Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides the vehicle intranet identity authentication method based on the quantum random number generator, solves the problem that the existing vehicle intranet is lack of ECU identity authentication, and makes up for the defects caused by vehicle intranet plaintext communication.
In order to achieve the purpose, the invention adopts the following technical scheme that:
an identity authentication method for an in-vehicle network based on a quantum random number generator comprises the following steps:
s1, arranging a random number generator on a vehicle, wherein the random number generator is used for generating random numbers and storing the generated random numbers in a register of an intelligent gateway on the vehicle;
s2, the intelligent gateway sends the stored random numbers to each ECU (electronic control unit) in the vehicle; the ECU receives the random number and stores the received random number as a pre-stored random number;
s3, when the vehicle is started, the intelligent gateway performs identity authentication on the ECU in the vehicle by using the random number generator, and the authentication process is as follows:
s31, the ECU sends an identity authentication request to the intelligent gateway;
s32, after receiving the identity authentication request of the ECU, the intelligent gateway grants the authority of the ECU to read the new random number in the register;
s33, after the ECU obtains the authority, reading a new random number in the register; the new random number in the register is a random number newly generated by a random number generator;
s34, the ECU encrypts the identity authentication information by taking the read new random number as a secret key and sends an encrypted ciphertext to the intelligent gateway; the identity authentication information comprises MAC information of the ECU and a pre-stored random number;
s35, after receiving the ciphertext, the intelligent gateway decrypts the ciphertext by using the new random number as a symmetric key to obtain decrypted identity authentication information; after decryption is completed, the intelligent gateway destroys the new random number;
and S36, the intelligent gateway verifies the prestored random number in the decrypted identity authentication information, compares whether the prestored random number in the decrypted identity authentication information is the same as the random number sent to the ECU by the intelligent network gateway in the step S2 to judge whether the identity of the ECU is legal or not, if so, indicates that the identity of the ECU is legal, otherwise, indicates that the identity of the ECU is illegal.
Preferably, the random number generator is a quantum random number generator for generating true random numbers.
Preferably, in step S2, the random numbers sent by the intelligent network gateway to the ECUs in the vehicle are different, that is, the pre-stored random numbers of the ECUs in the vehicle are different.
The invention has the advantages that:
(1) The invention arranges the random number generator at the vehicle end, firstly uses the random number generated by the random number generator as the static random number for the identity authentication of the ECU of the vehicle intranet, then uses the random number generated by the random number generator as the secret key in the authentication process to symmetrically encrypt the information of the identity authentication information.
(2) The invention has both dynamic random number used for information encryption and static random number used for improving the MAC information security, and adds the static random number to each ECU in the security environment, thereby ensuring that the MAC | pre-stored random number CAN not be copied, and the intelligent gateway uses the dynamic random number provided by the quantum random number generator as a symmetric key to encrypt the identity authentication message, and the dynamic random number is destroyed after being used, thereby ensuring the security of the information communication of the vehicle intranet, and providing a scheme of identity authentication and encryption for the CAN network communication.
(3) In the prior art, the acquisition of random numbers is a pseudo-random number generated by using an algorithm, and the pseudo-random number is generated according to a specific complex algorithm and still has periodicity in nature. Therefore, as long as a hacker obtains a pseudo random number algorithm and obtains parameters used in the pseudo random number algorithm, it is possible to obtain this pseudo random number in advance. However, the quantum random number generator is arranged at the vehicle end, and generates the true random number in a physical mode, and the true random number cannot be known in advance.
(4) Because the ciphertext after the symmetric encryption is equal to the plaintext in length and the encryption speed is high, the requirement of timely identity authentication in the vehicle intranet can be met.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a car intranet identity authentication method based on a quantum random number generator includes the following steps:
s1, a quantum random number generator is arranged on a vehicle and used for generating true random numbers and storing the generated true random numbers in a register of an intelligent gateway on the vehicle;
the quantum random number generator is a prior art, and as shown in fig. 3, a process of generating random numbers by the quantum random number generator includes four steps of random source selection, digital sampling, data post-processing, and randomness test. Based on different random sources, different random number generation schemes need to be adopted, and in the embodiment, a physical system is selected as a random source and a measurement result is obtained after the physical system passes through a measurement device; the measurement result is converted into a binary random bit string through digital sampling, and the binary random bit string is used as an original random number; because the original random sequence may contain some classical noises and some deviations still exist in the statistical distribution of the original random sequence, the original random sequence also needs to be subjected to randomness post-processing, namely data post-processing, and further converted into a smaller and more ideal random sequence without deviations; finally, to verify the quality of the generated random numbers, the generated random numbers are typically tested for randomness using standard randomness test software packages.
S2, when the vehicle leaves a factory after being assembled, the intelligent gateway respectively sends the stored random numbers to each ECU (electronic control unit) in the vehicle; the ECU receives the random number and stores the received random number as a pre-stored random number.
After the vehicle is assembled, the intelligent gateway distributes the stored random numbers to each ECU, and the guarantee is improved for subsequent identity authentication. Because the number of the vehicle-mounted ECUs is limited, as long as the digits of the binary random numbers are enough, the pre-stored random numbers given to each ECU are different, and the pre-stored random numbers of each ECU cannot be changed or replaced, so that the vehicle-mounted ECUs are relatively static random numbers.
And S3, the starting and flameout of the vehicle are regarded as a period, and re-authentication is required in each period. Therefore, when the vehicle is started, the intelligent gateway performs initial identity authentication on the ECU in the vehicle, and the quantum random number generator provides support for the intelligent gateway to perform identity authentication on the ECU. With reference to fig. 2, the authentication process specifically includes:
s31, the ECU sends an identity authentication request to the intelligent gateway;
s32, after receiving the identity authentication request, the intelligent gateway grants the ECU the right to read the new random number in the register;
s33, after the ECU obtains the authority, reading a new random number in the register;
the register is a register of the intelligent gateway, and the new random number in the register is a new true random number generated by the quantum random number generator;
s34, the ECU encrypts the identity authentication information by taking the read new random number as a secret key and sends an encrypted ciphertext to the intelligent gateway; the identity authentication information comprises MAC information of the ECU and a pre-stored random number;
s35, after receiving the ciphertext, the intelligent gateway decrypts the ciphertext by using the new random number as a symmetric key to obtain decrypted identity authentication information; after decryption is completed, the intelligent gateway destroys the new random number, the new random number is equivalent to a dynamic random number, and the new random number is destroyed after use;
and S36, the intelligent gateway verifies the prestored random number in the decrypted identity authentication information, compares whether the prestored random number in the decrypted identity authentication information is the same as the prestored random number sent to the ECU by the intelligent network gateway in the step S2 to judge whether the identity of the ECU is legal or not, if so, indicates that the identity of the ECU is legal, otherwise, indicates that the identity of the ECU is illegal.
The invention arranges the quantum random number generator at the vehicle end, firstly uses the true random number generated by the quantum random number generator as the static random number for the identity authentication of the ECU in the vehicle intranet, then uses the true random number generated by the quantum random number generator as the key in the authentication process to symmetrically encrypt the information of the identity authentication information, and because the ciphertext after symmetric encryption is equal to the plaintext in length and the encryption speed is high, the requirement of the identity authentication in the vehicle intranet can be met in time. Meanwhile, the defects that an identity authentication mode is lacked inside and outside the vehicle and plaintext communication is achieved at present are overcome.
The invention has both dynamic random number used for information encryption and static random number used for improving MAC information security, and adds static random number to each ECU in security environment, thereby ensuring MAC | pre-stored random number CAN not be copied, and the intelligent gateway uses the dynamic random number provided by quantum random number generator as symmetric key to encrypt the identity authentication message, and provides an ECU initialized identity authentication scheme for CAN network communication.
As shown in fig. 4, the CAN network of a typical fuel vehicle CAN be divided into the following 5 CAN buses:
1. power assembly CAN bus PT CAN bus (Powertrain CAN)
The following ECUs are typically present on the PT CAN bus:
an Engine Control Module ECM (Engine Control Module);
an electronic airbag SRS (supplemental restraint system);
a Battery Management System BMS (Battery Management System);
electronic parking system EPB (Electronic Park Brake).
2. Chassis control CAN bus CH CAN bus (Chassis CAN)
The following ECUs are typically present on the CH CAN bus:
antilock braking System ABS (Antilock Brake System);
electronic Stability Program (ESP) for vehicle bodies;
electric Power Steering (EPS).
The CH CAN bus is also responsible for braking/stabilizing/steering of a vehicle chassis and each wheel;
3. vehicle body control bus (body CAN bus)
The Body CAN bus is responsible for the management and control of intelligent hardware for improving comfort/safety on the vehicle Body, and the network signal priority of the Body CAN bus is lower because the intelligent hardware for improving comfort/safety is auxiliary equipment.
4. Entertainment system bus, namely info CAN bus (Informatial CAN)
The Info CAN bus is responsible for management and control of intelligent hardware used for improving entertainment on a vehicle body, and because the intelligent hardware used for improving entertainment is auxiliary equipment, the network signal priority of the Info CAN bus is low.
5. Diagnostic control bus, i.e., diag CAN bus (diagnosese CAN)
The Diag CAN bus mainly provides a remote diagnosis function and only has one ECU.
In this embodiment, the effectiveness of the method of the present invention is analyzed and verified in the following scenarios:
a hacker newly adds a dummy ECU to the CAN network.
The intelligent gateway can authenticate the identity of each ECU in the vehicle every time the vehicle is started, and the new ECU is forged, so that the pre-stored random number in the pseudo ECU is forged, when the pseudo ECU applies for identity authentication, the pseudo ECU is granted the right to read the new random number and uses the new random number as a symmetric key, the pseudo ECU encrypts the MAC information of the pseudo ECU and the pseudo pre-stored random number, the intelligent gateway decrypts the encrypted pseudo pre-stored random number, detects and compares the decrypted pseudo pre-stored random number, and finds that the pseudo pre-stored random number of the pseudo ECU cannot be inquired in the intelligent gateway, so that the pseudo ECU is judged to be a forged identity.
In addition, in the prior art, the acquisition of random numbers is a pseudo random number generated by using an algorithm. Pseudo-random numbers are generated according to a specific complex algorithm and still periodic in nature. For example, the rand function in c + + language is essentially a linear congruence method, and the basic idea is to obtain the next number by performing linear operation and modulus on the previous number, and to realize the maximum cycle period by reasonably setting parameters, and the random number sequence generated in one cycle calculation is approximately random. The random number sequence is a set of samples of a uniformly distributed random variable, the result of which should be unpredictable, each number in the sequence being independent and subject to uniform distribution.
The pseudo random number obtained by the prior art is obtained by an algorithm, and therefore, as long as a hacker obtains a random number algorithm and obtains a parameter used in the random number algorithm, it is possible to obtain the random number in advance. However, the quantum random number generator is arranged at the vehicle end, and generates a true random number in a physical mode, and the true random number cannot be known in advance.
The invention is not to be considered as limited to the specific embodiments shown and described, but is to be understood to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention as defined by the appended claims.