CN110351358A - A kind of car networking safe information transmission and intelligent early-warning system - Google Patents

Abstract

The invention belongs to the technical field of Internet of Vehicles information communication, and discloses a security transmission and intelligent early warning system of Internet of Vehicles information. , WiFi driver and service entry program; mobile phone terminal, service terminal, with 3G/4G module and WiFi module, terminal and one-key terminal wireless communication connection; server background, through 3G or 4G network and mobile phone communication connection. The present invention uses a method system for large-scale heterogeneous data processing. Security management in the era of big data must be data-driven, and must be supported by big data architecture. Based on big data technology, information collection, data fusion, event storage, advanced Security management capabilities such as security analysis, situational awareness and visualization.

Description

A vehicle networking information security transmission and intelligent early warning system

technical field

The invention belongs to the technical field of Internet of Vehicles information communication, and in particular relates to a safety transmission and intelligent early warning system of Internet of Vehicles information.

Background technique

In the current environment of highly electrified, networked, and shared smart terminals, although existing information security technologies have achieved certain success in terminal security such as intelligent connected vehicles, there are many unavoidable security risks in terminal security. Such as generalization of malicious code, monitoring and hijacking of key information, exploration and utilization of system vulnerabilities, escalation of privileges, bypassing of security mechanisms, and many other technologies need breakthroughs; in addition, terminal information security products also lack a standardized verification system. In response to these common problems in the industry, the project team proposed a series of core research contents such as the next-generation Internet of Vehicles security transmission protocol, intelligent early warning technology for vehicle terminal security risks, and information security testing and evaluation technology for the security threats of terminal equipment such as intelligent connected vehicles.

RFID (Radio Frequency Identification) technology, also known as radio frequency identification, is a communication technology that can identify specific targets and read and write related data through radio signals without the need to establish mechanical or optical contact between the identification system and specific targets. .

At present, RFID radio frequency identification technology also has certain defects, such as: 1. Identification errors may occur during batch identification. 2. Privacy issues. 3. The cost of RFID is too high, coupled with the high cost of RFID transmitters, readers, encoders and antennas. 4. The environment or noon containing metal and moisture will interfere with RFID. 5. The open frequency bands of different countries are different, and there is still a problem of consistency.

To sum up, the problems existing in the prior art are: the security threats and identification accuracy of the existing terminal equipment such as intelligent networked vehicles are low.

There is a certain difficulty in the innovative solution of this technical problem, and the development of RFID is relatively fast. To improve it on this basis, it needs strong theoretical and technical support.

Solving the above problems can strengthen information security, provide stronger protection for terminal equipment such as intelligent networked vehicles, and minimize hidden dangers. On the other hand, it can effectively improve the recognition accuracy of terminal equipment such as intelligent networked vehicles, which is of great significance for future development.

SUMMARY OF THE INVENTION

Aiming at the problems existing in the prior art, the present invention provides a safety transmission and intelligent early warning system and method for Internet of Vehicles information, and an intelligent terminal.

The present invention is implemented in this way, a vehicle networking information safety transmission and intelligent early warning system, the vehicle networking information safety transmission and intelligent early warning system includes:

In-vehicle navigation equipment is used to process data, mainly dealing with the data of navigation equipment and the interaction information of equipment, servers and users. The in-vehicle navigation equipment includes a central processing unit that processes data, that is, CPU, which can be ARM, X86 and other chips. The operating system can be Android, Linux and other operating systems;

The memory card is connected to the car navigation device through the USB interface, including USB driver, WiFi driver and service entry program. Users can choose the capacity of the memory card according to their needs;

Mobile terminal and service terminal, with 3G/4G module and WiFi module, the terminal is connected with the background server and the vehicle navigation equipment is connected through wireless communication;

The server backend communicates with mobile phones and tablets through 3G or 4G networks. The server backend contains the cluster library required for data mining, which can reduce operation and maintenance costs through inexpensive physical machine clusters.

Further, the vehicle networking information safety transmission and intelligent early warning system further includes a speaker, a microphone and an audio compiler; the speaker and the microphone are respectively connected with the audio compiler.

Further, the vehicle networking information security transmission and intelligent early warning system also includes:

Internet of Vehicles security transport layer: used to realize the security management of the whole life cycle of the vehicle-end key;

Data processing layer: including big data storage, preprocessing, and calculation, realizing the storage, preprocessing, and calculation of massive terminal data;

Tools-Analysis Engine Test Layer: It includes association rule engine, visual association analysis engine, log search engine, statistical analysis, machine learning, etc. The main function is to process, analyze and learn the data processed by the data processing layer. , to provide solutions and information for the next layer;

Security application layer: detection and discovery of advanced hazards, response and processing of vehicle threats, investigation and analysis, and security operation and maintenance management;

Security Situational Awareness Layer: Automatically sense danger through machine learning.

