Step 1: Extract common technical features for the automotive embedded system environment and communication services, and identify security risks;

[0043] Step 2: Establish a lightweight security engine architecture adapted to the heterogeneous network of automotive embedded systems;

[0044] Step 3: Provide security services such as data encryption and decryption, certificate and secret key management for automotive communication services;

[0045] Step 4: Establish a security audit coordination mechanism;

[0046] Step 5: Establish and update the log system and security policy library.

[0047] In this embodiment, step 1 and step 2 are the steps of establishing a security engine module to identify and process abnormal behaviors to protect the safety of the vehicle network, and steps 3 to 5 are steps to establish a security po...

Embodiment 3

[0049] This embodiment is made on the basis of the second embodiment, wherein the further preferred subdivision of step 2 is:

[0050] Step 1: Extract common technical features for the automotive embedded system environment and communication services, and identify security risks;

[0051] Step 2: Establish a lightweight security engine architecture adapted to the heterogeneous network of automotive embedded systems;

[0052] Step 211: Take over the vehicle Ethernet communication protocol stack;

[0053] Step 212: Real-time mapping and redundant backup of network messages;

[0054] Step 213: Transmission encryption of the vehicle network transport layer communication protocol;

[0055] Step 214: Identify abnormal traffic and abnormal behavior based on protocol standards and security rule sets;

[0056] Step 215: Match and take effect the attack protection strategy;

[0057] Step 3: Provide security services such as data encryption and decryption, certificate and secret key ma...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a vehicle-mounted network information security protection system, which comprises a security engine module, an application program interface module, an authentication module, a security communication module, a data encryption module, an attack protection module, an intrusion detection module and a log system module,wherein the security engine module is a dispatching center of the vehicle-mounted network information security protection system, and is used for establishing a processing flow and a management rule set of the vehicle-mounted network message; the application program interface module is used for providing data encryption and decryption services for an application program; the secure communication module is used for realizing network transmission encryption based on a vehicle-mounted network transmission layer communication protocol and an SSL/TSL encryption transmission protocol; the data encryption module provides algorithm support for data encryption and decryption; the intrusion detection module is used for collecting necessary data and information through methods of real-time mapping, redundant backup and the like of vehicle-mounted network messages; and the log system module is responsible for recording system operation, network flow and operation behaviors.

Description

technical field [0001] The invention relates to a vehicle-mounted network information security protection system, in particular to a vehicle-mounted network information security protection system of an intelligent networked vehicle. Background technique [0002] As automobiles become more and more intelligent and connected, the security threats they face are also greatly increasing. Each connection path of a connected car may be exploited to enable remote attack and control of the car. Intelligent networked vehicles usually face the following information security issues: [0003] 1) The traditional automobile bus realizes inter-node communication based on message broadcasting and priority-based arbitration mechanism; the intruder monitors the bus message and cracks the protocol by dismantling the vehicle; after that, it can remotely invade the same type of vehicle through the vehicle network; obtain After managing authority, impersonate communication nodes, send illegal co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/02H04L63/0428H04L63/0823H04L63/083H04L63/10H04L63/1408H04L63/1416H04L63/1425H04L63/20H04L67/12
Inventor 郑强卞军李哲曾剑隽
Owner 北京云驰未来科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap