面向汽车Zonal架构的TSN轻量级认证与授权通信框架

doi:10.19562/j.chinasae.qcgc.2023.06.005

Abstract

Abstract:

The demand for intelligent vehicles has driven the evolution of the automotive electrical/electronic （E/E） architecture towards the Zonal architecture based on time-sensitive networking （TSN）. However， the development of networking has brought serious information security issues to data transmission. The three-layer information security protection modules provided by the TSN standard， which consist of flow filters， flow control gates， and flow meters， are essentially boundary firewall technology. Once the boundary is breached， the entire architecture will be exposed and paralyzed. Additionally， this protection technology generates excessive computational and communication overhead due to the multiple layers of processing. This paper proposes a lightweight TSN authentication and authorization communication framework for the automotive Zonal architecture， which employs a boundary-less approach to provide integrated protection against hijacking， tampering， and eavesdropping. A Zonal architecture prototype platform is built based on the NXP automotive-grade TSN switch chip SJA1105Q （as the central controller） and the NXP automotive-grade SoC LS1028A （as the zone controller）， and the developed framework is deployed on this prototype platform. The security properties of the framework are verified using the ProVerif tool. The evaluation results based on the prototype platform show that the proposed framework outperforms existing automotive security communication frameworks in terms of computation and communication overhead.

Key words: automotive Zonal architecture, TSN, security, authentication and authorization

Ruiqi Lu,Guoqi Xie,Xinzhong Liu,Renfa Li. Lightweight TSN Authentication and Authorization Communication Framework for Automotive Zonal Architecture[J].Automotive Engineering, 2023, 45(6): 944-953.

Figures/Tables 16

References 28

1	LOKE S W. Cooperative automated vehicles： a review of opportunities and challenges in socially intelligent vehicles beyond networking ［J］. IEEE Transactions on Intelligent Vehicles， 2019， 4（4）： 509-518.
2	HALDER S， GHOSAL A， CONTI M. Secure over-the-air software updates in connected vehicles： a survey ［J］. Computer Networks， 2020， 178： 107343.
3	BANDUR V， SELIM G， PANTELIC V， et al. Making the case for centralized automotive E/E architectures ［J］. IEEE Transactions on Vehicular Technology， 2021， 70（2）： 1230-1245.
4	DENG L， XIE G， LIU H， et al. A survey of real-time ethernet modeling and design methodologies： from AVB to TSN ［J］. ACM Computing Surveys， 2022， 55（2）： 1-36.
5	SAMII S， ZINNER H. Level 5 by layer 2： time-sensitive networking for autonomous vehicles ［J］. IEEE Communications Standards Magazine， 2018， 2（2）： 62-68.
6	FENG Z， GU Z， YU H， et al. Online rerouting and rescheduling of time-triggered flows for fault tolerance in time-sensitive networking［J］. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems， 2022， 41（11）： 4253-4264.
7	XIE Y， ZHOU Y， XU J， et al. Cybersecurity protection on in‐vehicle networks for distributed automotive cyber-physical systems： state-of-the-art and future challenges ［J］. Software： Practice and Experience， 2021， 51（11）： 2108-2127.
8	WOO S， JO H J， LEE D H. A practical wireless attack on the connected car and security protocol for in-vehicle CAN ［J］. IEEE Transactions on Intelligent Transportation Systems， 2014， 16（2）： 993-1006.
9	NILSSON D K， LARSON U E， JONSSON E. Efficient in-vehicle delayed data authentication based on compound message authentication codes［C］. Proceeding 2008 IEEE 68th Vehicular Technology Conference （VTC）. Calgary， Canada， 2008： 1-5.
10	MUNDHENK P， PAVERD A， MROWCA A， et al. Security in automotive networks： lightweight authentication and authorization［J］. ACM Transactions on Design Automation of Electronic Systems， 2017， 22（2）： 1-27.
11	TAYLOR A， JAPKOWICZ N， LEBLANC S. Frequency-based anomaly detection for the automotive CAN bus［C］. Proceeding 2015 World Congress on Industrial Control Systems Security （WCICSS）. London， UK， 2015： 45-49.
12	LUO F， HU Q. Security mechanisms design for in-vehicle network gateway［C］. SAE Paper 2018-01-0018.
13	PELLICCIONE P， KNAUSS E， HELDAL R， et al. Automotive architecture framework： the experience of volvo cars ［J］. Journal of Systems Architecture， 2017， 77： 83-100.
14	CARVAJAL-ROCA I E， WANG J， DU J， et al. A semi-centralized dynamic key management framework for in-vehicle networks ［J］. IEEE Transactions on Vehicular Technology， 2021， 70（10）： 10864-10879.
15	STARON M. Automotive software architectures ［M］. Springer， 2021.
16	付朝辉，王华阳. 功能架构在电子电气架构开发中的应用和实践［J］. 汽车工程，2021，43（12）：1871-1879.
	FU C H， WANG H Y. Application and practice of functional architecture in the development of electronic and electrical architecture ［J］. Automotive Engineering， 2021， 43（12）：1871-1879.
17	BANDUR V， KAPINSKI R， PANTELIC V， et al. Aspects of migrating from decentralized to centralized E/E architectures［C］. SAE Paper 2022-01-0747.
18	EBERT C， FAVARO J. Automotive software ［J］. IEEE Software， 2017， 34（3）： 33-39.
19	SJA1105Q. Five-ports AVB and TSN automotive Ethernet switch ［EB/OL］.［2023-4-10］. https：//www.nxp.com.cn/products/interfaces/ethernet-/automotive-ethernet-switches/ethernet-switch-and-phy-evaluation-board：SJA1105Q-EVB.
20	LS1028A： Layerscape® 1028A applications processor ［EB/OL］.［2023-4-11］.https：//www.nxp.com/products/processors-and-microcontrollers/arm-processors/layerscape-processors/layerscape-1028a-applications-processor：LS1028A.
21	TJA1102： dual port 100BASE-T1 PHY transceiver ［EB/OL］. ［2023-4-9］. https：//www.nxp.com.cn/products/interfaces/ethernet-/automotive-ethernet-phys/tja1102-tja1102a-dual-port-100base-t1-phy-transceiver：TJA1102-TJA1102S.
22	YT8514H： data sheet ［EB/OL］. ［2023-4-11］. https：//motor-comm.com/Public/Uploads/uploadfile/files/20230308/YT8614C_Y
	T8614Hjieshao_v0.2-902.pdf.
23	裕太微-公司深度报告：接口芯片龙头数据浪潮汹涌［EB/OL］. ［2023-4-11］. https：//www.sgpjbg.com/baogao/120154.html.
	Yu Tai Micro-Company In-depth Report： Interface chip leading data wave［EB/OL］. ［2023-4-11］. https：//www.sgpjbg.com/baogao/120154.html.
24	ZHAO L， POP P， ZHENG Z， et al. Timing analysis of AVB traffic in TSN networks using network calculus［C］.Proceeding 2018 IEEE Real-Time and Embedded Technology and Applications Symposium （RTAS）， Porto， Portugal， 2018.
25	IEEE standard for local and metropolitan area network-bridges and bridged networks［S］. IEEE Std 802.1Q-2018 （Revision of IEEE Std 802.1Q-2014）， 2018.
26	XIE G Q， XIAO X Z， LIU H B， et al. Robust time-sensitive networking with delay bound analyses ［C］. Proceeding 2021 IEEE/ACM International Conference On Computer Aided Design， Munich， Germany， November， 2021： 1-9.
27	BLANCHET B， SMYTH B， CHEVAL V， et al. ProVerif 2.00： automatic cryptographic protocol verifier， user manual and tutorial［J］. Version From， 2018： 5-16.
28	YAROM Y， GENKIN D， HENINGER N. CacheBleed： a timing attack on OpenSSL constant-time RSA［J］. Journal of Cryptographic Engineering， 2017， 7： 99-112.

密码学算法	加密（哈希）时间	解密时间
AES-128	0.23	0.23
AES-256	0.26	0.26
RSA-1024	43.61	883.26
RSA-2048	158.62	5 992.8
SHA-1	0.45
SHA-256	0.57

身份认证	LASAN		本文
密码学组	C1	C2	C1	C2
主节点	971.71	6 310.94	970.71	6 310.34
从节点	971.71	6 310.94	970.71	6 310.34
计算开销	1 943.42	12 621.88	1 941.42	12 620.68

通信授权	LASAN		本文
密码学组	C1	C2	C1	C2
主节点	0.92	1.64	0.69	1.23
从节点1	0.69	1.23	0.46	0.82
从节点2	0.90	0.82	0.32	0.41
计算开销	2.51	3.69	1.47	2.46

安全通信	LASAN		本文
密码学组	C1	C2	C1	C2
从节点1	0.91	1.17	0.68	0.87
从节点2	0.68	0.87	0.68	0.87
计算开销	1.59	2.04	1.36	1.74

阶段	密码学组	LASAN	本文
身份认证	C1	448	400
身份认证	C2	848	800

Lightweight TSN Authentication and Authorization Communication Framework for Automotive Zonal Architecture

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 28

Related Articles 6

Metrics

Comments

Recommended 10

[1]	Qin Shi,Liu Shan,Teng Cheng,Qiang Liu,Chuansu Wang,Xing Zhang. Efficient Group Key Distribution Scheme Based on Quantum Random Numbers in VANETs [J]. Automotive Engineering, 2024, 46(2): 300-309.
[2]	Xudong Zhang, Ya Wen, Yuan Zou, Wenjing Sun, Zhaolong Zhang, Fengmin Tang, Weiguo Liu. Research on Traffic Scheduling Strategies and Improved Algorithms for In-Vehicle Time-Sensitive Networks [J]. Automotive Engineering, 2024, 46(1): 75-83.
[3]	Zheng Zuo,Yunpeng Wang,Bin Ma,Bosong Zou,Yaoguang Cao,Shichun Yang. Quantitative Evaluation and Analysis of On-board Network Components Risk Rate Based on AFC-TARA [J]. Automotive Engineering, 2023, 45(9): 1553-1562.
[4]	Zhenyu Yang,Feng Luo,Zitong Wang,Yi Ren,Xiaoxian Zhang. Security Access Control for Service-Oriented Multi-domain Electrical and Electronic Architecture [J]. Automotive Engineering, 2023, 45(9): 1626-1636.
[5]	Yuxin Guan,Haojie Ji,Zhe Cui,He Li,Liwen Chen. An Overview of Intrusion Detection Methods for In-Vehicle CAN Network of Intelligent Networked Vehicles [J]. Automotive Engineering, 2023, 45(6): 922-935.
[6]	Wei Lei, Wang Yunpeng, Qin Hongmao & Yu Guizhen. A Research on Security of Information Propagation of CACC Vehicles Under Internet of Vehicles Environment [J]. , 2019, 41(3): 252-258.