Abstract : On-board unit (OBU) is the core component for connecting intra- and inter- vehicle networks, which is also the component most vulnerable to cyber attacks. The conventional countermeasures mainly include encryption authentication, intrusion detection, and privacy enhancement; however, the operating environment for vehicle measurement and control applications is also required to be strengthened since vulnerabilities in operating system and complex programs are unlikely to be completely cleared. In this work, a novel dynamic heterogeneous operating environment (DHOE) based security architecture of OBU is proposed, which is the first structure to use heterogeneous application containers to hold OBU application programs, with a dynamic model that is able to detect the security state and switch the online/offline application containers to enhance security. Through the heterogeneous processing units and dynamic switching scheme, DHOE is able to detect and mitigate security problems and provide a credible operating environment for OBU applications. The proposed DHOE architecture has been successfully integrated into a real-world OBU product and applied in the Yutong\textsuperscript{\circledR} test vehicle. The Markov chain based theoretical analysis proves the security performance of DHOE in a quantitative way; while the case study and performance evaluation results on the real-world OBU product show that the proposed DHOE architecture could greatly improve the OBU security level while only 16.3% extra CPU loads and 1.6% extra RAM memory costs are introduced.
Index terms : On-board unit, Internet of vehicles, dynamic heterogeneous operating environment, security architecture, system on chip