CN107426075B - The communication means of security gateway based on multichannel CAN bus and ethernet communication - Google Patents
The communication means of security gateway based on multichannel CAN bus and ethernet communication Download PDFInfo
- Publication number
- CN107426075B CN107426075B CN201710789108.7A CN201710789108A CN107426075B CN 107426075 B CN107426075 B CN 107426075B CN 201710789108 A CN201710789108 A CN 201710789108A CN 107426075 B CN107426075 B CN 107426075B
- Authority
- CN
- China
- Prior art keywords
- data
- random number
- frame
- data frame
- ethernet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/0001—Systems modifying transmission characteristics according to link quality, e.g. power backoff
- H04L1/0006—Systems modifying transmission characteristics according to link quality, e.g. power backoff by adapting the transmission format
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
Abstract
The present invention provides a kind of security gateway and communication means based on multichannel CAN bus and ethernet communication, the backbone network transmitted using multichannel Ethernet as information, the security gateway and its communication means that connection multichannel CAN bus directly communicates with in-car controller and in-car detection device, it is possible to achieve safe and efficient real-time data communication.Since the security gateway uses multichannel CAN bus and ethernet link, call duration time is greatly reduced, improves communication efficiency.
Description
Technical field
The present invention provides a kind of security gateway and communication means based on multichannel CAN bus and multichannel ethernet communication, uses
In the controller and in-car detection device progress safety of realizing that PC control terminal is connected by Ethernet with in-car CAN bus
Communication, belongs to technical field of communication safety and comprising.
Background technology
Controller local area network (Controller Area Network, CAN) is used as a kind of field bus technique, due to
The features such as its reliability is high, stability is good, strong antijamming capability, communication speed are high low with maintenance cost, is widely used in work
Industry control field.In view of CAN bus is also extensively used to realize automobile in the design of its good performance and uniqueness, automotive field
Data communication between internal controller, actuator and each detection device.
Ethernet is the basic networking technology of internet, and ICP/IP protocol is the most basic protocol family in internet, with ten thousand
The popularization of thing interconnection concept and the development of Internet of Things, Ethernet is as a kind of amount of communication data is big, real-time is high and highly reliable
Technology, be widely used in the field of each network service.
With the development of car networking technology and automatic Pilot technology, new requirement is proposed to automobile network communication technology.
In-vehicle networking also by dynamical system, gradually develops into the multiple systems such as Infotainment, automobile assistant driving and security system.Together
When, In-vehicle networking and the equipment being attached thereto are required for being diagnosed and being safeguarded by external interface, and this is needed based on shared
The high bandwidth network communication technology support.Since Ethernet has the characteristics that technology maturation, high bandwidth and high performance-price ratio, it is in vapour
Utilization rate in car is constantly soaring.The thing followed is the safety problem of network communication protocol and gateway, and hacker can be with pin
A series of attacks are initiated to agreement and gateway, and are possible to spread to such attack ECU (the automatically controlled lists of automotive interior
Member).Criminal can be by intercepting and capturing the encryption data in car networking communication, acquisition vehicle running state data after decryption,
Automotive interior ECU can be intruded into, sends illegal instruction, remote control automobile.For example, tesla's automobile has been produced Lou again and again
Hole, hacker can be unlocked, opened a window, opening boot, or even in case of the low-speed travel state being put out automobile with remote control automobile
Fire.U.S. DARPA research centers are it has also been found that AM General company Anji star OnStart systems there are loophole, cause hacker can be with
It is utilized to remote control automobile.Therefore in car networking and automatic Pilot field, how the in-car various data of gateway realization are passed through
Between rapid translating and secure communication, both at home and abroad existing numerous scholars this problem is had made intensive studies.
In the protocol conversion and the communication technology of CAN bus and ethernet gateway, the technical method mainly used has:It is in-car
The protocol gateway of multichannel CAN and in-car single channel Ethernet, it is main use in-car single channel twisted-pair feeder as ethernet communication bus and
In-car CAN transceiver modules communication;The protocol gateway of the outer single channel Ethernet of in-car multichannel CAN and car, is mainly used for vehicle failure and examines
It is disconnected and write with a brush dipped in Chinese ink in-car electronic control unit;The outer multichannel Ethernet protocol gateway of in-car multichannel CAN and car, mainly carries out data double
The double main redundant transmissions of net, to ensure the stability of data transfer and reliability;Above-mentioned communication gate is applied to CAN and Ethernet
Communication, to achieve the purpose that protocol conversion.
In CAN bus and the safe practice of ethernet gateway, the technical method mainly used has:Data encryption technology,
Firewall technology and network authentication techniques etc..But simply Encryption Algorithm degree of safety is low, is easily broken, complicated encryption is calculated
Method complexity is high, computationally intensive, is mismatched with the computing capability of vehicle-mounted embedded type chip, is also unsuitable for the real-time encrypted of data
Transmission.Face frequently various attack pattern, the complexity of key generation and be difficult to manage, and listener-in in link layer or
The various packet capturing technologies that other nodes use, existing safe practice can not be applied to car networking well and communicate, it is impossible to completely
Realize the purpose of secure communication.
The content of the invention
The present invention provides a kind of security gateway and communication means based on multichannel CAN bus and multichannel ethernet communication, uses
In realizing that controller that PC control terminal be connected by Ethernet with in-car CAN bus and in-car detection device are led to
Letter.
In the protocol conversion stage, security gateway is by in-car CAN bus by the CAN message received by CAN protocol data
Be converted to Transmission Control Protocol data.
In the encapsulated phase of multichannel communication multiple telecommunication protocol data frame, given birth to first by the nested pseudo random number algorithm that the present invention defines
The random number sequence fixed into one, when pseudo random number algorithm nested order and random number seed determine, generate every time with
Element value determines in machine Number Sequence.
Then according to the genesis sequence of element in random number sequence, first first element in random number sequence is input to
The customized DataLen functions of the present invention, the length using the natural number N that DataLen functions export as data block after splitting, from
First byte of Transmission Control Protocol data starts, and takes out the data that length is N byte and is used as data block after fractionation, is filled into attached drawing 3
The data data fields of communications data frame;Using first element in random number sequence as the numbering for splitting data block, it is filled into
The headNum data fields of communications data frame in attached drawing 3;By the data data fields and headNum data of communications data frame in attached drawing 3
Domain is input to MD5 algorithms generation MD5 digital finger-prints, and the MD5 digital finger-prints of generation are filled into communications data frame in attached drawing 3
Md5Check data fields.So far encapsulation of the multichannel communication multiple telecommunication agreement of the invention defined to first data frame is completed.
According to the genesis sequence of element in random number sequence, second element in random number sequence is then input to this
Customized DataLen functions are invented, the length using the natural number J that DataLen functions export as data block after splitting, from
The N+1 bytes of Transmission Control Protocol data start, and take out the data that length is J bytes and are used as data block after fractionation, are filled into attached drawing 3
The data data fields of middle communications data frame;Using second element in random number sequence as the numbering for splitting data block, filling
The headNum data fields of communications data frame into attached drawing 3;By the data data fields and headNum numbers of communications data frame in attached drawing 3
MD5 algorithms generation MD5 digital finger-prints are input to according to domain, the MD5 digital finger-prints of generation are filled into communications data frame in attached drawing 3
Md5Check data fields.So far encapsulation of the multichannel communication multiple telecommunication agreement of the invention defined to second data frame is completed.
And so on, until the k-th element in random number sequence is input to the customized DataLen letters of the present invention
Number, DataLen functions output natural number M be greater than or equal to it is remaining do not split Transmission Control Protocol data block byte number when, will be remaining
The Transmission Control Protocol data not split are filled into the data data fields of communications data frame;Using k-th element as remaining Transmission Control Protocol number
The headNum data fields of communications data frame are filled into according to the numbering of block;Then by the data data fields of communications data frame and
HeadNum data fields are input to MD5 algorithms generation MD5 digital finger-prints, and the MD5 digital finger-prints of generation are filled into communications data frame
Md5Check data fields;So far, the fractionation to Transmission Control Protocol data is completed, and fractionation is obtained into data block and is packaged into data
Frame.
In information transmission phase, first, calculate communications data frame number N in every group, N=split data block number/with
Too network interface number;Randomly select N number of data frame as one group of data packet using linear congruential method, by this group of data packet with one with
Too network interface is bound, and so on, until all communications data frames have been grouped, all groups are bound with Ethernet interface;So
Parallel transmission communication data packet is to host computer control terminal at the same time for multichannel Ethernet afterwards, until all communication data packets have been sent
Finish.
The stage is received in information, MD5 fingerprints school is used by the received each data frame of PC control end-on first
Data integrity is tested, is then obtained splitting data block, solution according to the data data fields of multichannel communication multiple telecommunication protocol analysis communications data frame
The headNum data fields of analysis communications data frame obtain splitting the numbering of data block;Obtained according to self-defined secret order algorithm Secret
The nested pseudo random number algorithm identical with security gateway, uses the nested pseudo random number algorithm identical with security gateway, generation one
A random number sequence;First element in sequence is taken out first, finds the value of communications data frame headNum data fields and the
The identical communications data frame of one element, the data data fields for taking out the communications data frame are joined the team into recombination data queue;So
Afterwards take out sequence in second element, find communications data frame headNum data fields value it is identical with second element lead to
Letter data frame, the data data fields for taking out the communications data frame are joined the team into recombination data queue in tail of the queue;And so on, until
All data data fields received are joined the team into recombination data queue, are combined as complete Transmission Control Protocol data;So as to complete safety
Efficient communication process, the secure communication applied to remote control terminal and in-car controller and in-car detection device.
The present invention provides a kind of security gateway based on multichannel CAN bus and multichannel ethernet communication, its PC control
Terminal and the communication means step of in-car controller and in-car detection device are as follows:
1) CAN bus is connected by Ethernet in PC control terminal to communicate with in-car controller and in-car detection device
When, the authentication using the static password that both sides arrange by security gateway, PC control terminal is obtained to be controlled with in-car
The communication authority of device and in-car detection device;
2) after PC control terminal obtains communication authority, nested pseudo random number algorithm that gateway safe to use defines is raw
Into a fixed random number sequence, when pseudo random number algorithm nested order and random number seed determine, what is generated every time is random
Element value determines in Number Sequence;Three kinds of Pseudo-Random Numbers are included in the nesting pseudo random number algorithm:Linear congruential method, shifting
Bit register serial method and super prime number method.
Three kinds of algorithm definition are introduced in turn below.
First random algorithm:Linear congruential method
Xn+1=(aXn+ c) mod m, n >=0 (1.1)
Wherein:
N is natural number;
Xn+1For random number;
During n=0, initial value X0Referred to as seed;
Constant a is known as multiplier;
Constant c is known as constant;
Constant m is known as modulus;
Mod is modulo operation;
The random number being distributed in order to obtain on [0,1] section, Ke Yiling
Wherein RnFor the random number met the requirements;
For (1.1) formula, as c=0, which is known as multiplicative congruential method;As c ≠ 0, which is known as mixing congruence
Method;
Second random algorithm:Shift-register sequence method
Shift-register sequence method is the method for randomly generating 0,1 binary digit.It is transported based on primitive polynomial with mould 2
Calculate.If basis trinomial is xp+xq+ 1 corresponding shift-register generator is:
Xi=[Xi-p+Xi-(i-q)] mod 2, i=p, p+1 ... (1.3)
To the binary numeral X in registeriMake recursive operation, wherein:
P, q is given positive integer;
Xi(i=1,2 ..., p-1) is given constant;
Given initial value Xi(X-p, X-p+1 ..., X-1), 0 or 1 value produced by formula form binary system ordered series of numbers { an}.Cut
Access row { anIn continuous L form a L bit;Then L are intercepted and forms a binary number again, with such
Push away;
3rd random algorithm:Super prime number method
If M is prime number, ZiGathering { 1,2 ..., M-1 }, if there is both about (molecule and denominator are relatively prime for proper fraction
Proper fraction) Zi/ M is represented by pure circulating decimal (representation such as 0.a1a2...a1a1a2...a1), and repetend T=M-1, then
Prime number M is referred to as super prime number;
Pure circulating decimal existence condition theorem in number theory, with reference to the definition of super prime number, gives generation pseudorandom
The general super prime number method of sequence, its recurrence formula are:
Zi+1=(10*Zi) mod M, i=1,2,3 ... (1.4)
Wherein:
M is super prime number;
Z is nature manifold { Zi| 0 < Zi< M }, Zi∈Z;
I is expressed as natural number;
Mod is modulo operation;
The pseudo random number of this method generation is classified as an integer cyclic sequence, and the minimal circulation cycle is M-1, in each minimum
Only occur once from 1 to each integer M-1 in cycle.
The nested pseudo random number algorithm of the present invention is defined as follows:
Wherein:
R represents nested random number;
Represent a kind of pseudo-random number generator;
θ represents another pseudo-random number generator;
T is expressed as present system time;
G represents a kind of mapping of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C, i.e. A
→ B, A → C;
F represents the random number functions being distributed on output [0,1] section;
N represents natural number;
XnRepresent random number seed;
M is expressed as modulus;
Represent downward rounding symbol;
A random real number being evenly distributed between [0,1], mapping are produced first by above-mentioned linear congruential method (1.6)
Any two kinds of pseudo random number algorithms included in nested pseudo random number algorithm are chosen, mapping method is as follows:
Function g in formula (1.5) is that set A (set of random numbers) arrives B (pseudo random number algorithm set) and C (pseudorandoms
Number algorithm sets) a kind of mapping, i.e. A → B, A → C;The random real number for being evenly distributed on [0,1] produced by formula (1.6)In set B, ifThen(α represents linear congruential method);IfThen(β represents shift-register sequence);Then(γ represents super prime number method);In set C, ifThenIfThenIfThen
By above-mentioned mapping method, a kind of pseudo-random number generator will be obtained by formula (1.5)Use system time T
As random real number r of the random number seed formation range between [1,100]1As radix, obtained another pseudo random number
Maker θ, using random real number rs of the two times of 2T of system time as random number seed formation range between [1,100]2As
Offset, by r1With r2Lower rounding backward is added, obtains a nested random integers r;Often generate a random number r, all with before
Generation each random number compare, except first random number of generation, if therewith previous existence into random number it is equal, give up
Abandon, otherwise insert generating random number sequence;Finally obtain the unduplicated nested random number sequence of an element numerical value.
3) Transmission Control Protocol data to be sent are split, the data block length bytes range defined in multichannel communication multiple telecommunication agreement exists
[10,20] between;First element r in the random sequence that step 2 generates is taken out, by the self-defined DataLen letters of the present invention
Number, the function are defined as:
Obtained numerical value ω (r) ∈ [10,20], using the numerical value as the length for splitting data block, from Transmission Control Protocol data
First byte starts, and takes out length and obtains data block as fractionation for the data of ω (r) bytes, the data block that fractionation is obtained is filled out
The data data fields of communications data frame in attached drawing 3 are charged to, this communications data frame is first communications data frame;It is random using taking out
First element r in sequence obtains the numbering of data block as splitting, which is filled in first communications data frame
HeadNum data fields;And so on, second is taken out in random sequence, the 3rd ... element will communicate using aforesaid way
Data are split as data block and number, until ω (r ') that the random number r ' of taking-up is obtained by DataLen functions is more than or waits
In remaining Transmission Control Protocol data block length, then Transmission Control Protocol data cannot be split again, at this time by remaining Transmission Control Protocol data
Block is filled into the data data fields of last frame data, is filled the random number r ' of taking-up as the numbering of the data block to the end
The headNum data fields of one frame data, complete the fractionation to Transmission Control Protocol data and numbering;During splitting Transmission Control Protocol data
The data block number Q split using counter records;
4) the data data fields in step 3 communications data frame and headNum data fields are input to MD5 algorithms generation MD5
Digital finger-print, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Wherein MD5
(Message Digest 5) algorithm is a kind of hash algorithm;MD5 algorithms are defined as:
The data of input are handled for packet with 512, and each packet is divided into 16 32 seats packets again, passes through
After a series of processing, the output of MD5 algorithms is formed by four 32, one will be generated after this four 32 packet concatenations
The hashed value of 128, the value are digital finger-print;
Data type (such as communications data frame) and communication data frame length finally are separately added into communications data frame
DataType data fields and length data fields, obtain full communication data frame, complete encapsulation;In its data structure such as attached drawing 3
Communication data frame structure;Most encapsulation finishes data frame and is sent into data queue to be sent at last;
5) the preceding Q in the random sequence for first generating step 2 (the data block number that fractionation obtains) a element is put successively
Enter in the dynamic array that size is Q;Then random integers of the scope in [0, Q-1] are produced using linear congruential method, search with
The identical array index value of the random number, array element (i.e. data block is numbered) institute the array index value meaning found are right
The data frame answered is sent into data splitter to be sent;Randomly select Q/N (N is Ethernet interface number) a data frame group for the first time
First data splitter to be sent is sent into data packet, the data packet in first queue is transmitted by first via Ethernet;With
This analogizes, and performs n times repeatedly, chooses N groups data packet altogether and is sent into N number of data splitter to be sent, is transmitted by N roads Ethernet N number of
Data packet in data splitter to be sent;Complete the random packet to all communications data frames, and all groups of equal and Ethernets
Interface is bound;Eventually through N roads Ethernet at the same time and the data packet be about in N number of data splitter to be sent is sent to communication pair
End;
6) by used in step 3 two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed
SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame,
RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order
Data type, is added the dataType data fields of secret order data frame, secret order data frame number by the md5Check data fields of data frame
The length data fields of secret order data frame are added according to length, complete the encapsulation to secret order data, its data structure such as 3 kinds of attached drawing is close
Make data frame structure;Sent by Ethernet all the way to security gateway;
7) after security gateway receives data packet, by the data frame in multichannel communication multiple telecommunication protocol analysis data packet, data are extracted
Length length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type,
If communications data frame, then the data data fields for receiving data frame and headNum data fields are calculated using MD5 algorithms
MD5 digital finger-prints are compared with receiving MD5 digital finger-prints, so that checking data integrity;If data are tampered or lose,
The reissue commands data frame comprising communications data frame type and the data frame number, its data knot are sent to host computer control terminal
Reissue commands data frame structure in structure such as attached drawing 3;If verification is complete, using data Field Number headNum as number field,
And carry out building table as content field as index, data field data;If secret order data, then calculated and connect using MD5 algorithms
Receive data frame randomType1, randomType2 and seedValue and dataNum data fields MD5 digital finger-prints with
The MD5 digital finger-prints received compare, checking data integrity;It is whole to PC control if data are tampered or lose
End, which is sent, includes the reissue commands data frame of secret order data frame type, reissue commands data frame knot in its data structure such as attached drawing 3
Structure, headNum data fields are by 0 filling at this time;If verification is complete, self-defined secret order algorithm Secret, algorithm definition are used:
Parse secret order data frame, obtain receive pseudo random number algorithm randomType1 in secret order data frame,
RandomType2 and random number seed seedValue and fractionation data block number dataNum, uses the nesting of formula (1.5) pseudo-
Random number algorithm generates random sequence, carries out traversal to the preceding dataNum element in random number sequence and tables look-up, often traverses one
A element, whether there is the element in look-up table, if it is present the corresponding data data fields of the element are retrieved, it is suitable by traveling through
The data data fields that ordered pair retrieves are joined the team into recombination data queue in tail of the queue;Compiled if it does not exist, then the random number corresponds to
Number dropout of data block, to host computer control terminal send comprising the data block numbering reissue commands, until security gateway connects
The data frame containing the numbering is received, the data data fields of the data frame are joined the team to recombination data queue in tail of the queue;It is final complete
The restructuring of paired Transmission Control Protocol data;
8) the Transmission Control Protocol data protocol of restructuring is converted into CAN bus data, is sent by multichannel CAN bus to in-car
Controller and in-car detection device, and wait reply CAN message;
9) security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message by
CAN protocol is converted to Transmission Control Protocol data, by security gateway use with step 2,3,4 identical methods to TCP protocol datas into
Row splits, MD5 digital finger-prints is added after numbering, completes the protocol encapsulation of data block;Q/N are randomly selected using step 5 method
Data frame is one group, forms N group data packets, passes through N roads Ethernet transmitted in parallel to host computer control terminal;
10) data verified with step 7 same way by the use of PC control terminal, organize bag, obtained complete
Transmission Control Protocol data;So as to complete once complete PC control terminal by multichannel Ethernet connect multichannel CAN buses with
In-car controller and the process of in-car detection device secure communication;
In-car controller and in-car detection device and the communication of PC control terminal can be realized with above-mentioned steps.
The present invention provides a kind of equipment of the method for the security gateway of CAN bus and ethernet communication based on multichannel, bag
Include:ARM is the embedded platform of core processor;CAN bus module and ethernet module;
The ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
The CAN bus module includes CAN controller and CAN transceiver;
The ethernet module includes ethernet transceiver;
Wherein, for security gateway based on the embedded platform using ARM as core processor, which is equipped with Linux operations
System;The CAN passages of ARM core processors are connected with multichannel CAN controller and transceiver, the other end access of CAN transceiver
CAN bus is connected with in-car controller with in-car detection device, for receiving and dispatching CAN message;The Ethernet of ARM core processors connects
Mouth is connected with multichannel ethernet transceiver, the other end connection PC control terminal of Ethernet, for receiving and dispatching ethernet communication
Protocol data;The embedded platform includes multichannel CAN bus module, multichannel ethernet module after above-mentioned extension;Specific CAN
Bus links quantity depends on the quantity of in-car controller and in-car detection device and the demand to communication efficiency, ether network chain
Way amount depends on specific safe class, and number of links more multi-security level(MSL) is higher;
The security gateway based on multichannel CAN bus and ethernet communication provided, is core processor due to the use of ARM
Embedded platform, and transplanted under Linux CAN bus and driven;When ethernet module communicates with PC control terminal
Using Socket API, Socket Can API are used when CAN bus module communicates with in-car control and detection device;Use
When multichannel CAN bus and ethernet link communicate, can utilize network service API detections link whether idle or failure, if
There is link failure or busy, select idle link, and notify PC control terminal-pair faulty link to back up and repair.
The backbone network that the present invention is transmitted using multichannel Ethernet as information, connection multichannel CAN bus are directly controlled with in-car
Device processed and the security gateway and its communication means of in-car detection device communication, it is possible to achieve safe and efficient real-time data communication.
Since the security gateway uses multichannel CAN bus and ethernet link, call duration time is greatly reduced, improves communication effect
Rate.
Security gateway one end connects CAN bus and communicates with multiple in-car controllers and multiple in-car detection devices, the other end
Connection Ethernet communicates with PC control terminal;The agreement that the present invention is realized between CAN bus data and TCP data turns
Change, while data are split as the random data block of length using the nested pseudo random number algorithm that the present invention defines;By data block
It is encapsulated into the random multichannel communication multiple telecommunication protocol communication data frame defined by the present invention of numbering;Last security gateway is according to Ethernet
Number of ports, repeatedly randomly selects N number of data frame and forms multiple data packets, each data packet is bound with an Ethernet interface, more
Transmitted in parallel data packet to Correspondent Node, will receive data packet by Correspondent Node and be defined by the present invention a ethernet link at the same time
Multichannel communication multiple telecommunication protocol analysis, be reassembled as complete TCP data so that PC control terminal connects car by security gateway
Internal controller and in-car detection device, are realized based on multichannel CAN bus and the safety net of the conversion of multichannel Ethernet protocol and communication
Close.
The positive effect of the present invention is:Using multichannel CAN bus and the security gateway of ethernet communication, car connection is realized
Conversion in net between in-car CAN bus agreement and the communication protocol of Ethernet, while torn open data using pseudo random number algorithm
After being divided into data block, data block is put into and numbers random data frame, then randomly selects N number of data frame as data packet, system
Multiple data packets will be generated according to Ethernet interface number, each data packet is bound with an Ethernet interface, multiple ether network chains
Road sends data packet at the same time.Its random algorithm arithmetic speed is fast, while real-time is ensured, due to data frame number, data
Frame group packet mode with communication institute using ethernet link numbering be all by the present invention define nested pseudo random number algorithm generation,
Data chunk in communication can not be synthesized intentional partial data by invader, can not be sent in communication system significant
Data, efficiently avoid communication system by illegal invasion, ensure that the security and anti-destructive of communication system.Use at the same time
Multiple ethernet link transmitting data in parallel, used the multiple in-car control devices of multichannel CAN bus links connection with it is in-car
Detection device, it is ensured that PC control terminal and multiple in-car control devices, multiple in-car detection device parallel communications, show
Improve communication efficiency with writing.
Brief description of the drawings
Fig. 1 is the structure chart of the present invention;
Fig. 2 is the system flow chart of the present invention;
Fig. 3 is the data structure diagram of the present invention;
In Fig. 3:DataType represents data type, such as communications data frame, secret order data frame, reissue commands data frame, position
In the 4 high of each the 1st byte of data frame;Length represents data frame length, 4 low positioned at each the 1st byte of data frame;
HeadNum represents data field coding, positioned at the 2nd byte of communications data frame and reissue commands data frame;Data represents data field,
Positioned at communications data frame the 19th byte to the 38th byte;RandomType1 represents the first pseudo random number algorithm, positioned at secret order number
It is 4 high according to the 2nd byte of frame;RandomType2 represents second of pseudo random number algorithm, positioned at the 2nd byte low 4 of secret order data frame
Position;SeedValue represents random number seed, positioned at the 3rd byte of secret order data frame;DataNum represents fractionation data field number,
Positioned at the 4th byte of secret order data frame;Md5Check represents MD5 digital finger-prints, in communications data frame and reissue commands data frame
Positioned at the 3rd byte to 18 bytes, the 5th byte to the 20th byte is located in secret order data frame.
Embodiment
With reference to Fig. 1 and Fig. 2 and Fig. 3, the present invention is described further by following embodiments.Not in any way
The limitation present invention, on the premise of without departing substantially from the technical solution of the present invention, ordinary skill made for the present invention
Personnel's any modifications or changes easy to implement are fallen within scope of the presently claimed invention.
Embodiment 1
With reference to Fig. 1, Fig. 2 and Fig. 3, embedded platform, the eight road CAN that the device of the invention has ARM to be core processor are total
Wire module and two-way ethernet module;
The ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
The CAN bus module includes CAN controller and CAN transceiver;
The ethernet module includes ethernet transceiver;
Wherein, the CAN passages of ARM core processors are connected with eight tunnel CAN controllers and transceiver, CAN transceiver it is another
One end accesses CAN bus and is connected with in-car control and detection device, for receiving and dispatching CAN message;The Ethernet of ARM core processors
Interface is connected with two-way ethernet transceiver, the other end connection PC control terminal of Ethernet, for receiving and dispatching ether netting index
According to;
PC control terminal connects eight tunnel CAN bus links by two-way Ethernet and leads to in-car control and detection device
The process of letter is as follows:
1. connect CAN bus by Ethernet in PC control terminal to communicate with in-car controller and in-car detection device
When, the authentication using the static password that both sides arrange by security gateway, PC control terminal is obtained to be controlled with in-car
The communication authority of device and in-car detection device;
2. PC control terminal is after communication authority is obtained, by the formula (1.5) in multichannel communication multiple telecommunication agreement and (1.6):
A random sequence is produced, the first random number r taken out in random sequence uses DataLen functions (1.7):
Using obtained numerical value ω (r) as the length for splitting data block, since the first byte of Transmission Control Protocol data, take
Go out the data that length is ω (r) bytes and obtain data block as fractionation, the data block that fractionation is obtained is filled into attached drawing 3 and communicates
The data data fields of data frame, this communications data frame are first communications data frame;Use first taken out in random sequence
Element r obtains the numbering of data block as fractionation, which is filled in the headNum data fields of first communications data frame;
And so on, second is taken out in random sequence, Transmission Control Protocol data are split as counting by the 3rd ... element using aforesaid way
According to block and number, until the ω (r ') that the random number r ' of taking-up is obtained by DataLen functions is greater than or equal to remaining TCP associations
Data block length is discussed, then Transmission Control Protocol data cannot be split again, at this time by remaining Transmission Control Protocol data block filling to the end
The data data fields of one frame data, last frame data are filled into using the random number r ' of taking-up as the numbering of the data block
HeadNum data fields, complete the fractionation to Transmission Control Protocol data and numbering;Counter is used during splitting Transmission Control Protocol data
Record splits obtained data block number Q;
3. the data data fields in step 2 communications data frame and headNum data fields are input to MD5 algorithms generation MD5
Digital finger-print, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Finally by data type
(communications data frame) and communication data frame length are separately added into the dataType data fields and length data fields of communications data frame,
Full communication data frame is obtained, completes encapsulation;Communication data frame structure in its data structure such as attached drawing 3;Most encapsulation finishes at last
Data frame is sent into data queue to be sent;
4. preceding Q (the data block number that fractionation obtains) a element in the random sequence that step 2 is generated is sequentially placed into greatly
In the small dynamic array for Q;Random integers of the scope in [0, Q-1] are produced using linear congruential method, are searched and the random number
Identical array index value, the data corresponding to the array element (i.e. data block is numbered) of the array index value meaning found
Frame is sent into data splitter to be sent;For the first time Q/2 (2 be Ethernet interface number) a data frame composition data bag is randomly selected to send
Enter first data splitter to be sent, the data packet in first queue is transmitted by first via Ethernet;Second of random choosing
Q/2 data frame composition data bag is taken to be sent into second data splitter to be sent, the data packet in second queue is by second
Road Ethernet transmission;All communications data frames are randomly divided into two groups, and two groups of data packets are bound with two-way Ethernet interface;
By two-way Ethernet by the data packet transmitted in parallel in two data splitters to be sent to Correspondent Node;
5. by used in step 2 two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed
SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame,
RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order
Data type, is added the dataType data fields of secret order data frame, secret order data frame number by the md5Check data fields of data frame
According to length add secret order data frame length data fields, complete the encapsulation to secret order data, by Ethernet all the way send to
Security gateway;
After 6. security gateway receives data packet, by the data frame in multichannel communication multiple telecommunication protocol analysis data packet, extract data
Length length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type,
If communications data frame, then the data data fields for receiving data frame and headNum data fields are calculated using MD5 algorithms
MD5 digital finger-prints are compared with receiving MD5 digital finger-prints, so that checking data integrity;If data are tampered or lose,
The reissue commands comprising communications data frame type and the data frame number are sent to host computer control terminal;If verification is complete,
Then using data Field Number headNum as number field, and built as index, data field data as content field
Table;If secret order data, then calculated using MD5 algorithms randomType1, randomType2 for receiving data frame and
The MD5 digital finger-prints of seedValue and dataNum data fields are compared with the MD5 digital finger-prints received, and verification data is complete
Property;If data are tampered or lose, the reissue commands for including secret order data frame type are sent to host computer control terminal, its
The headNum data fields of middle reissue commands data frame are by 0 filling;If verification is complete, made by self-defined secret order algorithm Secret
With pseudo random number algorithm randomType1, randomType2 and random number seed received in secret order data frame
SeedValue, generates random sequence, before in random number sequence using the nested pseudo random number algorithm of formula (1.5)
DataNum element carries out traversal and tables look-up, and often traverses an element, whether there is the element in look-up table, if it is present
The corresponding data data fields of the element are retrieved, are joined the team by traversal order to the data field retrieved in tail of the queue to recombination data team
In row;If it does not exist, then the admission control of the random number reference numeral, sends to host computer control terminal and includes the data
The reissue commands of frame number, until security gateway receives the data frame containing the numbering, by the data data fields of the data frame
Join the team in tail of the queue to recombination data queue;It is finally completed the restructuring to Transmission Control Protocol data;
7. obtained Transmission Control Protocol data protocol is converted to CAN bus data, sent by eight tunnel CAN bus to in-car
Controller and in-car detection device, and wait reply data;
8. security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message number
Transmission Control Protocol data are converted to according to by CAN protocol, are used by security gateway with step 2,3,4 identical methods to Transmission Control Protocol number
According to MD5 digital finger-prints are added after being split, being numbered, the protocol encapsulation of data block is completed;Q/ is randomly selected using step 4 method
2 data frames are one group, form two groups of data packets, pass through two-way Ethernet transmitted in parallel to host computer control terminal;
9. being verified by the use of PC control terminal with step 6 same way to data, organizing bag, obtain complete
Transmission Control Protocol data;Eight tunnel CAN bus and car are connected by two-way Ethernet so as to complete once complete PC control terminal
Internal controller and the process of in-car detection device secure communication.
Test case
The eight tunnel CAN bus and the security gateway and method of two-way ethernet communication provided embodiment 1 carry out following
Experiment:
1. eight tunnel CAN bus and car are connected by two-way Ethernet to PC control terminal by 1 the method for embodiment
Internal controller and in-car detection device communicate, and it is 250K to set CAN communication baud rate, per second in theory to receive 2500
Frame CAN extends frame data, and CAN data framing protocols are converted to Transmission Control Protocol data, at most available 20000 byte significant figures
According to, the data of every 2000 byte be split as 100 data blocks be packaged into after data frame to be divided into two groups of data packets, by two-way with
Too net is transferred to PC control terminal;
2. during data are transmitted to PC control terminal by two-way Ethernet, if existed using packet capturing technology
Ethernet data link layer data intercept bag all the way, then the data being truncated in data packet are imperfect, are reassembled as effectively complete
The probability of data is 0;If using packet capturing technology in two-way ethernet link layer data intercept bag, it is difficult to considerably increase monitoring
Degree;If intercepting and capturing two groups of data packets in two-way ethernet link, since data pass through multichannel communication multiple telecommunication protocol encapsulation in data packet,
It can not learn the data data fields position in data intercept bag;Even if obtain 100 data data in all data intercept bags
Domain, then all 100 data data fields of combination are probably 100!=9.33262154439400e+157 kinds, use China
No. two supercomputers of the Milky Way that the National University of Defense technology develops, with the flop operating speed of 33.86 petaflops per second by force
Crack method and calculate 100!Kind may be, it is necessary to (9.33262154439400e+157)/(3.3860e+018)=2.75623e+139
Second=8.73997e+131, as a consequence it is hardly possible to which completion cracks.
The safety net of multichannel CAN bus used in the present invention and multichannel ethernet communication is able to demonstrate that by above-mentioned experiment
Pass, which can effectively prevent communication data and be stolen caused by, information leakage and distorts communication data, and then invades
Communication system does illegal manipulation, greatly ensure that the security and anti-destructive of communication.
Conclusion:
The security gateway and its communication means based on multichannel CAN bus and ethernet communication that the present invention uses, even if number
Intercepted and captured according in ethernet link layer by packet capturing technology, and imperfect, irregular and not reconstitutable invalid fragment type data.
Meanwhile invader can not send meaningful data in communication system, communication system is effectively avoided by illegal invasion.And
Communication both-end can but use the method that the present invention uses to complete to recombinate to data, obtain complete effective data, it is ensured that logical
The security and anti-destructive of letter system.
Claims (1)
1. a kind of communication means of the security gateway of CAN bus and ethernet communication based on multichannel, comprises the following steps:
1) when PC control terminal connects CAN bus by Ethernet and communicates with in-car controller and in-car detection device,
Using the static password that both sides arrange by the authentication of security gateway, PC control terminal obtain with in-car controller with
The communication authority of in-car detection device;
2) after PC control terminal obtains communication authority, nested pseudo random number algorithm that gateway safe to use defines, generation one
A fixed random number sequence, when pseudo random number algorithm nested order and random number seed determine, the random number sequence that generates every time
Element value determines in row;
Nested pseudo random number algorithm is as follows:
<mrow>
<mi>f</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>X</mi>
<mi>n</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>=</mo>
<mfrac>
<msub>
<mi>x</mi>
<mi>n</mi>
</msub>
<mi>m</mi>
</mfrac>
<mo>-</mo>
<mo>-</mo>
<mo>-</mo>
<mrow>
<mo>(</mo>
<mn>1.2</mn>
<mo>)</mo>
</mrow>
</mrow>
Wherein:
R represents nested random number;
Represent a kind of pseudo-random number generator;
θ represents another pseudo-random number generator;
T is expressed as present system time;
G represents a kind of mapping of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C, i.e. A → B, A
→C;
F represents the random number functions being distributed on output [0,1] section;
N represents natural number;
XnRepresent random number seed;
M is expressed as modulus;
Represent downward rounding symbol;
A random real number being evenly distributed between [0,1] is produced first by above-mentioned linear congruential method (1.2), mapping is chosen
Any two kinds of pseudo random number algorithms included in nested pseudo random number algorithm, mapping method are as follows:
Function g in formula (1.1) is the one of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C
Kind mapping, i.e. A → B, A → C;The random real number for being evenly distributed on [0,1] produced by formula (1.2)In set B, ifThenα represents linear congruential method;IfThenβ represents shift register sequence
Row;Thenγ represents super prime number method;In set C, ifThenIfThenIfThen
By above-mentioned mapping method, a kind of pseudo-random number generator will be obtained by formula (1.1)Using system time T as with
Random real number r of the several sub- formation ranges of machine between [1,100]1As radix, obtained another pseudo-random number generator
θ, using random real number rs of the two times of 2T of system time as random number seed formation range between [1,100]2As offset
Amount, by r1With r2Lower rounding backward is added, obtains a nested random integers r;Often generate a random number r, all therewith previous existence into
Each random number compare, except first random number of generation, if therewith previous existence into random number it is equal, give up,
Otherwise generating random number sequence is inserted;Finally obtain the unduplicated nested random number sequence of an element numerical value;
3) Transmission Control Protocol data to be sent are split, the data block length bytes range defined in multichannel communication multiple telecommunication agreement is in [10,20]
Between;First element r in the random sequence of step 2) generation is taken out, by self-defined DataLen functions, function definition
For:
Obtained numerical value ω (r) ∈ [10,20], using the numerical value as the length for splitting data block, from the first of Transmission Control Protocol data
Byte starts, and takes out length and obtains data block as fractionation for the data of ω (r) bytes, the data block that fractionation is obtained is filled into
The data data fields of middle communications data frame, this communications data frame are first communications data frame;Using in taking-up random sequence
First element r obtains the numbering of data block as fractionation, which is filled in the headNum numbers of first communications data frame
According to domain;And so on, second is taken out in random sequence, the 3rd ... communication data is split as by element using aforesaid way
Data block is simultaneously numbered, until the ω (r ') that the random number r ' of taking-up is obtained by DataLen functions is greater than or equal to remaining TCP
Protocol data block length, then Transmission Control Protocol data cannot be split again, remaining Transmission Control Protocol data block is filled into most at this time
The data data fields of latter frame data, last frame data are filled into using the random number r ' of taking-up as the numbering of the data block
HeadNum data fields, complete the fractionation to Transmission Control Protocol data and numbering;Counter is used during splitting Transmission Control Protocol data
Record splits obtained data block number Q;
4) the data data fields in step 3) communications data frame and headNum data fields are input to MD5 algorithms generation MD5 numerals
Fingerprint, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Wherein MD5 algorithms are a kind of
Hash algorithm;MD5 algorithms are defined as:
The data of input are handled for packet with 512, and each packet is divided into 16 32 seats packets again, by a system
After the processing of row, the output of MD5 algorithms is formed by four 32, one 128 will be generated after this four 32 packet concatenations
The hashed value of position, which is digital finger-print;
Data type and communication data frame length are finally separately added into the dataType data fields and length of communications data frame
Data field, obtains full communication data frame, completes encapsulation;Most encapsulation finishes data frame and is sent into data queue to be sent at last;
5) the preceding Q element in the random sequence of step 2) generation is sequentially placed into the dynamic array that size is Q first, Q is
Split obtained data block number;Then random integers of the scope in [0, Q-1] are produced using linear congruential method, searches and be somebody's turn to do
The identical array index value of random number, is sent into the data frame corresponding to the array element of the array index value meaning found and treats
Send data splitter;Q/N is randomly selected for the first time, and N is sent into first for the several data frame composition data bags of Ethernet interface
Data splitter to be sent, the data packet in first queue are transmitted by first via Ethernet;And so on, n times are performed repeatedly,
N groups data packet is chosen altogether and is sent into N number of data splitter to be sent, is transmitted by N roads Ethernet in N number of data splitter to be sent
Data packet;The random packet to all communications data frames is completed, and all groups are bound with Ethernet interface;Eventually through N roads
Ethernet is at the same time and the data packet be about in N number of data splitter to be sent is sent to Correspondent Node;
6) by used in step 3) two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed
SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame,
RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order number
According to the md5Check data fields of frame, by the dataType data fields of data type addition secret order data frame, secret order data frame data
Length adds the length data fields of secret order data frame, completes the encapsulation to secret order data;Sent by Ethernet all the way to peace
Full gateway;
7) after security gateway receives data packet, by the data frame in multichannel communication multiple telecommunication protocol analysis data packet, data length is extracted
Length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type, if
For communications data frame, then the data data fields of data frame and the MD5 numbers of headNum data fields are received using the calculating of MD5 algorithms
Word fingerprint is compared with receiving MD5 digital finger-prints, so that checking data integrity;If data are tampered or lose, upwards
Position machine control terminal sends the reissue commands data frame comprising communications data frame type and the data frame number;If verify
It is whole, then using data Field Number headNum as number field, and built as index, data field data as content field
Table;If secret order data, then calculated using MD5 algorithms randomType1, randomType2 for receiving data frame and
The MD5 digital finger-prints of seedValue and dataNum data fields are compared with the MD5 digital finger-prints received, and verification data is complete
Property;If data are tampered or lose, the reissue commands number for including secret order data frame type is sent to host computer control terminal
According to frame, headNum data fields are by 0 filling at this time;If verification is complete, using self-defined secret order algorithm Secret, which determines
Justice:
Parse secret order data frame, obtain receive pseudo random number algorithm randomType1 in secret order data frame,
RandomType2 and random number seed seedValue and fractionation data block number dataNum, uses the nesting of formula (1.1) pseudo-
Random number algorithm generates random sequence, carries out traversal to the preceding dataNum element in random number sequence and tables look-up, often traverses one
A element, whether there is the element in look-up table, if it is present the corresponding data data fields of the element are retrieved, it is suitable by traveling through
The data data fields that ordered pair retrieves are joined the team into recombination data queue in tail of the queue;Compiled if it does not exist, then the random number corresponds to
Number dropout of data block, to host computer control terminal send comprising the data block numbering reissue commands, until security gateway connects
The data frame containing the numbering is received, the data data fields of the data frame are joined the team to recombination data queue in tail of the queue;It is final complete
The restructuring of paired Transmission Control Protocol data;
8) the Transmission Control Protocol data protocol of restructuring is converted into CAN bus data, is sent to in-car and controlled by multichannel CAN bus
Device and in-car detection device, and wait reply CAN message;
9) security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message by CAN
Protocol conversion is Transmission Control Protocol data, and Transmission Control Protocol data are carried out using the method with step 2), 3), 4) identical by security gateway
Split, MD5 digital finger-prints are added after numbering, complete the protocol encapsulation of data block;Q/N number is randomly selected using step 5) method
It is one group according to frame, forms N group data packets, pass through N roads Ethernet transmitted in parallel to host computer control terminal;
10) data verified with step 7) same way by the use of PC control terminal, organize bag, obtain complete TCP
Protocol data;Multichannel CAN bus and in-car are connected by multichannel Ethernet so as to complete once complete PC control terminal
Controller and the process of in-car detection device secure communication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710789108.7A CN107426075B (en) | 2017-09-05 | 2017-09-05 | The communication means of security gateway based on multichannel CAN bus and ethernet communication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710789108.7A CN107426075B (en) | 2017-09-05 | 2017-09-05 | The communication means of security gateway based on multichannel CAN bus and ethernet communication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107426075A CN107426075A (en) | 2017-12-01 |
CN107426075B true CN107426075B (en) | 2018-05-08 |
Family
ID=60434590
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710789108.7A Active CN107426075B (en) | 2017-09-05 | 2017-09-05 | The communication means of security gateway based on multichannel CAN bus and ethernet communication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107426075B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10831911B2 (en) * | 2017-12-19 | 2020-11-10 | Industrial Technology Research Institute | Method, computer program product and processing system for generating secure alternative representation |
CN108712315A (en) * | 2018-05-25 | 2018-10-26 | 北京长城华冠汽车科技股份有限公司 | A kind of methods, devices and systems of control new-energy automobile vehicle body load |
JP7042417B2 (en) * | 2018-09-03 | 2022-03-28 | 株式会社オートネットワーク技術研究所 | Communication equipment, transmission method and computer program |
US10909261B2 (en) | 2018-12-12 | 2021-02-02 | Industrial Technology Research Institute | Method and computer program product for generating secure alternative representation for numerical datum |
CN111327575B (en) * | 2018-12-14 | 2022-11-22 | 中车唐山机车车辆有限公司 | Communication method and device based on Ethernet in train |
CN110086566B (en) * | 2019-03-18 | 2022-09-06 | 深圳市元征科技股份有限公司 | Vehicle-mounted data transmission method and vehicle-mounted equipment |
WO2021005875A1 (en) * | 2019-07-09 | 2021-01-14 | 住友電気工業株式会社 | On-vehicle communication system, on-vehicle device, and vehicle communication method |
CN111782506A (en) * | 2020-05-27 | 2020-10-16 | 中汽研汽车检验中心(天津)有限公司 | Automobile gateway information safety testing device |
CN112187936B (en) * | 2020-09-29 | 2024-03-29 | 北京车和家信息技术有限公司 | Vehicle data processing method, device, equipment, storage medium and vehicle |
CN112491648B (en) * | 2020-11-17 | 2022-03-08 | 重庆美沣秦安汽车驱动系统有限公司 | Automobile communication data conversion method based on CAN communication matrix and storage medium |
CN113411268B (en) * | 2021-05-24 | 2022-08-12 | 深圳市元征未来汽车技术有限公司 | Data transmission method, data transmission device and electronic equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1671097A (en) * | 2004-03-17 | 2005-09-21 | 华为技术有限公司 | A method and system for end-to-end wireless encryption communication |
CN101155357A (en) * | 2006-09-29 | 2008-04-02 | 英华达(上海)电子有限公司 | Device and method for recording and saving voice call on mobile phone |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1417980A (en) * | 2002-11-07 | 2003-05-14 | 吕京建 | Intelligent gateway device for vehicle controller LAN |
CN1852184A (en) * | 2005-04-22 | 2006-10-25 | 鸿富锦精密工业(深圳)有限公司 | Vehicle network system |
CN2932844Y (en) * | 2006-07-18 | 2007-08-08 | 吉林大学 | Vehicle body controller that supports multiple bus connection |
CN1960347A (en) * | 2006-11-06 | 2007-05-09 | 吉林大学 | Wireless car borne gateway system |
-
2017
- 2017-09-05 CN CN201710789108.7A patent/CN107426075B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1671097A (en) * | 2004-03-17 | 2005-09-21 | 华为技术有限公司 | A method and system for end-to-end wireless encryption communication |
CN101155357A (en) * | 2006-09-29 | 2008-04-02 | 英华达(上海)电子有限公司 | Device and method for recording and saving voice call on mobile phone |
Also Published As
Publication number | Publication date |
---|---|
CN107426075A (en) | 2017-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107426075B (en) | The communication means of security gateway based on multichannel CAN bus and ethernet communication | |
US11546448B2 (en) | System and method for data compression based on data position in frames structure | |
Groza et al. | Security solutions for the controller area network: Bringing authentication to in-vehicle networks | |
US11722293B2 (en) | Selective real-time cryptography in a vehicle communication network | |
Cho et al. | Deep packet filter with dedicated logic and read only memories | |
EP3297247A1 (en) | In-vehicle encrypted networking | |
CN101834840B (en) | There is efficient key derivation system, the method and apparatus for end-to-end network security of business visuality | |
CN102291268B (en) | Safety domain name server and hostile domain name monitoring system and method based on same | |
CN103929428B (en) | A kind of method for realizing vehicle electronics information system communication safety | |
Attig et al. | Implementation results of bloom filters for string matching | |
CN103875214B (en) | Intelligent phy with security detection for ethernet networks | |
CN102523219B (en) | Regular expression matching system and regular expression matching method | |
CN105320034A (en) | Securely providing diagnostic data from a vehicle to a remote server using a diagnostic tool | |
JPH06315027A (en) | Method and equipment for data authentication in data communication environment | |
Groza et al. | Highly efficient authentication for CAN by identifier reallocation with ordered CMACs | |
CN102970228B (en) | A kind of message transmitting method based on IPsec and equipment | |
CN102624726A (en) | Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method | |
Giannopoulos et al. | Securing vehicular controller area networks: An approach to active bus-level countermeasures | |
CN110381075A (en) | Equipment identities authentication method and device based on block chain | |
Huang et al. | A novel identity authentication for FPGA based IP designs | |
Wu et al. | A digital watermark method for in-vehicle network security enhancement | |
CN114124416A (en) | System and method for quickly exchanging data between networks | |
CN110381074B (en) | Distributed attack defense method aiming at DHCP framework based on big data | |
Shreejith et al. | Zero latency encryption with FPGAs for secure time-triggered automotive networks | |
Xue et al. | Reverse fast replay attack tunnel lighting system based on CAN bus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |