Internet of vehicles security situation awareness based on intrusion detection protection systems

Abstract

With the rise of technologies such as mobile Internet, 5G networks and artificial intelligence, the development of Internet of Vehicle Information Security (ICVS) has become the mainstream and direction for the future development of the automotive industry. ICVS, people, roads, clouds, and APP constitute a complex network of vehicles. As part of the Internet, vehicle networking will inevitably face various complex information security threats and risks. This paper aims to design a kind of security situation awareness of Internet of vehicles based on intrusion detection protection systems (IDPS). By collecting the security data of car, app and private cloud for big data analysis, the whole smart car security situation awareness system is constructed. The system can be used to analyze potential threats, send out warnings, and carry out emergency responses.

Keywords

Internet of Vehicle Information Security intrusion detection protection systems intrusion detection system battery management system telematics service provider over-the-air technology

1. Introduction

There is a natural contradiction between the convenience and safety of automobile use, and with the continuous development of automobile technology, the birth of intelligent connected vehicle and the corresponding Internet of vehicles makes this contradiction to the peak [1, 2, 3].

In July 2015, “white hat hackers” Charlie Miller and Chis Hlmlk demonstrated how to “hijack” Jeep free light in motion by means of remote command through intruding into Chrysler’s ucomect vehicle cutting system and causing it to roll over. Such a security threat has seriously affected the life safety of the people on the board. A series of attacks on the intelligent connected automobile make people question its security, and accelerate people’s in-depth examination of the information security of the intelligent connected automobile year [4]. For every enterprise of the Internet of intelligent vehicles, it is a major challenge to build a reliable and practical security protection system for the Internet of intelligent vehicles without affecting the user experience.

As an important part in the development of intelligent connected vehicles, the information security of Internet of vehicles is the key component of the overall construction of information security [5, 6, 7]. In recent years, automobile manufacturers have been carrying out extensive research on vehicle information security risk consultation, protection service, situation awareness and emergency response, and sparing no effort to ensure the vehicle information security in the whole life cycle. To this end, we design a vehicle network security situation awareness system based on vehicle threats collection of vehicle bus data, T-box data, vehiclebased data, and conduct overall analysis and strategy distribution to vulnerability threat database, so as to achieve threat awareness and emergency response [8, 9].

The design of situation awareness platform should follow the principles of “resource integration, information sharing” and “unified architecture, business collaboration”, and realize the flexible expansion of architecture based on the existing infrastructure [10]. Relying on massive Internet data, traffic data, third-party data, intelligence data and other data sources, using big data, data governance, data modeling, artificial intelligence and other new techniques, based on the supervision business needs, we can improve the function of situation awareness platform, and realize the sharing and collaboration of resources and services [11, 12].

2. System architecture design

The difference between traditional security situational awareness and Internet of vehicles security situational awareness are as follows. First, the situation awareness of Internet of vehicles covers a wide range, including network, car, mobile phone and cloud. Second the protocols contained in the situation awareness of the Internet of vehicles are more complex, and some special protocols in the vehicle need to be identified and analyzed. Last the vehicle networking situation awareness needs to have less impact on the system itself, because the vehicle is moving in real time and cannot be affected.

The threats of the Internet of vehicles mainly include the following aspects:

a)
Terminal threat: terminal threat is also the threat of intelligent connected vehicle, which is mainly T-box security threat. T-box plays the role of “modem” in the car, realizes the communication between the car intranet and the outside, and is responsible for sending data to the cloud server. Therefore, most of the remote attacks against the terminal will be completed through T-box [13, 14]. If the T-box has design defects or is attacked, it will be very easy for the attacker to completely analyze the hardware structure, debugging pins, Wi Fi system, serial communication, MCU firmware, can bus data, T-box fingerprint features and other research points of T-box, so as to break through the software and hardware security protection of T-box [15, 16]. With the help of T-box as a springboard, it attacks can bus and controller, causing more serious risks. In addition, the terminal also includes security upgrade (OTA/FOTA), IVI, OBD interface, can bus, MCU/ECU and other related threats.
b)
Transport layer threat: transport layer threat is channel threat, which mainly refers to denial of service attack, man in the middle attack and sensitive information leakage caused by plaintext transmission.
c)
Application layer threats: application layer threats are mainly threats to app. App, as an important tool and entrance for users to remotely control the intelligent connected vehicle, plays an important role in the Internet of vehicles system. The app is often the weakness of security protection. The insecure app will be used by attackers to remotely control the intelligent network connection or steal sensitive data [17]. The main threats of APP include code reversal, code tampering, dynamic debugging, memory data dump, page hijacking, screen capture and local data leakage.
d)
Management threat (cloud): management mainly refers to TSP cloud management platform. As a public cloud platform, TSP cloud management platform will face all the threats of cloud platform, including network threat, host threat, application threat, data threat and so on. The important thing is that TSP, as an important management center of the Internet of vehicles, usually focuses on the realization of business management function, and seldom considers the function of safety management, so the current TSP’s management function on the safety of the Internet of vehicles will be very weak [18].

The situation awareness platform is designed by the five-layer logical architecture of infrastructure layer, data governance fusion layer, component and engine layer and situation awareness application. The functional design of each level and module is relatively independent, so that the whole system has high scalability [19, 20, 21].

Figure 1.
Platform system architecture.

Data is the foundation of platform analysis. The data support ability of vehicle networking situation awareness platform is mainly reflected in the diversity of multi-source and big data collection. Through the collection of log data deployed in T-box probe, vehicle probe, bus probe, battery management system (BMS) probe, network side traffic probe, combined firewall, WAF, threat intelligence data, Telematics Service Provider (TSP) and Over-the-Air Technology (OTA).

At the same time, in order to meet the requirements of different application scenarios for data acquisition, processing and storage. All data support platforms adopt plug-in architecture. Based on the existing rich big data experience, the platform architecture is constructed by using cutting-edge big data basic components.

The analysis ability is mainly reflected in the richness of the engine and the accuracy of detection. Threat judgment is made by association analysis engine, exception analysis engine, data statistics engine and batch processing engine. Results the preciseness of threat judgment was ensured by multi-dimensional comprehensive judgment.

Based on services, big data and collection, the business layer builds the functions of threat discovery, perception, analysis and risk management that best meet the needs and scenarios of users. Let the platform become the eyes for users to discover threats and the brain for analyzing threats, and make macro monitoring, accurate analysis and fixed-point disposal a reality.

Figure 2.
Overall architecture of Internet of vehicles security situation awareness system.

The overall system architecture includes: vehicle terminal IDPS probe and cloud situation awareness platform. The key node IDPS of vehicle terminal is divided into two parts.

The first part is the IDPS of the system and network, which carries out security protection through various means, including vehicle Ethernet and 4G network monitoring, and records vehicle logs; The other part is IDS of CAN bus, which is responsible for the security detection of CAN bus, identifying the abnormal events, and uploading according to the established communication format. Finally, the data of vehicle and gateway are uploaded to the cloud through Tbox.

The docking of situation awareness platform and other systems is mainly to judge and predict abnormal behavior through other systems’ Internet of vehicles security log information; Through integrating the app embedded SDK of Android and IOS system, the data of mobile software environment and threat behavior perception are reported. Situational awareness and vulnerability platform docking to achieve asset vulnerability management.
3. Function design of the IDPS

Threat situation awareness system is the core of the whole active defense system of the Internet of vehicles. It must have complete data collection, powerful security engine, mature threat big data analysis and intuitive data display capabilities.

In order to perceive the threat of the Internet of vehicles, the first element is to collect enough data at the terminal and application layer. The terminal needs to include but not limited to [22, 23, 24, 25, 26]:

a)
T-box related threat data;
b)
IVI related threat data;
c)
OBD related threat data;
d)
Can bus related threat data;
e)
Network transmission related threat data;
f)
MCU/ECU and other related security threats.

Figure 3.
Overall architecture of vehicle terminal IDPS.

According to the investigation and development experience, T-box, Hu and gateway of vehicle terminal will be divided into two parts according to the hardware design mode: MPU and MCU. Embedded operating systems such as Android, QNX and Linux are installed in MPU to realize the connection communication and business processing of WiFi, cellular network and vehicle Ethernet. MCU is mainly used to connect with CAN bus and receive the data of CAN bus. MPU communicates with MCU through board level data communication and SPI.

