Abstract: To enhance the security of Ethernet communication involving multisource vehicle information in automated driving, a hybrid functional safety strategy based on endtoend (E2E) and secure onboard communication (SecOC) is proposed. Based on the characteristics of the vehicle electronic and electrical architecture, and in accordance with the AUTOSAR security specification, the strategy firstly employs virtual LAN domain isolation division technology to construct a multidomain and layered network security architecture from the outside to the inside; Secondly, a secure onboard Ethernet communication protocol reliant on the IEE802.1Q and SecOC policies is designed. An improved method of slidingwindow payload updating is also proposed; Finally, authentication, encryption, and secure onboard communication are implemented on sensitive data of the Ethernet network. Sensitive data to implement information security functions such as authentication, encryption and decryption operations and freshness value synchronization management. The test results demonstrate that the implementation of this strategy realizes the data tampering prevention and replay prevention attack during the interdomain Ethernet communication of multisource vehicle information, and makes the sensitive data have multilevel protection features from access restriction, information encryption and protection to identity uniqueness, which further provides a strategy idea for the interdomain Ethernet information security of selfdriving vehicles.

Key words: driverless, multisource vehicle information, Ethernet, E2E, SecOC

摘要： 针对自动驾驶多源车身信息的以太网通信安全问题，提出一种基于端到端(end to end, E2E)和安全板载通信(secure onboard communtication, SecOC)的混合功能安全策略.依据整车电子电气架构特征结合AUTOSAR安全规范，首先采用虚拟局域网域隔离划分技术构建由外及内的多域分层的网络安全架构；其次设计依托于IEE802.1Q和SecOC策略的车载以太网安全通信协议，并在此基础上提出一种改进的滑动窗口有效载荷更新方法；最后对以太网敏感数据实施身份验证、加解密运算及新鲜度值同步管理等信息安全功能.测试结果表明，该策略的实施实现了多源车身信息在域间以太网通信过程中的数据防篡改及防重放攻击，且使敏感数据具有从访问限制、信息加密保护到身份唯一性的多级防护特征，进一步为自动驾驶车辆的域间以太网信息安全提供解决思路.

关键词: 无人驾驶, 多源车身信息, 以太网, 端到端, 安全板载通信