主办:陕西省汽车工程学会
ISSN 1671-7988  CN 61-1394/TH
创刊:1976年
Automobile Applied Technology

Automobile Applied Technology ›› 2022, Vol. 48 ›› Issue (3): 33-38.DOI: 10.16638/j.cnki.1671-7988.2023.03.006

• Intelligent Connected Vehicle • Previous Articles    

Security Evaluation of the On Board Unit in the Electronic Toll Collection

WANG Jie1 , HU Tao2 , MAI Runfeng3 , SHI Ruihao4 , LI Minfeng1   

  1. 1.Shenzhen Kaiyuan Internet Security Technology Company Limited; 2.Shenzhen Smart City Topway Communication Company Limited; 3.School of Optical and Electronic Information, Huazhong University of Science and Technology; 4.Automotive Engineering Research Institute, Guangzhou Automobile Group Company Limited
  • Online:2023-02-15 Published:2023-02-15
  • Contact: WANG Jie

电子不停车收费系统车载单元安全性测评

王 颉 1,胡 涛 2,麦润锋 3,时瑞浩 4,李民锋 1   

  1. 1.深圳开源互联网安全技术有限公司; 2.深圳市智城天威通信有限公司; 3.华中科技大学 光学与电子信息学院; 4.广州汽车集团股份有限公司 汽车工程研究院
  • 通讯作者: 王 颉
  • 作者简介:王颉(1985—),男,博士,高级工程师,研究方向为网络安全、车联网安全、软件安全,E-mail: wangjie@ seczone.cn。
  • 基金资助:
    深圳市技术攻关面上项目(JSGG20201102170601003)。

PDF

Abstract: With the widespread use of electronic toll collection (ETC) systems, the cybersecurity risks are also increasing. In order to solve the problem of cybersecurity risk assessment of on-board units in ETC, the paper proposes a cybersecurity assessment framework for on-board units. The framework uses threat analysis to systematically analyze the potential threats faced by on-board units. Risk assessment is used to grade the potential threats. While, test cases are utilized to identify and verify the cybersecurity risk. Experiments show that the cybersecurity assessment framework can perform effective cybersecurity assessment on on-board units in ETC to identify potential cybersecurity risks, which provides an effective reference for protecting subsequent product.

Key words: ETC; On board unit; Threat analysis; Risk assessment; Cyber security; Security evaluation

摘要: 随着电子不停车收费系统的广泛使用,其面临的信息安全风险也不断增加。为了解决 电子不停车收费(ETC)系统中车载单元的信息安全风险评估问题,论文提出了一种针对 ETC 车载单元的信息安全评估框架。该框架利用威胁分析对车载单元面临的潜在威胁进行系统性 分析,利用风险评估对车载单元的面临的潜在威胁进行等级评定,利用测试用例对车载单元 的信息安全风险进行验证。实验表明,该信息安全评估框架可以对 ETC 车载单元进行有效的 信息安全评估,发现潜在的信息安全风险,为后续产品优化与安全防护提供有效参考。

关键词: ETC;车载单元;威胁分析;风险评估;信息安全;安全测评