Table of contents
1. Functional components of the Internet of Vehicles
Communication and password special indicators
Special indicators on the vehicle end
1. Functional components of the Internet of Vehicles
The Internet of Vehicles is a new type of infrastructure built on the basis of car intelligence and networking, and the extensive application of new generation communication technology and artificial intelligence technology. In terms of the overall architecture, the Internet of Vehicles includes three parts: cloud-pipe-end, cloud applications, communication facilities, and intelligent networked vehicles. "Cloud" refers to cloud applications, generally TSP-based cloud services, which provide functions such as vehicle management, control, and entertainment; "management" refers to communication facilities, which realize cloud applications, in-vehicle devices, TBOX, APP, and vehicle-to-vehicle interconnection, generally using 4G, 5G, WIFI, Bluetooth, etc.;
Based on the "cloud-pipe-device" architecture, the Internet of Vehicles is characterized by intelligence and networking. In addition to traditional network security threats such as SQL injection, remote command execution, and denial-of-service attacks, it also faces its own unique security risks. In response to various threats, the Internet of Vehicles system generally adopts a variety of security protection measures, such as access control, intrusion detection, identity authentication, PKI authentication, and confusion reinforcement.
From the perspective of system protection, the Internet of Vehicles needs to further divide functional components to identify different components and overall system security risks. Based on the "cloud-pipe-device" system architecture, the Internet of Vehicles can be divided into components such as vehicle area network, IVI, TBOX, ECU, TPMS, TSP, and APP.
Vehicle Area Network
The vehicle area network realizes the interconnection and intercommunication of different ECUs, TBOX, and IVI inside the car, and ensures the normal realization of functions such as command control and status monitoring.
Vehicle area network communication protocols generally include CAN bus, LIN bus, WIFI, Bluetooth and other wireless communication methods. The two protocols of CAN bus and LIN bus are open standard protocols. Due to the lack of security mechanism design at the beginning of the design, there are many security problems. Hackers can achieve vehicle control or cause abnormalities in various ECUs and functions by tampering, forging, replaying, and flooding CAN bus data, which may lead to serious vehicle safety accidents.
IVI
In-vehicle infotainment system (IVI for short) is an intelligent multimedia device that provides comprehensive information services based on in-vehicle bus and Internet services. In view of the improvement of intelligence, IVI can generally realize a series of tasks such as assisted driving, fault detection, vehicle information, body control, navigation, entertainment, and application installation.
The rich functions and interfaces of IVI provide attackers with a large attack surface. Attackers can use various means to carry out attacks, including attacks against software and attacks against hardware. The attack on the software is mainly to attack the IVI operating system and the application software deployed to obtain higher system privileges; the attack on the hardware is mainly to extract the firmware of the motherboard, hardware interface, chip, pin, etc. of the IVI, and use reverse analysis to mine system vulnerabilities to obtain higher privileges.
TBOX
TBOX is a vehicle communication gateway, which realizes the communication between the vehicle and TSP and APP by means of 4G, 5G, Bluetooth, WIFI and other communication methods. It mainly provides functions such as communication, remote control, remote query and security services, and is the core component of intelligent and networked vehicles. In order to ensure communication security, TBOX generally adopts the PKI system to realize communication encryption. Attackers generally try to crack keys and algorithms through reverse analysis of TBOX firmware or through TBOX hardware interfaces, and then tamper with communication and instructions, seriously affecting driving safety.
ECU
Electronic Control Unit (Electronic Control Unit, referred to as ECU) is a single-chip microcomputer or chip that realizes vehicle state control, recording and change inside the car. With the development of automobile intelligence, there are generally dozens of ECU units inside the car. Different ECUs control different components and communicate with each other through the CAN bus to jointly complete vehicle control.
ECU firmware can generally be elevated for reverse analysis, and at the same time, the data packets sent by the ECU to the bus only have simple identification and no authentication measures. Malicious attackers can carry out various types of attacks on ECUs, mainly including ECU data forgery and tampering, ECU data packet replay, ECU burning malicious programs, and false information forgery.
TSP
Telematics Service Provider (TSP) plays a core role in the Internet of Vehicles industry, integrating vehicle manufacturers, vehicle equipment manufacturers, network operators and content providers. At present, TSP generally provides navigation, entertainment, security, vehicle management, function upgrade, maintenance and other functions, and stores a large amount of user sensitive information and data.
TSP platforms generally have common software security vulnerabilities such as SQL injection and framework vulnerabilities, and face security risks such as data leakage, key leakage, DDOS, firmware upgrade tampering, and personal privacy data leakage. Once a malicious attacker successfully invades the TSP platform, it will cause a large number of vehicles under the same platform to suffer great security threats. Relevant companies need to carry out comprehensive risk identification and analysis on the TSP platform, and establish a relatively complete network security protection system based on the idea of "one center, multiple defenses", and some mechanisms and measures need to be considered in combination with intelligent networked vehicles and APPs, such as password systems, log audits, monitoring and early warning systems, etc.
APP
With the popularization of smart phones, all intelligent connected car companies have developed APPs that match the vehicles, providing functions such as vehicle control, vehicle management, entertainment and social interaction, and realizing functions such as remote unlocking, air conditioning switch, and door switch.
The APPs of different car companies will basically communicate with the TSP platform through 4G or 5G networks, and at the same time use Bluetooth, WIFI and other near-field communication methods to interact with the TBOX on the car end to realize vehicle control. Attackers usually obtain the communication protocol and instructions between APP and TSP, APP and TBOX through reverse analysis of APP, understand the interface and parameter information of TSP platform, and invade TSP. At the same time, they invade vehicles through near-field communication, which seriously threatens the safety of vehicles.
2. Internet of Vehicles Security Testing Strategy
The security of the Internet of Vehicles aims to ensure the safety of occupants and the safety of the surrounding environment. Different components need to adopt an overall security protection strategy based on the security threats they face. The cloud system should focus on application security, system security, data security, etc. The security of the "management" terminal is mainly based on communication security and border security. The security of the car terminal focuses on hardware security, communication security, upgrade security, and supply chain security. APP security focuses on application security, data security, operation security, and privacy security. The specific details are shown in the figure.
Internet of Vehicles Network Security Strategy
The Internet of Vehicles system generally includes TSP system, TBOX, IVI, APP, ECU, TPMS and other components. Generally, it is necessary to select the general security requirements during evaluation. For the TSP system located on the cloud platform, it is necessary to select the cloud computing security extension requirements. However, the evaluation of TBOX, IVI, APP, ECU, and TPMS needs to further refine the evaluation index requirements. Combined with the security threat analysis results and business security requirements, a special evaluation index for each module has been preliminarily formed.
Communication and password special indicators
The communication between TSP, APP, TBOX, and IVI of the Internet of Vehicles system involves the transmission of control commands and firmware upgrade packages. The communication channel has high security requirements, and the identities and communication information of both parties need to be encrypted. At the same time, the entire platform needs to be established on a unified PKI system for identity authentication and authentication, forming the following special index requirements:
Communication and password special indicators
Communication and password special indicators (partial)
Special indicators on the vehicle end
Intelligent networked vehicles are the core of Internet of Vehicles network security. From the perspective of quality assurance evaluation, the network boundary of the Internet of Vehicles system can be extended to IVI and TBOX, but from the perspective of functional components, the Internet of Vehicles system also includes components such as the vehicle area network, in-vehicle ECU, and TPMS. Combined with the safety protection requirements of the vehicle end, the special evaluation index requirements for the vehicle end components are compiled, as follows:
Special indicators on the vehicle end
Special indicators of the vehicle end (partial)
APP special indicators
With the popularization of intelligent networked vehicles, users can generally check and control the vehicle status through the APP. The safety of APP is particularly important to vehicle safety. According to the security requirements of APP, the following special index requirements are formed:
APP special indicators
APP special indicators (partial)
test case
Aiming at the evaluation indicators and security threats of the Internet of Vehicles, combined with the existing testing methods and testing tools, a set of effective test case libraries for the evaluation of the Internet of Vehicles system level has been formed. Some test cases are as follows:
Security Test Cases (partial)
In order to verify the applicability of the evaluation indicators, several Internet of Vehicles systems were selected to carry out the evaluation work of equal protection. Although there are certain differences in the functions and architecture of each system, from the overall logic point of view, each system basically conforms to the "cloud-pipe-end" three-tier architecture. When selecting actual evaluation objects, TSP and APP are taken as important evaluation objects, and at the same time, TBOX and IVI are selected as vehicle end evaluation objects. In terms of indicator selection, special indicators for communication and passwords, special indicators for vehicles, and special indicators for APP basically reflect the basic security requirements of the Internet of Vehicles system. In the evaluation process of a car networking system, after the analysis of the car control function of the APP, the parking and calling of any car is realized by tampering with the data message.