Another object of the present invention is to provide an on-vehicle information transmission method for the Internet of Vehicles that operates the Internet of Vehicles information safety transmission and intelligent early warning system, and the method for on-board information transmission of the Internet of Vehicles includes:

The first step is to connect the memory card and terminal to the vehicle navigation device for communication;

The second step is to install the service entry program and driver;

In the third step, the mobile phone or tablet is connected to the server through 3G or 4G network, and the WIFI of the mobile phone or tablet is set as a wireless access node to realize the connection between the tablet and the car navigation device;

The fourth step is to open the server background service to provide intelligent and safe services for the terminal;

In the fifth step, the in-vehicle navigation device establishes a connection with the server background, and exchanges data with the server background.

Another object of the present invention is to provide an intelligent terminal of the Internet of Vehicles applying the method for transmitting the in-vehicle information of the Internet of Vehicles.

To sum up, in the current environment where only terminals are highly electrified, networked, and shared, there are many threats to terminal information security. For the information security problem that can only be faced by the terminal, the present invention takes the intelligent networked vehicle as the theme, and constructs an information security architecture that meets the requirements of the intelligent networked vehicle in terms of confidentiality, integrity, availability, etc., and takes the defense in depth system as the main line. The next-generation Internet of Vehicles security transmission protocol for the security threats of terminal equipment such as intelligent networked vehicles simplifies the identity authentication process, optimizes the algorithm, reduces resource consumption and protects the transmission of authentication data; researches the intelligent early warning technology of vehicle terminal security risks, combined with edge computing technology The advanced terminal threat management and control technology improves the accuracy of threat identification and realizes intelligent early warning of security risks; researches the information security testing and evaluation technology of intelligent networked vehicles, forms a set of methods suitable for information security assessment of intelligent terminals, and develops automated testing tools for security functions. It can conduct security tests on smart terminals to effectively discover loopholes in the system. It meets the current security requirements for terminal information.

The invention focuses on the advantageous fields of finance, enterprise, industrial manufacturing, transportation, etc. technically, selects 2-3 typical industrial vehicle networking terminal security application scenarios, and establishes from data acquisition, platform support, to application construction, platform technology adaptation, The application implementation scheme of import, verification, feedback, optimization and adjustment will ultimately promote the promotion of the technology and products of the present invention to a wider range of industries and achieve greater demonstration application value. A secure transmission protocol based on high concurrency, high performance, low resource consumption, and multi-terminal business linkage requirements based on in-vehicle network; from the perspective of safe operation and maintenance, an intelligent early warning system for vehicle terminal security risks is developed to provide technical support for the safe operation of intelligent connected vehicles; Automated testing tools test and evaluate the security level of smart terminals from the perspective of "attack". The implementation of the defense-in-depth thought and the research idea of combining attack and defense make the research method of the present invention in a leading position in China.

Compared with the prior art, the present invention also has the following advantages:

First, promote the improvement of enterprise innovation capabilities.

Improve the competitiveness of software enterprises in technological innovation and talent training in the field of big data, cultivate the "leading" status of regional software enterprises in the application field, shorten the gap between the software industry and the key technologies of information security, and accelerate the development of the information security software industry and technological innovation capacity building.

Second, drive regional technological innovation and industrial development.

After the completion of the project, it can provide support for the construction of "digital city", "smart city" and "smart manufacturing", drive the development of high-tech and information industries, promote the improvement of the core technological competitiveness of software enterprises, and expand the market of regional brand software products. The market share at home and abroad can meet the requirements of key information security technologies in various fields of the national economy, and improve the security protection of (key) industries and products.

Third, drive the training of high-level talents in the region.

During the development process of the present invention, through continuous technical training and business training, a large number of excellent human resource teams that can adapt to future international competition and challenges will be cultivated and become the most valuable asset of China's software industry. At the same time, a complete value chain will gradually be formed during the construction of the project, attracting supporting enterprises to enter, and creating employment opportunities for the whole country.

Description of drawings

FIG. 1 is a schematic structural diagram of a safety transmission and intelligent early warning system for Internet of Vehicles information provided by an embodiment of the present invention.

In the figure: 1. Vehicle navigation equipment; 2. Memory card; 3. Mobile phone/terminal; 4. Service terminal; 5. Server background.

FIG. 2 is a flowchart of a method for transmitting on-board information of the Internet of Vehicles provided by an embodiment of the present invention.

FIG. 3 is a schematic structural diagram of a security transport layer of the Internet of Vehicles provided by an embodiment of the present invention.

Detailed ways

In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

The invention proposes a next-generation Internet of Vehicles security transmission protocol aimed at the security threats of terminal equipment such as intelligent networked vehicles, simplifies the identity authentication process, optimizes the algorithm, reduces resource consumption and protects the transmission of authentication data; combined with the terminal threat management and control technology based on edge computing technology, Improve the accuracy of threat identification, realize intelligent security risk early warning, and form a method suitable for intelligent terminal information security assessment to effectively find vulnerabilities in the system.

The application principle of the present invention will be described in detail below with reference to the accompanying drawings.

As shown in FIG. 1 , the vehicle networking information security transmission and intelligent early warning system provided by the embodiment of the present invention includes: a vehicle navigation device 1 , a memory card 2 , a mobile phone terminal 3 , a service terminal 4 , and a server background 5 .

In-vehicle navigation device 1: The in-vehicle navigation device 1 has a central processing unit for processing data, that is, a CPU, which can be chips such as ARM and X86. In practical applications, the operating system of the in-vehicle navigation device 1 can be Android, Linux and other operating systems.

Memory card 2: It is mainly connected to the car navigation device 1 through the USB interface. The memory card 2 contains the USB driver, WiFi driver and service entry program.

Mobile terminal 3, service terminal 4: with 3G/4G module and WiFi module, the terminal is connected with the one-key terminal for wireless communication.

Server background 5: The server background 5 communicates with the mobile phone through a 3G or 4G network.

In the preferred embodiment of the present invention, in order to improve the convenience and practicability of the system and facilitate the voice communication between the user and the service background, the real-time data transmission system of the Internet of Vehicles also includes a speaker, a microphone and an audio compiler. The speaker and the microphone are respectively connected with Audio Compiler Link.

In order to ensure the security of the vehicle information transmission system, the server backend 5 has active defense measures, breaking through the passive defense mechanism of traditional security products, using machine learning-based threat models to explore and analyze theoretical models for self-service, emphasizing the construction of active security mechanism to carry out proactive security defense, including integrated vulnerability management, configuration verification, and the introduction of external threat intelligence for active security early warning and active operation and maintenance.

As shown in FIG. 2 , the method for transmitting the in-vehicle information of the Internet of Vehicles provided by the embodiment of the present invention includes the following steps:

S201: Connect the memory card and the terminal to the vehicle navigation device for communication;

S202: Install the service entry program and driver;

S203: The mobile phone or tablet is connected to the server through 3G or 4G network, and the WIFI of the mobile phone or tablet is set as a wireless access node to realize the connection between the tablet and the vehicle navigation device;

S204: Enable the server background service to provide the terminal with intelligent and safe services, so as to facilitate the connection between the vehicle-mounted device and the terminal;

S205: The in-vehicle navigation device establishes a connection with the server background, and exchanges data with the server background.

In a preferred embodiment of the present invention, step S204 specifically includes the security transport layer of the Internet of Vehicles (simplifies the identity authentication process, optimizes the algorithm, designs the key injection mechanism, combines the security storage and the key update mechanism of the protocol, realizes the encryption of the vehicle end Security management of the key life cycle.), data processing layer (mainly including big data storage, preprocessing, calculation), tool-analysis engine measurement layer, security reference layer, security situation awareness layer. The specific content is shown in Figure 3.

To sum up, in the method and system for in-vehicle information transmission of the Internet of Vehicles provided by the embodiments of the present invention, the use of big data, optimization of security transmission protocols, etc., has made significant progress in the original Internet of Vehicles technology.

The main process of the secure transmission protocol includes the format of the payload data packet, the data sending process, the data receiving process, and the processing of the broadcast packet.

The payload data packet format of the vehicle information transmission system mainly includes the data packet serial number, the data packet processing action payload data, the padding area, the padding length, and the authentication data. The packet sequence number (32 bits) is an incrementing counter for anti-replay attacks; the datagram processing action specifies what to do with the data after receiving the packet; the variable-length payload data is a transport layer Payload, if the data requires confidentiality, this part of the data is the encrypted data; the padding length (8 bits) is used to record the number of bytes in the padding area; the authentication data includes the integrity check of the data packet calculation except the authentication data field value (or signature).

In the data sending process, when a request to send data is received, it first checks whether it matches the security policy. If there is no match, the packet is dropped. Check the type of the data packet, if it is a broadcast packet, sign it and then proceed to the next step; if it is not a broadcast packet, check whether there is a corresponding connection (if not, establish a connection), and then generate the data packet sequence number , select the code of the processing action, if the data needs to be encrypted for transmission, encrypt the data packet according to the agreed encryption algorithm and session key or encrypt it directly with the public key (when using a symmetric encryption algorithm). Determines whether to generate message authentication or signature according to the selected action. Finally the packet is sent to the network.

When the background server receives the data packet from the network card through the network, it checks whether it matches the security policy. If it does not match, the data packet is discarded; the type of the data packet is checked, and if it is a broadcast packet, the authentication process is performed. If the authentication fails, discard the data packet; if the type is non-broadcast packet, check whether there is a corresponding connection, check whether the serial number of the data packet is within the acceptable range, and decide whether to verify the signature or verify the message according to the action type. The above three cases , if not, discard the packet. If the data packet has been encrypted, the secret will be revealed, and the processed data packet will be parsed and saved in the server database.

The present invention intends to focus on the potential security threats of new intelligent terminals such as intelligent networked vehicles, and study the next-generation information security key research and application of intelligent networked vehicles for intelligent declaration forms. Intelligent early warning technology, information security testing and evaluation technology and other technical problems, develop an integrated and standardized platform software system for the safe operation of a new generation of intelligent networked vehicles, provide security strategies for secure communication, identity authentication, and security monitoring, and make breakthroughs in the next generation Key technologies such as information security product design, research and development, testing, and industrialization provide security for new smart terminals and smart tools such as connected cars. The main research contents are as follows:

1) Internet of Vehicles Secure Transmission Protocol

Aiming at the characteristics of the overall system framework of the vehicle terminal system, user terminal system and cloud service system in the Internet of Vehicles, research the security transmission protocol of the Internet of Vehicles that meets the following requirements:

- Low resource consumption, low bandwidth, and attack detection for in-vehicle terminal systems

Taking the traditional security transmission protocol as a reference, the security transmission protocol is designed according to the characteristics of the vehicle terminal system, the identity authentication process is simplified, the algorithm is optimized, and the resource consumption and authentication data transmission are reduced. According to the mass production process of the vehicle terminal equipment, the key injection mechanism is designed, combined with the security storage and the key update mechanism of the protocol, to realize the security management of the vehicle end key in the whole life cycle. The Internet of Vehicles security protocol provides a security threat reporting mechanism. When the Internet of Vehicles terminal finds a security threat, it can report the relevant information to the security management platform for unified analysis and processing based on the Internet of Vehicles security protocol.

- High performance, high availability and high security of cloud service system

Through framework optimization and cluster technology, the server-side secure transmission gateway supports the high concurrency of tens of millions of car factories. Provide a complete data backup and recovery mechanism to ensure the availability and security of key data under high load conditions.

-Multi-terminal linkage of Internet of Vehicles business

Provide smart phone terminal, vehicle terminal and cloud server three-party business linkage technology, so that the three parties are associated with certification, monitor the whole process of vehicle control business flow, and strengthen vehicle control security. Realize data intelligent analysis technology and quickly mine key information of third-party business to optimize business characteristics and achieve safe and efficient operation and maintenance management.

2) Vehicle terminal security risk intelligent early warning system

The new generation of security management and early warning requires the collection of massive raw data from the terminal, combined with threat intelligence in the cloud, to conduct all-round continuous monitoring, as well as mining and analysis. This requires the system to have massive data collection capabilities, storage capabilities, retrieval capabilities, and multi-dimensional correlation capabilities, as well as continuous access to high-quality threat intelligence. The drive of big data and threat intelligence has become the new core driving force. The vehicle terminal security risk intelligent early warning system uses threat intelligence, security big data search, data mining, automatic correlation analysis, statistical calculation, machine learning and other new technical means to innovate and enrich the traditional means, and the visual analysis technology will also be used in the terminal. The external security situation is presented as a whole, so that managers can grasp the security situation of the terminal in real time and ensure the smooth operation of the automotive intelligent network business.

The vehicle terminal security risk intelligent early warning system combines the terminal threat management and control technology based on edge computing technology to improve the accuracy of threat identification and realize intelligent security risk early warning. It will become a new tool for discovering vehicle terminal security threats and anomalies.

In terms of platform architecture, the vehicle terminal security risk intelligent early warning system is divided into data collection, big data storage and retrieval, data analysis engine tools, security applications, and situational awareness, providing users with a new "brain" for security management and operation. A platform that collaborates with wisdom.

3) Information security testing and evaluation technology and capacity building

With the rapid development of smart terminals in network security, relevant national standards or industry standards will gradually emerge. How to conduct network security evaluation based on standards is of great significance to the evaluation of standard compliance. The present invention will study the information security evaluation method.

It should be noted that the embodiments of the present invention may be implemented by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using special purpose logic; the software portion may be stored in memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those of ordinary skill in the art will appreciate that the apparatus and methods described above may be implemented using computer-executable instructions and/or embodied in processor control code, for example on a carrier medium such as a disk, CD or DVD-ROM, such as a read-only memory Such code is provided on a programmable memory (firmware) or a data carrier such as an optical or electronic signal carrier. The device and its modules of the present invention can be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, etc., or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., It can also be implemented by software executed by various types of processors, or by a combination of the above-mentioned hardware circuits and software, such as firmware.

The above descriptions are only preferred embodiments of the present invention and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included in the protection of the present invention. within the range.

Claims (5)

1. A vehicle networking information safety transmission and intelligent early warning system, characterized in that the vehicle networking information safety transmission and intelligent early warning system comprise: In-vehicle navigation equipment, which is used to process data, including the data of navigation equipment and the interaction information of equipment, servers and users, and the in-vehicle navigation equipment includes a central processor for processing data; The memory card is connected to the car navigation device through the USB interface, including USB driver, WiFi driver and service entry program. Users can choose the capacity of the memory card according to their needs; With 3G/4G module and WiFi module, the terminal is connected with the background server and the vehicle navigation equipment through wireless communication; The server backend communicates with mobile phones and tablets through 3G or 4G networks. The server backend contains the cluster library required for data mining, reducing operation and maintenance costs through physical machine clusters. 2. The safety transmission of Internet of Vehicles information and the intelligent early warning system as claimed in claim 1, wherein the safety transmission of information of the Internet of Vehicles and the intelligent early warning system also comprise a horn, a microphone and an audio compiler; Compiler link. 3. The Internet of Vehicles information security transmission and intelligent early warning system as claimed in claim 1, wherein the Internet of Vehicles information security transmission and intelligent early warning system further comprises: The security transport layer of the Internet of Vehicles is used to realize the security management of the whole life cycle of the vehicle-end key; The data processing layer, including big data storage, preprocessing, and calculation, realizes the storage, preprocessing, and calculation of massive terminal data; Tools-Analysis engine measurement layer, including association rule engine, visual association analysis engine, log search engine, statistical analysis, machine learning, processing, analyzing and learning the data processed by the data processing layer, providing solutions for the next layer and information; Security application layer, detection and discovery of advanced hazards, response and processing of vehicle threats, investigation and analysis, and security operation and maintenance management; The security situational awareness layer realizes automatic sensing of danger through machine learning. 4. A vehicle-connected vehicle information transmission method for running the vehicle-connected information safety transmission and intelligent early warning system according to claim 1, wherein the vehicle-connected vehicle-mounted information transmission method comprises: The first step is to connect the memory card and terminal to the vehicle navigation device for communication; The second step is to install the service entry program and driver; In the third step, the mobile phone or tablet is connected to the server through 3G or 4G network, and the WIFI of the mobile phone or tablet is set as a wireless access node to realize the connection between the tablet and the car navigation device; In the fourth step, the device packs the data to be sent. The format of the data packet mainly includes the serial number of the data packet, the data packet processing action payload, the padding area, the padding length, and the authentication data; when receiving a request to send data, first Check whether it matches the security policy; if not, discard the data packet; check the type of the data packet, if it is a broadcast packet, sign it and proceed to the next step; if it is not a broadcast packet, check whether there is a corresponding connection , if it does not exist, establish the connection; then generate the serial number of the data packet, select the code of the processing action, if the data needs to be encrypted for transmission, encrypt the data packet according to the agreed encryption algorithm and session key or encrypt it directly through the public key ; Determine whether to generate message authentication or signature according to the selected action; finally send the data packet to the network; The fifth step, when the background server receives the data packet from the network card through the network, it checks whether it matches the security policy. If it does not match, the data packet is discarded; the type of the data packet is checked. Processing; if the authentication fails, discard the data packet; if the type is non-broadcast packet, check whether there is a corresponding connection, check whether the data packet serial number is within the acceptable range, and decide whether to verify the signature or verify the message according to the action type. In this case, if not, discard the packet. If the data packet has been encrypted, the secret will be revealed, and the processed data packet will be parsed and saved in the server database; The sixth step is to open the server background service to provide intelligent and safe services for the terminal; In the seventh step, the vehicle navigation device establishes a connection with the server background, and exchanges data with the server background. 5. A vehicle networking intelligent terminal applying the vehicle networking vehicle information transmission method of claim 4.