The deployment of IDPS in MPU is mainly used to detect network attacks in WiFi, cellular network and vehicular Ethernet network, and take defensive measures through the detected attacks. IDS deployed in MCU is mainly used to detect the security of CAN bus data and prevent illegal ID and abnormal periodic message.

The security incidents detected by the vehicle end are uploaded to the cloud situation awareness platform through T-box. The cloud generates a security rule base and distributes it to MPU through HTTP protocol. The security firmware of MCU is updated by OTA mechanism.

This system detects the intrusion and illegal abnormal behaviors of vehicle network, and perceives the defense actions according to the corresponding security rules and strategies. IDPs platform performs audit response to the vehicle network security according to the data of vehicle end security events, and realizes the update of the vehicle end security rules and policies.

The overall flow of IDPs at the vehicle end is as follows:

(1)
WiFi, 4G, 5g, on-board Ethernet, can bus network intrusion detection and defense;
(2)
After the probe detects the security event, it forwards to the situation awareness platform through Tbox;
(3)
The situation awareness platform analyzes and presents events, and judges whether the update strategy is needed by combining vulnerability information. If it needs to be updated, the new strategy is configured in the operation management rule management of the situation awareness platform;
(4)
The probe such as vehicle machine/Tbox polling situation awareness platform pulls up the updated security rules, and Tbox also plays a forwarding role in it.

Because the safety rules of MCU probe are stored in flash, it is very risky to brush flash remotely, so the security events for MCU can IDs are not updated by situation awareness platform, but by OTA mechanism of the whole vehicle.
4. Results and discussions

Through this architecture, the security situation awareness of the Internet of vehicles has three capabilities.

1.
Fully aware of the network security situation of the Internet of vehicles

Through the deployment of probes to collect the threat data of vehicle terminal and obtain the TSP platform information at the same time, combined with the threat intelligence information and vulnerability information, real-time detection of the security events of the Internet of vehicles is carried out, including the abnormal detection of bus network traffic, the threat monitoring of vehicle terminal system, the vulnerability monitoring of terminal software system, etc On the data platform, through the establishment of off-line analysis model, mining deeper level security events, so as to establish a comprehensive threat detection capability combining real-time monitoring and off-line discovery, external intelligence data and local data; integrate and analyze the gathered network security information, and comprehensively study and judge the network security situation of the Internet of vehicles from multi-dimensional and multi-level, so as to form an all-weather, all-weather and multi-level security situation Comprehensive network security situation awareness capability.
2.
Emergency management

Master the security status of the platform system and the network of the Internet of vehicles in an all-round and all-weather way, timely report and early warn the hidden dangers of the network security, and efficiently handle the network security incidents. When a network threat attack is found, the system can check the attack status, dispatch security service units and technical support manufacturers for emergency disposal, and form a special report to build an efficient “one-stop” command and dispatch operation platform.
3.
Establish a closed-loop management system integrating monitoring, early warning, notification, disposal and feedback

Through the collection and analysis of the overall security situation of the Internet of vehicles, this paper analyzes and displays various network security threats. Through the vehicle network, car network, TSP website detected attacks, website vulnerabilities are reported, feedback security rectification, to form a unified security incident management system.

5. Expectation

The development of the Internet of vehicles is still in the primary stage, so it is particularly important to plan the safety protection system at the initial design and construction stage. “Perception as the core, data-driven” active defense system of Internet of vehicles is the ultimate goal of modern Internet of vehicles security protection. In the next step, we need to focus on the protocol in the car to deeply match with the cloud platform.Construction around this goal can get the best effect of Internet of vehicles security protection at the best cost.

At the same time, new technologies around the construction and security protection of the Internet of vehicles are emerging in endlessly. In the future, with the continuous development of artificial intelligence and the maturity of new technologies such as block chain, the security protection mode of the Internet of vehicles will also be continuously optimized, which requires us to continuously study, improve and optimize the security defense system of the Internet of vehicles, and meet the goals and requirements of the continuous development of the security protection of the Internet of intelligent vehicles.

References

Blockchain-Based Internet of Vehicles: Distributed Network Architecture and Performance Analysis. IEEE Internet of Things Journal. 2019; 6: 4640-4649.

Wang

Zuo

Yao

, et al. Internet of vehicles based on TrustZone and optimized RSA. IOP Conference Series Materials Science and Engineering. 2020; 782: 022073.

Jie

. Introduction and critical technology analysis of internet of vehicle. Telecommunications Science, 2016.

Hasan

Kaur

Hasan

, et al. Cognitive Internet of Vehicles: Motivation, Layered Architecture and Security Issues//2019 International Conference on Sustainable Technologies for Industry 40. (STI). 2019.

Chong

, Method, System, and Computer-Readable Medium Relating toInternet Of Things-Enabled Remote Controls. 2015.

Gendreau

Barrios

. Hierarchical-Based Measurement of Situation Awareness in the Internet of Things// The 2014 International Conference on Wireless Networks (ICWN 2014). 2014.

Qing-Lu

Yuan

Liu

, et al. Analyses on internet of vehicles in industrial and commercial capacity. Science Technology and Industry, 2016.

Wei

Zhao

. A network security situation awareness model for electric vehicle shared charging pile system// 5TH International Conference On Energy Science And Applied Technology (ESAT 2019). 2020.

Chen

Yang

Zhai

. Research for mobile internet security monitoring based on situation awareness. Information Security and Communications Privacy, 2019.

10.

Xiao

Zhang

Luo

. Distribution network security situation awareness method based on security distance. IEEE Access, 2019: 1-1.

11.

Sharma

Kaushik

. A Survey on Internet of Vehicles: Applications, Security Issues and Solutions. Vehicular Communications, 2019.

12.

Meng

Pei

. Research and Design of Network Situation Awareness System Based on Big Data. Journal of Physics: Conference Series. 2020; 1550(3): 032118 (4pp).

13.

Zhang

Liu

. A Novel Approach for Security Situational Awareness in the Internet of Things. 2017.

14.

Bagga

Das

Wazid

, et al. Authentication protocols in internet of vehicles: Taxonomy, analysis, and challenges. IEEE Access, 2020; PP(99): 1-1.

15.

Hussain

Yusof

Hussain

, et al. A Review of Quality of Service Issues in Internet of Vehicles (IoV)// 2019 Amity International Conference on Artificial Intelligence (AICAI). IEEE, 2019.

16.

Liu

Cheng

Huirong

, et al. The research of the network security management and technology of internet of vehicles. Telecommunications Network Technology, 2017.

17.

Anzer

Elhadef

. A Multilayer Perceptron-Based Distributed Intrusion Detection System for Internet of Vehicles// 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC). IEEE, 2018.

18.

Huang

Hong

Gerla

. SAT: Situation-aware trust architecture for vehicular networks. IEEE Communications Magazine. 2010; 48: 128-135.

19.

Saha

. Digital capitalharnessing the power of business Webs. 2016.

20.

Hckel

Schmidt

Meyer

, et al. Strategies for Integrating Controls Flows in Software-Defined In-Vehicle Networks and Their Impact on Network Security. 2020.

21.

Jianyun

Network

. Design and implementation of vehicle network security data visualization. Journal of Xiamen University of Technology, 2019.

22.

Wang

Song

Liu

. Simulation of vehicle network communication security based on random geometry and data mining. IEEE Access. 2020; 8: 69389-69400.

23.

. A Security Vehicle Network Organization Method for Railway Freight Train Based on Lightweight Authentication and Property Verification. 2019.

24.

Luo

Liu

Chen

, et al. Physical layer security in intelligently connected vehicle networks. IEEE Network, 2020; PP(99): 1-8.

25.

Kang

. A Novel Intrusion Detection Method Using Deep Neural Network for In-Vehicle Network Security// 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring). IEEE, 2016.

26.

Avatefipour

Malik

. State-of-the-Art Survey on In-Vehicle Network Communication (CAN-Bus) Security and Vulnerabilities. 2018.