CN107426075A - Security gateway and communication means based on multichannel CAN and ethernet communication - Google Patents
Security gateway and communication means based on multichannel CAN and ethernet communication Download PDFInfo
- Publication number
- CN107426075A CN107426075A CN201710789108.7A CN201710789108A CN107426075A CN 107426075 A CN107426075 A CN 107426075A CN 201710789108 A CN201710789108 A CN 201710789108A CN 107426075 A CN107426075 A CN 107426075A
- Authority
- CN
- China
- Prior art keywords
- data
- random number
- ethernet
- data frame
- frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/0001—Systems modifying transmission characteristics according to link quality, e.g. power backoff
- H04L1/0006—Systems modifying transmission characteristics according to link quality, e.g. power backoff by adapting the transmission format
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
Abstract
The present invention provides a kind of security gateway and communication means based on multichannel CAN and ethernet communication, using backbone network of the multichannel Ethernet as information transfer, the security gateway and its communication means that connection multichannel CAN directly communicates with in-car controller and in-car detection device, it is possible to achieve safe and efficient real-time data communication.Because the security gateway uses multichannel CAN and ethernet link, call duration time is greatly reduced, improves communication efficiency.
Description
Technical field
The present invention provides a kind of security gateway and communication means based on multichannel CAN and multichannel ethernet communication, uses
In the controller and in-car detection device progress safety of realizing that PC control terminal is connected by Ethernet with in-car CAN
Communication, belongs to technical field of communication safety and comprising.
Background technology
Controller local area network (Controller Area Network, CAN) is used as a kind of field bus technique, due to
The features such as its reliability is high, stability is good, strong antijamming capability, communication speed are high low with maintenance cost, is widely used in work
Industry control field.In view of CAN is also extensively used to realize automobile in the design of its good performance and uniqueness, automotive field
Data communication between internal controller, actuator and each detection device.
Ethernet is the basic networking technology of internet, and ICP/IP protocol is the most basic protocol family in internet, with ten thousand
The popularization of thing interconnection concept and the development of Internet of Things, Ethernet is as a kind of amount of communication data is big, real-time is high and highly reliable
Technology, be widely used in the field of each network service.
With the development of car networking technology and automatic Pilot technology, new requirement is proposed to automobile network communication technology.
In-vehicle networking also by dynamical system, gradually develops into the multiple systems such as Infotainment, automobile assistant driving and security system.Together
When, In-vehicle networking and the equipment being attached thereto are required for being diagnosed and being safeguarded by external interface, and this is needed based on shared
The high bandwidth network communication technology support.Because Ethernet has the characteristics that technology maturation, high bandwidth and high performance-price ratio, it is in vapour
Utilization rate in car is constantly soaring.The thing followed is the safety problem of network communication protocol and gateway, and hacker can be with pin
A series of attacks are initiated to agreement and gateway, and are possible to spread to such attack ECU (the automatically controlled lists of automotive interior
Member).Criminal can be by intercepting and capturing the encryption data in car networking communication, acquisition vehicle running state data after decryption,
Automotive interior ECU can be intruded into, sends illegal instruction, remote control automobile.For example, tesla's automobile has been produced Lou again and again
Hole, hacker can be unlocked, opened a window, opening boot, or even in case of the low-speed travel state being put out automobile with remote control automobile
Fire.U.S. DARPA research centers cause hacker can be with it has also been found that AM General company Anji star OnStart systems have leak
It is utilized to remote control automobile.Therefore in car networking and automatic Pilot field, how the in-car various data of gateway realization are passed through
Between rapid translating and secure communication, both at home and abroad existing numerous scholars this problem is had made intensive studies.
In the protocol conversion and the communication technology of CAN and ethernet gateway, the technical method mainly used has:It is in-car
Multichannel CAN and in-car single channel Ethernet protocol gateway, mainly use in-car single channel twisted-pair feeder as ethernet communication bus with
In-car CAN transceiver modules communication;The protocol gateway of the outer single channel Ethernet of in-car multichannel CAN and car, is mainly used in vehicle failure and examines
It is disconnected and write with a brush dipped in Chinese ink in-car electronic control unit;The outer multichannel Ethernet protocol gateway of in-car multichannel CAN and car, mainly data are carried out double
The double main redundant transmissions of net, to ensure the stability of data transfer and reliability;Above-mentioned communication gate is applied to CAN and Ethernet
Communication, to reach the purpose of protocol conversion.
In CAN and the safe practice of ethernet gateway, the technical method mainly used has:Data encryption technology,
Firewall technology and network authentication techniques etc..But simply AES degree of safety is low, is easily broken, complicated encryption is calculated
Method complexity is high, computationally intensive, is mismatched with the computing capability of vehicle-mounted embedded type chip, is also unsuitable for the real-time encrypted of data
Transmission.Face frequently various attack pattern, the complexity of key generation and be difficult to manage, and listener-in in link layer or
The various packet capturing technologies that other nodes use, existing safe practice can not be applied to car networking well and communicate, it is impossible to completely
Realize the purpose of secure communication.
The content of the invention
The present invention provides a kind of security gateway and communication means based on multichannel CAN and multichannel ethernet communication, uses
In realizing that controller that PC control terminal is connected by Ethernet with in-car CAN and in-car detection device are led to
Letter.
In the protocol conversion stage, security gateway is by in-car CAN by the CAN message received by CAN protocol data
Be converted to Transmission Control Protocol data.
In the encapsulated phase of multichannel communication multiple telecommunication protocol data frame, given birth to first by the nested pseudo random number algorithm that the present invention defines
The random number sequence fixed into one, when pseudo random number algorithm nested order and random number seed determine, generate every time with
Element value determines in machine Number Sequence.
Then according to the genesis sequence of element in random number sequence, first first element in random number sequence is input to
The customized DataLen functions of the present invention, the length using the natural number N that DataLen functions export as data block after splitting, from
First byte of Transmission Control Protocol data starts, and takes out the data that length is N byte and is used as data block after fractionation, is filled into accompanying drawing 3
The data data fields of communications data frame;Using first element in random number sequence as the numbering for splitting data block, it is filled into
The headNum data fields of communications data frame in accompanying drawing 3;By the data data fields and headNum data of communications data frame in accompanying drawing 3
Domain is input to MD5 algorithms generation MD5 digital finger-prints, and the MD5 digital finger-prints of generation are filled into communications data frame in accompanying drawing 3
Md5Check data fields.So far encapsulation of the multichannel communication multiple telecommunication agreement of the invention defined to first data frame is completed.
According to the genesis sequence of element in random number sequence, second element in random number sequence is then input to this
Customized DataLen functions are invented, the length using the natural number J that DataLen functions export as data block after splitting, from
The N+1 bytes of Transmission Control Protocol data start, and take out the data that length is J bytes and are used as data block after fractionation, are filled into accompanying drawing 3
The data data fields of middle communications data frame;Using second element in random number sequence as the numbering for splitting data block, filling
The headNum data fields of communications data frame into accompanying drawing 3;By the data data fields and headNum numbers of communications data frame in accompanying drawing 3
MD5 algorithms generation MD5 digital finger-prints are input to according to domain, the MD5 digital finger-prints of generation are filled into communications data frame in accompanying drawing 3
Md5Check data fields.So far encapsulation of the multichannel communication multiple telecommunication agreement of the invention defined to second data frame is completed.
By that analogy, until the k-th element in random number sequence is input into the customized DataLen letters of the present invention
Number, DataLen functions output natural number M be more than or equal to it is remaining do not split Transmission Control Protocol data block byte number when, will be remaining
The Transmission Control Protocol data not split are filled into the data data fields of communications data frame;Using k-th element as remaining Transmission Control Protocol number
The headNum data fields of communications data frame are filled into according to the numbering of block;Then by the data data fields of communications data frame and
HeadNum data fields are input to MD5 algorithms generation MD5 digital finger-prints, and the MD5 digital finger-prints of generation are filled into communications data frame
Md5Check data fields;So far, the fractionation to Transmission Control Protocol data is completed, and fractionation is obtained into data block and is packaged into data
Frame.
In information transmission phase, first, calculate communications data frame number N in every group, N=split data block number/with
Too network interface number;Randomly select N number of data frame as one group of packet using linear congruential method, by this group of packet and one with
Too network interface is bound, and by that analogy, until all communications data frames have been grouped, all groups are bound with Ethernet interface;So
Parallel transmission communication data packet is to PC control terminal simultaneously for multichannel Ethernet afterwards, until all communication data packets have been sent
Finish.
The stage is received in information, each data frame received first by PC control end-on uses MD5 fingerprints school
Data integrity is tested, is then obtained splitting data block, solution according to the data data fields of multichannel communication multiple telecommunication protocol analysis communications data frame
The headNum data fields of analysis communications data frame obtain splitting the numbering of data block;Obtained according to self-defined secret order algorithm Secret
Pseudo random number algorithm nested with security gateway identical, use pseudo random number algorithm nested with security gateway identical, generation one
Individual random number sequence;First element in sequence is taken out first, finds the value of communications data frame headNum data fields and the
One element identical communications data frame, the data data fields for taking out the communications data frame are joined the team into recombination data queue;So
Second element in sequence is taken out afterwards, and the value and second element identical for finding communications data frame headNum data fields are led to
Letter data frame, the data data fields for taking out the communications data frame are joined the team into recombination data queue in tail of the queue;By that analogy, until
All data data fields received are joined the team into recombination data queue, are combined as complete Transmission Control Protocol data;So as to complete safety
Efficient communication process, the secure communication applied to remote control terminal and in-car controller and in-car detection device.
The present invention provides a kind of security gateway based on multichannel CAN and multichannel ethernet communication, its PC control
Terminal and the communication means step of in-car controller and in-car detection device are as follows:
1) CAN is connected by Ethernet in PC control terminal to communicate with in-car controller and in-car detection device
When, the authentication using the static password that both sides arrange by security gateway, PC control terminal obtains to be controlled with in-car
The communication authority of device and in-car detection device;
2) after PC control terminal obtains communication authority, nested pseudo random number algorithm that gateway safe to use defines is raw
Into a fixed random number sequence, when pseudo random number algorithm nested order and random number seed determine, what is generated every time is random
Element value determines in Number Sequence;Three kinds of Pseudo-Random Numbers are included in the nested pseudo random number algorithm:Linear congruential method, shifting
Bit register serial method and super prime number method.
Three kinds of algorithm definition are introduced in turn below.
First random algorithm:Linear congruential method
Xn+1=(aXn+ c) mod m, n >=0 (1.1)
Wherein:
N is natural number;
Xn+1For random number;
During n=0, initial value X0Referred to as seed;
Constant a is referred to as multiplier;
Constant c is referred to as constant;
Constant m is referred to as modulus;
Mod is modulo operation;
In order to obtain the random number being distributed on [0,1] section, Ke Yiling
Wherein RnTo meet desired random number;
For (1.1) formula, as c=0, the algorithm is referred to as multiplicative congruential method;As c ≠ 0, the algorithm is referred to as mixing congruence
Method;
Second random algorithm:Shift-register sequence method
Shift-register sequence method is the method for randomly generating 0,1 binary digit.It is transported based on primitive polynomial with mould 2
Calculate.If basis trinomial is xp+xqShift-register generator is corresponding to+1:
Xi=[Xi-p+Xi-(i-q)] mod 2, i=p, p+1 ... (1.3)
To the binary numeral X in registeriMake recursive operation, wherein:
P, q is given positive integer;
Xi(i=1,2 ..., p-1) is given constant;
Given initial value Xi(X-p, X-p+1 ..., X-1), 0 or 1 value forms binary system ordered series of numbers { a caused by formulan}.Cut
Access row { anIn continuous L positions form a L bit;Then L positions are intercepted and form a binary number again, with such
Push away;
3rd random algorithm:Super prime number method
If M is prime number, ZiGathering { 1,2 ..., M-1 }, if there is both about (molecule and denominator are relatively prime for proper fraction
Proper fraction) Zi/ M is represented by pure circulating decimal (representation such as 0.a1a2...a1a1a2...a1), and repetend T=M-1, then
Prime number M is referred to as super prime number;
Pure circulating decimal existence condition theorem in number theory, with reference to the definition of super prime number, gives generation pseudorandom
The general super prime number method of sequence, its recurrence formula are:
Zi+1=(10*Zi) mod M, i=1,2,3 ... (1.4)
Wherein:
M is super prime number;
Z is nature manifold { Zi| 0 < Zi< M }, Zi∈Z;
I is expressed as natural number;
Mod is modulo operation;
The pseudo random number of this method generation is classified as an integer cyclic sequence, and the minimal circulation cycle is M-1, in each minimum
Only occur once from 1 to each integer M-1 in cycle.
The nested pseudo random number algorithm of the present invention is defined as follows:
Wherein:
R represents nested random number;
Represent a kind of PRNG;
θ represents another PRNG;
T is expressed as present system time;
G represents a kind of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C mapping, i.e. A
→ B, A → C;
F represents the random number functions being distributed on output [0,1] section;
N represents natural number;
XnRepresent random number seed;
M is expressed as modulus;
Expression rounds symbol downwards;
A random real number being evenly distributed between [0,1], mapping are produced first by above-mentioned linear congruential method (1.6)
Any two kinds of pseudo random number algorithms included in nested pseudo random number algorithm are chosen, mapping method is as follows:
Function g in formula (1.5) is that set A (set of random numbers) arrives B (pseudo random number algorithm set) and C (pseudorandoms
Number algorithm sets) a kind of mapping, i.e. A → B, A → C;The random real number of [0,1] is evenly distributed on caused by formula (1.6)In set B, ifThen(α represents linear congruential method);IfThen
(β represents shift-register sequence);Then(γ represents super prime number method);In set C, if
ThenIfThenIfThen
By above-mentioned mapping method, a kind of PRNG will be obtained by formula (1.5)Use system time T
As random real number r of the random number seed formation range between [1,100]1As radix, obtained another pseudo random number
Maker θ, using random real number rs of the two times of 2T of system time as random number seed formation range between [1,100]2As
Offset, by r1With r2Rounded under being added backward, obtain a nested random integers r;Often generate a random number r, all with before
Generation each random number compare, except first random number of generation, if therewith previous existence into random number it is equal, give up
Abandon, otherwise insert generating random number sequence;Finally give the unduplicated nested random number sequence of an element numerical value.
3) Transmission Control Protocol data to be sent are split, the data block length bytes range defined in multichannel communication multiple telecommunication agreement exists
[10,20] between;First element r in the random sequence that step 2 generates is taken out, by the self-defined DataLen letters of the present invention
Number, the function are defined as:
Obtained numerical value ω (r) ∈ [10,20], using the numerical value as the length for splitting data block, from Transmission Control Protocol data
First byte starts, and takes out length and obtains data block as fractionation for the data of ω (r) bytes, the data block that fractionation is obtained is filled out
The data data fields of communications data frame in accompanying drawing 3 are charged to, this communications data frame is first communications data frame;It is random using taking out
First element r in sequence obtains the numbering of data block as splitting, and the numbering is filled in into first communications data frame
HeadNum data fields;By that analogy, second is taken out in random sequence, the 3rd ... element will communicate using aforesaid way
Data are split as data block and numbered, until ω (r ') that the random number r ' of taking-up is obtained by DataLen functions is more than or waits
In remaining Transmission Control Protocol data block length, then Transmission Control Protocol data can not be split again, now by remaining Transmission Control Protocol data
Block is filled into the data data fields of last frame data, is filled the random number r ' of taking-up as the numbering of the data block to the end
The headNum data fields of one frame data, complete the fractionation to Transmission Control Protocol data and numbering;During splitting Transmission Control Protocol data
The data block number Q for splitting to obtain using counter records;
4) the data data fields in step 3 communications data frame and headNum data fields are input to MD5 algorithms generation MD5
Digital finger-print, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Wherein MD5
(Message Digest 5) algorithm is a kind of hash algorithm;MD5 algorithms are defined as:
With 512 to be grouped to handle the data of input, and each packet is divided into 16 32 seats packets again, passes through
After a series of processing, the output of MD5 algorithms is formed by four 32, one will be generated after this four 32 packet concatenations
The hashed value of 128, the value are digital finger-print;
Data type (such as communications data frame) and communication data frame length finally are separately added into communications data frame
DataType data fields and length data fields, full communication data frame is obtained, complete encapsulation;In its data structure such as accompanying drawing 3
Communication data frame structure;Most encapsulation finishes data frame and is sent into data queue to be sent at last;
5) the preceding Q in the random sequence for first generating step 2 (the data block number that fractionation obtains) individual element is put successively
Enter in the dynamic array that size is Q;Then random integers of the scope in [0, Q-1] are produced using linear congruential method, search with
The random number identical array index value is right the signified array element of the array index value found (i.e. data block is numbered) institute
The data frame answered is sent into data splitter to be sent;Randomly select Q/N (N is Ethernet interface number) individual data frame group for the first time
First data splitter to be sent is sent into packet, the packet in first queue is transmitted by first via Ethernet;With
This analogizes, and performs n times repeatedly, chooses N groups packet altogether and is sent into N number of data splitter to be sent, is transmitted by N roads Ethernet N number of
Packet in data splitter to be sent;Complete the random packet to all communications data frames, and all groups of equal and Ethernets
Interface is bound;Eventually through N roads Ethernet simultaneously and the packet be about in N number of data splitter to be sent is sent to communication pair
End;
6) by used in step 3 two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed
SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame,
RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order
The md5Check data fields of data frame, data type is added to the dataType data fields of secret order data frame, secret order data frame number
The length data fields of secret order data frame are added according to length, complete the encapsulation to secret order data, its data structure such as 3 kinds of accompanying drawing is close
Make data frame structure;Sent by Ethernet all the way to security gateway;
7) after security gateway receives packet, by the data frame in multichannel communication multiple telecommunication protocol analysis packet, data are extracted
Length length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type,
If communications data frame, then the data data fields for receiving data frame and headNum data fields are calculated using MD5 algorithms
MD5 digital finger-prints compare with receiving MD5 digital finger-prints, so as to checking data integrity;If data are tampered or lost,
The reissue commands data frame comprising communications data frame type and the data frame number, its data knot are sent to PC control terminal
Reissue commands data frame structure in structure such as accompanying drawing 3;If verification is complete, using data Field Number headNum as number field,
And carry out building table as content field as index, data field data;If secret order data, then calculated and connect using MD5 algorithms
Receive data frame randomType1, randomType2 and seedValue and dataNum data fields MD5 digital finger-prints with
The MD5 digital finger-prints received compare, checking data integrity;It is whole to PC control if data are tampered or lost
End, which is sent, includes the reissue commands data frame of secret order data frame type, reissue commands data frame knot in its data structure such as accompanying drawing 3
Structure, now headNum data fields are by 0 filling;If verification is complete, self-defined secret order algorithm Secret, algorithm definition are used:
Parse secret order data frame, obtain receive pseudo random number algorithm randomType1 in secret order data frame,
RandomType2 and random number seed seedValue and fractionation data block number dataNum, use the nesting of formula (1.5) pseudo-
Random number algorithm generates random sequence, carries out traversal to the preceding dataNum element in random number sequence and tables look-up, often traverses one
Individual element, it whether there is the element in look-up table, if it is present data data fields corresponding to the element are retrieved, it is suitable by traveling through
The data data fields that ordered pair retrieves are joined the team into recombination data queue in tail of the queue;Compiled if it does not exist, then the random number is corresponding
Number dropout of data block, to PC control terminal send comprising the data block numbering reissue commands, until security gateway connects
The data frame containing the numbering is received, the data data fields of the data frame are joined the team to recombination data queue in tail of the queue;It is final complete
The restructuring of paired Transmission Control Protocol data;
8) the Transmission Control Protocol data protocol of restructuring is converted into CAN data, sent by multichannel CAN to in-car
Controller and in-car detection device, and wait reply CAN message;
9) security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message by
CAN protocol is converted to Transmission Control Protocol data, and TCP protocol datas are entered by security gateway use and step 2,3,4 identical methods
Row splits, MD5 digital finger-prints is added after numbering, completes the protocol encapsulation of data block;Q/N are randomly selected using step 5 method
Data frame is one group, forms N group packets, passes through N roads Ethernet transmitted in parallel to PC control terminal;
10) data verified with step 7 same way by the use of PC control terminal, organize bag, obtained complete
Transmission Control Protocol data;So as to complete once complete PC control terminal by multichannel Ethernet connect multichannel CAN buses with
In-car controller and the process of in-car detection device secure communication;
In-car controller and in-car detection device and the communication of PC control terminal can be realized with above-mentioned steps.
The present invention provides a kind of equipment of the method for the security gateway of CAN and ethernet communication based on multichannel, bag
Include:ARM is the embedded platform of core processor;CAN module and ethernet module;
Described ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
Described CAN module includes CAN controller and CAN transceiver;
Described ethernet module includes ethernet transceiver;
Wherein, for security gateway based on the embedded platform using ARM as core processor, the platform is equipped with Linux operations
System;The CAN passages of ARM core processors are connected with multichannel CAN controller and transceiver, the other end access of CAN transceiver
CAN is connected with in-car controller with in-car detection device, for receiving and dispatching CAN message;The Ethernet of ARM core processors connects
Mouth is connected with multichannel ethernet transceiver, the other end connection PC control terminal of Ethernet, for receiving and dispatching ethernet communication
Protocol data;The embedded platform includes multichannel CAN module, multichannel ethernet module after above-mentioned extension;Specific CAN
Bus links quantity depends on quantity and the demand to communication efficiency of in-car controller and in-car detection device, ether network chain
Way amount depends on specific safe class, and number of links more multi-security level(MSL) is higher;
The security gateway based on multichannel CAN and ethernet communication provided, due to the use of ARM being core processor
Embedded platform, and transplanted under Linux CAN and driven;When ethernet module communicates with PC control terminal
Using Socket API, Socket Can API are used when CAN module communicates with in-car control and detection device;Use
When multichannel CAN and ethernet link communicate, can utilize network service API detections link whether idle or failure, if
Have link failure or it is busy then select idle link, and notify PC control terminal-pair faulty link back up and repair.
The present invention uses backbone network of the multichannel Ethernet as information transfer, and connection multichannel CAN is directly controlled with in-car
Device processed and the security gateway and its communication means of the communication of in-car detection device, it is possible to achieve safe and efficient real-time data communication.
Because the security gateway uses multichannel CAN and ethernet link, call duration time is greatly reduced, improves communication effect
Rate.
Security gateway one end connection CAN communicates with multiple in-car controllers and multiple in-car detection devices, the other end
Connection Ethernet communicates with PC control terminal;The agreement that the present invention is realized between CAN data and TCP data turns
Change, while data are split as the random data block of length by the nested pseudo random number algorithm defined using the present invention;By data block
It is encapsulated into the random multichannel communication multiple telecommunication protocol communication data frame defined by the present invention of numbering;Last security gateway is according to Ethernet
Number of ports, repeatedly randomly select N number of data frame and form multiple packets, each packet and an Ethernet interface are bound, more
Transmitted in parallel packet to Correspondent Node, will receive packet by Correspondent Node and be defined by the present invention individual ethernet link simultaneously
Multichannel communication multiple telecommunication protocol analysis, be reassembled as complete TCP data so that PC control terminal connects car by security gateway
Internal controller and in-car detection device, realize based on multichannel CAN and the safety net of the conversion of multichannel Ethernet protocol and communication
Close.
The positive effect of the present invention is:Using multichannel CAN and the security gateway of ethernet communication, car connection is realized
Conversion in net between in-car CAN agreement and the communication protocol of Ethernet, while torn open data using pseudo random number algorithm
After being divided into data block, data block is put into and numbers random data frame, then randomly selects N number of data frame as packet, system
Multiple packets will be generated according to Ethernet interface number, each packet and an Ethernet interface are bound, multiple ether network chains
Road sends packet simultaneously.Its random algorithm arithmetic speed is fast, while real-time is ensured, due to data frame number, data
Frame group packet mode with communication institute using ethernet link numbering be all by the present invention define nested pseudo random number algorithm generation,
Invader can not synthesize the data chunk in communication intentional partial data, can not be sent in communication system significant
Data, communication system is efficiently avoid by illegal invasion, ensure that the security and anti-destructive of communication system.Use simultaneously
Multiple ethernet link transmitting data in parallel, used multichannel CAN bus links connect multiple in-car control devices with it is in-car
Detection device, it is ensured that PC control terminal and multiple in-car control devices, multiple in-car detection device parallel communications, show
Improve communication efficiency with writing.
Brief description of the drawings
Fig. 1 is the structure chart of the present invention;
Fig. 2 is the system flow chart of the present invention;
Fig. 3 is the data structure diagram of the present invention;
In Fig. 3:DataType represents data type, such as communications data frame, secret order data frame, reissue commands data frame, position
In the high 4 of each byte of data frame the 1st;Length represents data frame length, low 4 positioned at each byte of data frame the 1st;
HeadNum represents data field coding, positioned at communications data frame and the byte of reissue commands data frame the 2nd;Data represents data field,
Positioned at the byte of communications data frame the 19th to the 38th byte;RandomType1 represents the first pseudo random number algorithm, positioned at secret order number
It is high 4 according to the byte of frame the 2nd;RandomType2 represents second of pseudo random number algorithm, positioned at the byte low 4 of secret order data frame the 2nd
Position;SeedValue represents random number seed, positioned at the byte of secret order data frame the 3rd;DataNum represents fractionation data field number,
Positioned at the byte of secret order data frame the 4th;Md5Check represents MD5 digital finger-prints, in communications data frame and reissue commands data frame
Positioned at the 3rd byte to 18 bytes, the 5th byte to the 20th byte is located in secret order data frame.
Embodiment
With reference to Fig. 1 and Fig. 2 and Fig. 3, the present invention is described further by following examples.Not in any way
The limitation present invention, on the premise of without departing substantially from the technical solution of the present invention, ordinary skill made for the present invention
Any modifications or changes that personnel easily realize are fallen within scope of the presently claimed invention.
Embodiment 1
Reference picture 1, Fig. 2 and Fig. 3, embedded platform, the eight road CAN that device of the invention has ARM to be core processor are total
Wire module and two-way ethernet module;
Described ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
Described CAN module includes CAN controller and CAN transceiver;
Described ethernet module includes ethernet transceiver;
Wherein, the CAN passages of ARM core processors are connected with eight tunnel CAN controllers and transceiver, CAN transceiver it is another
One end is accessed CAN and is connected with in-car control and detection device, for receiving and dispatching CAN message;The Ethernet of ARM core processors
Interface is connected with two-way ethernet transceiver, the other end connection PC control terminal of Ethernet, for receiving and dispatching ether netting index
According to;
PC control terminal connects eight tunnel CAN links by two-way Ethernet and led to in-car control and detection device
The process of letter is as follows:
1. connect CAN by Ethernet in PC control terminal to communicate with in-car controller and in-car detection device
When, the authentication using the static password that both sides arrange by security gateway, PC control terminal obtains to be controlled with in-car
The communication authority of device and in-car detection device;
2. PC control terminal is after communication authority is obtained, by the formula (1.5) in multichannel communication multiple telecommunication agreement and (1.6):
A random sequence is produced, the first random number r taken out in random sequence uses DataLen functions (1.7):
Using obtained numerical value ω (r) as the length for splitting data block, since the first byte of Transmission Control Protocol data, take
Go out the data that length is ω (r) bytes and obtain data block as fractionation, the data block that fractionation is obtained is filled into accompanying drawing 3 and communicated
The data data fields of data frame, this communications data frame are first communications data frame;Use first taken out in random sequence
Element r obtains the numbering of data block as fractionation, and the numbering is filled in the headNum data fields of first communications data frame;
By that analogy, second is taken out in random sequence, Transmission Control Protocol data are split as counting by the 3rd ... element using aforesaid way
According to block and number, until the ω (r ') that the random number r ' of taking-up obtains by DataLen functions is more than or equal to remaining TCP associations
Data block length is discussed, then Transmission Control Protocol data can not be split again, now by remaining Transmission Control Protocol data block filling to the end
The data data fields of one frame data, last frame data are filled into using the random number r ' of taking-up as the numbering of the data block
HeadNum data fields, complete the fractionation to Transmission Control Protocol data and numbering;Counter is used during splitting Transmission Control Protocol data
Record splits obtained data block number Q;
3. the data data fields in step 2 communications data frame and headNum data fields are input to MD5 algorithms generation MD5
Digital finger-print, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Finally by data type
(communications data frame) and communication data frame length are separately added into the dataType data fields and length data fields of communications data frame,
Full communication data frame is obtained, completes encapsulation;Communication data frame structure in its data structure such as accompanying drawing 3;Most encapsulation finishes at last
Data frame is sent into data queue to be sent;
4. preceding Q (the data block number that fractionation obtains) individual element in the random sequence that step 2 is generated is sequentially placed into greatly
In the small dynamic array for Q;Random integers of the scope in [0, Q-1] are produced using linear congruential method, are searched and the random number
Identical array index value, the data corresponding to the signified array element of the array index value found (i.e. data block is numbered)
Frame is sent into data splitter to be sent;For the first time Q/2 (2 be Ethernet interface number) individual data frame composition data bag is randomly selected to send
Enter first data splitter to be sent, the packet in first queue is transmitted by first via Ethernet;Second of random choosing
Q/2 data frame composition data bag is taken to be sent into second data splitter to be sent, the packet in second queue is by second
Road Ethernet transmission;All communications data frames are randomly divided into two groups, and two groups of packets are bound with two-way Ethernet interface;
By two-way Ethernet by the packet transmitted in parallel in two data splitters to be sent to Correspondent Node;
5. by used in step 2 two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed
SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame,
RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order
The md5Check data fields of data frame, data type is added to the dataType data fields of secret order data frame, secret order data frame number
According to length add secret order data frame length data fields, complete the encapsulation to secret order data, by Ethernet all the way send to
Security gateway;
After 6. security gateway receives packet, by the data frame in multichannel communication multiple telecommunication protocol analysis packet, extract data
Length length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type,
If communications data frame, then the data data fields for receiving data frame and headNum data fields are calculated using MD5 algorithms
MD5 digital finger-prints compare with receiving MD5 digital finger-prints, so as to checking data integrity;If data are tampered or lost,
The reissue commands comprising communications data frame type and the data frame number are sent to PC control terminal;If verification is complete,
Then using data Field Number headNum as number field, and built as index, data field data as content field
Table;If secret order data, then calculated using MD5 algorithms randomType1, randomType2 for receiving data frame and
The MD5 digital finger-prints of seedValue and dataNum data fields compare with the MD5 digital finger-prints received, and verification data is complete
Property;If data are tampered or lost, the reissue commands for including secret order data frame type are sent to PC control terminal, its
The headNum data fields of middle reissue commands data frame are by 0 filling;If verification is complete, made by self-defined secret order algorithm Secret
With pseudo random number algorithm randomType1, randomType2 and random number seed received in secret order data frame
SeedValue, random sequence is generated using the nested pseudo random number algorithm of formula (1.5), before in random number sequence
DataNum element carries out traversal and tabled look-up, and often traverses an element, whether there is the element in look-up table, if it is present
Data data fields corresponding to the element are retrieved, the data field retrieved is joined the team to recombination data team in tail of the queue by traversal order
In row;If it does not exist, then the admission control of the random number reference numeral, sends to PC control terminal and includes the data
The reissue commands of frame number, until security gateway receives the data frame containing the numbering, by the data data fields of the data frame
Joined the team in tail of the queue to recombination data queue;It is finally completed the restructuring to Transmission Control Protocol data;
7. obtained Transmission Control Protocol data protocol is converted into CAN data, sent by eight tunnel CANs to in-car
Controller and in-car detection device, and wait reply data;
8. security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message number
Transmission Control Protocol data are converted to according to by CAN protocol, by security gateway use with step 2,3,4 identical methods to Transmission Control Protocol number
According to MD5 digital finger-prints are added after being split, being numbered, the protocol encapsulation of data block is completed;Q/ is randomly selected using step 4 method
2 data frames are one group, form two groups of packets, pass through two-way Ethernet transmitted in parallel to PC control terminal;
9. being verified by the use of PC control terminal with step 6 same way to data, organizing bag, obtain complete
Transmission Control Protocol data;Eight tunnel CANs and car are connected by two-way Ethernet so as to complete once complete PC control terminal
Internal controller and the process of in-car detection device secure communication.
Test case
The eight tunnel CANs and the security gateway and method of two-way ethernet communication provided embodiment 1 carry out following
Experiment:
1. eight tunnel CANs and car are connected by two-way Ethernet to PC control terminal by the methods described of embodiment 1
Internal controller and in-car detection device are communicated, and it is 250K to set CAN communication baud rate, per second in theory to receive 2500
Frame CAN extends frame data, and CAN data framing protocols are converted into Transmission Control Protocol data, at most available 20000 byte significant figures
According to, the data of every 2000 byte be split as into 100 data blocks be packaged into after data frame to be divided into two groups of packets, by two-way with
Too net is transferred to PC control terminal;
2. during data are transmitted to PC control terminal by two-way Ethernet, if existed using packet capturing technology
Ethernet data link layer data intercept bag all the way, then the data being truncated in packet are imperfect, are reassembled as effectively complete
The probability of data is 0;If using packet capturing technology in two-way ethernet link layer data intercept bag, it is difficult to considerably increase monitoring
Degree;If intercepting and capturing two groups of packets in two-way ethernet link, because data pass through multichannel communication multiple telecommunication protocol encapsulation in packet,
The data data fields position in data intercept bag can not be learnt;Even if obtain 100 data data in all data intercept bags
Domain, then all 100 data data fields of combination are probably 100!=9.33262154439400e+157 kinds, use China
No. two supercomputers of the Milky Way that the National University of Defense technology develops, with the flop operating speed of 33.86 petaflops per second by force
Crack method and calculate 100!Kind may be, it is necessary to (9.33262154439400e+157)/(3.3860e+018)=2.75623e+139
Second=8.73997e+131, as a consequence it is hardly possible to which completion cracks.
The safety net of multichannel CAN used in the present invention and multichannel ethernet communication is able to demonstrate that by above-mentioned experiment
Pass can effectively prevent communication data is stolen caused by information leakage and to be distorted to communication data, and then invade
Communication system does illegal manipulation, greatly ensure that the security and anti-destructive of communication.
Conclusion:
The security gateway and its communication means based on multichannel CAN and ethernet communication that the present invention uses, even if number
Intercepted and captured according in ethernet link layer by packet capturing technology, and imperfect, irregular and not reconstitutable invalid fragment type data.
Meanwhile invader can not send meaningful data in communication system, communication system is effectively avoided by illegal invasion.And
Communication both-end can but use the method that the present invention uses to complete to recombinate to data, obtain complete effective data, it is ensured that logical
The security and anti-destructive of letter system.
Claims (2)
1. a kind of communication means of the security gateway of CAN and ethernet communication based on multichannel, comprises the following steps:
1) when PC control terminal connects CAN by Ethernet and communicated with in-car controller and in-car detection device,
Using the static password that both sides arrange by the authentication of security gateway, PC control terminal obtain with in-car controller with
The communication authority of in-car detection device;
2) after PC control terminal obtains communication authority, nested pseudo random number algorithm that gateway safe to use defines, generation one
Individual fixed random number sequence, when pseudo random number algorithm nested order and random number seed determine, the random number sequence that generates every time
Element value determines in row;
Nested pseudo random number algorithm is as follows:
<mrow>
<mi>f</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>X</mi>
<mi>n</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>=</mo>
<mfrac>
<msub>
<mi>x</mi>
<mi>n</mi>
</msub>
<mi>m</mi>
</mfrac>
<mo>-</mo>
<mo>-</mo>
<mo>-</mo>
<mrow>
<mo>(</mo>
<mn>1.2</mn>
<mo>)</mo>
</mrow>
</mrow>
Wherein:
R represents nested random number;
Represent a kind of PRNG;
θ represents another PRNG;
T is expressed as present system time;
G represents a kind of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C mapping, i.e. A → B, A
→C;
F represents the random number functions being distributed on output [0,1] section;
N represents natural number;
XnRepresent random number seed;
M is expressed as modulus;
Expression rounds symbol downwards;
A random real number being evenly distributed between [0,1] is produced first by above-mentioned linear congruential method (1.2), mapping is chosen
Any two kinds of pseudo random number algorithms included in nested pseudo random number algorithm, mapping method are as follows:
Function g in formula (1.1) is the one of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C
Kind mapping, i.e. A → B, A → C;The random real number of [0,1] is evenly distributed on caused by formula (1.2)In set B, ifThenα represents linear congruential method;IfThenβ represents shift register sequence
Row;Thenγ represents super prime number method;In set C, ifThenIfThenIfThen
By above-mentioned mapping method, a kind of PRNG will be obtained by formula (1.1)Using system time T as with
Random real number r of the several sub- formation ranges of machine between [1,100]1As radix, obtained another PRNG
θ, using random real number rs of the two times of 2T of system time as random number seed formation range between [1,100]2As skew
Amount, by r1With r2Rounded under being added backward, obtain a nested random integers r;Often generate a random number r, all therewith previous existence into
Each random number compare, except first random number of generation, if therewith previous existence into random number it is equal, give up,
Otherwise generating random number sequence is inserted;Finally give the unduplicated nested random number sequence of an element numerical value;
3) Transmission Control Protocol data to be sent are split, the data block length bytes range defined in multichannel communication multiple telecommunication agreement is in [10,20]
Between;First element r in the random sequence of step 2) generation is taken out, by the self-defined DataLen functions of the present invention, the letter
Number is defined as:
Obtained numerical value ω (r) ∈ [10,20], using the numerical value as the length for splitting data block, from the first of Transmission Control Protocol data
Byte starts, and takes out length and obtains data block as fractionation for the data of ω (r) bytes, the data block that fractionation is obtained is filled into
The data data fields of middle communications data frame, this communications data frame are first communications data frame;Using in taking-up random sequence
First element r obtains the numbering of data block as fractionation, and the numbering is filled in the headNum numbers of first communications data frame
According to domain;By that analogy, second is taken out in random sequence, the 3rd ... communication data is split as by element using aforesaid way
Data block is simultaneously numbered, until the ω (r ') that the random number r ' of taking-up obtains by DataLen functions is more than or equal to remaining TCP
Protocol data block length, then Transmission Control Protocol data can not be split again, now remaining Transmission Control Protocol data block is filled into most
The data data fields of latter frame data, last frame data are filled into using the random number r ' of taking-up as the numbering of the data block
HeadNum data fields, complete the fractionation to Transmission Control Protocol data and numbering;Counter is used during splitting Transmission Control Protocol data
Record splits obtained data block number Q;
4) the data data fields in step 3) communications data frame and headNum data fields are input to MD5 algorithms generation MD5 numerals
Fingerprint, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Wherein MD5 algorithms are a kind of
Hash algorithm;MD5 algorithms are defined as:
With 512 to be grouped to handle the data of input, and each packet is divided into 16 32 seats packets again, by a system
After the processing of row, the output of MD5 algorithms is formed by four 32, one 128 will be generated after this four 32 packet concatenations
The hashed value of position, the value is digital finger-print;
Data type and communication data frame length are finally separately added into the dataType data fields and length of communications data frame
Data field, full communication data frame is obtained, complete encapsulation;Most encapsulation finishes data frame and is sent into data queue to be sent at last;
5) the preceding Q element in the random sequence of step 2) generation is sequentially placed into the dynamic array that size is Q first, Q is
Split obtained data block number;Then random integers of the scope in [0, Q-1] are produced using linear congruential method, searches and be somebody's turn to do
Random number identical array index value, the data frame corresponding to the signified array element of the array index value found is sent into and treated
Send data splitter;Q/N is randomly selected for the first time, and N is that the several data frame composition data bags of Ethernet interface are sent into first
Data splitter to be sent, the packet in first queue are transmitted by first via Ethernet;By that analogy, n times are performed repeatedly,
N groups packet is chosen altogether and is sent into N number of data splitter to be sent, is transmitted by N roads Ethernet in N number of data splitter to be sent
Packet;The random packet to all communications data frames is completed, and all groups are bound with Ethernet interface;Eventually through N roads
Ethernet is simultaneously and the packet be about in N number of data splitter to be sent is sent to Correspondent Node;
6) by used in step 3) two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed
SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame,
RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order number
According to the md5Check data fields of frame, by the dataType data fields of data type addition secret order data frame, secret order data frame data
Length adds the length data fields of secret order data frame, completes the encapsulation to secret order data;Sent by Ethernet all the way to peace
Full gateway;
7) after security gateway receives packet, by the data frame in multichannel communication multiple telecommunication protocol analysis packet, data length is extracted
Length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type, if
For communications data frame, then the data data fields of data frame and the MD5 numbers of headNum data fields are received using the calculating of MD5 algorithms
Word fingerprint compares with receiving MD5 digital finger-prints, so as to checking data integrity;If data are tampered or lost, upwards
Position machine control terminal sends the reissue commands data frame comprising communications data frame type and the data frame number;If verify
It is whole, then using data Field Number headNum as number field, and built as index, data field data as content field
Table;If secret order data, then calculated using MD5 algorithms randomType1, randomType2 for receiving data frame and
The MD5 digital finger-prints of seedValue and dataNum data fields compare with the MD5 digital finger-prints received, and verification data is complete
Property;If data are tampered or lost, the reissue commands number for including secret order data frame type is sent to PC control terminal
According to frame, now headNum data fields are by 0 filling;If verification is complete, using self-defined secret order algorithm Secret, the algorithm is determined
Justice:
Parse secret order data frame, obtain receive pseudo random number algorithm randomType1 in secret order data frame,
RandomType2 and random number seed seedValue and fractionation data block number dataNum, use the nesting of formula (1.1) pseudo-
Random number algorithm generates random sequence, carries out traversal to the preceding dataNum element in random number sequence and tables look-up, often traverses one
Individual element, it whether there is the element in look-up table, if it is present data data fields corresponding to the element are retrieved, it is suitable by traveling through
The data data fields that ordered pair retrieves are joined the team into recombination data queue in tail of the queue;Compiled if it does not exist, then the random number is corresponding
Number dropout of data block, to PC control terminal send comprising the data block numbering reissue commands, until security gateway connects
The data frame containing the numbering is received, the data data fields of the data frame are joined the team to recombination data queue in tail of the queue;It is final complete
The restructuring of paired Transmission Control Protocol data;
8) the Transmission Control Protocol data protocol of restructuring is converted into CAN data, is sent to in-car and controlled by multichannel CAN
Device and in-car detection device, and wait reply CAN message;
9) security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message by CAN
Protocol conversion is Transmission Control Protocol data, by security gateway use with step 2), 3), 4) identical method to Transmission Control Protocol data carry out
Split, MD5 digital finger-prints are added after numbering, complete the protocol encapsulation of data block;Q/N number is randomly selected using step 5) method
It is one group according to frame, forms N group packets, pass through N roads Ethernet transmitted in parallel to PC control terminal;
10) data verified with step 7) same way by the use of PC control terminal, organize bag, obtain complete TCP
Protocol data;Multichannel CAN and in-car are connected by multichannel Ethernet so as to complete once complete PC control terminal
Controller and the process of in-car detection device secure communication.
2. a kind of equipment of the method for the security gateway of CAN and ethernet communication based on multichannel, including:ARM is core
The embedded platform of processor;CAN module and ethernet module;
Described ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
Described CAN module includes CAN controller and CAN transceiver;
Described ethernet module includes ethernet transceiver;
Wherein, security gateway is equipped with (SuSE) Linux OS based on the embedded platform using ARM as core processor, the platform;
The CAN passages of ARM core processors are connected with multichannel CAN controller and transceiver, and the other end access CAN of CAN transceiver is total
Line is connected with in-car controller with in-car detection device, for receiving and dispatching CAN message;The Ethernet interface of ARM core processors with
Multichannel ethernet transceiver is connected, the other end connection PC control terminal of Ethernet, for receiving and dispatching ethernet communication protocol
Data;The embedded platform includes multichannel CAN module, multichannel ethernet module after above-mentioned extension;Specific CAN
Number of links depends on quantity and the demand to communication efficiency of in-car controller and in-car detection device, ethernet link number
Amount depends on specific safe class, and number of links more multi-security level(MSL) is higher;
The security gateway based on multichannel CAN and ethernet communication provided, due to the use of ARM being the embedding of core processor
Enter formula platform, and transplanted CAN under Linux and driven;Used when ethernet module communicates with PC control terminal
Socket API, SocketCan API are used when CAN module communicates with in-car control and detection device;Use multichannel
When CAN and ethernet link communicate, can utilize network service API detections link whether idle or failure, if chain
Road failure or he it is busy then select idle link, and notify PC control terminal-pair faulty link back up and repair.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710789108.7A CN107426075B (en) | 2017-09-05 | 2017-09-05 | The communication means of security gateway based on multichannel CAN bus and ethernet communication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710789108.7A CN107426075B (en) | 2017-09-05 | 2017-09-05 | The communication means of security gateway based on multichannel CAN bus and ethernet communication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107426075A true CN107426075A (en) | 2017-12-01 |
CN107426075B CN107426075B (en) | 2018-05-08 |
Family
ID=60434590
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710789108.7A Active CN107426075B (en) | 2017-09-05 | 2017-09-05 | The communication means of security gateway based on multichannel CAN bus and ethernet communication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107426075B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108712315A (en) * | 2018-05-25 | 2018-10-26 | 北京长城华冠汽车科技股份有限公司 | A kind of methods, devices and systems of control new-energy automobile vehicle body load |
TWI664849B (en) * | 2017-12-19 | 2019-07-01 | 財團法人工業技術研究院 | Method, computer program product and processing system for generating secure alternative representation |
CN110086566A (en) * | 2019-03-18 | 2019-08-02 | 深圳市元征科技股份有限公司 | A kind of transmission method and mobile unit of vehicle-mounted data |
CN111327575A (en) * | 2018-12-14 | 2020-06-23 | 中车唐山机车车辆有限公司 | Communication method and device based on Ethernet in train |
CN111782506A (en) * | 2020-05-27 | 2020-10-16 | 中汽研汽车检验中心(天津)有限公司 | Automobile gateway information safety testing device |
CN112187936A (en) * | 2020-09-29 | 2021-01-05 | 北京车和家信息技术有限公司 | Vehicle data processing method, device, equipment, storage medium and vehicle |
US10909261B2 (en) | 2018-12-12 | 2021-02-02 | Industrial Technology Research Institute | Method and computer program product for generating secure alternative representation for numerical datum |
CN112491648A (en) * | 2020-11-17 | 2021-03-12 | 重庆美沣秦安汽车驱动系统有限公司 | Automobile communication data conversion method based on CAN communication matrix and storage medium |
CN112602293A (en) * | 2018-09-03 | 2021-04-02 | 株式会社自动网络技术研究所 | Communication device, transmission method, and computer program |
CN113411268A (en) * | 2021-05-24 | 2021-09-17 | 深圳市元征未来汽车技术有限公司 | Data transmission method, data transmission device and electronic equipment |
CN113924753A (en) * | 2019-07-09 | 2022-01-11 | 住友电气工业株式会社 | Vehicle-mounted communication system, vehicle-mounted device, and vehicle communication method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1417980A (en) * | 2002-11-07 | 2003-05-14 | 吕京建 | Intelligent gateway device for vehicle controller LAN |
CN1671097A (en) * | 2004-03-17 | 2005-09-21 | 华为技术有限公司 | A method and system for end-to-end wireless encryption communication |
US20060238321A1 (en) * | 2005-04-22 | 2006-10-26 | Hon Hai Precision Industry Co., Ltd. | Networked vehicle system and vehicle having the same |
CN1960347A (en) * | 2006-11-06 | 2007-05-09 | 吉林大学 | Wireless car borne gateway system |
CN2932844Y (en) * | 2006-07-18 | 2007-08-08 | 吉林大学 | Vehicle body controller that supports multiple bus connection |
CN101155357A (en) * | 2006-09-29 | 2008-04-02 | 英华达(上海)电子有限公司 | Device and method for recording and saving voice call on mobile phone |
-
2017
- 2017-09-05 CN CN201710789108.7A patent/CN107426075B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1417980A (en) * | 2002-11-07 | 2003-05-14 | 吕京建 | Intelligent gateway device for vehicle controller LAN |
CN1671097A (en) * | 2004-03-17 | 2005-09-21 | 华为技术有限公司 | A method and system for end-to-end wireless encryption communication |
US20060238321A1 (en) * | 2005-04-22 | 2006-10-26 | Hon Hai Precision Industry Co., Ltd. | Networked vehicle system and vehicle having the same |
CN2932844Y (en) * | 2006-07-18 | 2007-08-08 | 吉林大学 | Vehicle body controller that supports multiple bus connection |
CN101155357A (en) * | 2006-09-29 | 2008-04-02 | 英华达(上海)电子有限公司 | Device and method for recording and saving voice call on mobile phone |
CN1960347A (en) * | 2006-11-06 | 2007-05-09 | 吉林大学 | Wireless car borne gateway system |
Non-Patent Citations (2)
Title |
---|
李滨等: "基于CAN总线和互联网的被动无钥匙进入系统", 《计算机工程与设计》 * |
移胜亮等: "基于3G网络和CAN总线的汽车远程控制系统设计", 《计算机测量与控制》 * |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI664849B (en) * | 2017-12-19 | 2019-07-01 | 財團法人工業技術研究院 | Method, computer program product and processing system for generating secure alternative representation |
US10831911B2 (en) | 2017-12-19 | 2020-11-10 | Industrial Technology Research Institute | Method, computer program product and processing system for generating secure alternative representation |
CN108712315A (en) * | 2018-05-25 | 2018-10-26 | 北京长城华冠汽车科技股份有限公司 | A kind of methods, devices and systems of control new-energy automobile vehicle body load |
CN112602293B (en) * | 2018-09-03 | 2022-06-17 | 株式会社自动网络技术研究所 | Communication apparatus, transmission method, and storage medium |
CN112602293A (en) * | 2018-09-03 | 2021-04-02 | 株式会社自动网络技术研究所 | Communication device, transmission method, and computer program |
US10909261B2 (en) | 2018-12-12 | 2021-02-02 | Industrial Technology Research Institute | Method and computer program product for generating secure alternative representation for numerical datum |
CN111327575A (en) * | 2018-12-14 | 2020-06-23 | 中车唐山机车车辆有限公司 | Communication method and device based on Ethernet in train |
CN110086566A (en) * | 2019-03-18 | 2019-08-02 | 深圳市元征科技股份有限公司 | A kind of transmission method and mobile unit of vehicle-mounted data |
CN110086566B (en) * | 2019-03-18 | 2022-09-06 | 深圳市元征科技股份有限公司 | Vehicle-mounted data transmission method and vehicle-mounted equipment |
CN113924753A (en) * | 2019-07-09 | 2022-01-11 | 住友电气工业株式会社 | Vehicle-mounted communication system, vehicle-mounted device, and vehicle communication method |
CN111782506A (en) * | 2020-05-27 | 2020-10-16 | 中汽研汽车检验中心(天津)有限公司 | Automobile gateway information safety testing device |
CN112187936A (en) * | 2020-09-29 | 2021-01-05 | 北京车和家信息技术有限公司 | Vehicle data processing method, device, equipment, storage medium and vehicle |
CN112187936B (en) * | 2020-09-29 | 2024-03-29 | 北京车和家信息技术有限公司 | Vehicle data processing method, device, equipment, storage medium and vehicle |
CN112491648A (en) * | 2020-11-17 | 2021-03-12 | 重庆美沣秦安汽车驱动系统有限公司 | Automobile communication data conversion method based on CAN communication matrix and storage medium |
CN113411268A (en) * | 2021-05-24 | 2021-09-17 | 深圳市元征未来汽车技术有限公司 | Data transmission method, data transmission device and electronic equipment |
CN113411268B (en) * | 2021-05-24 | 2022-08-12 | 深圳市元征未来汽车技术有限公司 | Data transmission method, data transmission device and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN107426075B (en) | 2018-05-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107426075B (en) | The communication means of security gateway based on multichannel CAN bus and ethernet communication | |
US11722293B2 (en) | Selective real-time cryptography in a vehicle communication network | |
Cho et al. | Deep packet filter with dedicated logic and read only memories | |
CN101834840B (en) | There is efficient key derivation system, the method and apparatus for end-to-end network security of business visuality | |
CN101542961B (en) | Encrypting data in a communication network | |
CN105162626B (en) | Network flow depth recognition system and recognition methods based on many-core processor | |
CN103929428B (en) | A kind of method for realizing vehicle electronics information system communication safety | |
Ji et al. | A novel covert channel based on length of messages | |
CN102523219B (en) | Regular expression matching system and regular expression matching method | |
CN110069946B (en) | Safe indexing system based on SGX | |
CN107911354B (en) | Composite parallel data encryption method | |
CN101383703A (en) | Dynamic ciphering system and method based on broad sense information field | |
CN102970228B (en) | A kind of message transmitting method based on IPsec and equipment | |
Groza et al. | Highly efficient authentication for CAN by identifier reallocation with ordered CMACs | |
CN110381075A (en) | Equipment identities authentication method and device based on block chain | |
CN107172028A (en) | A kind of fieldbus data sharing method and device | |
Nowakowski et al. | Detecting Network Covert Channels using Machine Learning, Data Mining and Hierarchical Organisation of Frequent Sets. | |
CN105721161B (en) | A kind of H based on bus2- MAC message authentication IP kernel hardware devices | |
CN109981485A (en) | V2ray method for recognizing flux based on shot and long term memory network | |
Jolfaei et al. | A lightweight integrity protection scheme for fast communications in smart grid | |
Huang et al. | A novel identity authentication for FPGA based IP designs | |
CN114124416A (en) | System and method for quickly exchanging data between networks | |
KR20180081332A (en) | Security System and Method of Embeded software in Vehicle electric device | |
CN102662483A (en) | A method for cloud computing business intelligent terminal users to safely input information | |
Rasheed et al. | Using Authenticated Encryption for Securing Controller Area Networks in Autonomous Mobile Platforms |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |