CN106685985A - Vehicle remote diagnosis system and method based on information safety technology - Google Patents

Vehicle remote diagnosis system and method based on information safety technology Download PDF

Info

Publication number
CN106685985A
CN106685985A CN201710034678.5A CN201710034678A CN106685985A CN 106685985 A CN106685985 A CN 106685985A CN 201710034678 A CN201710034678 A CN 201710034678A CN 106685985 A CN106685985 A CN 106685985A
Authority
CN
China
Prior art keywords
diagnosis
module
key
mac
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710034678.5A
Other languages
Chinese (zh)
Other versions
CN106685985B (en
Inventor
罗峰
谢凌风
胡强
常欣伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongji University
Original Assignee
Tongji University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongji University filed Critical Tongji University
Priority to CN201710034678.5A priority Critical patent/CN106685985B/en
Publication of CN106685985A publication Critical patent/CN106685985A/en
Application granted granted Critical
Publication of CN106685985B publication Critical patent/CN106685985B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention relates to a vehicle remote diagnosis system and method based on an information safety technology. The vehicle remote diagnosis system based on an information safety technology includes a diagnosis target ECU and a remote diagnosis server, and also includes a vehicle diagnosis reception gateway, wherein the vehicle diagnosis reception gateway is arranged between the diagnosis target ECU and the remote diagnosis server, and is in communication connection with the diagnosis target ECU and the remote diagnosis server; an asymmetric encryption unit is arranged between the vehicle diagnosis reception gateway and the remote diagnosis server; a symmetric encryption unit is arranged between the vehicle diagnosis reception gateway and the diagnosis target ECU; the remote diagnosis server communicates with the vehicle diagnosis reception gateway through an asymmetric encryption mode; and the vehicle diagnosis reception gateway communicates with the diagnosis target ECU through a symmetric encryption mode. Compared with the prior art, the vehicle remote diagnosis system and method based on an information safety technology can guarantee anonymity, integrity and authenticity of the whole vehicle remote diagnosis process.

Description

A kind of vehicle remote diagnosis system and method based on information security technology
Technical field
The present invention relates to a kind of vehicle remote diagnosis method, remote more particularly, to a kind of vehicle based on information security technology Journey diagnostic method.
Background technology
In recent years, the important breakthrough that Internet information technique is constantly obtained is had benefited from, automobile industry starts to march toward informationization Epoch, automobile product also progressively moves towards intelligent.The related notions such as " intelligent transportation ", " car networking " also receive Chinese scholars Extensive concern.The development of the correlation technique on these fields and constantly improve will all promote automobile constantly intelligent and information Change.Wherein, the method that vehicle carries out remote diagnosis has also been reached its maturity by Ethernet and V2X technologies.
But with car networking technology and vehicle intellectualized lifting, the information security issue that automobile faces is also more and more It is taken seriously.During vehicle remote firmware is carried out, by the infomational message of remote diagnosis server transmission and by target The diagnostic message that ECU (electronic control unit) is returned would be possible to be subject to illegal tracking, record and distort, it is therefore desirable to use Corresponding information security technology is protected to these information.
The content of the invention
The purpose of the present invention is exactly the defect in order to overcome above-mentioned prior art to exist and provides a kind of vehicle remote diagnosis Method.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of vehicle remote diagnosis system based on information security technology, the system includes diagnosis target ECU and remotely examines Disconnected server, the system also includes that vehicle diagnostics receive gateway, and described vehicle diagnostics receive gateway and are arranged on diagnosis target ECU Communicate to connect and remote diagnosis server between and respectively with both, described vehicle diagnostics receive gateway and remote diagnosis service Asymmetric encryption unit is provided between device, described vehicle diagnostics to be received and be provided with symmetric cryptography between gateway and diagnosis target ECU Unit;
Described asymmetric encryption unit is used for the diagnosis request at remote diagnosis server end to remote diagnosis server Asymmetric encryption is carried out, while whether safe be decrypted checking at vehicle diagnostics reception gateway end communicates, if then vehicle is examined Disconnecting is received gateway and enters diagnostic state, and remote diagnosis server sends key K and receives gateway to vehicle diagnostics;
Described symmetric cryptography unit is used to be received when gateway enters diagnostic state in vehicle diagnostics reception in vehicle diagnostics Gateway end carries out symmetric cryptography to diagnosis request, while whether safe be decrypted checking at diagnosis target ECU end communicates, if Then diagnose target ECU and enter diagnostic state, vehicle diagnostics receive gateway and key K sent to diagnosis target ECU, and then remotely examine Disconnected server carries out remote diagnosis by key K encryptions to target ECU.
Described asymmetric encryption unit includes:
It is arranged on the first key generation distribution memory module that vehicle diagnostics receive gateway end:The module generates asymmetric adding Close public key Kg_pu and corresponding private key Kg_pr, and public key Kg_pu is sent to remote diagnosis server, by private key Kg_pr Preserve;
The second key for being arranged on remote diagnosis server end generates distribution memory module:The module generates asymmetric encryption Public key Kr_pu and corresponding private key Kr_pr, and by public key Kr_pu send to vehicle diagnostics receive gateway, by private key Kr_pr Preserve;
It is arranged on the cryptographic Hash generation module at remote diagnosis server end:The module is used to generate diagnosis request eap-message digest Cryptographic Hash MAC;
It is arranged on the asymmetric encryption module at remote diagnosis server end:The module is using public key Kg_pu to diagnosis request It is concurrent that cryptographic Hash MAC of message Req_meg and diagnosis request eap-message digest is encrypted generation Kg_pu (Req_meg+MAC) Deliver to vehicle diagnostics and receive gateway;
It is arranged on the asymmetric deciphering module that vehicle diagnostics receive gateway end:The module generates distribution and deposits using first key The private key Kg_pr that storage module is preserved is decrypted cryptographic Hash Req_ for obtaining diagnosis request message and diagnosis request eap-message digest meg+MAC;
It is arranged on the first checking confirmation module that vehicle diagnostics receive gateway end:The module is according to the Kg_pu for receiving (Req_meg+MAC) the Hash calculation value of diagnosis request eap-message digest is calculated, and this Hash calculation value is obtained with decryption Cryptographic Hash MAC of diagnosis request eap-message digest contrasted, if identical, vehicle diagnostics receive gateway and enter diagnostic state, Checking confirm module Req_meg+MAC is encrypted by public key Kr_pu obtain Kr_pu (Res_meg+MAC) and send to Remote diagnosis server confirms;
The second checking for being arranged on remote diagnosis server end end confirms module:The module generates distribution using the second key The private key Kr_pr that memory module is preserved is decrypted and verifies message correctness to Kr_pu (Res_meg+MAC), if correctly, the Two checkings confirm that cryptographic Hash MAC of key K and diagnosis request eap-message digest is carried out asymmetric encryption by module by public key Kg_pu Obtain Kg_pu (K+MAC) and send to vehicle diagnostics to receive gateway;
It is arranged on the first key preserving module that vehicle diagnostics receive gateway end:The module is generated by first key distributes Private key Kg_pr in memory module is decrypted to Kg_pu (K+MAC) and obtains key K and preserve.
Described symmetric cryptography unit includes:
It is arranged on the first symmetric cryptographic key memory module that vehicle diagnostics receive gateway end:The module stores symmetric cryptography Private key Ke_pr;
It is arranged on the second symmetric cryptographic key memory module at diagnosis target ECU end:The module stores symmetric cryptography private key Ke_pr;
It is arranged on the symmetrical encryption module that vehicle diagnostics receive gateway end:The module is stored using the first symmetric cryptographic key Symmetric cryptography private key Ke_pr in module is to diagnosis request message Req_meg and cryptographic Hash MAC of diagnosis request eap-message digest It is encrypted generation Ke_pr (Req_meg+MAC) and sends to diagnosis target ECU;
It is arranged on the symmetrical deciphering module at diagnosis target ECU end:The module adopts the second symmetric cryptographic key memory module In symmetric cryptography private key Ke_pr Ke_pr (Req_meg+MAC) is decrypted;
The 3rd checking for being arranged on diagnosis target ECU end confirms module:The module is according to the Ke_pr (Req_meg for receiving + MAC) the Hash calculation value of diagnosis request eap-message digest is calculated, and this Hash calculation value and symmetrical deciphering module are decrypted Cryptographic Hash MAC of the diagnosis request eap-message digest for obtaining is contrasted, if both are identical, sends confirmation to vehicle diagnostics Receive gateway;
It is arranged on the 4th checking confirmation module that vehicle diagnostics receive gateway:The checking of module verification the 3rd confirms that module is sent out The correctness of the confirmation sent, and cryptographic Hash MAC of the key K in key preserving module and diagnosis request eap-message digest is entered Row symmetric cryptography obtains Ke_pr (K+MAC) and sends to diagnosis target ECU;
It is arranged on the second key preserving module at target ECU end:The module passes through the second symmetric cryptographic key memory module In symmetric cryptography private key Ke_pr Ke_pr (K+MAC) is decrypted obtains key K and preserve.
A kind of vehicle remote diagnosis method based on information security technology, the method comprises the steps:
(1) remote diagnosis server carries out asymmetric encryption to diagnosis request and sends to vehicle diagnostics to receive gateway, holds Row step (2);
(2) vehicle diagnostics reception gateway is decrypted checking to the diagnosis request for receiving and whether safe communicates, if then car Diagnosis receives gateway and enters diagnostic state, and remote diagnosis server sends key K and receives gateway to vehicle diagnostics, and performs step Suddenly (3), otherwise terminate;
(3) vehicle diagnostics receive gateway and symmetric cryptography are carried out to diagnosis request and is sent to diagnosis target ECU;
(4) diagnosis target ECU is decrypted checking to the diagnosis request for receiving and whether safe communicates, if then diagnosing target ECU enters diagnostic state, and vehicle diagnostics receive gateway and key K sent to diagnosis target ECU, and then remote diagnosis server is logical Cross key K encryptions carries out remote diagnosis to target ECU, otherwise terminates.
Described diagnosis request includes cryptographic Hash MAC of diagnosis request message Req_meg and diagnosis request eap-message digest, Step (1) generates cryptographic Hash MAC of diagnosis request eap-message digest initially with hash algorithm before being encrypted to diagnosis request.
Compared with prior art, the invention has the advantages that:
(1) present invention is provided with vehicle diagnostics and receives gateway as intermediate communication bridge, improves diagnosis target ECU and remote The safety of journey diagnosis server direction communication;
(2) vehicle diagnostics of the present invention receive gateway and remote diagnosis server is added when using ethernet communication using asymmetric Secret skill art, and receive then more preferable using real-time between gateway and diagnosis target ECU in vehicle interior vehicle diagnostics, account for resource more Few symmetric cryptosystem, although asymmetric encryption safety is higher, encryption and decryption cost time length, speed are slow, right Claim that encryption technology speed is fast, amount of calculation is little and efficiency high but confidentiality is be not as good as asymmet-ric encryption method, using two methods Effective combination, can comprehensive both pluses and minuses, so as to realize ensureing certain communication speed while communication security is improved, Improve efficiency;
(3) asymmetric encryption techniques are applied to into the communication between vehicle diagnostics reception gateway and remote diagnosis server, Using its powerful security feature, the data to transmitting maintain secrecy, it is ensured that the reliability and anonymity in transmitting procedure;
(4) symmetric cryptosystem is applied to into the communication between diagnosis reception gateway and diagnosis target ECU, is added using symmetrical Close technical speed is fast, amount of calculation is little and efficiency high characteristic, and the data to transmitting maintain secrecy, it is ensured that the reliability in transmitting procedure Property and anonymity;
(5) cryptographic Hash of diagnosis request eap-message digest is generated using hash algorithm to diagnosis request message while encryption MAC, make use of the irreversible characteristic of hash algorithm, for verifying the integrity and verity of transmission data.
Description of the drawings
Fig. 1 is structured flowchart of the present invention based on the vehicle remote diagnosis system of information security technology;
Fig. 2 is the communication structure block diagram that remote diagnosis server of the present invention and vehicle diagnostics are received between gateway;
Fig. 3 is the communication structure block diagram that vehicle diagnostics of the present invention are received between gateway and diagnosis target ECU.
In figure, 1 is diagnosis target ECU, and 2 is that vehicle diagnostics receive gateway, and 3 is remote diagnosis server, and 4 are communication mould Block, 5 is encrypting module.
Specific embodiment
Below in conjunction with the accompanying drawings the present invention is described in detail with specific embodiment.
Embodiment
As shown in figure 1, a kind of vehicle remote diagnosis system based on information security technology, the system includes diagnosis target ECU and remote diagnosis server 3, the system also includes that vehicle diagnostics receive gateway 2, and vehicle diagnostics reception gateway 2 is arranged on examines Communicate to connect between disconnected target ECU1 and remote diagnosis server 3 and respectively with both, vehicle diagnostics receive gateway 2 and remotely examine Asymmetric encryption unit is provided between disconnected server 3, vehicle diagnostics receive and symmetrical adding is provided between gateway 2 and diagnosis target ECU1 Close unit;Asymmetric encryption unit is non-for carrying out to the diagnosis request of remote diagnosis server 3 at the end of remote diagnosis server 3 Symmetric cryptography, while whether safe be decrypted checking at vehicle diagnostics reception gateway 2 end communicates, if then vehicle diagnostics are received Gateway 2 enters diagnostic state, and remote diagnosis server 3 sends key K and receives gateway 2 to vehicle diagnostics;Symmetric cryptography unit is used In the end of gateway 2 is received in vehicle diagnostics when vehicle diagnostics receive gateway 2 into diagnostic state diagnosis request is carried out symmetrically to add It is close, while whether safe be decrypted checking at diagnosis target ECU1 end communicates, if then diagnosing target ECU1 enters diagnosis shape State, vehicle diagnostics are received gateway 2 and key K are sent to diagnosis target ECU1, and then remote diagnosis server 3 and added by key K It is close that remote diagnosis are carried out to target ECU.In figure, diagnosis target ECU1, vehicle diagnostics receive gateway 2 and remote diagnosis server 3 A communication module 4 and an encrypting module 5 are equipped with, communication module 4 realizes information communication, and encrypting module 5 realizes symmetrical adding Close and asymmetric encryption, the encrypting module 4 in remote diagnosis server 3 and vehicle diagnostics reception gateway 2 constitutes described Asymmetric encryption unit, diagnose the encrypting module 4 that target ECU1 and vehicle diagnostics are received in gateway 2 constitute it is described symmetrical plus Close unit.
Asymmetric encryption unit includes:
It is arranged on the first key generation distribution memory module that vehicle diagnostics receive the end of gateway 2:The module generates asymmetric The public key Kg_pu of encryption and corresponding private key Kg_pr, and public key Kg_pu is sent to remote diagnosis server 3, by private key Kg_ Pr is preserved;The second key for being arranged on the end of remote diagnosis server 3 generates distribution memory module:The module generates asymmetric encryption Public key Kr_pu and corresponding private key Kr_pr, and by public key Kr_pu send to vehicle diagnostics receive gateway 2, by private key Kr_pr Preserve;It is arranged on the cryptographic Hash generation module at the end of remote diagnosis server 3:The module is used to generate diagnosis request eap-message digest Cryptographic Hash MAC;It is arranged on the asymmetric encryption module at the end of remote diagnosis server 3:The module please to diagnosis using public key Kg_pu Ask message Req_meg and diagnosis request eap-message digest cryptographic Hash MAC be encrypted generation Kg_pu (Req_meg+MAC) and Send to vehicle diagnostics and receive gateway 2;It is arranged on the asymmetric deciphering module that vehicle diagnostics receive the end of gateway 2:The module is adopted First key generates the private key Kg_pr that distribution memory module preserves and is decrypted and obtains diagnosis request message and diagnosis request disappears Cryptographic Hash Req_meg+MAC of breath summary;It is arranged on the first checking confirmation module that vehicle diagnostics receive the end of gateway 2:The module Kg_pu (Req_meg+MAC) according to receiving is calculated the Hash calculation value of diagnosis request eap-message digest, and by this Hash Cryptographic Hash MAC of the diagnosis request eap-message digest that value of calculation is obtained with decryption is contrasted, if identical, vehicle diagnostics receive net Close 2 and enter diagnostic state, checking confirms that module is encrypted by public key Kr_pu to Req_meg+MAC and obtains Kr_pu (Res_ Meg+MAC) and send to remote diagnosis server 3 and confirm;The second checking for being arranged on the end end of remote diagnosis server 3 confirms mould Block:The module is carried out using the private key Kr_pr that the second key generates distribution memory module preservation to Kr_pu (Res_meg+MAC) Message correctness is decrypted and verifies, if correctly, the second checking confirms that module is disappeared key K and diagnosis request by public key Kg_pu Cryptographic Hash MAC of breath summary carries out asymmetric encryption and obtains Kg_pu (K+MAC) and send to vehicle diagnostics to receive gateway 2;Arrange The first key preserving module at the end of gateway 2 is received in vehicle diagnostics:The module is generated in distribution memory module by first key Private key Kg_pr Kg_pu (K+MAC) is decrypted obtains key K and preserve.
Symmetric cryptography unit includes:
It is arranged on the first symmetric cryptographic key memory module that vehicle diagnostics receive the end of gateway 2:The module stores symmetrically add Close private key Ke_pr;It is arranged on the second symmetric cryptographic key memory module at diagnosis target ECU1 end:The module stores symmetric cryptography Private key Ke_pr;It is arranged on the symmetrical encryption module that vehicle diagnostics receive the end of gateway 2:The module adopts the first symmetric cryptographic key Symmetric cryptography private key Ke_pr in memory module is to diagnosis request message Req_meg and the Hash of diagnosis request eap-message digest Value MAC is encrypted generation Ke_pr (Req_meg+MAC) and sends to diagnosis target ECU1;It is arranged on diagnosis target ECU1 end Symmetrical deciphering module:The module is using the symmetric cryptography private key Ke_pr in the second symmetric cryptographic key memory module to Ke_pr (Req_meg+MAC) it is decrypted;The 3rd checking for being arranged on diagnosis target ECU1 end confirms module:The module is according to receiving Ke_pr (Req_meg+MAC) be calculated the Hash calculation value of diagnosis request eap-message digest, and by this Hash calculation value with it is right Cryptographic Hash MAC for claiming the deciphering module diagnosis request eap-message digest that decryption is obtained is contrasted, if both are identical, are sent and is confirmed Information to vehicle diagnostics receive gateway 2;It is arranged on the 4th checking confirmation module that vehicle diagnostics receive gateway 2:The module verification 3rd checking confirms the correctness of the confirmation that module sends, and the key K and diagnosis request in key preserving module is disappeared Cryptographic Hash MAC of breath summary carries out symmetric cryptography and obtains Ke_pr (K+MAC) and send to diagnosis target ECU1;It is arranged on target The second key preserving module at ECU ends:The module is by the symmetric cryptography private key Ke_ in the second symmetric cryptographic key memory module Pr is decrypted to Ke_pr (K+MAC) and obtains key K and preserve.
A kind of vehicle remote diagnosis method based on information security technology, the method comprises the steps:
(1) remote diagnosis server 3 carries out asymmetric encryption to diagnosis request and sends to vehicle diagnostics to receive gateway 2, Execution step (2);
(2) diagnosis request of 2 pairs of receptions of vehicle diagnostics reception gateway are decrypted checking and whether safe communicate, if then car Diagnosis receives gateway 2 and enters diagnostic state, and remote diagnosis server 3 sends key K and receives gateway 2 to vehicle diagnostics, and holds Row step (3), otherwise terminates;
(3) vehicle diagnostics receive gateway 2 and symmetric cryptography are carried out to diagnosis request and is sent to diagnosis target ECU1;
(4) diagnosis target ECU1 is decrypted checking to the diagnosis request for receiving and whether safe communicates, if then diagnosing mesh Mark ECU1 enters diagnostic state, and vehicle diagnostics receive gateway 2 and key K sent to diagnosis target ECU1, and then remote diagnosis clothes Business device 3 carries out remote diagnosis by key K encryptions to target ECU, otherwise terminates.
Diagnosis request includes cryptographic Hash MAC of diagnosis request message Req_meg and diagnosis request eap-message digest, step (1) cryptographic Hash MAC of diagnosis request eap-message digest is generated before diagnosis request being encrypted initially with hash algorithm.Thus, One diagnosis trust chain trusty is just set up, Diagnosis Service, the inquiry between target ECU and remote diagnosis reception gateway Ask and response, then encryption and decryption can be carried out by key K and be verified with Hash MAC value, this method ensures whole vehicle remote The anonymity of diagnosis process, integrity and verity.
Fig. 2 receives the communication structure block diagram between gateway 2, asymmetric encryption for remote diagnosis server 3 and vehicle diagnostics Technology is realized that remote diagnosis server 3 obtains public key Kg_pu pair that vehicle diagnostics receive gateway 2 by way of software Diagnosis request message, and cryptographic Hash MAC of the summarization generation of message is encrypted, and generates Kg_pu (Req_meg+MAC), envelope The message format of Ethernet is dressed up, vehicle diagnostics is sent to by ethernet transceiver and is received gateway 2.Vehicle diagnostics receive gateway 2 after diagnosis request is received, and the encrypting module request vehicle diagnostics for receiving gateway 2 to vehicle diagnostics receive the individual of gateway 2 The public keys Kr_pu of key Kg_pr and remote diagnosis server 3.Vehicle diagnostics receive gateway 2 will be believed with private key Kg_pr Breath is decrypted, and obtains the cryptographic Hash that diagnosis request message and eap-message digest are generated:Req_meg+MAC, then calculates diagnosis The cryptographic Hash of eap-message digest is compared with the cryptographic Hash for sending, if identical, may certify that remote diagnosis server 3 The encryption message sent is not subject to the illegal verity and integrity distorted, then ensure that diagnosis request message.Vehicle is examined Disconnecting is received gateway 2 and then enters diagnostic state.Next, vehicle diagnostics receive gateway 2 uses the public close of remote diagnosis server 3 Key Kr_pu returns remote diagnosis server 3 one and confirms message Kr_pu (Res_meg+MAC).Remote diagnosis server 3 is received And verify after the confirmation message, by a communication key K, Kg_pu (K+MAC) is sent to car by way of asymmetric encryption Diagnosis receive gateway 2.In order to ensure safety, key K is stored among first key preserving module.
Fig. 3 is the communication structure block diagram that vehicle diagnostics are received between gateway 2 and diagnosis target ECU1, into diagnostic state Vehicle diagnostics receive gateway 2 using the private key Ke_pr transmitted from security module, and by way of symmetric cryptography, sending diagnosis please Hash MAC value Ke_pr (Req_meg+MAC) that message is generated with eap-message digest is asked to give diagnosis target ECU1.The side of symmetric cryptography Formula is then realized by hardware.Target ECU receives the information sent, and the private key Ke_pr sent with encrypting module is solved It is close, and calculate the cryptographic Hash of informative abstract and the cryptographic Hash for sending is compared, to prove the verity and reliability of message. After being proved to be successful, the communication module of target ECU encrypts the communication module one for returning to vehicle diagnostics reception gateway 2 really Recognize message Ke_pr (Res_meg+MAC), finally then by vehicle diagnostics receive gateway 2 by key K by way of symmetric cryptography Ke_pr (K+MAC) is sent to target ECU.Target ECU is by key storage in encrypting module, it is ensured that its safety.This is indicated Target ECU enters diagnostic mode.

Claims (5)

1. a kind of vehicle remote diagnosis system based on information security technology, the system includes diagnosis target ECU (1) and remotely examines Disconnected server (3), it is characterised in that the system also includes that vehicle diagnostics receive gateway (2), and described vehicle diagnostics receive gateway (2) it is arranged between diagnosis target ECU (1) and remote diagnosis server (3) and respectively with both and communicates to connect, described vehicle Diagnosis receives and asymmetric encryption unit is provided between gateway (2) and remote diagnosis server (3), and described vehicle diagnostics receive net Close and be provided with symmetric cryptography unit between (2) and diagnosis target ECU (1);
Described asymmetric encryption unit is used to hold the diagnosis to remote diagnosis server (3) to ask in remote diagnosis server (3) Asking carries out asymmetric encryption, while whether safe be decrypted checking at vehicle diagnostics reception gateway (2) end communicates, if then car Diagnosis receives gateway (2) and enters diagnostic state, and remote diagnosis server (3) sends key K and receives gateway to vehicle diagnostics (2);
Described symmetric cryptography unit is used to receive net in vehicle diagnostics when vehicle diagnostics receive gateway (2) into diagnostic state Pass (2) is held and carries out symmetric cryptography to diagnosis request, while whether safe be decrypted checking at diagnosis target ECU (1) end communicates, If then diagnosing target ECU (1) enters diagnostic state, vehicle diagnostics receive gateway (2) and key K are sent to diagnosis target ECU (1), so remote diagnosis server (3) by key K encryption remote diagnosis are carried out to target ECU.
2. a kind of vehicle remote diagnosis system based on information security technology according to claim 1, it is characterised in that institute The asymmetric encryption unit stated includes:
It is arranged on the first key generation distribution memory module that vehicle diagnostics receive gateway (2) end:The module generates asymmetric adding Close public key Kg_pu and corresponding private key Kg_pr, and public key Kg_pu is sent to remote diagnosis server (3), by private key Kg_ Pr is preserved;
The second key for being arranged on remote diagnosis server (3) end generates distribution memory module:The module generates asymmetric encryption Public key Kr_pu and corresponding private key Kr_pr, and by public key Kr_pu send to vehicle diagnostics receive gateway (2), by private key Kr_ Pr is preserved;
It is arranged on the cryptographic Hash generation module at remote diagnosis server (3) end:The module is used to generate diagnosis request eap-message digest Cryptographic Hash MAC;
It is arranged on the asymmetric encryption module at remote diagnosis server (3) end:The module is disappeared using public key Kg_pu to diagnosis request Cryptographic Hash MAC of breath Req_meg and diagnosis request eap-message digest is encrypted generation Kg_pu (Req_meg+MAC) and sends Gateway (2) is received to vehicle diagnostics;
It is arranged on the asymmetric deciphering module that vehicle diagnostics receive gateway (2) end:The module generates distribution and deposits using first key The private key Kg_pr that storage module is preserved is decrypted to Kg_pu (Req_meg+MAC) and obtains diagnosis request message and diagnosis request Cryptographic Hash Req_meg+MAC of eap-message digest;
It is arranged on the first checking confirmation module that vehicle diagnostics receive gateway (2) end:The module is according to the Kg_pu for receiving (Req_meg+MAC) the Hash calculation value of diagnosis request eap-message digest is calculated, and this Hash calculation value is obtained with decryption Cryptographic Hash MAC of diagnosis request eap-message digest contrasted, if identical, vehicle diagnostics receive gateway (2) and enter diagnosis shape State, checking confirms that module is encrypted by public key Kr_pu to Req_meg+MAC and obtains Kr_pu (Res_meg+MAC) and send Confirm to remote diagnosis server (3);
The second checking for being arranged on remote diagnosis server (3) end end confirms module:The module generates distribution using the second key The private key Kr_pr that memory module is preserved is decrypted and verifies message correctness to Kr_pu (Res_meg+MAC), if correctly, the Two checkings confirm that cryptographic Hash MAC of key K and diagnosis request eap-message digest is carried out asymmetric encryption by module by public key Kg_pu Obtain Kg_pu (K+MAC) and send to vehicle diagnostics to receive gateway (2);
It is arranged on the first key preserving module that vehicle diagnostics receive gateway (2) end:The module is generated by first key distributes Private key Kg_pr in memory module is decrypted to Kg_pu (K+MAC) and obtains key K and preserve.
3. a kind of vehicle remote diagnosis system based on information security technology according to claim 2, it is characterised in that institute The symmetric cryptography unit stated includes:
It is arranged on the first symmetric cryptographic key memory module that vehicle diagnostics receive gateway (2) end:The module stores symmetric cryptography Private key Ke_pr;
It is arranged on the second symmetric cryptographic key memory module at diagnosis target ECU (1) end:The module stores symmetric cryptography private key Ke_pr;
It is arranged on the symmetrical encryption module that vehicle diagnostics receive gateway (2) end:The module is stored using the first symmetric cryptographic key Symmetric cryptography private key Ke_pr in module is to diagnosis request message Req_meg and cryptographic Hash MAC of diagnosis request eap-message digest It is encrypted generation Ke_pr (Req_meg+MAC) and sends to diagnosis target ECU (1);
It is arranged on the symmetrical deciphering module at diagnosis target ECU (1) end:The module is using in the second symmetric cryptographic key memory module Symmetric cryptography private key Ke_pr Ke_pr (Req_meg+MAC) is decrypted;
The 3rd checking for being arranged on diagnosis target ECU (1) end confirms module:The module is according to the Ke_pr (Req_meg+ for receiving MAC the Hash calculation value of diagnosis request eap-message digest) is calculated, and this Hash calculation value and symmetrical deciphering module is decrypted To cryptographic Hash MAC of diagnosis request eap-message digest contrasted, if both are identical, send confirmation and connect to vehicle diagnostics Receive gateway (2);
It is arranged on the 4th checking confirmation module that vehicle diagnostics receive gateway (2):The checking of module verification the 3rd confirms that module is sent out The correctness of the confirmation sent, and cryptographic Hash MAC of the key K in key preserving module and diagnosis request eap-message digest is entered Row symmetric cryptography obtains Ke_pr (K+MAC) and sends to diagnosis target ECU (1);
It is arranged on the second key preserving module at target ECU end:The module is by the second symmetric cryptographic key memory module Symmetric cryptography private key Ke_pr is decrypted to Ke_pr (K+MAC) and obtains key K and preserve.
4. a kind of vehicle remote diagnosis side of the vehicle remote diagnosis system based on information security technology as claimed in claim 1 Method, it is characterised in that the method comprises the steps:
(1) remote diagnosis server (3) carries out asymmetric encryption to diagnosis request and sends to vehicle diagnostics to receive gateway (2), Execution step (2);
(2) vehicle diagnostics reception gateway (2) are decrypted checking to the diagnosis request for receiving and whether safe communicate, if then vehicle Diagnosis receives gateway (2) and enters diagnostic state, and remote diagnosis server (3) sends key K and receives gateway (2) to vehicle diagnostics, And execution step (3), otherwise terminate;
(3) vehicle diagnostics receive gateway (2) and symmetric cryptography are carried out to diagnosis request and is sent to diagnosis target ECU (1);
(4) diagnosis target ECU (1) is decrypted checking to the diagnosis request for receiving and whether safe communicates, if then diagnosing target ECU (1) enters diagnostic state, and vehicle diagnostics receive gateway (2) and key K sent to diagnosis target ECU (1), and then remotely examine Disconnected server (3) carries out remote diagnosis by key K encryptions to target ECU, otherwise terminates.
5. vehicle remote diagnosis method according to claim 4, it is characterised in that described diagnosis request includes that diagnosis please Before asking cryptographic Hash MAC of message Req_meg and diagnosis request eap-message digest, step (1) to be encrypted diagnosis request first Cryptographic Hash MAC of diagnosis request eap-message digest is generated using hash algorithm.
CN201710034678.5A 2017-01-17 2017-01-17 A kind of vehicle remote diagnosis system and method based on information security technology Active CN106685985B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710034678.5A CN106685985B (en) 2017-01-17 2017-01-17 A kind of vehicle remote diagnosis system and method based on information security technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710034678.5A CN106685985B (en) 2017-01-17 2017-01-17 A kind of vehicle remote diagnosis system and method based on information security technology

Publications (2)

Publication Number Publication Date
CN106685985A true CN106685985A (en) 2017-05-17
CN106685985B CN106685985B (en) 2019-11-29

Family

ID=58860570

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710034678.5A Active CN106685985B (en) 2017-01-17 2017-01-17 A kind of vehicle remote diagnosis system and method based on information security technology

Country Status (1)

Country Link
CN (1) CN106685985B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107105060A (en) * 2017-05-27 2017-08-29 天津恒天新能源汽车研究院有限公司 A kind of method for realizing electric automobile information security
CN107272649A (en) * 2017-07-05 2017-10-20 东南(福建)汽车工业有限公司 Malfunction remote diagnosis system and method
CN109240273A (en) * 2018-11-02 2019-01-18 上海博泰悦臻网络技术服务有限公司 Vehicle remote diagnosis method, server-side, engine end and client based on cloud
CN110213221A (en) * 2018-02-28 2019-09-06 罗伯特·博世有限公司 Method for executing diagnosis
CN110554681A (en) * 2018-05-30 2019-12-10 李尔公司 Vehicle communication network and method
CN112015158A (en) * 2019-05-30 2020-12-01 比亚迪股份有限公司 Vehicle gateway control system and method and vehicle
CN112286171A (en) * 2020-11-05 2021-01-29 中国第一汽车股份有限公司 Remote diagnosis method, device, vehicle and storage medium
CN112327796A (en) * 2020-10-21 2021-02-05 诚迈科技(南京)股份有限公司 Control method and electronic control unit for automobile diagnosis service
CN112428947A (en) * 2020-12-02 2021-03-02 上海拓殷电子科技技术有限公司 Automobile intelligent system
CN112541187A (en) * 2020-12-21 2021-03-23 深圳市元征科技股份有限公司 Cloud computing method and cloud computing cluster
CN112738222A (en) * 2020-12-28 2021-04-30 嬴彻科技(浙江)有限公司 Vehicle diagnosis system and method, vehicle and gateway thereof, and storage medium
CN113311816A (en) * 2021-06-10 2021-08-27 中国第一汽车股份有限公司 Vehicle remote diagnosis system and method
CN113625691A (en) * 2021-08-20 2021-11-09 深圳市元征科技股份有限公司 Vehicle diagnosis method, diagnosis equipment and vehicle gateway

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060115085A1 (en) * 2004-04-28 2006-06-01 Denso Corporation Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization
CN1960347A (en) * 2006-11-06 2007-05-09 吉林大学 Wireless car borne gateway system
CN104765357A (en) * 2015-03-11 2015-07-08 西安电子科技大学 Authorization system and method for vehicle remote diagnosis
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics
CN106101111A (en) * 2016-06-24 2016-11-09 郑州信大捷安信息技术股份有限公司 Vehicle electronics safe communication system and communication means
CN106154903A (en) * 2015-04-16 2016-11-23 上海汽车集团股份有限公司 Carry out, with peripheral hardware, the system and method that information is mutual for car load network
CN106713264A (en) * 2016-11-18 2017-05-24 郑州信大捷安信息技术股份有限公司 Method for vehicle safety remote control and diagnosis and system thereof

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060115085A1 (en) * 2004-04-28 2006-06-01 Denso Corporation Communication system having plurality of nodes sharing a common cipher key, cipher key dispatching apparatus for use in the system, and anti-theft apparatus utilizing information derived from cipher key utilization
CN1960347A (en) * 2006-11-06 2007-05-09 吉林大学 Wireless car borne gateway system
CN104765357A (en) * 2015-03-11 2015-07-08 西安电子科技大学 Authorization system and method for vehicle remote diagnosis
CN106154903A (en) * 2015-04-16 2016-11-23 上海汽车集团股份有限公司 Carry out, with peripheral hardware, the system and method that information is mutual for car load network
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics
CN106101111A (en) * 2016-06-24 2016-11-09 郑州信大捷安信息技术股份有限公司 Vehicle electronics safe communication system and communication means
CN106713264A (en) * 2016-11-18 2017-05-24 郑州信大捷安信息技术股份有限公司 Method for vehicle safety remote control and diagnosis and system thereof
CN106713264B (en) * 2016-11-18 2019-06-21 郑州信大捷安信息技术股份有限公司 A kind of method and system remotely controlled for vehicle safety with diagnosis

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107105060B (en) * 2017-05-27 2020-12-08 天津恒天新能源汽车研究院有限公司 Method for realizing information security of electric automobile
CN107105060A (en) * 2017-05-27 2017-08-29 天津恒天新能源汽车研究院有限公司 A kind of method for realizing electric automobile information security
CN107272649A (en) * 2017-07-05 2017-10-20 东南(福建)汽车工业有限公司 Malfunction remote diagnosis system and method
CN110213221A (en) * 2018-02-28 2019-09-06 罗伯特·博世有限公司 Method for executing diagnosis
CN110213221B (en) * 2018-02-28 2023-08-11 罗伯特·博世有限公司 Method for performing diagnostics
CN110554681A (en) * 2018-05-30 2019-12-10 李尔公司 Vehicle communication network and method
CN110554681B (en) * 2018-05-30 2022-09-23 李尔公司 Vehicle communication network and method
CN109240273A (en) * 2018-11-02 2019-01-18 上海博泰悦臻网络技术服务有限公司 Vehicle remote diagnosis method, server-side, engine end and client based on cloud
CN112015158B (en) * 2019-05-30 2022-03-18 比亚迪股份有限公司 Vehicle gateway control system and method and vehicle
CN112015158A (en) * 2019-05-30 2020-12-01 比亚迪股份有限公司 Vehicle gateway control system and method and vehicle
CN112327796A (en) * 2020-10-21 2021-02-05 诚迈科技(南京)股份有限公司 Control method and electronic control unit for automobile diagnosis service
CN112286171A (en) * 2020-11-05 2021-01-29 中国第一汽车股份有限公司 Remote diagnosis method, device, vehicle and storage medium
CN112428947A (en) * 2020-12-02 2021-03-02 上海拓殷电子科技技术有限公司 Automobile intelligent system
CN112541187A (en) * 2020-12-21 2021-03-23 深圳市元征科技股份有限公司 Cloud computing method and cloud computing cluster
CN112541187B (en) * 2020-12-21 2024-05-03 深圳市元征科技股份有限公司 Cloud computing method and cloud computing cluster
CN112738222A (en) * 2020-12-28 2021-04-30 嬴彻科技(浙江)有限公司 Vehicle diagnosis system and method, vehicle and gateway thereof, and storage medium
CN113311816A (en) * 2021-06-10 2021-08-27 中国第一汽车股份有限公司 Vehicle remote diagnosis system and method
CN113625691A (en) * 2021-08-20 2021-11-09 深圳市元征科技股份有限公司 Vehicle diagnosis method, diagnosis equipment and vehicle gateway

Also Published As

Publication number Publication date
CN106685985B (en) 2019-11-29

Similar Documents

Publication Publication Date Title
CN106685985B (en) A kind of vehicle remote diagnosis system and method based on information security technology
Woo et al. A practical wireless attack on the connected car and security protocol for in-vehicle CAN
CN110635893B (en) Vehicle-mounted Ethernet information security protection method
CN112671798B (en) Service request method, device and system in Internet of vehicles
CN108768652B (en) Coalition block chain bottom layer encryption method capable of resisting quantum attack
CN111552270B (en) Safety authentication and data transmission method and device for vehicle-mounted diagnosis
CN101990748A (en) Method and device for transmitting messages in real time
KR20140122188A (en) Method for detecting a manipulation of a sensor and/or sensor data of the sensor
Fassak et al. A secure protocol for session keys establishment between ECUs in the CAN bus
CN111769938B (en) Key management system and data verification system of block chain sensor
CN111756529B (en) Quantum session key distribution method and system
CN106685653A (en) Vehicle remote firmware updating method and device based on information security technology
CN112702318A (en) Communication encryption method, decryption method, client and server
CN110753321A (en) Safe communication method for vehicle-mounted TBOX and cloud server
CN112532393A (en) Verification method of cross-link transaction, relay link node equipment and medium
CN109063523B (en) Radio frequency identification security authentication method and system
CN111264045B (en) Interactive system and method based on heterogeneous identity
WO2021139190A1 (en) Intra-vehicle network-based communication method and apparatus
KR101269086B1 (en) Data certification and acquisition method and system for vehicle
CN114915396B (en) Hopping key digital communication encryption system and method based on national encryption algorithm
Zhang et al. Authentication methods for internet of vehicles based on trusted connection architecture
CN113115255A (en) Certificate issuing method, secret key authentication method, vehicle unlocking method, equipment and storage medium
CN110995671A (en) Communication method and system
CN117714055B (en) In-vehicle network communication method based on identity information
CN116155497B (en) Sensitive data encryption and storage method in Internet of vehicles user application program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant