Recent years have witnessed the rapid development of Internet of Vehicles (IoV) technology, and Vehicle-to-Everything (V2X) communication is gradually becoming a reality. However, compared with traditional networks, the composition and structure of the IoV are much more complex and vulnerable. What’s worse, the dynamicity, timeliness, complexity, and large-scale of the IoV make it difficult for people to analyze the overall security risk of the IoV effectively. Therefore, there is an urgent need for an IoV security risk analysis and assessment technique to obtain real-time IoV security status, assist network administrator to make security decisions, and efficiently maintain IoV security.
This paper proposes a V2X IoV attack graph generation and analysis scheme for real-time and effective security risk analysis and assessment of the IoV. Firstly, we construct an IoV security ontology model to standardize the description of entities and the complex relationship between entities in the IoV. Then, based on the IoV security ontology model and the IoV security knowledge database, we construct an IoV attack graph generation rule set. After that, based on the IoV MEC (Multi-access Edge Computing) and C-V2X (Cellular-V2X) communication architecture, we design a distributed attack graph generation and analysis scheme to generate and analyze the real-time attack graph of the IoV with low latency, to quantitatively assess the risk in the IoV. Finally, we implement the prototype system based on the scheme, and build attack scenario test cases to test the prototype system’s correctness, effectiveness and real-time. Experimental results show that the prototype system can generate global Bayesian attack graphs of the IoV correctly with low latency, present the complete attack paths in the IoV, and provide local and global quantitative risk value to assist the security management of the IoV.
Key words: attack graph, quantitative risk assessment, C-V2X, MEC, IoV securit
results
folder contains complete attack graphs (AG).
- 图4–7 The global AG of IoV directly generated by MulVAL MulVAL直接生成的车联网全局攻击图 ->
global_MulVAL.pdf
- 图4–8 The local AG of the cloud 云平台局部攻击图 ->
vCloud.pdf
- 图4–9 The local AG of cellular service area 1 蜂窝服务区1局部攻击图 ->
V2X1.pdf
- 图4–10 The local AG of cellular service area 2 蜂窝服务区2局部攻击图 ->
V2X2.pdf
- 图4–11 The local AG of cellular service area 3 蜂窝服务区3局部攻击图 ->
V2X3.pdf
- 图4–12 4-13 The global Bayesian AG 全局贝叶斯攻击图 ->
bayesianAG.pdf
- 图4–14 The global Bayesian AG after topology changes 拓扑变化后的全局贝叶斯攻击图 ->
bayesianAG_topo.pdf
- 图4–15 The global Bayesian AG after vulnerability changes 漏洞变化后的全局贝叶斯攻击图 ->
bayesianAG_vuln.pdf
- 图4–16 The global Bayesian AG after vehicle state changes 车辆状态变化后的全局贝叶斯攻击图 ->
bayesianAG_vstate.pdf
- 图4–17 The global Bayesian AG after SQL service vuln fixed 修复SQL服务漏洞后的全局贝叶斯攻击图 ->
bayesianAG_fixvuln.pdf
- 图4–18 The global Bayesian AG after bluetooth vuln fixed 修复蓝牙漏洞后的全局贝叶斯攻击图 ->
bayesianAG_fixvuln2.pdf