CN106685985B - A kind of vehicle remote diagnosis system and method based on information security technology - Google Patents

A kind of vehicle remote diagnosis system and method based on information security technology Download PDF

Info

Publication number
CN106685985B
CN106685985B CN201710034678.5A CN201710034678A CN106685985B CN 106685985 B CN106685985 B CN 106685985B CN 201710034678 A CN201710034678 A CN 201710034678A CN 106685985 B CN106685985 B CN 106685985B
Authority
CN
China
Prior art keywords
diagnosis
module
key
gateway
mac
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710034678.5A
Other languages
Chinese (zh)
Other versions
CN106685985A (en
Inventor
罗峰
谢凌风
胡强
常欣伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongji University
Original Assignee
Tongji University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongji University filed Critical Tongji University
Priority to CN201710034678.5A priority Critical patent/CN106685985B/en
Publication of CN106685985A publication Critical patent/CN106685985A/en
Application granted granted Critical
Publication of CN106685985B publication Critical patent/CN106685985B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to a kind of vehicle remote diagnosis system and method based on information security technology, the system includes diagnosis target ECU and remote diagnosis server, the system further includes that vehicle diagnostics receive gateway, the vehicle diagnostics receive gateway setting and communicate to connect between diagnosis target ECU and remote diagnosis server and respectively with the two, the vehicle diagnostics receive and are equipped with asymmetric encryption unit between gateway and remote diagnosis server, and the vehicle diagnostics receive and are equipped with symmetric cryptography unit between gateway and diagnosis target ECU;Remote diagnosis server is received to establish between gateway and be communicated by way of asymmetric encryption with vehicle diagnostics, and vehicle diagnostics reception gateway is established between target ECU by way of symmetric cryptography to be communicated.Compared with prior art, present invention tool ensures anonymity, integrality and the authenticity of entire vehicle remote diagnosis process.

Description

A kind of vehicle remote diagnosis system and method based on information security technology
Technical field
The present invention relates to a kind of vehicle remote diagnosis methods, remote more particularly, to a kind of vehicle based on information security technology Journey diagnostic method.
Background technique
In recent years, have benefited from the important breakthrough that Internet information technique constantly obtains, automobile industry starts to march toward informationization Epoch, automobile product also gradually move towards intelligent.The related notions such as " intelligent transportation ", " car networking " also receive domestic and foreign scholars Extensive concern.The development of the relevant technologies on these fields and constantly improve will all promote automobile constantly intelligent and information Change.Wherein, it has also been reached its maturity by the method that Ethernet and V2X technology carry out remote diagnosis to vehicle.
But with car networking technology and vehicle intellectualized promotion, the information security issue that automobile faces is also more and more It is taken seriously.During carrying out vehicle remote firmware, by the infomational message of remote diagnosis server transmission and by target The diagnostic message that ECU (electronic control unit) is returned would be possible to by illegal tracking, record and distort, it is therefore desirable to use Corresponding information security technology protects these information.
Summary of the invention
It is an object of the present invention to overcome the above-mentioned drawbacks of the prior art and provide a kind of vehicle remote diagnosis Method.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of vehicle remote diagnosis system based on information security technology, the system include diagnosis target ECU and remotely examine Disconnected server, the system further include that vehicle diagnostics receive gateway, and the vehicle diagnostics receive gateway setting in diagnosis target ECU It is communicated to connect between remote diagnosis server and respectively with the two, the vehicle diagnostics receive gateway and remote diagnosis service Asymmetric encryption unit is equipped between device, the vehicle diagnostics receive and are equipped with symmetric cryptography between gateway and diagnosis target ECU Unit;
The asymmetric encryption unit is used to request the diagnosis of remote diagnosis server at remote diagnosis server end Carry out asymmetric encryption, while vehicle diagnostics receive gateway end be decrypted verifying communication whether safety, if then vehicle is examined Disconnecting receives gateway and enters diagnostic state, and remote diagnosis server sends key K to vehicle diagnostics reception gateway;
The symmetric cryptography unit is used to receive in vehicle diagnostics and receive when gateway enters diagnostic state in vehicle diagnostics Gateway end to diagnosis request carry out symmetric cryptography, while diagnosis the end target ECU be decrypted verifying communication whether safety, if It then diagnoses target ECU and enters diagnostic state, vehicle diagnostics receive gateway and key K is sent to diagnosis target ECU, and then remotely examine Disconnected server is encrypted by key K carries out remote diagnosis to target ECU.
The asymmetric encryption unit includes:
The first key generation distribution memory module that vehicle diagnostics receive gateway end is arranged in: the module generates asymmetric add Close public key Kg_pu and corresponding private key Kg_pr, and public key Kg_pu is sent to remote diagnosis server, by private key Kg_pr It saves;
The second key that remote diagnosis server end is arranged in generates distribution memory module: the module generates asymmetric encryption Public key Kr_pu and corresponding private key Kr_pr, and by public key Kr_pu be sent to vehicle diagnostics receive gateway, by private key Kr_pr It saves;
The cryptographic Hash generation module at remote diagnosis server end is arranged in: the module is for generating diagnosis message digest Cryptographic Hash MAC;
The asymmetric encryption module at remote diagnosis server end is arranged in: the module requests diagnosis using public key Kg_pu The message Req_meg and cryptographic Hash MAC for diagnosing message digest carries out encryption and generates Kg_pu (Req_meg+MAC) concurrently It send to vehicle diagnostics and receives gateway;
The asymmetric deciphering module that vehicle diagnostics receive gateway end is arranged in: the module generates distribution using first key and deposits The private key Kg_pr that storage module saves is decrypted to obtain diagnosis request message and diagnoses the cryptographic Hash Req_ of message digest meg+MAC;
The first verifying confirmation module that vehicle diagnostics receive gateway end is arranged in: the module is according to the Kg_pu received (Req_meg+MAC) the Hash calculation value of diagnosis message digest is calculated, and this Hash calculation value is obtained with decryption The cryptographic Hash MAC of diagnosis message digest compare, if they are the same, then vehicle diagnostics receive gateway and enter diagnostic state, Verifying confirmation module is encrypted to obtain Kr_pu (Res_meg+MAC) and be sent to by public key Kr_pu to Req_meg+MAC Remote diagnosis server confirmation;
The second verifying confirmation module at remote diagnosis server end end is arranged in: the module generates distribution using the second key The private key Kr_pr that memory module saves is decrypted Kr_pu (Res_meg+MAC) and verifies message correctness, if correctly, the The cryptographic Hash MAC of key K and diagnosis message digest are carried out asymmetric encryption by public key Kg_pu by two verifying confirmation modules It obtains Kg_pu (K+MAC) and is sent to vehicle diagnostics reception gateway;
The first key preserving module that vehicle diagnostics receive gateway end is arranged in: the module is generated by first key distributes Private key Kg_pr in memory module is decrypted to obtain key K and save to Kg_pu (K+MAC).
The symmetric cryptography unit includes:
The first symmetric cryptographic key memory module that vehicle diagnostics receive gateway end is arranged in: the module stores symmetric cryptography Private key Ke_pr;
The second symmetric cryptographic key memory module at the diagnosis end target ECU is arranged in: the module stores symmetric cryptography private key Ke_pr;
The symmetrical encryption module that vehicle diagnostics receive gateway end is arranged in: the module is stored using the first symmetric cryptographic key Symmetric cryptography private key Ke_pr in module is to the cryptographic Hash MAC for diagnosing request message Req_meg and diagnosis message digest Encryption is carried out to generate Ke_pr (Req_meg+MAC) and be sent to diagnosis target ECU;
The symmetrical deciphering module at the diagnosis end target ECU is arranged in: the module uses the second symmetric cryptographic key memory module In symmetric cryptography private key Ke_pr Ke_pr (Req_meg+MAC) is decrypted;
The third verifying confirmation module at the diagnosis end target ECU is arranged in: the module is according to the Ke_pr (Req_meg received + MAC) the Hash calculation value of diagnosis message digest is calculated, and this Hash calculation value and symmetrical deciphering module are decrypted The cryptographic Hash MAC of obtained diagnosis message digest is compared, if the two is identical, sends confirmation message to vehicle diagnostics Receive gateway;
The 4th verifying confirmation module that vehicle diagnostics receive gateway is arranged in: the module verification third verifies confirmation module hair The correctness for the confirmation message sent, and by key preserving module key K and diagnosis message digest cryptographic Hash MAC into Row symmetric cryptography obtains Ke_pr (K+MAC) and is sent to diagnosis target ECU;
The second key preserving module at the end target ECU is arranged in: the module passes through the second symmetric cryptographic key memory module In symmetric cryptography private key Ke_pr Ke_pr (K+MAC) is decrypted to obtain key K and be saved.
A kind of vehicle remote diagnosis method based on information security technology, this method comprises the following steps:
(1) remote diagnosis server requests to carry out asymmetric encryption and is sent to vehicle diagnostics reception gateway to diagnosis, holds Row step (2);
(2) vehicle diagnostics receive gateway whether be decrypted verifying communication to received diagnosis request safe, if then vehicle Diagnosis receives gateway and enters diagnostic state, and remote diagnosis server sends key K and receives gateway to vehicle diagnostics, and executes step Suddenly (3), otherwise terminate;
(3) vehicle diagnostics receive gateway and request to carry out symmetric cryptography to diagnosis and be sent to diagnosis target ECU;
(4) it is whether safe that verifying communication is decrypted to received diagnosis request in diagnosis target ECU, if then diagnosing target ECU enters diagnostic state, and vehicle diagnostics receive gateway and key K is sent to diagnosis target ECU, and then remote diagnosis server is logical It crosses key K encryption and remote diagnosis is carried out to target ECU, otherwise terminate.
The diagnosis request includes the diagnosis request message Req_meg and cryptographic Hash MAC for diagnosing message digest, Step (1) generates the cryptographic Hash MAC of diagnosis message digest using hash algorithm first before being encrypted to diagnosis request.
Compared with prior art, the present invention has the advantage that
(1) present invention be provided with vehicle diagnostics receive gateway be used as intermediate communication bridge, improve diagnosis target ECU and far The safety of journey diagnosis server direct communication;
(2) vehicle diagnostics of the present invention receive gateway and remote diagnosis server is used and added when ethernet communication using asymmetric Secret skill art, and it is then more preferable using real-time between vehicle diagnostics reception gateway and diagnosis target ECU inside the vehicle, and Zhan Ziyuan is more Few symmetric cryptosystem, although asymmetric encryption safety is higher, encryption and decryption spend time length, speed slow, right Title encryption technology speed is fast, calculation amount is small and high-efficient but confidentiality is good not as good as asymmet-ric encryption method, using two methods Effective combination, both can integrate advantage and disadvantage, guarantee certain communication speed while improving communication security to realize, It improves efficiency;
(3) asymmetric encryption techniques are applied to the communication between vehicle diagnostics reception gateway and remote diagnosis server, It using its powerful security feature, maintains secrecy to the data of transmission, ensure that the reliability and anonymity in transmission process;
(4) symmetric cryptosystem is received into gateway applied to diagnosis and diagnoses the communication between target ECU, added using symmetrical Close technical speed is fast, calculation amount is small and high-efficient characteristic, maintains secrecy to the data of transmission, guarantees reliable in transmission process Property and anonymity;
(5) cryptographic Hash of diagnosis message digest is generated using hash algorithm to diagnosis request message while encryption The irreversible characteristic of hash algorithm is utilized in MAC, for verifying the integrality and authenticity of transmission data.
Detailed description of the invention
Fig. 1 is that the present invention is based on the structural block diagrams of the vehicle remote diagnosis system of information security technology;
Fig. 2 is the communication structure block diagram between remote diagnosis server of the present invention and vehicle diagnostics reception gateway;
Fig. 3 is that vehicle diagnostics of the present invention receive gateway and diagnose the communication structure block diagram between target ECU.
In figure, 1 is diagnosis target ECU, and 2 receive gateway for vehicle diagnostics, and 3 be remote diagnosis server, and 4 be communication mould Block, 5 be encrypting module.
Specific embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.
Embodiment
As shown in Figure 1, a kind of vehicle remote diagnosis system based on information security technology, which includes diagnosis target ECU and remote diagnosis server 3, the system further include that vehicle diagnostics receive gateway 2, and vehicle diagnostics receive the setting of gateway 2 and examining Break and communicated to connect between target ECU1 and remote diagnosis server 3 and respectively with the two, vehicle diagnostics receive gateway 2 and remotely examine Equipped with asymmetric encryption unit between disconnected server 3, vehicle diagnostics, which receive, is equipped with symmetrical add between gateway 2 and diagnosis target ECU1 Close unit;Asymmetric encryption unit is used to carry out the diagnosis request of remote diagnosis server 3 at 3 end of remote diagnosis server non- Symmetric cryptography, at the same vehicle diagnostics receive 2 end of gateway be decrypted verifying communication whether safety, if then vehicle diagnostics receive Gateway 2 enters diagnostic state, and remote diagnosis server 3 sends key K to vehicle diagnostics reception gateway 2;Symmetric cryptography unit is used In vehicle diagnostics receive gateway 2 enter diagnostic state when vehicle diagnostics receive 2 end of gateway to diagnosis request carry out symmetrically plus It is close, while verifying communication is decrypted whether safely at the diagnosis end target ECU1, if then diagnosing target ECU1 enters diagnosis shape State, vehicle diagnostics receive gateway 2 and key K are sent to diagnosis target ECU1, and then remote diagnosis server 3 is added by key K It is close that remote diagnosis is carried out to target ECU.In figure, diagnosis target ECU1, vehicle diagnostics receive gateway 2 and remote diagnosis server 3 It is equipped with a communication module 4 and an encrypting module 5, communication module 4 realizes information communication, and encrypting module 5 realizes symmetrical add The encrypting module 4 that close and asymmetric encryption, remote diagnosis server 3 and vehicle diagnostics receive in gateway 2 constitutes described Asymmetric encryption unit, diagnose target ECU1 and vehicle diagnostics receive the encrypting module 4 in gateway 2 constitute it is described symmetrical plus Close unit.
Asymmetric encryption unit includes:
The first key generation distribution memory module that vehicle diagnostics receive 2 end of gateway is arranged in: the module generates asymmetric The public key Kg_pu of encryption and corresponding private key Kg_pr, and public key Kg_pu is sent to remote diagnosis server 3, by private key Kg_ Pr is saved;The second key that 3 end of remote diagnosis server is arranged in generates distribution memory module: the module generates asymmetric encryption Public key Kr_pu and corresponding private key Kr_pr, and by public key Kr_pu be sent to vehicle diagnostics receive gateway 2, by private key Kr_pr It saves;The cryptographic Hash generation module at 3 end of remote diagnosis server is arranged in: the module is used to generate diagnosis message digest Cryptographic Hash MAC;The asymmetric encryption module at 3 end of remote diagnosis server is arranged in: the module asks diagnosis using public key Kg_pu It asks message Req_meg and the cryptographic Hash MAC of diagnosis message digest to carry out encryption and generates Kg_pu (Req_meg+MAC) simultaneously It is sent to vehicle diagnostics and receives gateway 2;The asymmetric deciphering module that vehicle diagnostics receive 2 end of gateway is arranged in: the module uses First key generates the private key Kg_pr that distribution memory module saves and is decrypted to obtain diagnosis request message and diagnose request to disappear Cease the cryptographic Hash Req_meg+MAC of abstract;The first verifying confirmation module that vehicle diagnostics receive 2 end of gateway: the module is set The Hash calculation value of diagnosis message digest is calculated according to the Kg_pu (Req_meg+MAC) received, and by this Hash The cryptographic Hash MAC for the diagnosis message digest that calculated value is obtained with decryption is compared, and if they are the same, then vehicle diagnostics receive net It closes 2 and enters diagnostic state, verifying confirmation module encrypts Req_meg+MAC by public key Kr_pu to obtain Kr_pu (Res_ Meg+MAC) and it is sent to the confirmation of remote diagnosis server 3;The second verifying confirmation mould at 3 end end of remote diagnosis server is set Block: the module generates the private key Kr_pr that distribution memory module saves using the second key and carries out to Kr_pu (Res_meg+MAC) It decrypts and verifies message correctness, if correctly, the second verifying confirmation module is disappeared key K and diagnosis request by public key Kg_pu The cryptographic Hash MAC of breath abstract carries out asymmetric encryption and obtains Kg_pu (K+MAC) and be sent to vehicle diagnostics reception gateway 2;Setting Receive the first key preserving module at 2 end of gateway in vehicle diagnostics: the module is generated in distribution memory module by first key Private key Kg_pr Kg_pu (K+MAC) is decrypted to obtain key K and be saved.
Symmetric cryptography unit includes:
The first symmetric cryptographic key memory module that vehicle diagnostics receive 2 end of gateway is arranged in: module storage is symmetrical to be added Close private key Ke_pr;The second symmetric cryptographic key memory module at the diagnosis end target ECU1 is arranged in: the module stores symmetric cryptography Private key Ke_pr;The symmetrical encryption module that vehicle diagnostics receive 2 end of gateway is arranged in: the module uses the first symmetric cryptographic key Symmetric cryptography private key Ke_pr in memory module is to the Hash for diagnosing request message Req_meg and diagnosis message digest Value MAC carries out encryption and generates Ke_pr (Req_meg+MAC) and be sent to diagnosis target ECU1;Setting is at the diagnosis end target ECU1 Symmetrical deciphering module: the module is using the symmetric cryptography private key Ke_pr in the second symmetric cryptographic key memory module to Ke_pr (Req_meg+MAC) it is decrypted;The third verifying confirmation module at the diagnosis end target ECU1 is arranged in: the module is according to receiving Ke_pr (Req_meg+MAC) be calculated diagnosis message digest Hash calculation value, and by this Hash calculation value with it is right The cryptographic Hash MAC for the diagnosis message digest for claiming deciphering module to decrypt is compared, if the two is identical, sends confirmation Information to vehicle diagnostics receive gateway 2;The 4th verifying confirmation module that vehicle diagnostics receive gateway 2: the module verification is set Third verifies the correctness for the confirmation message that confirmation module is sent, and the key K in key preserving module is disappeared with diagnosis request The cryptographic Hash MAC of breath abstract carries out symmetric cryptography and obtains Ke_pr (K+MAC) and be sent to diagnosis target ECU1;It is arranged in target The second key preserving module at the end ECU: the module passes through the symmetric cryptography private key Ke_ in the second symmetric cryptographic key memory module Pr is decrypted to obtain key K and save to Ke_pr (K+MAC).
A kind of vehicle remote diagnosis method based on information security technology, this method comprises the following steps:
(1) 3 pairs of diagnosis requests of remote diagnosis server carry out asymmetric encryption and are sent to vehicle diagnostics reception gateway 2, It executes step (2);
(2) vehicle diagnostics receive gateway 2 whether be decrypted verifying communication to received diagnosis request safe, if then vehicle Diagnosis receives gateway 2 and enters diagnostic state, and remote diagnosis server 3 sends key K and receives gateway 2 to vehicle diagnostics, and holds Row step (3), otherwise terminates;
(3) vehicle diagnostics receive 2 pairs of diagnosis requests of gateway and carry out symmetric cryptography and be sent to diagnosis target ECU1;
(4) it is whether safe that verifying communication is decrypted to received diagnosis request in diagnosis target ECU1, if then diagnosing mesh Mark ECU1 enters diagnostic state, and vehicle diagnostics receive gateway 2 and key K is sent to diagnosis target ECU1, and then remote diagnosis takes Business device 3 is encrypted by key K and carries out remote diagnosis to target ECU, is otherwise terminated.
Diagnosis request includes the diagnosis request message Req_meg and cryptographic Hash MAC for diagnosing message digest, step (1) the cryptographic Hash MAC of diagnosis message digest is generated before being encrypted to diagnosis request using hash algorithm first.As a result, One diagnosis trust chain trusty is just set up, diagnostic service, inquiry between target ECU and remote diagnosis reception gateway It asks and response, then can carry out encryption and decryption by key K and Hash MAC value is verified, this method ensures entire vehicle remotes Anonymity, integrality and the authenticity of diagnosis process.
Fig. 2 is the communication structure block diagram between remote diagnosis server 3 and vehicle diagnostics reception gateway 2, asymmetric encryption Technology is realized that remote diagnosis server 3 obtains Kg_pu pairs of public key that vehicle diagnostics receive gateway 2 by way of software The cryptographic Hash MAC of diagnosis request message and the summarization generation of message is encrypted, and is generated Kg_pu (Req_meg+MAC), envelope The message format for dressing up Ethernet is sent to vehicle diagnostics by ethernet transceiver and receives gateway 2.Vehicle diagnostics receive gateway 2 after receiving diagnosis request, and the encrypting module request vehicle diagnostics for receiving gateway 2 to vehicle diagnostics receive the individual of gateway 2 The public keys Kr_pu of key Kg_pr and remote diagnosis server 3.Vehicle diagnostics, which will receive the private key Kg_pr of gateway 2, to be believed Breath is decrypted, and obtain the cryptographic Hash of diagnosis request message and eap-message digest generation: then Req_meg+MAC calculates diagnosis The cryptographic Hash of eap-message digest is compared with the cryptographic Hash sent, if identical, can prove that remote diagnosis server 3 is sent out The encryption message sent then ensure that the authenticity and integrality of diagnosis request message there is no being distorted by illegal.Vehicle is examined Disconnecting receives gateway 2 and then enters diagnostic state.Next, vehicle diagnostics, which receive gateway 2, uses the public close of remote diagnosis server 3 Key Kr_pu returns to 3 one confirmation message Kr_pu (Res_meg+MAC) of remote diagnosis server.Remote diagnosis server 3 receives And after verifying the confirmation message, by a communication key K, Kg_pu (K+MAC) is sent to vehicle by way of asymmetric encryption Diagnosis receive gateway 2.In order to ensure safety, key K is stored among first key preserving module.
Fig. 3 is that vehicle diagnostics receive gateway 2 and diagnose the communication structure block diagram between target ECU1, into diagnostic state Vehicle diagnostics receive gateway 2 using the private key Ke_pr transmitted from security module, by way of symmetric cryptography, send diagnosis and ask The Hash MAC value Ke_pr (Req_meg+MAC) for asking message and eap-message digest to generate gives diagnosis target ECU1.The side of symmetric cryptography Formula then passes through hardware and is realized.Target ECU receives the information sent, and the private key Ke_pr sent with encrypting module is solved It is close, and the cryptographic Hash for calculating informative abstract is compared with the cryptographic Hash sent, to prove the authenticity and reliability of message. After being proved to be successful, the communication module of target ECU receives communication module one encryption of gateway 2 really for vehicle diagnostics are returned to Recognize message Ke_pr (Res_meg+MAC), finally then by vehicle diagnostics receive gateway 2 by key K by way of symmetric cryptography Ke_pr (K+MAC) is sent to target ECU.Target ECU is by key storage in encrypting module, it is ensured that its safety.This is indicated Target ECU enters diagnostic mode.

Claims (4)

1. a kind of vehicle remote diagnosis system based on information security technology, which includes diagnosis target ECU (1) and remotely examines Disconnected server (3), which is characterized in that the system further includes that vehicle diagnostics receive gateway (2), and the vehicle diagnostics receive gateway (2) setting communicates to connect between diagnosis target ECU (1) and remote diagnosis server (3) and respectively with the two, the vehicle Diagnosis receives and is equipped with asymmetric encryption unit between gateway (2) and remote diagnosis server (3), and the vehicle diagnostics receive net It closes and is equipped with symmetric cryptography unit between (2) and diagnosis target ECU (1);
The asymmetric encryption unit is used to ask the diagnosis of remote diagnosis server (3) at remote diagnosis server (3) end Seek carry out asymmetric encryption, at the same vehicle diagnostics receive gateway (2) end be decrypted verifying communication whether safety, if then vehicle Diagnosis receive gateway (2) enter diagnostic state, remote diagnosis server (3) send key K to vehicle diagnostics receive gateway (2);
The symmetric cryptography unit, which is used to receive in vehicle diagnostics, receives net in vehicle diagnostics when gateway (2) enter diagnostic state Close (2) end to diagnosis request carry out symmetric cryptography, while diagnosis target ECU (1) end be decrypted verifying communication whether safety, If then diagnosing target ECU (1) into diagnostic state, vehicle diagnostics receive gateway (2) and key K are sent to diagnosis target ECU (1), and then remote diagnosis server (3) is encrypted by key K and carries out remote diagnosis to target ECU;
The asymmetric encryption unit includes:
The first key at vehicle diagnostics reception gateway (2) end is arranged and generates distribution memory module: the module generates asymmetric add Close public key Kg_pu and corresponding private key Kg_pr, and public key Kg_pu is sent to remote diagnosis server (3), by private key Kg_ Pr is saved;
The second key at remote diagnosis server (3) end is arranged and generates distribution memory module: the module generates asymmetric encryption Public key Kr_pu and corresponding private key Kr_pr, and by public key Kr_pu be sent to vehicle diagnostics receive gateway (2), by private key Kr_ Pr is saved;
The cryptographic Hash generation module at remote diagnosis server (3) end is arranged: the module is for generating diagnosis message digest Cryptographic Hash MAC;
The asymmetric encryption module at remote diagnosis server (3) end is arranged: the module disappears to diagnosis request using public key Kg_pu The breath Req_meg and cryptographic Hash MAC for diagnosing message digest carries out encryption and generates Kg_pu (Req_meg+MAC) and send Gateway (2) are received to vehicle diagnostics;
Be arranged and receive the asymmetric deciphering module at gateway (2) end in vehicle diagnostics: the module generates distribution using first key and deposits The private key Kg_pr that storage module saves is decrypted to obtain diagnosis request message to Kg_pu (Req_meg+MAC) and diagnosis is requested The cryptographic Hash Req_meg+MAC of eap-message digest;
Be arranged and receive the first verifying confirmation module at gateway (2) end in vehicle diagnostics: the module is according to the Kg_pu received (Req_meg+MAC) the Hash calculation value of diagnosis message digest is calculated, and this Hash calculation value is obtained with decryption The cryptographic Hash MAC of diagnosis message digest compare, if they are the same, then vehicle diagnostics receive gateway (2) and enter diagnosis shape State, verifying confirmation module are encrypted to obtain Kr_pu (Res_meg+MAC) and be sent by public key Kr_pu to Req_meg+MAC Confirm to remote diagnosis server (3);
The second verifying confirmation module at remote diagnosis server (3) end end is arranged: the module generates distribution using the second key The private key Kr_pr that memory module saves is decrypted Kr_pu (Res_meg+MAC) and verifies message correctness, if correctly, the The cryptographic Hash MAC of key K and diagnosis message digest are carried out asymmetric encryption by public key Kg_pu by two verifying confirmation modules It obtains Kg_pu (K+MAC) and is sent to vehicle diagnostics reception gateway (2);
Be arranged and receive the first key preserving module at gateway (2) end in vehicle diagnostics: the module is generated by first key distributes Private key Kg_pr in memory module is decrypted to obtain key K and save to Kg_pu (K+MAC).
2. a kind of vehicle remote diagnosis system based on information security technology according to claim 1, which is characterized in that institute The symmetric cryptography unit stated includes:
Be arranged and receive the first symmetric cryptographic key memory module at gateway (2) end in vehicle diagnostics: the module stores symmetric cryptography Private key Ke_pr;
The second symmetric cryptographic key memory module at diagnosis target ECU (1) end is arranged: the module stores symmetric cryptography private key Ke_pr;
Be arranged and receive the symmetrical encryption module at gateway (2) end in vehicle diagnostics: the module is stored using the first symmetric cryptographic key Symmetric cryptography private key Ke_pr in module is to the cryptographic Hash MAC for diagnosing request message Req_meg and diagnosis message digest Encryption is carried out to generate Ke_pr (Req_meg+MAC) and be sent to diagnosis target ECU (1);
The symmetrical deciphering module at diagnosis target ECU (1) end is arranged: the module is using in the second symmetric cryptographic key memory module Symmetric cryptography private key Ke_pr Ke_pr (Req_meg+MAC) is decrypted;
The third at diagnosis target ECU (1) end is arranged and verifies confirmation module: the module is according to the Ke_pr (Req_meg+ received MAC the Hash calculation value of diagnosis message digest) is calculated, and this Hash calculation value and symmetrical deciphering module are decrypted To the cryptographic Hash MAC of diagnosis message digest compare, if the two is identical, sends confirmation message to vehicle diagnostics and connect It receives gateway (2);
Be arranged and receive the 4th verifying confirmation module of gateway (2) in vehicle diagnostics: the module verification third verifies confirmation module hair The correctness for the confirmation message sent, and by key preserving module key K and diagnosis message digest cryptographic Hash MAC into Row symmetric cryptography obtains Ke_pr (K+MAC) and is sent to diagnosis target ECU (1);
The second key preserving module at the end target ECU is arranged in: the module passes through in the second symmetric cryptographic key memory module Symmetric cryptography private key Ke_pr is decrypted to obtain key K and save to Ke_pr (K+MAC).
3. a kind of vehicle remote diagnosis side of the vehicle remote diagnosis system based on information security technology as described in claim 1 Method, which is characterized in that this method comprises the following steps:
(1) remote diagnosis server (3) requests to carry out asymmetric encryption and is sent to vehicle diagnostics reception gateway (2) to diagnosis, It executes step (2);
(2) vehicle diagnostics receive gateway (2) whether be decrypted verifying communication to received diagnosis request safe, if then vehicle Diagnosis receives gateway (2) and enters diagnostic state, and remote diagnosis server (3) transmission key K to vehicle diagnostics receives gateway (2), And step (3) are executed, otherwise terminate;
(3) vehicle diagnostics receive gateway (2) and request to carry out symmetric cryptography to diagnosis and be sent to diagnosis target ECU (1);
(4) it is whether safe that verifying communication is decrypted to received diagnosis request in diagnosis target ECU (1), if then diagnosing target ECU (1) enters diagnostic state, and vehicle diagnostics receive gateway (2) and key K is sent to diagnosis target ECU (1), and then remotely examine Disconnected server (3) are encrypted by key K and carry out remote diagnosis to target ECU, are otherwise terminated.
4. vehicle remote diagnosis method according to claim 3, which is characterized in that the diagnosis request includes that diagnosis is asked It seeks message Req_meg and diagnoses the cryptographic Hash MAC of message digest, step (1) requests before being encrypted first diagnosis The cryptographic Hash MAC of diagnosis message digest is generated using hash algorithm.
CN201710034678.5A 2017-01-17 2017-01-17 A kind of vehicle remote diagnosis system and method based on information security technology Active CN106685985B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710034678.5A CN106685985B (en) 2017-01-17 2017-01-17 A kind of vehicle remote diagnosis system and method based on information security technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710034678.5A CN106685985B (en) 2017-01-17 2017-01-17 A kind of vehicle remote diagnosis system and method based on information security technology

Publications (2)

Publication Number Publication Date
CN106685985A CN106685985A (en) 2017-05-17
CN106685985B true CN106685985B (en) 2019-11-29

Family

ID=58860570

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710034678.5A Active CN106685985B (en) 2017-01-17 2017-01-17 A kind of vehicle remote diagnosis system and method based on information security technology

Country Status (1)

Country Link
CN (1) CN106685985B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107105060B (en) * 2017-05-27 2020-12-08 天津恒天新能源汽车研究院有限公司 Method for realizing information security of electric automobile
CN107272649A (en) * 2017-07-05 2017-10-20 东南(福建)汽车工业有限公司 Malfunction remote diagnosis system and method
DE102018202996A1 (en) * 2018-02-28 2019-08-29 Robert Bosch Gmbh Method for performing a diagnosis
US10841284B2 (en) * 2018-05-30 2020-11-17 Lear Corporation Vehicle communication network and method
CN109240273A (en) * 2018-11-02 2019-01-18 上海博泰悦臻网络技术服务有限公司 Vehicle remote diagnosis method, server-side, engine end and client based on cloud
CN112015158B (en) * 2019-05-30 2022-03-18 比亚迪股份有限公司 Vehicle gateway control system and method and vehicle
CN112327796B (en) * 2020-10-21 2022-05-06 诚迈科技(南京)股份有限公司 Control method and electronic control unit for automobile diagnosis service
CN112286171B (en) * 2020-11-05 2021-11-16 中国第一汽车股份有限公司 Remote diagnosis method, device, vehicle and storage medium
CN112428947A (en) * 2020-12-02 2021-03-02 上海拓殷电子科技技术有限公司 Automobile intelligent system
CN112541187B (en) * 2020-12-21 2024-05-03 深圳市元征科技股份有限公司 Cloud computing method and cloud computing cluster
CN112738222A (en) * 2020-12-28 2021-04-30 嬴彻科技(浙江)有限公司 Vehicle diagnosis system and method, vehicle and gateway thereof, and storage medium
CN113311816A (en) * 2021-06-10 2021-08-27 中国第一汽车股份有限公司 Vehicle remote diagnosis system and method
CN113625691B (en) * 2021-08-20 2023-04-07 深圳市元征科技股份有限公司 Vehicle diagnosis method, vehicle diagnosis equipment and vehicle gateway

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1960347A (en) * 2006-11-06 2007-05-09 吉林大学 Wireless car borne gateway system
CN104765357A (en) * 2015-03-11 2015-07-08 西安电子科技大学 Authorization system and method for vehicle remote diagnosis
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics
CN106101111A (en) * 2016-06-24 2016-11-09 郑州信大捷安信息技术股份有限公司 Vehicle electronics safe communication system and communication means
CN106154903A (en) * 2015-04-16 2016-11-23 上海汽车集团股份有限公司 Carry out, with peripheral hardware, the system and method that information is mutual for car load network
CN106713264A (en) * 2016-11-18 2017-05-24 郑州信大捷安信息技术股份有限公司 Method for vehicle safety remote control and diagnosis and system thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4576997B2 (en) * 2004-04-28 2010-11-10 株式会社デンソー Communication system, key distribution device, cryptographic processing device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1960347A (en) * 2006-11-06 2007-05-09 吉林大学 Wireless car borne gateway system
CN104765357A (en) * 2015-03-11 2015-07-08 西安电子科技大学 Authorization system and method for vehicle remote diagnosis
CN106154903A (en) * 2015-04-16 2016-11-23 上海汽车集团股份有限公司 Carry out, with peripheral hardware, the system and method that information is mutual for car load network
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics
CN106101111A (en) * 2016-06-24 2016-11-09 郑州信大捷安信息技术股份有限公司 Vehicle electronics safe communication system and communication means
CN106713264A (en) * 2016-11-18 2017-05-24 郑州信大捷安信息技术股份有限公司 Method for vehicle safety remote control and diagnosis and system thereof
CN106713264B (en) * 2016-11-18 2019-06-21 郑州信大捷安信息技术股份有限公司 A kind of method and system remotely controlled for vehicle safety with diagnosis

Also Published As

Publication number Publication date
CN106685985A (en) 2017-05-17

Similar Documents

Publication Publication Date Title
CN106685985B (en) A kind of vehicle remote diagnosis system and method based on information security technology
Woo et al. A practical wireless attack on the connected car and security protocol for in-vehicle CAN
CN112887338B (en) Identity authentication method and system based on IBC identification password
CN102325320B (en) A kind of Wireless security communication method and system
CN111181928B (en) Vehicle diagnosis method, server, and computer-readable storage medium
CN105577613B (en) A kind of method of sending and receiving of key information, equipment and system
KR20140122188A (en) Method for detecting a manipulation of a sensor and/or sensor data of the sensor
CN111552270B (en) Safety authentication and data transmission method and device for vehicle-mounted diagnosis
Fassak et al. A secure protocol for session keys establishment between ECUs in the CAN bus
CN106685653A (en) Vehicle remote firmware updating method and device based on information security technology
CN111769938B (en) Key management system and data verification system of block chain sensor
CN101990748A (en) Method and device for transmitting messages in real time
CN110768938A (en) Vehicle safety communication method and device
CN108259465A (en) A kind of authentication encryption method of intelligent automobile internal network
CN112702318A (en) Communication encryption method, decryption method, client and server
CN110753321A (en) Safe communication method for vehicle-mounted TBOX and cloud server
CN112753203B (en) Secure communication method and device
CN113542428B (en) Vehicle data uploading method and device, vehicle, system and storage medium
KR101269086B1 (en) Data certification and acquisition method and system for vehicle
CN117435226B (en) Data refreshing method, device and storage medium of vehicle-mounted electronic control unit
KR102569893B1 (en) Method of providing secure in-vehicle network communication and appratus for implementing the same
CN113676448A (en) Off-line equipment bidirectional authentication method and system based on symmetric key
US8824670B2 (en) Cryptography by parameterizing on elliptic curve
CN103414567A (en) Information monitoring method and system
CN114826742B (en) Communication security system and authentication method for engineering machinery internet of things perception layer network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant