CN107426075A - Security gateway and communication means based on multichannel CAN and ethernet communication - Google Patents

Security gateway and communication means based on multichannel CAN and ethernet communication Download PDF

Info

Publication number
CN107426075A
CN107426075A CN201710789108.7A CN201710789108A CN107426075A CN 107426075 A CN107426075 A CN 107426075A CN 201710789108 A CN201710789108 A CN 201710789108A CN 107426075 A CN107426075 A CN 107426075A
Authority
CN
China
Prior art keywords
data
random number
ethernet
data frame
frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710789108.7A
Other languages
Chinese (zh)
Other versions
CN107426075B (en
Inventor
崔杰
秦贵和
邹密
孙迪
赫工博
付强
吴玲云
徐洋
刘敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jilin University
Original Assignee
Jilin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jilin University filed Critical Jilin University
Priority to CN201710789108.7A priority Critical patent/CN107426075B/en
Publication of CN107426075A publication Critical patent/CN107426075A/en
Application granted granted Critical
Publication of CN107426075B publication Critical patent/CN107426075B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/0001Systems modifying transmission characteristics according to link quality, e.g. power backoff
    • H04L1/0006Systems modifying transmission characteristics according to link quality, e.g. power backoff by adapting the transmission format
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Abstract

The present invention provides a kind of security gateway and communication means based on multichannel CAN and ethernet communication, using backbone network of the multichannel Ethernet as information transfer, the security gateway and its communication means that connection multichannel CAN directly communicates with in-car controller and in-car detection device, it is possible to achieve safe and efficient real-time data communication.Because the security gateway uses multichannel CAN and ethernet link, call duration time is greatly reduced, improves communication efficiency.

Description

Security gateway and communication means based on multichannel CAN and ethernet communication
Technical field
The present invention provides a kind of security gateway and communication means based on multichannel CAN and multichannel ethernet communication, uses In the controller and in-car detection device progress safety of realizing that PC control terminal is connected by Ethernet with in-car CAN Communication, belongs to technical field of communication safety and comprising.
Background technology
Controller local area network (Controller Area Network, CAN) is used as a kind of field bus technique, due to The features such as its reliability is high, stability is good, strong antijamming capability, communication speed are high low with maintenance cost, is widely used in work Industry control field.In view of CAN is also extensively used to realize automobile in the design of its good performance and uniqueness, automotive field Data communication between internal controller, actuator and each detection device.
Ethernet is the basic networking technology of internet, and ICP/IP protocol is the most basic protocol family in internet, with ten thousand The popularization of thing interconnection concept and the development of Internet of Things, Ethernet is as a kind of amount of communication data is big, real-time is high and highly reliable Technology, be widely used in the field of each network service.
With the development of car networking technology and automatic Pilot technology, new requirement is proposed to automobile network communication technology. In-vehicle networking also by dynamical system, gradually develops into the multiple systems such as Infotainment, automobile assistant driving and security system.Together When, In-vehicle networking and the equipment being attached thereto are required for being diagnosed and being safeguarded by external interface, and this is needed based on shared The high bandwidth network communication technology support.Because Ethernet has the characteristics that technology maturation, high bandwidth and high performance-price ratio, it is in vapour Utilization rate in car is constantly soaring.The thing followed is the safety problem of network communication protocol and gateway, and hacker can be with pin A series of attacks are initiated to agreement and gateway, and are possible to spread to such attack ECU (the automatically controlled lists of automotive interior Member).Criminal can be by intercepting and capturing the encryption data in car networking communication, acquisition vehicle running state data after decryption, Automotive interior ECU can be intruded into, sends illegal instruction, remote control automobile.For example, tesla's automobile has been produced Lou again and again Hole, hacker can be unlocked, opened a window, opening boot, or even in case of the low-speed travel state being put out automobile with remote control automobile Fire.U.S. DARPA research centers cause hacker can be with it has also been found that AM General company Anji star OnStart systems have leak It is utilized to remote control automobile.Therefore in car networking and automatic Pilot field, how the in-car various data of gateway realization are passed through Between rapid translating and secure communication, both at home and abroad existing numerous scholars this problem is had made intensive studies.
In the protocol conversion and the communication technology of CAN and ethernet gateway, the technical method mainly used has:It is in-car Multichannel CAN and in-car single channel Ethernet protocol gateway, mainly use in-car single channel twisted-pair feeder as ethernet communication bus with In-car CAN transceiver modules communication;The protocol gateway of the outer single channel Ethernet of in-car multichannel CAN and car, is mainly used in vehicle failure and examines It is disconnected and write with a brush dipped in Chinese ink in-car electronic control unit;The outer multichannel Ethernet protocol gateway of in-car multichannel CAN and car, mainly data are carried out double The double main redundant transmissions of net, to ensure the stability of data transfer and reliability;Above-mentioned communication gate is applied to CAN and Ethernet Communication, to reach the purpose of protocol conversion.
In CAN and the safe practice of ethernet gateway, the technical method mainly used has:Data encryption technology, Firewall technology and network authentication techniques etc..But simply AES degree of safety is low, is easily broken, complicated encryption is calculated Method complexity is high, computationally intensive, is mismatched with the computing capability of vehicle-mounted embedded type chip, is also unsuitable for the real-time encrypted of data Transmission.Face frequently various attack pattern, the complexity of key generation and be difficult to manage, and listener-in in link layer or The various packet capturing technologies that other nodes use, existing safe practice can not be applied to car networking well and communicate, it is impossible to completely Realize the purpose of secure communication.
The content of the invention
The present invention provides a kind of security gateway and communication means based on multichannel CAN and multichannel ethernet communication, uses In realizing that controller that PC control terminal is connected by Ethernet with in-car CAN and in-car detection device are led to Letter.
In the protocol conversion stage, security gateway is by in-car CAN by the CAN message received by CAN protocol data Be converted to Transmission Control Protocol data.
In the encapsulated phase of multichannel communication multiple telecommunication protocol data frame, given birth to first by the nested pseudo random number algorithm that the present invention defines The random number sequence fixed into one, when pseudo random number algorithm nested order and random number seed determine, generate every time with Element value determines in machine Number Sequence.
Then according to the genesis sequence of element in random number sequence, first first element in random number sequence is input to The customized DataLen functions of the present invention, the length using the natural number N that DataLen functions export as data block after splitting, from First byte of Transmission Control Protocol data starts, and takes out the data that length is N byte and is used as data block after fractionation, is filled into accompanying drawing 3 The data data fields of communications data frame;Using first element in random number sequence as the numbering for splitting data block, it is filled into The headNum data fields of communications data frame in accompanying drawing 3;By the data data fields and headNum data of communications data frame in accompanying drawing 3 Domain is input to MD5 algorithms generation MD5 digital finger-prints, and the MD5 digital finger-prints of generation are filled into communications data frame in accompanying drawing 3 Md5Check data fields.So far encapsulation of the multichannel communication multiple telecommunication agreement of the invention defined to first data frame is completed.
According to the genesis sequence of element in random number sequence, second element in random number sequence is then input to this Customized DataLen functions are invented, the length using the natural number J that DataLen functions export as data block after splitting, from The N+1 bytes of Transmission Control Protocol data start, and take out the data that length is J bytes and are used as data block after fractionation, are filled into accompanying drawing 3 The data data fields of middle communications data frame;Using second element in random number sequence as the numbering for splitting data block, filling The headNum data fields of communications data frame into accompanying drawing 3;By the data data fields and headNum numbers of communications data frame in accompanying drawing 3 MD5 algorithms generation MD5 digital finger-prints are input to according to domain, the MD5 digital finger-prints of generation are filled into communications data frame in accompanying drawing 3 Md5Check data fields.So far encapsulation of the multichannel communication multiple telecommunication agreement of the invention defined to second data frame is completed.
By that analogy, until the k-th element in random number sequence is input into the customized DataLen letters of the present invention Number, DataLen functions output natural number M be more than or equal to it is remaining do not split Transmission Control Protocol data block byte number when, will be remaining The Transmission Control Protocol data not split are filled into the data data fields of communications data frame;Using k-th element as remaining Transmission Control Protocol number The headNum data fields of communications data frame are filled into according to the numbering of block;Then by the data data fields of communications data frame and HeadNum data fields are input to MD5 algorithms generation MD5 digital finger-prints, and the MD5 digital finger-prints of generation are filled into communications data frame Md5Check data fields;So far, the fractionation to Transmission Control Protocol data is completed, and fractionation is obtained into data block and is packaged into data Frame.
In information transmission phase, first, calculate communications data frame number N in every group, N=split data block number/with Too network interface number;Randomly select N number of data frame as one group of packet using linear congruential method, by this group of packet and one with Too network interface is bound, and by that analogy, until all communications data frames have been grouped, all groups are bound with Ethernet interface;So Parallel transmission communication data packet is to PC control terminal simultaneously for multichannel Ethernet afterwards, until all communication data packets have been sent Finish.
The stage is received in information, each data frame received first by PC control end-on uses MD5 fingerprints school Data integrity is tested, is then obtained splitting data block, solution according to the data data fields of multichannel communication multiple telecommunication protocol analysis communications data frame The headNum data fields of analysis communications data frame obtain splitting the numbering of data block;Obtained according to self-defined secret order algorithm Secret Pseudo random number algorithm nested with security gateway identical, use pseudo random number algorithm nested with security gateway identical, generation one Individual random number sequence;First element in sequence is taken out first, finds the value of communications data frame headNum data fields and the One element identical communications data frame, the data data fields for taking out the communications data frame are joined the team into recombination data queue;So Second element in sequence is taken out afterwards, and the value and second element identical for finding communications data frame headNum data fields are led to Letter data frame, the data data fields for taking out the communications data frame are joined the team into recombination data queue in tail of the queue;By that analogy, until All data data fields received are joined the team into recombination data queue, are combined as complete Transmission Control Protocol data;So as to complete safety Efficient communication process, the secure communication applied to remote control terminal and in-car controller and in-car detection device.
The present invention provides a kind of security gateway based on multichannel CAN and multichannel ethernet communication, its PC control Terminal and the communication means step of in-car controller and in-car detection device are as follows:
1) CAN is connected by Ethernet in PC control terminal to communicate with in-car controller and in-car detection device When, the authentication using the static password that both sides arrange by security gateway, PC control terminal obtains to be controlled with in-car The communication authority of device and in-car detection device;
2) after PC control terminal obtains communication authority, nested pseudo random number algorithm that gateway safe to use defines is raw Into a fixed random number sequence, when pseudo random number algorithm nested order and random number seed determine, what is generated every time is random Element value determines in Number Sequence;Three kinds of Pseudo-Random Numbers are included in the nested pseudo random number algorithm:Linear congruential method, shifting Bit register serial method and super prime number method.
Three kinds of algorithm definition are introduced in turn below.
First random algorithm:Linear congruential method
Xn+1=(aXn+ c) mod m, n >=0 (1.1)
Wherein:
N is natural number;
Xn+1For random number;
During n=0, initial value X0Referred to as seed;
Constant a is referred to as multiplier;
Constant c is referred to as constant;
Constant m is referred to as modulus;
Mod is modulo operation;
In order to obtain the random number being distributed on [0,1] section, Ke Yiling
Wherein RnTo meet desired random number;
For (1.1) formula, as c=0, the algorithm is referred to as multiplicative congruential method;As c ≠ 0, the algorithm is referred to as mixing congruence Method;
Second random algorithm:Shift-register sequence method
Shift-register sequence method is the method for randomly generating 0,1 binary digit.It is transported based on primitive polynomial with mould 2 Calculate.If basis trinomial is xp+xqShift-register generator is corresponding to+1:
Xi=[Xi-p+Xi-(i-q)] mod 2, i=p, p+1 ... (1.3)
To the binary numeral X in registeriMake recursive operation, wherein:
P, q is given positive integer;
Xi(i=1,2 ..., p-1) is given constant;
Given initial value Xi(X-p, X-p+1 ..., X-1), 0 or 1 value forms binary system ordered series of numbers { a caused by formulan}.Cut Access row { anIn continuous L positions form a L bit;Then L positions are intercepted and form a binary number again, with such Push away;
3rd random algorithm:Super prime number method
If M is prime number, ZiGathering { 1,2 ..., M-1 }, if there is both about (molecule and denominator are relatively prime for proper fraction Proper fraction) Zi/ M is represented by pure circulating decimal (representation such as 0.a1a2...a1a1a2...a1), and repetend T=M-1, then Prime number M is referred to as super prime number;
Pure circulating decimal existence condition theorem in number theory, with reference to the definition of super prime number, gives generation pseudorandom The general super prime number method of sequence, its recurrence formula are:
Zi+1=(10*Zi) mod M, i=1,2,3 ... (1.4)
Wherein:
M is super prime number;
Z is nature manifold { Zi| 0 < Zi< M }, Zi∈Z;
I is expressed as natural number;
Mod is modulo operation;
The pseudo random number of this method generation is classified as an integer cyclic sequence, and the minimal circulation cycle is M-1, in each minimum Only occur once from 1 to each integer M-1 in cycle.
The nested pseudo random number algorithm of the present invention is defined as follows:
Wherein:
R represents nested random number;
Represent a kind of PRNG;
θ represents another PRNG;
T is expressed as present system time;
G represents a kind of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C mapping, i.e. A → B, A → C;
F represents the random number functions being distributed on output [0,1] section;
N represents natural number;
XnRepresent random number seed;
M is expressed as modulus;
Expression rounds symbol downwards;
A random real number being evenly distributed between [0,1], mapping are produced first by above-mentioned linear congruential method (1.6) Any two kinds of pseudo random number algorithms included in nested pseudo random number algorithm are chosen, mapping method is as follows:
Function g in formula (1.5) is that set A (set of random numbers) arrives B (pseudo random number algorithm set) and C (pseudorandoms Number algorithm sets) a kind of mapping, i.e. A → B, A → C;The random real number of [0,1] is evenly distributed on caused by formula (1.6)In set B, ifThen(α represents linear congruential method);IfThen (β represents shift-register sequence);Then(γ represents super prime number method);In set C, if ThenIfThenIfThen
By above-mentioned mapping method, a kind of PRNG will be obtained by formula (1.5)Use system time T As random real number r of the random number seed formation range between [1,100]1As radix, obtained another pseudo random number Maker θ, using random real number rs of the two times of 2T of system time as random number seed formation range between [1,100]2As Offset, by r1With r2Rounded under being added backward, obtain a nested random integers r;Often generate a random number r, all with before Generation each random number compare, except first random number of generation, if therewith previous existence into random number it is equal, give up Abandon, otherwise insert generating random number sequence;Finally give the unduplicated nested random number sequence of an element numerical value.
3) Transmission Control Protocol data to be sent are split, the data block length bytes range defined in multichannel communication multiple telecommunication agreement exists [10,20] between;First element r in the random sequence that step 2 generates is taken out, by the self-defined DataLen letters of the present invention Number, the function are defined as:
Obtained numerical value ω (r) ∈ [10,20], using the numerical value as the length for splitting data block, from Transmission Control Protocol data First byte starts, and takes out length and obtains data block as fractionation for the data of ω (r) bytes, the data block that fractionation is obtained is filled out The data data fields of communications data frame in accompanying drawing 3 are charged to, this communications data frame is first communications data frame;It is random using taking out First element r in sequence obtains the numbering of data block as splitting, and the numbering is filled in into first communications data frame HeadNum data fields;By that analogy, second is taken out in random sequence, the 3rd ... element will communicate using aforesaid way Data are split as data block and numbered, until ω (r ') that the random number r ' of taking-up is obtained by DataLen functions is more than or waits In remaining Transmission Control Protocol data block length, then Transmission Control Protocol data can not be split again, now by remaining Transmission Control Protocol data Block is filled into the data data fields of last frame data, is filled the random number r ' of taking-up as the numbering of the data block to the end The headNum data fields of one frame data, complete the fractionation to Transmission Control Protocol data and numbering;During splitting Transmission Control Protocol data The data block number Q for splitting to obtain using counter records;
4) the data data fields in step 3 communications data frame and headNum data fields are input to MD5 algorithms generation MD5 Digital finger-print, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Wherein MD5 (Message Digest 5) algorithm is a kind of hash algorithm;MD5 algorithms are defined as:
With 512 to be grouped to handle the data of input, and each packet is divided into 16 32 seats packets again, passes through After a series of processing, the output of MD5 algorithms is formed by four 32, one will be generated after this four 32 packet concatenations The hashed value of 128, the value are digital finger-print;
Data type (such as communications data frame) and communication data frame length finally are separately added into communications data frame DataType data fields and length data fields, full communication data frame is obtained, complete encapsulation;In its data structure such as accompanying drawing 3 Communication data frame structure;Most encapsulation finishes data frame and is sent into data queue to be sent at last;
5) the preceding Q in the random sequence for first generating step 2 (the data block number that fractionation obtains) individual element is put successively Enter in the dynamic array that size is Q;Then random integers of the scope in [0, Q-1] are produced using linear congruential method, search with The random number identical array index value is right the signified array element of the array index value found (i.e. data block is numbered) institute The data frame answered is sent into data splitter to be sent;Randomly select Q/N (N is Ethernet interface number) individual data frame group for the first time First data splitter to be sent is sent into packet, the packet in first queue is transmitted by first via Ethernet;With This analogizes, and performs n times repeatedly, chooses N groups packet altogether and is sent into N number of data splitter to be sent, is transmitted by N roads Ethernet N number of Packet in data splitter to be sent;Complete the random packet to all communications data frames, and all groups of equal and Ethernets Interface is bound;Eventually through N roads Ethernet simultaneously and the packet be about in N number of data splitter to be sent is sent to communication pair End;
6) by used in step 3 two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame, RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order The md5Check data fields of data frame, data type is added to the dataType data fields of secret order data frame, secret order data frame number The length data fields of secret order data frame are added according to length, complete the encapsulation to secret order data, its data structure such as 3 kinds of accompanying drawing is close Make data frame structure;Sent by Ethernet all the way to security gateway;
7) after security gateway receives packet, by the data frame in multichannel communication multiple telecommunication protocol analysis packet, data are extracted Length length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type, If communications data frame, then the data data fields for receiving data frame and headNum data fields are calculated using MD5 algorithms MD5 digital finger-prints compare with receiving MD5 digital finger-prints, so as to checking data integrity;If data are tampered or lost, The reissue commands data frame comprising communications data frame type and the data frame number, its data knot are sent to PC control terminal Reissue commands data frame structure in structure such as accompanying drawing 3;If verification is complete, using data Field Number headNum as number field, And carry out building table as content field as index, data field data;If secret order data, then calculated and connect using MD5 algorithms Receive data frame randomType1, randomType2 and seedValue and dataNum data fields MD5 digital finger-prints with The MD5 digital finger-prints received compare, checking data integrity;It is whole to PC control if data are tampered or lost End, which is sent, includes the reissue commands data frame of secret order data frame type, reissue commands data frame knot in its data structure such as accompanying drawing 3 Structure, now headNum data fields are by 0 filling;If verification is complete, self-defined secret order algorithm Secret, algorithm definition are used:
Parse secret order data frame, obtain receive pseudo random number algorithm randomType1 in secret order data frame, RandomType2 and random number seed seedValue and fractionation data block number dataNum, use the nesting of formula (1.5) pseudo- Random number algorithm generates random sequence, carries out traversal to the preceding dataNum element in random number sequence and tables look-up, often traverses one Individual element, it whether there is the element in look-up table, if it is present data data fields corresponding to the element are retrieved, it is suitable by traveling through The data data fields that ordered pair retrieves are joined the team into recombination data queue in tail of the queue;Compiled if it does not exist, then the random number is corresponding Number dropout of data block, to PC control terminal send comprising the data block numbering reissue commands, until security gateway connects The data frame containing the numbering is received, the data data fields of the data frame are joined the team to recombination data queue in tail of the queue;It is final complete The restructuring of paired Transmission Control Protocol data;
8) the Transmission Control Protocol data protocol of restructuring is converted into CAN data, sent by multichannel CAN to in-car Controller and in-car detection device, and wait reply CAN message;
9) security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message by CAN protocol is converted to Transmission Control Protocol data, and TCP protocol datas are entered by security gateway use and step 2,3,4 identical methods Row splits, MD5 digital finger-prints is added after numbering, completes the protocol encapsulation of data block;Q/N are randomly selected using step 5 method Data frame is one group, forms N group packets, passes through N roads Ethernet transmitted in parallel to PC control terminal;
10) data verified with step 7 same way by the use of PC control terminal, organize bag, obtained complete Transmission Control Protocol data;So as to complete once complete PC control terminal by multichannel Ethernet connect multichannel CAN buses with In-car controller and the process of in-car detection device secure communication;
In-car controller and in-car detection device and the communication of PC control terminal can be realized with above-mentioned steps.
The present invention provides a kind of equipment of the method for the security gateway of CAN and ethernet communication based on multichannel, bag Include:ARM is the embedded platform of core processor;CAN module and ethernet module;
Described ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
Described CAN module includes CAN controller and CAN transceiver;
Described ethernet module includes ethernet transceiver;
Wherein, for security gateway based on the embedded platform using ARM as core processor, the platform is equipped with Linux operations System;The CAN passages of ARM core processors are connected with multichannel CAN controller and transceiver, the other end access of CAN transceiver CAN is connected with in-car controller with in-car detection device, for receiving and dispatching CAN message;The Ethernet of ARM core processors connects Mouth is connected with multichannel ethernet transceiver, the other end connection PC control terminal of Ethernet, for receiving and dispatching ethernet communication Protocol data;The embedded platform includes multichannel CAN module, multichannel ethernet module after above-mentioned extension;Specific CAN Bus links quantity depends on quantity and the demand to communication efficiency of in-car controller and in-car detection device, ether network chain Way amount depends on specific safe class, and number of links more multi-security level(MSL) is higher;
The security gateway based on multichannel CAN and ethernet communication provided, due to the use of ARM being core processor Embedded platform, and transplanted under Linux CAN and driven;When ethernet module communicates with PC control terminal Using Socket API, Socket Can API are used when CAN module communicates with in-car control and detection device;Use When multichannel CAN and ethernet link communicate, can utilize network service API detections link whether idle or failure, if Have link failure or it is busy then select idle link, and notify PC control terminal-pair faulty link back up and repair.
The present invention uses backbone network of the multichannel Ethernet as information transfer, and connection multichannel CAN is directly controlled with in-car Device processed and the security gateway and its communication means of the communication of in-car detection device, it is possible to achieve safe and efficient real-time data communication. Because the security gateway uses multichannel CAN and ethernet link, call duration time is greatly reduced, improves communication effect Rate.
Security gateway one end connection CAN communicates with multiple in-car controllers and multiple in-car detection devices, the other end Connection Ethernet communicates with PC control terminal;The agreement that the present invention is realized between CAN data and TCP data turns Change, while data are split as the random data block of length by the nested pseudo random number algorithm defined using the present invention;By data block It is encapsulated into the random multichannel communication multiple telecommunication protocol communication data frame defined by the present invention of numbering;Last security gateway is according to Ethernet Number of ports, repeatedly randomly select N number of data frame and form multiple packets, each packet and an Ethernet interface are bound, more Transmitted in parallel packet to Correspondent Node, will receive packet by Correspondent Node and be defined by the present invention individual ethernet link simultaneously Multichannel communication multiple telecommunication protocol analysis, be reassembled as complete TCP data so that PC control terminal connects car by security gateway Internal controller and in-car detection device, realize based on multichannel CAN and the safety net of the conversion of multichannel Ethernet protocol and communication Close.
The positive effect of the present invention is:Using multichannel CAN and the security gateway of ethernet communication, car connection is realized Conversion in net between in-car CAN agreement and the communication protocol of Ethernet, while torn open data using pseudo random number algorithm After being divided into data block, data block is put into and numbers random data frame, then randomly selects N number of data frame as packet, system Multiple packets will be generated according to Ethernet interface number, each packet and an Ethernet interface are bound, multiple ether network chains Road sends packet simultaneously.Its random algorithm arithmetic speed is fast, while real-time is ensured, due to data frame number, data Frame group packet mode with communication institute using ethernet link numbering be all by the present invention define nested pseudo random number algorithm generation, Invader can not synthesize the data chunk in communication intentional partial data, can not be sent in communication system significant Data, communication system is efficiently avoid by illegal invasion, ensure that the security and anti-destructive of communication system.Use simultaneously Multiple ethernet link transmitting data in parallel, used multichannel CAN bus links connect multiple in-car control devices with it is in-car Detection device, it is ensured that PC control terminal and multiple in-car control devices, multiple in-car detection device parallel communications, show Improve communication efficiency with writing.
Brief description of the drawings
Fig. 1 is the structure chart of the present invention;
Fig. 2 is the system flow chart of the present invention;
Fig. 3 is the data structure diagram of the present invention;
In Fig. 3:DataType represents data type, such as communications data frame, secret order data frame, reissue commands data frame, position In the high 4 of each byte of data frame the 1st;Length represents data frame length, low 4 positioned at each byte of data frame the 1st; HeadNum represents data field coding, positioned at communications data frame and the byte of reissue commands data frame the 2nd;Data represents data field, Positioned at the byte of communications data frame the 19th to the 38th byte;RandomType1 represents the first pseudo random number algorithm, positioned at secret order number It is high 4 according to the byte of frame the 2nd;RandomType2 represents second of pseudo random number algorithm, positioned at the byte low 4 of secret order data frame the 2nd Position;SeedValue represents random number seed, positioned at the byte of secret order data frame the 3rd;DataNum represents fractionation data field number, Positioned at the byte of secret order data frame the 4th;Md5Check represents MD5 digital finger-prints, in communications data frame and reissue commands data frame Positioned at the 3rd byte to 18 bytes, the 5th byte to the 20th byte is located in secret order data frame.
Embodiment
With reference to Fig. 1 and Fig. 2 and Fig. 3, the present invention is described further by following examples.Not in any way The limitation present invention, on the premise of without departing substantially from the technical solution of the present invention, ordinary skill made for the present invention Any modifications or changes that personnel easily realize are fallen within scope of the presently claimed invention.
Embodiment 1
Reference picture 1, Fig. 2 and Fig. 3, embedded platform, the eight road CAN that device of the invention has ARM to be core processor are total Wire module and two-way ethernet module;
Described ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
Described CAN module includes CAN controller and CAN transceiver;
Described ethernet module includes ethernet transceiver;
Wherein, the CAN passages of ARM core processors are connected with eight tunnel CAN controllers and transceiver, CAN transceiver it is another One end is accessed CAN and is connected with in-car control and detection device, for receiving and dispatching CAN message;The Ethernet of ARM core processors Interface is connected with two-way ethernet transceiver, the other end connection PC control terminal of Ethernet, for receiving and dispatching ether netting index According to;
PC control terminal connects eight tunnel CAN links by two-way Ethernet and led to in-car control and detection device The process of letter is as follows:
1. connect CAN by Ethernet in PC control terminal to communicate with in-car controller and in-car detection device When, the authentication using the static password that both sides arrange by security gateway, PC control terminal obtains to be controlled with in-car The communication authority of device and in-car detection device;
2. PC control terminal is after communication authority is obtained, by the formula (1.5) in multichannel communication multiple telecommunication agreement and (1.6):
A random sequence is produced, the first random number r taken out in random sequence uses DataLen functions (1.7):
Using obtained numerical value ω (r) as the length for splitting data block, since the first byte of Transmission Control Protocol data, take Go out the data that length is ω (r) bytes and obtain data block as fractionation, the data block that fractionation is obtained is filled into accompanying drawing 3 and communicated The data data fields of data frame, this communications data frame are first communications data frame;Use first taken out in random sequence Element r obtains the numbering of data block as fractionation, and the numbering is filled in the headNum data fields of first communications data frame; By that analogy, second is taken out in random sequence, Transmission Control Protocol data are split as counting by the 3rd ... element using aforesaid way According to block and number, until the ω (r ') that the random number r ' of taking-up obtains by DataLen functions is more than or equal to remaining TCP associations Data block length is discussed, then Transmission Control Protocol data can not be split again, now by remaining Transmission Control Protocol data block filling to the end The data data fields of one frame data, last frame data are filled into using the random number r ' of taking-up as the numbering of the data block HeadNum data fields, complete the fractionation to Transmission Control Protocol data and numbering;Counter is used during splitting Transmission Control Protocol data Record splits obtained data block number Q;
3. the data data fields in step 2 communications data frame and headNum data fields are input to MD5 algorithms generation MD5 Digital finger-print, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Finally by data type (communications data frame) and communication data frame length are separately added into the dataType data fields and length data fields of communications data frame, Full communication data frame is obtained, completes encapsulation;Communication data frame structure in its data structure such as accompanying drawing 3;Most encapsulation finishes at last Data frame is sent into data queue to be sent;
4. preceding Q (the data block number that fractionation obtains) individual element in the random sequence that step 2 is generated is sequentially placed into greatly In the small dynamic array for Q;Random integers of the scope in [0, Q-1] are produced using linear congruential method, are searched and the random number Identical array index value, the data corresponding to the signified array element of the array index value found (i.e. data block is numbered) Frame is sent into data splitter to be sent;For the first time Q/2 (2 be Ethernet interface number) individual data frame composition data bag is randomly selected to send Enter first data splitter to be sent, the packet in first queue is transmitted by first via Ethernet;Second of random choosing Q/2 data frame composition data bag is taken to be sent into second data splitter to be sent, the packet in second queue is by second Road Ethernet transmission;All communications data frames are randomly divided into two groups, and two groups of packets are bound with two-way Ethernet interface; By two-way Ethernet by the packet transmitted in parallel in two data splitters to be sent to Correspondent Node;
5. by used in step 2 two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame, RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order The md5Check data fields of data frame, data type is added to the dataType data fields of secret order data frame, secret order data frame number According to length add secret order data frame length data fields, complete the encapsulation to secret order data, by Ethernet all the way send to Security gateway;
After 6. security gateway receives packet, by the data frame in multichannel communication multiple telecommunication protocol analysis packet, extract data Length length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type, If communications data frame, then the data data fields for receiving data frame and headNum data fields are calculated using MD5 algorithms MD5 digital finger-prints compare with receiving MD5 digital finger-prints, so as to checking data integrity;If data are tampered or lost, The reissue commands comprising communications data frame type and the data frame number are sent to PC control terminal;If verification is complete, Then using data Field Number headNum as number field, and built as index, data field data as content field Table;If secret order data, then calculated using MD5 algorithms randomType1, randomType2 for receiving data frame and The MD5 digital finger-prints of seedValue and dataNum data fields compare with the MD5 digital finger-prints received, and verification data is complete Property;If data are tampered or lost, the reissue commands for including secret order data frame type are sent to PC control terminal, its The headNum data fields of middle reissue commands data frame are by 0 filling;If verification is complete, made by self-defined secret order algorithm Secret With pseudo random number algorithm randomType1, randomType2 and random number seed received in secret order data frame SeedValue, random sequence is generated using the nested pseudo random number algorithm of formula (1.5), before in random number sequence DataNum element carries out traversal and tabled look-up, and often traverses an element, whether there is the element in look-up table, if it is present Data data fields corresponding to the element are retrieved, the data field retrieved is joined the team to recombination data team in tail of the queue by traversal order In row;If it does not exist, then the admission control of the random number reference numeral, sends to PC control terminal and includes the data The reissue commands of frame number, until security gateway receives the data frame containing the numbering, by the data data fields of the data frame Joined the team in tail of the queue to recombination data queue;It is finally completed the restructuring to Transmission Control Protocol data;
7. obtained Transmission Control Protocol data protocol is converted into CAN data, sent by eight tunnel CANs to in-car Controller and in-car detection device, and wait reply data;
8. security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message number Transmission Control Protocol data are converted to according to by CAN protocol, by security gateway use with step 2,3,4 identical methods to Transmission Control Protocol number According to MD5 digital finger-prints are added after being split, being numbered, the protocol encapsulation of data block is completed;Q/ is randomly selected using step 4 method 2 data frames are one group, form two groups of packets, pass through two-way Ethernet transmitted in parallel to PC control terminal;
9. being verified by the use of PC control terminal with step 6 same way to data, organizing bag, obtain complete Transmission Control Protocol data;Eight tunnel CANs and car are connected by two-way Ethernet so as to complete once complete PC control terminal Internal controller and the process of in-car detection device secure communication.
Test case
The eight tunnel CANs and the security gateway and method of two-way ethernet communication provided embodiment 1 carry out following Experiment:
1. eight tunnel CANs and car are connected by two-way Ethernet to PC control terminal by the methods described of embodiment 1 Internal controller and in-car detection device are communicated, and it is 250K to set CAN communication baud rate, per second in theory to receive 2500 Frame CAN extends frame data, and CAN data framing protocols are converted into Transmission Control Protocol data, at most available 20000 byte significant figures According to, the data of every 2000 byte be split as into 100 data blocks be packaged into after data frame to be divided into two groups of packets, by two-way with Too net is transferred to PC control terminal;
2. during data are transmitted to PC control terminal by two-way Ethernet, if existed using packet capturing technology Ethernet data link layer data intercept bag all the way, then the data being truncated in packet are imperfect, are reassembled as effectively complete The probability of data is 0;If using packet capturing technology in two-way ethernet link layer data intercept bag, it is difficult to considerably increase monitoring Degree;If intercepting and capturing two groups of packets in two-way ethernet link, because data pass through multichannel communication multiple telecommunication protocol encapsulation in packet, The data data fields position in data intercept bag can not be learnt;Even if obtain 100 data data in all data intercept bags Domain, then all 100 data data fields of combination are probably 100!=9.33262154439400e+157 kinds, use China No. two supercomputers of the Milky Way that the National University of Defense technology develops, with the flop operating speed of 33.86 petaflops per second by force Crack method and calculate 100!Kind may be, it is necessary to (9.33262154439400e+157)/(3.3860e+018)=2.75623e+139 Second=8.73997e+131, as a consequence it is hardly possible to which completion cracks.
The safety net of multichannel CAN used in the present invention and multichannel ethernet communication is able to demonstrate that by above-mentioned experiment Pass can effectively prevent communication data is stolen caused by information leakage and to be distorted to communication data, and then invade Communication system does illegal manipulation, greatly ensure that the security and anti-destructive of communication.
Conclusion:
The security gateway and its communication means based on multichannel CAN and ethernet communication that the present invention uses, even if number Intercepted and captured according in ethernet link layer by packet capturing technology, and imperfect, irregular and not reconstitutable invalid fragment type data. Meanwhile invader can not send meaningful data in communication system, communication system is effectively avoided by illegal invasion.And Communication both-end can but use the method that the present invention uses to complete to recombinate to data, obtain complete effective data, it is ensured that logical The security and anti-destructive of letter system.

Claims (2)

1. a kind of communication means of the security gateway of CAN and ethernet communication based on multichannel, comprises the following steps:
1) when PC control terminal connects CAN by Ethernet and communicated with in-car controller and in-car detection device, Using the static password that both sides arrange by the authentication of security gateway, PC control terminal obtain with in-car controller with The communication authority of in-car detection device;
2) after PC control terminal obtains communication authority, nested pseudo random number algorithm that gateway safe to use defines, generation one Individual fixed random number sequence, when pseudo random number algorithm nested order and random number seed determine, the random number sequence that generates every time Element value determines in row;
Nested pseudo random number algorithm is as follows:
<mrow> <mi>f</mi> <mrow> <mo>(</mo> <msub> <mi>X</mi> <mi>n</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mfrac> <msub> <mi>x</mi> <mi>n</mi> </msub> <mi>m</mi> </mfrac> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>1.2</mn> <mo>)</mo> </mrow> </mrow>
Wherein:
R represents nested random number;
Represent a kind of PRNG;
θ represents another PRNG;
T is expressed as present system time;
G represents a kind of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C mapping, i.e. A → B, A →C;
F represents the random number functions being distributed on output [0,1] section;
N represents natural number;
XnRepresent random number seed;
M is expressed as modulus;
Expression rounds symbol downwards;
A random real number being evenly distributed between [0,1] is produced first by above-mentioned linear congruential method (1.2), mapping is chosen Any two kinds of pseudo random number algorithms included in nested pseudo random number algorithm, mapping method are as follows:
Function g in formula (1.1) is the one of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C Kind mapping, i.e. A → B, A → C;The random real number of [0,1] is evenly distributed on caused by formula (1.2)In set B, ifThenα represents linear congruential method;IfThenβ represents shift register sequence Row;Thenγ represents super prime number method;In set C, ifThenIfThenIfThen
By above-mentioned mapping method, a kind of PRNG will be obtained by formula (1.1)Using system time T as with Random real number r of the several sub- formation ranges of machine between [1,100]1As radix, obtained another PRNG θ, using random real number rs of the two times of 2T of system time as random number seed formation range between [1,100]2As skew Amount, by r1With r2Rounded under being added backward, obtain a nested random integers r;Often generate a random number r, all therewith previous existence into Each random number compare, except first random number of generation, if therewith previous existence into random number it is equal, give up, Otherwise generating random number sequence is inserted;Finally give the unduplicated nested random number sequence of an element numerical value;
3) Transmission Control Protocol data to be sent are split, the data block length bytes range defined in multichannel communication multiple telecommunication agreement is in [10,20] Between;First element r in the random sequence of step 2) generation is taken out, by the self-defined DataLen functions of the present invention, the letter Number is defined as:
Obtained numerical value ω (r) ∈ [10,20], using the numerical value as the length for splitting data block, from the first of Transmission Control Protocol data Byte starts, and takes out length and obtains data block as fractionation for the data of ω (r) bytes, the data block that fractionation is obtained is filled into The data data fields of middle communications data frame, this communications data frame are first communications data frame;Using in taking-up random sequence First element r obtains the numbering of data block as fractionation, and the numbering is filled in the headNum numbers of first communications data frame According to domain;By that analogy, second is taken out in random sequence, the 3rd ... communication data is split as by element using aforesaid way Data block is simultaneously numbered, until the ω (r ') that the random number r ' of taking-up obtains by DataLen functions is more than or equal to remaining TCP Protocol data block length, then Transmission Control Protocol data can not be split again, now remaining Transmission Control Protocol data block is filled into most The data data fields of latter frame data, last frame data are filled into using the random number r ' of taking-up as the numbering of the data block HeadNum data fields, complete the fractionation to Transmission Control Protocol data and numbering;Counter is used during splitting Transmission Control Protocol data Record splits obtained data block number Q;
4) the data data fields in step 3) communications data frame and headNum data fields are input to MD5 algorithms generation MD5 numerals Fingerprint, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Wherein MD5 algorithms are a kind of Hash algorithm;MD5 algorithms are defined as:
With 512 to be grouped to handle the data of input, and each packet is divided into 16 32 seats packets again, by a system After the processing of row, the output of MD5 algorithms is formed by four 32, one 128 will be generated after this four 32 packet concatenations The hashed value of position, the value is digital finger-print;
Data type and communication data frame length are finally separately added into the dataType data fields and length of communications data frame Data field, full communication data frame is obtained, complete encapsulation;Most encapsulation finishes data frame and is sent into data queue to be sent at last;
5) the preceding Q element in the random sequence of step 2) generation is sequentially placed into the dynamic array that size is Q first, Q is Split obtained data block number;Then random integers of the scope in [0, Q-1] are produced using linear congruential method, searches and be somebody's turn to do Random number identical array index value, the data frame corresponding to the signified array element of the array index value found is sent into and treated Send data splitter;Q/N is randomly selected for the first time, and N is that the several data frame composition data bags of Ethernet interface are sent into first Data splitter to be sent, the packet in first queue are transmitted by first via Ethernet;By that analogy, n times are performed repeatedly, N groups packet is chosen altogether and is sent into N number of data splitter to be sent, is transmitted by N roads Ethernet in N number of data splitter to be sent Packet;The random packet to all communications data frames is completed, and all groups are bound with Ethernet interface;Eventually through N roads Ethernet is simultaneously and the packet be about in N number of data splitter to be sent is sent to Correspondent Node;
6) by used in step 3) two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame, RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order number According to the md5Check data fields of frame, by the dataType data fields of data type addition secret order data frame, secret order data frame data Length adds the length data fields of secret order data frame, completes the encapsulation to secret order data;Sent by Ethernet all the way to peace Full gateway;
7) after security gateway receives packet, by the data frame in multichannel communication multiple telecommunication protocol analysis packet, data length is extracted Length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type, if For communications data frame, then the data data fields of data frame and the MD5 numbers of headNum data fields are received using the calculating of MD5 algorithms Word fingerprint compares with receiving MD5 digital finger-prints, so as to checking data integrity;If data are tampered or lost, upwards Position machine control terminal sends the reissue commands data frame comprising communications data frame type and the data frame number;If verify It is whole, then using data Field Number headNum as number field, and built as index, data field data as content field Table;If secret order data, then calculated using MD5 algorithms randomType1, randomType2 for receiving data frame and The MD5 digital finger-prints of seedValue and dataNum data fields compare with the MD5 digital finger-prints received, and verification data is complete Property;If data are tampered or lost, the reissue commands number for including secret order data frame type is sent to PC control terminal According to frame, now headNum data fields are by 0 filling;If verification is complete, using self-defined secret order algorithm Secret, the algorithm is determined Justice:
Parse secret order data frame, obtain receive pseudo random number algorithm randomType1 in secret order data frame, RandomType2 and random number seed seedValue and fractionation data block number dataNum, use the nesting of formula (1.1) pseudo- Random number algorithm generates random sequence, carries out traversal to the preceding dataNum element in random number sequence and tables look-up, often traverses one Individual element, it whether there is the element in look-up table, if it is present data data fields corresponding to the element are retrieved, it is suitable by traveling through The data data fields that ordered pair retrieves are joined the team into recombination data queue in tail of the queue;Compiled if it does not exist, then the random number is corresponding Number dropout of data block, to PC control terminal send comprising the data block numbering reissue commands, until security gateway connects The data frame containing the numbering is received, the data data fields of the data frame are joined the team to recombination data queue in tail of the queue;It is final complete The restructuring of paired Transmission Control Protocol data;
8) the Transmission Control Protocol data protocol of restructuring is converted into CAN data, is sent to in-car and controlled by multichannel CAN Device and in-car detection device, and wait reply CAN message;
9) security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message by CAN Protocol conversion is Transmission Control Protocol data, by security gateway use with step 2), 3), 4) identical method to Transmission Control Protocol data carry out Split, MD5 digital finger-prints are added after numbering, complete the protocol encapsulation of data block;Q/N number is randomly selected using step 5) method It is one group according to frame, forms N group packets, pass through N roads Ethernet transmitted in parallel to PC control terminal;
10) data verified with step 7) same way by the use of PC control terminal, organize bag, obtain complete TCP Protocol data;Multichannel CAN and in-car are connected by multichannel Ethernet so as to complete once complete PC control terminal Controller and the process of in-car detection device secure communication.
2. a kind of equipment of the method for the security gateway of CAN and ethernet communication based on multichannel, including:ARM is core The embedded platform of processor;CAN module and ethernet module;
Described ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
Described CAN module includes CAN controller and CAN transceiver;
Described ethernet module includes ethernet transceiver;
Wherein, security gateway is equipped with (SuSE) Linux OS based on the embedded platform using ARM as core processor, the platform; The CAN passages of ARM core processors are connected with multichannel CAN controller and transceiver, and the other end access CAN of CAN transceiver is total Line is connected with in-car controller with in-car detection device, for receiving and dispatching CAN message;The Ethernet interface of ARM core processors with Multichannel ethernet transceiver is connected, the other end connection PC control terminal of Ethernet, for receiving and dispatching ethernet communication protocol Data;The embedded platform includes multichannel CAN module, multichannel ethernet module after above-mentioned extension;Specific CAN Number of links depends on quantity and the demand to communication efficiency of in-car controller and in-car detection device, ethernet link number Amount depends on specific safe class, and number of links more multi-security level(MSL) is higher;
The security gateway based on multichannel CAN and ethernet communication provided, due to the use of ARM being the embedding of core processor Enter formula platform, and transplanted CAN under Linux and driven;Used when ethernet module communicates with PC control terminal Socket API, SocketCan API are used when CAN module communicates with in-car control and detection device;Use multichannel When CAN and ethernet link communicate, can utilize network service API detections link whether idle or failure, if chain Road failure or he it is busy then select idle link, and notify PC control terminal-pair faulty link back up and repair.
CN201710789108.7A 2017-09-05 2017-09-05 The communication means of security gateway based on multichannel CAN bus and ethernet communication Active CN107426075B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710789108.7A CN107426075B (en) 2017-09-05 2017-09-05 The communication means of security gateway based on multichannel CAN bus and ethernet communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710789108.7A CN107426075B (en) 2017-09-05 2017-09-05 The communication means of security gateway based on multichannel CAN bus and ethernet communication

Publications (2)

Publication Number Publication Date
CN107426075A true CN107426075A (en) 2017-12-01
CN107426075B CN107426075B (en) 2018-05-08

Family

ID=60434590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710789108.7A Active CN107426075B (en) 2017-09-05 2017-09-05 The communication means of security gateway based on multichannel CAN bus and ethernet communication

Country Status (1)

Country Link
CN (1) CN107426075B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712315A (en) * 2018-05-25 2018-10-26 北京长城华冠汽车科技股份有限公司 A kind of methods, devices and systems of control new-energy automobile vehicle body load
TWI664849B (en) * 2017-12-19 2019-07-01 財團法人工業技術研究院 Method, computer program product and processing system for generating secure alternative representation
CN110086566A (en) * 2019-03-18 2019-08-02 深圳市元征科技股份有限公司 A kind of transmission method and mobile unit of vehicle-mounted data
CN111327575A (en) * 2018-12-14 2020-06-23 中车唐山机车车辆有限公司 Communication method and device based on Ethernet in train
CN111782506A (en) * 2020-05-27 2020-10-16 中汽研汽车检验中心(天津)有限公司 Automobile gateway information safety testing device
CN112187936A (en) * 2020-09-29 2021-01-05 北京车和家信息技术有限公司 Vehicle data processing method, device, equipment, storage medium and vehicle
US10909261B2 (en) 2018-12-12 2021-02-02 Industrial Technology Research Institute Method and computer program product for generating secure alternative representation for numerical datum
CN112491648A (en) * 2020-11-17 2021-03-12 重庆美沣秦安汽车驱动系统有限公司 Automobile communication data conversion method based on CAN communication matrix and storage medium
CN112602293A (en) * 2018-09-03 2021-04-02 株式会社自动网络技术研究所 Communication device, transmission method, and computer program
CN113411268A (en) * 2021-05-24 2021-09-17 深圳市元征未来汽车技术有限公司 Data transmission method, data transmission device and electronic equipment
CN113924753A (en) * 2019-07-09 2022-01-11 住友电气工业株式会社 Vehicle-mounted communication system, vehicle-mounted device, and vehicle communication method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1417980A (en) * 2002-11-07 2003-05-14 吕京建 Intelligent gateway device for vehicle controller LAN
CN1671097A (en) * 2004-03-17 2005-09-21 华为技术有限公司 A method and system for end-to-end wireless encryption communication
US20060238321A1 (en) * 2005-04-22 2006-10-26 Hon Hai Precision Industry Co., Ltd. Networked vehicle system and vehicle having the same
CN1960347A (en) * 2006-11-06 2007-05-09 吉林大学 Wireless car borne gateway system
CN2932844Y (en) * 2006-07-18 2007-08-08 吉林大学 Vehicle body controller that supports multiple bus connection
CN101155357A (en) * 2006-09-29 2008-04-02 英华达(上海)电子有限公司 Device and method for recording and saving voice call on mobile phone

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1417980A (en) * 2002-11-07 2003-05-14 吕京建 Intelligent gateway device for vehicle controller LAN
CN1671097A (en) * 2004-03-17 2005-09-21 华为技术有限公司 A method and system for end-to-end wireless encryption communication
US20060238321A1 (en) * 2005-04-22 2006-10-26 Hon Hai Precision Industry Co., Ltd. Networked vehicle system and vehicle having the same
CN2932844Y (en) * 2006-07-18 2007-08-08 吉林大学 Vehicle body controller that supports multiple bus connection
CN101155357A (en) * 2006-09-29 2008-04-02 英华达(上海)电子有限公司 Device and method for recording and saving voice call on mobile phone
CN1960347A (en) * 2006-11-06 2007-05-09 吉林大学 Wireless car borne gateway system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李滨等: "基于CAN总线和互联网的被动无钥匙进入系统", 《计算机工程与设计》 *
移胜亮等: "基于3G网络和CAN总线的汽车远程控制系统设计", 《计算机测量与控制》 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI664849B (en) * 2017-12-19 2019-07-01 財團法人工業技術研究院 Method, computer program product and processing system for generating secure alternative representation
US10831911B2 (en) 2017-12-19 2020-11-10 Industrial Technology Research Institute Method, computer program product and processing system for generating secure alternative representation
CN108712315A (en) * 2018-05-25 2018-10-26 北京长城华冠汽车科技股份有限公司 A kind of methods, devices and systems of control new-energy automobile vehicle body load
CN112602293B (en) * 2018-09-03 2022-06-17 株式会社自动网络技术研究所 Communication apparatus, transmission method, and storage medium
CN112602293A (en) * 2018-09-03 2021-04-02 株式会社自动网络技术研究所 Communication device, transmission method, and computer program
US10909261B2 (en) 2018-12-12 2021-02-02 Industrial Technology Research Institute Method and computer program product for generating secure alternative representation for numerical datum
CN111327575A (en) * 2018-12-14 2020-06-23 中车唐山机车车辆有限公司 Communication method and device based on Ethernet in train
CN110086566A (en) * 2019-03-18 2019-08-02 深圳市元征科技股份有限公司 A kind of transmission method and mobile unit of vehicle-mounted data
CN110086566B (en) * 2019-03-18 2022-09-06 深圳市元征科技股份有限公司 Vehicle-mounted data transmission method and vehicle-mounted equipment
CN113924753A (en) * 2019-07-09 2022-01-11 住友电气工业株式会社 Vehicle-mounted communication system, vehicle-mounted device, and vehicle communication method
CN111782506A (en) * 2020-05-27 2020-10-16 中汽研汽车检验中心(天津)有限公司 Automobile gateway information safety testing device
CN112187936A (en) * 2020-09-29 2021-01-05 北京车和家信息技术有限公司 Vehicle data processing method, device, equipment, storage medium and vehicle
CN112187936B (en) * 2020-09-29 2024-03-29 北京车和家信息技术有限公司 Vehicle data processing method, device, equipment, storage medium and vehicle
CN112491648A (en) * 2020-11-17 2021-03-12 重庆美沣秦安汽车驱动系统有限公司 Automobile communication data conversion method based on CAN communication matrix and storage medium
CN113411268A (en) * 2021-05-24 2021-09-17 深圳市元征未来汽车技术有限公司 Data transmission method, data transmission device and electronic equipment
CN113411268B (en) * 2021-05-24 2022-08-12 深圳市元征未来汽车技术有限公司 Data transmission method, data transmission device and electronic equipment

Also Published As

Publication number Publication date
CN107426075B (en) 2018-05-08

Similar Documents

Publication Publication Date Title
CN107426075B (en) The communication means of security gateway based on multichannel CAN bus and ethernet communication
US11722293B2 (en) Selective real-time cryptography in a vehicle communication network
Cho et al. Deep packet filter with dedicated logic and read only memories
CN101834840B (en) There is efficient key derivation system, the method and apparatus for end-to-end network security of business visuality
CN101542961B (en) Encrypting data in a communication network
CN105162626B (en) Network flow depth recognition system and recognition methods based on many-core processor
CN103929428B (en) A kind of method for realizing vehicle electronics information system communication safety
Ji et al. A novel covert channel based on length of messages
CN102523219B (en) Regular expression matching system and regular expression matching method
CN110069946B (en) Safe indexing system based on SGX
CN107911354B (en) Composite parallel data encryption method
CN101383703A (en) Dynamic ciphering system and method based on broad sense information field
CN102970228B (en) A kind of message transmitting method based on IPsec and equipment
Groza et al. Highly efficient authentication for CAN by identifier reallocation with ordered CMACs
CN110381075A (en) Equipment identities authentication method and device based on block chain
CN107172028A (en) A kind of fieldbus data sharing method and device
Nowakowski et al. Detecting Network Covert Channels using Machine Learning, Data Mining and Hierarchical Organisation of Frequent Sets.
CN105721161B (en) A kind of H based on bus2- MAC message authentication IP kernel hardware devices
CN109981485A (en) V2ray method for recognizing flux based on shot and long term memory network
Jolfaei et al. A lightweight integrity protection scheme for fast communications in smart grid
Huang et al. A novel identity authentication for FPGA based IP designs
CN114124416A (en) System and method for quickly exchanging data between networks
KR20180081332A (en) Security System and Method of Embeded software in Vehicle electric device
CN102662483A (en) A method for cloud computing business intelligent terminal users to safely input information
Rasheed et al. Using Authenticated Encryption for Securing Controller Area Networks in Autonomous Mobile Platforms

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant