A Method and Practice of Internet of Vehicle OTA Based on CA and KMS

Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (5): 469-.

Previous Articles Next Articles

A Method and Practice of Internet of Vehicle OTA Based on CA and KMS

Online:2023-05-01 Published:2023-04-29
About author:张相雨硕士，工程师.主要研究方向为车联网信息安全、PKI技术在车联网领域的应用. zhangxiangyu@catarc.ac.cn 张文翠硕士，高级工程师.主要研究方向为车联网通信身份安全、汽车信息安全. zhangwencui@catarc.ac.cn 李岩高级工程师.主要研究方向为智能网联技术、计算机信息安全、工业互联网标识技术. liyan2016@catarc.ac.cn 苏位中工程师.主要研究方向为车联网OTA技术、车联网云控技术. suweizhong@catarc.ac.cn

基于数字证书和密钥管理系统的车联网远程升级方法及实践

张相雨;张文翠;李岩;苏位中;

(中汽智联技术有限公司天津300112)
(中国汽车技术研究中心有限公司天津300380)

通讯作者: 张相雨硕士，工程师.主要研究方向为车联网信息安全、PKI技术在车联网领域的应用. zhangxiangyu@catarc.ac.cn

Abstract

Abstract: OTA technology has gradually become a standard part of mass production vehicles, and OTA security is a key link of vehicle information security. Based on the analysis of OTA security risks and countermeasures, an OTA method based on CA and KMS is proposed, which provides security protection from the generation, storage, download and security verification of the upgrade package. This method is verified on some preproduction vehicles, effectively improving the authenticity, integrity and confidentiality protection of the vehicle OTA upgrade package in all aspects.

Key words: Internet of vehicle OTA, digital certificate, symmetrical encryption, digital signature, key management

摘要： 车联网OTA技术已经逐渐成为量产车型的标配，OTA安全是车辆信息安全的关键一环.分析了当前车联网OTA安全风险和应对措施，提出了基于CA和KMS的OTA方法，从升级包的生成、存储、下载和安全验证各环节进行安全保护，并在预量产车型上进行了验证，有效提升了车辆OTA升级包在各环节的真实性、完整性和保密性保护.

关键词: 车联网OTA, 数字证书, 对称加密, 数字签名, 密钥管理

CLC Number:

中图法分类号TP393

张相雨, 张文翠, 李岩, 苏位中, . 基于数字证书和密钥管理系统的车联网远程升级方法及实践[J]. 信息安全研究, 2023, 9(5): 469-.

References

［1］钟永超, 杨波, 杨浩男, 等.智能网联汽车安全综述［J］. 信息安全研究, 2021, 7(6): 558565［2］陈山枝, 葛雨明, 时岩. 蜂窝车联网(CV2X)技术发展、应用及展望［J］. 电信科学, 2022, 38(1): 112［3］李骏. 节能与新能源汽车技术路线图2.0［R］. 上海: 中国汽车工程学会, 2020［4］朱云尧, 吴胜男. 国内外智能网联汽车软件在线升级法规分析［J］. 汽车文摘, 2022 (10): 610［5］UNECE. UN Regulation No.156 Software update and software update management system［S］. Brussels: UNECE, 2021［6］市场监管总局办公厅. 关于进一步加强汽车远程升级(OTA)技术召回监管的通知［EBOL］. (20201125) ［20221123］. https:www.samr.gov.cnzwzh202011t20201125_323858.html［7］工业和信息化部装备工业发展中心. 关于开展汽车软件在线升级备案的通知［EBOL］. ［20220415］. http:www.miiteidc.org.cnart2022415art_54_30478.html［8］施庆国, 尚海立, 马婕, 等. 智能网联汽车的OTA升级方案［C］ 2018中国汽车工程学会年会论文集. 北京: 机械工业出版社, 2018: 4955［9］牛凡, 云朋, 韩宇. 一种安全升级方法、装置、服务器、设备和介质: 中国, CN108566381A［P］. 20180921［10］吴新开, 王朋成, 陈恒威, 等. 基于双向身份认证的网联汽车安全远程更新方法: 中国, CN112713999A［P］. 20210427［11］谭凡. 智能网联汽车FOTA系统安全机制的研究与实现［D］. 成都: 电子科技大学, 2020［12］李旭华, 刘茂勇, 周洪涛. 一种基于数字签名和加密的汽车OTA升级信息安全实现方法: 中国, CN114327532A［P］. 20220412［13］陈怡丹, 李馥娟. 数字证书安全性研究［J］. 信息安全研究, 2021, 7(9): 836843［14］Jayantbhai P S, Patel S. A research on secure routing using cluster based key management system［JOL］. ［20221123］. http:ijariie.comAdminUploadPdf［15］Jia Yu, Li Zhen. Auxiliary system for contract signing based on electronic signature technology［JOL］. ［20221123］. http:www.hindawi.comjournalswcmc20221221162［16］刘熙胖, 廖正赟, 卫志刚. 面向物联网信息安全保护的轻量化密钥体系设计［J］. 信息安全研究, 2018, 4(9): 819824

[1]	. Design of Unified Password Service Platform Based on Cloud Architecture [J]. Journal of Information Security Reserach, 2021, 7(E1): 22-.
[2]	. Research on Security of Digital Certificate [J]. Journal of Information Security Reserach, 2021, 7(9): 836-843.
[3]	. Research on the Application of Digital Certificate System Based on Block Chain in E-Government Extranet [J]. Journal of Information Security Research, 2021, 7(1): 81-85.
[4]	. Identity Authentication Method Based on Blockchain Technology in Telecommuting [J]. Journal of Information Security Research, 2020, 6(4): 317-326.
[5]	. A Dual Private Key Security Factor Identity Scheme Based on USB Key [J]. Journal of Information Security Research, 2019, 5(6): 500-506.
[6]	. Cloud-Collaboration Key Protection Mechanism [J]. Journal of Information Security Research, 2019, 5(10): 898-903.
[7]	. Designing and Implementation of Trusted Identity Verification Service [J]. Journal of Information Security Research, 2019, 5(10): 904-907.
[8]	. On the Development of the Practical Security of Public Key Cryptosystems [J]. Journal of Information Security Research, 2019, 5(1): 29-38.
[9]	. Security Enhancement of Certificate Services in Public Key Infrastructures [J]. Journal of Information Security Research, 2019, 5(1): 50-58.
[10]	Wu Zhijun. SSL Protocol Interactive Authentication Scheme for System Wide Information Management [J]. Journal of Information Security Research, 2017, 3(8): 0-0.
[11]	. Quantum Key Digital Certificate System and Its Application [J]. Journal of Information Security Research, 2017, 3(6): 494-500.
[12]	. The Construction and Application of the Cloud Authentication Service Mode on Chinese Center for Disease Control and Prevention Information System [J]. Journal of Information Security Research, 2017, 3(6): 554-559.
[13]	. Research on Trusted Computing Technology and Its Development [J]. Journal of Information Security Research, 2016, 2(9): 834-844.
[14]	. The Application Research of Reliable Electronic Signature in the Field of Arbitration [J]. Journal of Information Security Research, 2016, 2(6): 519-522.
[15]	. Application Technology of Electronic Authentication Based on USBKey in Domestic Operating System [J]. Journal of Information Security Research, 2016, 2(6): 523-526.

A Method and Practice of Internet of Vehicle OTA Based on CA and KMS

基于数字证书和密钥管理系统的车联网远程升级方法及实践

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics