基于AFC-TARA的车载网络组件风险率量化评估分析

doi:10.19562/j.chinasae.qcgc.2023.ep.004

Abstract

Abstract:

The first step of information security design is threat analysis and risk assessment （TARA）， which determines security requirements and objectives， and provides a basis for the forward development of information security and the repair of security vulnerabilities. However， the current TARA can only evaluate the impact of malicious attack and security vulnerabilities， which can’t support quantitative evaluation of the effectiveness of protection strategies. Therefore， an attack and fix combined threat analysis and risk assessment （AFC-TARA） method is proposed in this paper. By converting the security state of the system-level on-board network architecture into a continuous-time Markov chain model， and associating the vulnerability mining， vulnerability repair and security defense strategy with the transition rate， a system-level on-board network architecture security assessment and analysis that comprehensively considers attack variables and defense variables are finally realized.

Key words: information security, intelligent connected vehicles, threat analysis and risk assessment, Markov model, malicious attack, security protection

Zheng Zuo,Yunpeng Wang,Bin Ma,Bosong Zou,Yaoguang Cao,Shichun Yang. Quantitative Evaluation and Analysis of On-board Network Components Risk Rate Based on AFC-TARA[J].Automotive Engineering, 2023, 45(9): 1553-1562.

Figures/Tables 9

References 21

1	GUAN T， HAN Y， KANG N， et al. An overview of vehicular cybersecurity for intelligent connected vehicles［J］. Sustainability， 2022， 14（9）： 5211.
2	MILLER C， VALASEK C. A survey of remote automotive attack surfaces［J］. Black Hat USA， 2014： 94.
3	章嘉彦，李飞，李如翔，等. V2X 通信中基于椭圆曲线加密算法的身份认证研究［J］. 汽车工程， 2020， 42（1）： 27-32.
	ZHANG J， LI F， LI R， et al. Research on identity authentication in V2X communications based on elliptic curve encryption algorithm ［J］. Automotive Engineering， 2020， 42（1）： 27-32.
4	CHOW M C， MA M， PAN Z. Attack models and countermeasures for autonomous vehicles［M］. Intelligent Technologies for Internet of Vehicles. Springer， Cham， 2021： 375-401.
5	HAN M， WAN A， ZHANG F， et al. An attribute-isolated secure communication architecture for intelligent connected vehicles［J］. IEEE Transactions on Intelligent Vehicles， 2020， 5（4）： 545-555.
6	PARK J S， KIM D H， SUH I H. Design and implementation of security function according to routing method in automotive gateway［J］. International Journal of Automotive Technology， 2021， 22（1）： 19-25.
7	MURVAY P S， GROZA B. Security shortcomings and countermeasures for the SAE J1939 commercial vehicle bus protocol［J］. IEEE Transactions on Vehicular Technology， 2018， 67（5）： 4325-4339.
8	ZHU H， ZHOU W， LI Z， et al. Requirements-driven automotive electrical/electronic architecture： a survey and prospective trends［J］. IEEE Access， 2021， 9： 100096-100112.
9	LAUTENBACH A， ALMGREN M， OLOVSSON T. Proposing HEAVENS 2.0-an automotive risk assessment model［C］. Computer Science in Cars Symposium， 2021： 1-12.
10	HENNIGER O， RUDDLE A， SEUDIE H， et al. Securing vehicular on-board it systems： the evita project［C］. VDI/VW Automotive Security Conference， 2009： 41.
11	SANDGREN H， ANTINVAN V. Software safety analysis to support ISO 26262-6 compliance in agile development［J］. IEEE Software， 2020， 38（3）： 52-60.
12	ROULAND Q， HAMID B， JASKOLKA J. Specification， detection， and treatment of STRIDE threats for software components： modeling， formal methods， and tool support［J］. Journal of Systems Architecture， 2021， 117： 102073.
13	GHOSAL A， HALDER S， CONTI M. STRIDE： scalable and secure over-the-air software update scheme for autonomous vehicles［C］. ICC 2020-2020 IEEE International Conference on Communications （ICC）. IEEE， 2020： 1-6.
14	LI X， YU Y， SUN G， et al. Connected vehicles' security from the perspective of the in-vehicle network［J］. IEEE Network， 2018， 32（3）： 58-63.
15	BOZDALl M， SAMIE M， ASLAM S， et al. Evaluation of can bus security challenges［J］. Sensors， 2020， 20（8）： 2364.
16	HUANG J， ZHAO M， ZHOU Y， et al. In-vehicle networking： protocols， challenges， and solutions［J］. IEEE Network， 2018， 33（1）： 92-98.
17	JO H J， KIM J H， CHOI H Y， et al. Mauth-can： masquerade-attack-proof authentication for in-vehicle networks［J］. IEEE Transactions on Vehicular Technology， 2019， 69（2）： 2204-2218.
18	ZELLE D， PLAPPERT C， RIEKE R， et al. ThreatSurf： a method for automated threat surface assessment in automotive cybersecurity engineering［J］. Microprocessors and Microsystems， 2022， 90： 104461.
19	LU K L， CHEN Y Y. ISO 26262 ASIL-oriented hardware design framework for safety-critical automotive systems［C］. 2019 IEEE International Conference on Connected Vehicles and Expo （ICCVE）. IEEE， 2019： 1-6.
20	KWIATKOWSKA M， NORMAN G， PARKER D. Stochastic model checking［C］. International School on Formal Methods for the Design of Computer， Communication and Software Systems. Springer， Berlin， Heidelberg， 2007： 220-270.
21	KWIATKOWSKA M， NORMAN G， PARKER D. PRISM 4.0： verification of probabilistic real-time systems［C］. International Conference on Computer Aided Verification. Springer， Berlin， Heidelberg， 2011： 585-591.

衡量标准	衡量指标	指标权重
攻击向量（AV）	网络	0.85
	邻居	0.62
	本地	0.55
	物理	0.2
攻击复杂度（AC）	低	0.77
攻击复杂度（AC）	高	0.44
权限要求（PR）	无	0.85
	低	0.62
	高	0.27
用户交互（UI）	不需要	0.85
用户交互（UI）	需要	0.62
机密性（CF）完整性（IG）可用性（AB）	无	0
	低	0.22
	高	0.56
机密性需求（CR）完整性需求（IR）可用性需求（AR）	未定义	1
	低	0.5
	中	1
	高	1.5

ASIL等级	修复值	组件名称
A	52（1周）	TBOX
B	12（1个月）	车灯
C	6（2个月）	倒车影像
D	3（4个月）	中央网关

组件	特征	风险值	修复值
TBOX	4G/以太网	2.0	52
中央网关	无任何防护	5.7	3
	仅IDS	5.7	52
	仅安全认证	1.8	3
	IDS和安全通信	1.8	52
智能仪表中的消息m须满足机密性和完整性	无加密	5.7	6
	HMAC	4.0	6
	AEAD	1.8	6
智能仪表中的消息m 仅须满足完整性	无加密	5.7	6
	HMAC	1.8	6
	AEAD	1.8	6
智能仪表中的消息m 仅须满足可用性	无加密	5.7	6
	HMAC	5.7	6
	AEAD	5.7	6

[1]	Pangwei Wang,Cheng Liu,Yunfeng Wang,Mingfang Zhang. Multi-lane Trajectory Optimization for Intelligent Connected Vehicles in Urban Road Network [J]. Automotive Engineering, 2024, 46(2): 241-252.
[2]	Qin Shi,Liu Shan,Teng Cheng,Qiang Liu,Chuansu Wang,Xing Zhang. Efficient Group Key Distribution Scheme Based on Quantum Random Numbers in VANETs [J]. Automotive Engineering, 2024, 46(2): 300-309.
[3]	Peilong Shi,Xuan Zhao,Zitong Chen,Qiang Yu. Study on Active Control of Exhaust Brake System for Heavy-duty Truck Based on Road Driving Condition Recognition [J]. Automotive Engineering, 2023, 45(1): 104-111.
[4]	Yubo Lian,Heping Ling,Junbin Wang,Hua Pan,Zhao Xie. A Real-time Thermal Runaway Detection Method of Power Battery Based on Guassian Mixed Model and Hidden Markov Model [J]. Automotive Engineering, 2023, 45(1): 139-146.
[5]	Pengfei Li,Yugong Luo,Chang Liu,Weiwei Kong. Control Strategies Design of Intelligent and Connected Vehicle Platoon Under Emergency Conditions [J]. Automotive Engineering, 2022, 44(3): 299-307.
[6]	Zhe Zhou,Zhaozheng Hu,Zhiqiang Wang,Hanbiao Xiao. Visual Map Matching Method for Intelligent Vehicles Based on Second-order HMM [J]. Automotive Engineering, 2022, 44(2): 190-198.
[7]	Xingkai Zhou,Zufang Dou,Xijuan Yang,Qiaoli Yang. Backoff Mechanism and Verification of Adaptive Primary and Secondary Windows Based on IEEE 802.11p [J]. Automotive Engineering, 2022, 44(12): 1856-1865.
[8]	Bing Zhu,Yuhang Sun,Jian Zhao,Peixing Zhang,Tianxin Fan,Dongjian Song. Automatic Extraction Method for Autonomous Vehicle Test Scene Primitives [J]. Automotive Engineering, 2022, 44(11): 1647-1655.
[9]	Yisong Chen,Yunxiang Xing,Xiaoqin Xiong,Libo Lan,Ying Cao,Yongtao Liu. Research on Technical and Economic Evaluation System of Intelligent Connected Vehicles Based on Patent Analysis [J]. Automotive Engineering, 2021, 43(9): 1271-1277.
[10]	Li Keqiang, Chang Xueyang, Li Jiawen, Xu Qing, Gao Bolin, Pan Jian. Cloud Control System for Intelligent and Connected Vehicles and Its Application [J]. Automotive Engineering, 2020, 42(12): 1595-1605.
[11]	Yan Gang, Xiao Kun, Chu Wenbo. Research on Virtualization Technology for ComputingPlatform of Intelligent Connected Vehicles [J]. Automotive Engineering, 2020, 42(1): 33-37.
[12]	Liu Zhiqiang, Wu Xuegang, Ni Jie & Zhang Teng. Driving Intention Recognition Based on HMM and SVM Cascade Algorithm [J]. , 2018, 40(7): 858-.

Quantitative Evaluation and Analysis of On-board Network Components Risk Rate Based on AFC-TARA

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 21

Related Articles 12

Metrics

Comments

Recommended 10