CN107426075B - The communication means of security gateway based on multichannel CAN bus and ethernet communication - Google Patents

The communication means of security gateway based on multichannel CAN bus and ethernet communication Download PDF

Info

Publication number
CN107426075B
CN107426075B CN201710789108.7A CN201710789108A CN107426075B CN 107426075 B CN107426075 B CN 107426075B CN 201710789108 A CN201710789108 A CN 201710789108A CN 107426075 B CN107426075 B CN 107426075B
Authority
CN
China
Prior art keywords
data
random number
frame
data frame
ethernet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710789108.7A
Other languages
Chinese (zh)
Other versions
CN107426075A (en
Inventor
崔杰
秦贵和
邹密
孙迪
赫工博
付强
吴玲云
徐洋
刘敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jilin University
Original Assignee
Jilin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jilin University filed Critical Jilin University
Priority to CN201710789108.7A priority Critical patent/CN107426075B/en
Publication of CN107426075A publication Critical patent/CN107426075A/en
Application granted granted Critical
Publication of CN107426075B publication Critical patent/CN107426075B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/0001Systems modifying transmission characteristics according to link quality, e.g. power backoff
    • H04L1/0006Systems modifying transmission characteristics according to link quality, e.g. power backoff by adapting the transmission format
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Abstract

The present invention provides a kind of security gateway and communication means based on multichannel CAN bus and ethernet communication, the backbone network transmitted using multichannel Ethernet as information, the security gateway and its communication means that connection multichannel CAN bus directly communicates with in-car controller and in-car detection device, it is possible to achieve safe and efficient real-time data communication.Since the security gateway uses multichannel CAN bus and ethernet link, call duration time is greatly reduced, improves communication efficiency.

Description

The communication means of security gateway based on multichannel CAN bus and ethernet communication
Technical field
The present invention provides a kind of security gateway and communication means based on multichannel CAN bus and multichannel ethernet communication, uses In the controller and in-car detection device progress safety of realizing that PC control terminal is connected by Ethernet with in-car CAN bus Communication, belongs to technical field of communication safety and comprising.
Background technology
Controller local area network (Controller Area Network, CAN) is used as a kind of field bus technique, due to The features such as its reliability is high, stability is good, strong antijamming capability, communication speed are high low with maintenance cost, is widely used in work Industry control field.In view of CAN bus is also extensively used to realize automobile in the design of its good performance and uniqueness, automotive field Data communication between internal controller, actuator and each detection device.
Ethernet is the basic networking technology of internet, and ICP/IP protocol is the most basic protocol family in internet, with ten thousand The popularization of thing interconnection concept and the development of Internet of Things, Ethernet is as a kind of amount of communication data is big, real-time is high and highly reliable Technology, be widely used in the field of each network service.
With the development of car networking technology and automatic Pilot technology, new requirement is proposed to automobile network communication technology. In-vehicle networking also by dynamical system, gradually develops into the multiple systems such as Infotainment, automobile assistant driving and security system.Together When, In-vehicle networking and the equipment being attached thereto are required for being diagnosed and being safeguarded by external interface, and this is needed based on shared The high bandwidth network communication technology support.Since Ethernet has the characteristics that technology maturation, high bandwidth and high performance-price ratio, it is in vapour Utilization rate in car is constantly soaring.The thing followed is the safety problem of network communication protocol and gateway, and hacker can be with pin A series of attacks are initiated to agreement and gateway, and are possible to spread to such attack ECU (the automatically controlled lists of automotive interior Member).Criminal can be by intercepting and capturing the encryption data in car networking communication, acquisition vehicle running state data after decryption, Automotive interior ECU can be intruded into, sends illegal instruction, remote control automobile.For example, tesla's automobile has been produced Lou again and again Hole, hacker can be unlocked, opened a window, opening boot, or even in case of the low-speed travel state being put out automobile with remote control automobile Fire.U.S. DARPA research centers are it has also been found that AM General company Anji star OnStart systems there are loophole, cause hacker can be with It is utilized to remote control automobile.Therefore in car networking and automatic Pilot field, how the in-car various data of gateway realization are passed through Between rapid translating and secure communication, both at home and abroad existing numerous scholars this problem is had made intensive studies.
In the protocol conversion and the communication technology of CAN bus and ethernet gateway, the technical method mainly used has:It is in-car The protocol gateway of multichannel CAN and in-car single channel Ethernet, it is main use in-car single channel twisted-pair feeder as ethernet communication bus and In-car CAN transceiver modules communication;The protocol gateway of the outer single channel Ethernet of in-car multichannel CAN and car, is mainly used for vehicle failure and examines It is disconnected and write with a brush dipped in Chinese ink in-car electronic control unit;The outer multichannel Ethernet protocol gateway of in-car multichannel CAN and car, mainly carries out data double The double main redundant transmissions of net, to ensure the stability of data transfer and reliability;Above-mentioned communication gate is applied to CAN and Ethernet Communication, to achieve the purpose that protocol conversion.
In CAN bus and the safe practice of ethernet gateway, the technical method mainly used has:Data encryption technology, Firewall technology and network authentication techniques etc..But simply Encryption Algorithm degree of safety is low, is easily broken, complicated encryption is calculated Method complexity is high, computationally intensive, is mismatched with the computing capability of vehicle-mounted embedded type chip, is also unsuitable for the real-time encrypted of data Transmission.Face frequently various attack pattern, the complexity of key generation and be difficult to manage, and listener-in in link layer or The various packet capturing technologies that other nodes use, existing safe practice can not be applied to car networking well and communicate, it is impossible to completely Realize the purpose of secure communication.
The content of the invention
The present invention provides a kind of security gateway and communication means based on multichannel CAN bus and multichannel ethernet communication, uses In realizing that controller that PC control terminal be connected by Ethernet with in-car CAN bus and in-car detection device are led to Letter.
In the protocol conversion stage, security gateway is by in-car CAN bus by the CAN message received by CAN protocol data Be converted to Transmission Control Protocol data.
In the encapsulated phase of multichannel communication multiple telecommunication protocol data frame, given birth to first by the nested pseudo random number algorithm that the present invention defines The random number sequence fixed into one, when pseudo random number algorithm nested order and random number seed determine, generate every time with Element value determines in machine Number Sequence.
Then according to the genesis sequence of element in random number sequence, first first element in random number sequence is input to The customized DataLen functions of the present invention, the length using the natural number N that DataLen functions export as data block after splitting, from First byte of Transmission Control Protocol data starts, and takes out the data that length is N byte and is used as data block after fractionation, is filled into attached drawing 3 The data data fields of communications data frame;Using first element in random number sequence as the numbering for splitting data block, it is filled into The headNum data fields of communications data frame in attached drawing 3;By the data data fields and headNum data of communications data frame in attached drawing 3 Domain is input to MD5 algorithms generation MD5 digital finger-prints, and the MD5 digital finger-prints of generation are filled into communications data frame in attached drawing 3 Md5Check data fields.So far encapsulation of the multichannel communication multiple telecommunication agreement of the invention defined to first data frame is completed.
According to the genesis sequence of element in random number sequence, second element in random number sequence is then input to this Customized DataLen functions are invented, the length using the natural number J that DataLen functions export as data block after splitting, from The N+1 bytes of Transmission Control Protocol data start, and take out the data that length is J bytes and are used as data block after fractionation, are filled into attached drawing 3 The data data fields of middle communications data frame;Using second element in random number sequence as the numbering for splitting data block, filling The headNum data fields of communications data frame into attached drawing 3;By the data data fields and headNum numbers of communications data frame in attached drawing 3 MD5 algorithms generation MD5 digital finger-prints are input to according to domain, the MD5 digital finger-prints of generation are filled into communications data frame in attached drawing 3 Md5Check data fields.So far encapsulation of the multichannel communication multiple telecommunication agreement of the invention defined to second data frame is completed.
And so on, until the k-th element in random number sequence is input to the customized DataLen letters of the present invention Number, DataLen functions output natural number M be greater than or equal to it is remaining do not split Transmission Control Protocol data block byte number when, will be remaining The Transmission Control Protocol data not split are filled into the data data fields of communications data frame;Using k-th element as remaining Transmission Control Protocol number The headNum data fields of communications data frame are filled into according to the numbering of block;Then by the data data fields of communications data frame and HeadNum data fields are input to MD5 algorithms generation MD5 digital finger-prints, and the MD5 digital finger-prints of generation are filled into communications data frame Md5Check data fields;So far, the fractionation to Transmission Control Protocol data is completed, and fractionation is obtained into data block and is packaged into data Frame.
In information transmission phase, first, calculate communications data frame number N in every group, N=split data block number/with Too network interface number;Randomly select N number of data frame as one group of data packet using linear congruential method, by this group of data packet with one with Too network interface is bound, and so on, until all communications data frames have been grouped, all groups are bound with Ethernet interface;So Parallel transmission communication data packet is to host computer control terminal at the same time for multichannel Ethernet afterwards, until all communication data packets have been sent Finish.
The stage is received in information, MD5 fingerprints school is used by the received each data frame of PC control end-on first Data integrity is tested, is then obtained splitting data block, solution according to the data data fields of multichannel communication multiple telecommunication protocol analysis communications data frame The headNum data fields of analysis communications data frame obtain splitting the numbering of data block;Obtained according to self-defined secret order algorithm Secret The nested pseudo random number algorithm identical with security gateway, uses the nested pseudo random number algorithm identical with security gateway, generation one A random number sequence;First element in sequence is taken out first, finds the value of communications data frame headNum data fields and the The identical communications data frame of one element, the data data fields for taking out the communications data frame are joined the team into recombination data queue;So Afterwards take out sequence in second element, find communications data frame headNum data fields value it is identical with second element lead to Letter data frame, the data data fields for taking out the communications data frame are joined the team into recombination data queue in tail of the queue;And so on, until All data data fields received are joined the team into recombination data queue, are combined as complete Transmission Control Protocol data;So as to complete safety Efficient communication process, the secure communication applied to remote control terminal and in-car controller and in-car detection device.
The present invention provides a kind of security gateway based on multichannel CAN bus and multichannel ethernet communication, its PC control Terminal and the communication means step of in-car controller and in-car detection device are as follows:
1) CAN bus is connected by Ethernet in PC control terminal to communicate with in-car controller and in-car detection device When, the authentication using the static password that both sides arrange by security gateway, PC control terminal is obtained to be controlled with in-car The communication authority of device and in-car detection device;
2) after PC control terminal obtains communication authority, nested pseudo random number algorithm that gateway safe to use defines is raw Into a fixed random number sequence, when pseudo random number algorithm nested order and random number seed determine, what is generated every time is random Element value determines in Number Sequence;Three kinds of Pseudo-Random Numbers are included in the nesting pseudo random number algorithm:Linear congruential method, shifting Bit register serial method and super prime number method.
Three kinds of algorithm definition are introduced in turn below.
First random algorithm:Linear congruential method
Xn+1=(aXn+ c) mod m, n >=0 (1.1)
Wherein:
N is natural number;
Xn+1For random number;
During n=0, initial value X0Referred to as seed;
Constant a is known as multiplier;
Constant c is known as constant;
Constant m is known as modulus;
Mod is modulo operation;
The random number being distributed in order to obtain on [0,1] section, Ke Yiling
Wherein RnFor the random number met the requirements;
For (1.1) formula, as c=0, which is known as multiplicative congruential method;As c ≠ 0, which is known as mixing congruence Method;
Second random algorithm:Shift-register sequence method
Shift-register sequence method is the method for randomly generating 0,1 binary digit.It is transported based on primitive polynomial with mould 2 Calculate.If basis trinomial is xp+xq+ 1 corresponding shift-register generator is:
Xi=[Xi-p+Xi-(i-q)] mod 2, i=p, p+1 ... (1.3)
To the binary numeral X in registeriMake recursive operation, wherein:
P, q is given positive integer;
Xi(i=1,2 ..., p-1) is given constant;
Given initial value Xi(X-p, X-p+1 ..., X-1), 0 or 1 value produced by formula form binary system ordered series of numbers { an}.Cut Access row { anIn continuous L form a L bit;Then L are intercepted and forms a binary number again, with such Push away;
3rd random algorithm:Super prime number method
If M is prime number, ZiGathering { 1,2 ..., M-1 }, if there is both about (molecule and denominator are relatively prime for proper fraction Proper fraction) Zi/ M is represented by pure circulating decimal (representation such as 0.a1a2...a1a1a2...a1), and repetend T=M-1, then Prime number M is referred to as super prime number;
Pure circulating decimal existence condition theorem in number theory, with reference to the definition of super prime number, gives generation pseudorandom The general super prime number method of sequence, its recurrence formula are:
Zi+1=(10*Zi) mod M, i=1,2,3 ... (1.4)
Wherein:
M is super prime number;
Z is nature manifold { Zi| 0 < Zi< M }, Zi∈Z;
I is expressed as natural number;
Mod is modulo operation;
The pseudo random number of this method generation is classified as an integer cyclic sequence, and the minimal circulation cycle is M-1, in each minimum Only occur once from 1 to each integer M-1 in cycle.
The nested pseudo random number algorithm of the present invention is defined as follows:
Wherein:
R represents nested random number;
Represent a kind of pseudo-random number generator;
θ represents another pseudo-random number generator;
T is expressed as present system time;
G represents a kind of mapping of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C, i.e. A → B, A → C;
F represents the random number functions being distributed on output [0,1] section;
N represents natural number;
XnRepresent random number seed;
M is expressed as modulus;
Represent downward rounding symbol;
A random real number being evenly distributed between [0,1], mapping are produced first by above-mentioned linear congruential method (1.6) Any two kinds of pseudo random number algorithms included in nested pseudo random number algorithm are chosen, mapping method is as follows:
Function g in formula (1.5) is that set A (set of random numbers) arrives B (pseudo random number algorithm set) and C (pseudorandoms Number algorithm sets) a kind of mapping, i.e. A → B, A → C;The random real number for being evenly distributed on [0,1] produced by formula (1.6)In set B, ifThen(α represents linear congruential method);IfThen(β represents shift-register sequence);Then(γ represents super prime number method);In set C, ifThenIfThenIfThen
By above-mentioned mapping method, a kind of pseudo-random number generator will be obtained by formula (1.5)Use system time T As random real number r of the random number seed formation range between [1,100]1As radix, obtained another pseudo random number Maker θ, using random real number rs of the two times of 2T of system time as random number seed formation range between [1,100]2As Offset, by r1With r2Lower rounding backward is added, obtains a nested random integers r;Often generate a random number r, all with before Generation each random number compare, except first random number of generation, if therewith previous existence into random number it is equal, give up Abandon, otherwise insert generating random number sequence;Finally obtain the unduplicated nested random number sequence of an element numerical value.
3) Transmission Control Protocol data to be sent are split, the data block length bytes range defined in multichannel communication multiple telecommunication agreement exists [10,20] between;First element r in the random sequence that step 2 generates is taken out, by the self-defined DataLen letters of the present invention Number, the function are defined as:
Obtained numerical value ω (r) ∈ [10,20], using the numerical value as the length for splitting data block, from Transmission Control Protocol data First byte starts, and takes out length and obtains data block as fractionation for the data of ω (r) bytes, the data block that fractionation is obtained is filled out The data data fields of communications data frame in attached drawing 3 are charged to, this communications data frame is first communications data frame;It is random using taking out First element r in sequence obtains the numbering of data block as splitting, which is filled in first communications data frame HeadNum data fields;And so on, second is taken out in random sequence, the 3rd ... element will communicate using aforesaid way Data are split as data block and number, until ω (r ') that the random number r ' of taking-up is obtained by DataLen functions is more than or waits In remaining Transmission Control Protocol data block length, then Transmission Control Protocol data cannot be split again, at this time by remaining Transmission Control Protocol data Block is filled into the data data fields of last frame data, is filled the random number r ' of taking-up as the numbering of the data block to the end The headNum data fields of one frame data, complete the fractionation to Transmission Control Protocol data and numbering;During splitting Transmission Control Protocol data The data block number Q split using counter records;
4) the data data fields in step 3 communications data frame and headNum data fields are input to MD5 algorithms generation MD5 Digital finger-print, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Wherein MD5 (Message Digest 5) algorithm is a kind of hash algorithm;MD5 algorithms are defined as:
The data of input are handled for packet with 512, and each packet is divided into 16 32 seats packets again, passes through After a series of processing, the output of MD5 algorithms is formed by four 32, one will be generated after this four 32 packet concatenations The hashed value of 128, the value are digital finger-print;
Data type (such as communications data frame) and communication data frame length finally are separately added into communications data frame DataType data fields and length data fields, obtain full communication data frame, complete encapsulation;In its data structure such as attached drawing 3 Communication data frame structure;Most encapsulation finishes data frame and is sent into data queue to be sent at last;
5) the preceding Q in the random sequence for first generating step 2 (the data block number that fractionation obtains) a element is put successively Enter in the dynamic array that size is Q;Then random integers of the scope in [0, Q-1] are produced using linear congruential method, search with The identical array index value of the random number, array element (i.e. data block is numbered) institute the array index value meaning found are right The data frame answered is sent into data splitter to be sent;Randomly select Q/N (N is Ethernet interface number) a data frame group for the first time First data splitter to be sent is sent into data packet, the data packet in first queue is transmitted by first via Ethernet;With This analogizes, and performs n times repeatedly, chooses N groups data packet altogether and is sent into N number of data splitter to be sent, is transmitted by N roads Ethernet N number of Data packet in data splitter to be sent;Complete the random packet to all communications data frames, and all groups of equal and Ethernets Interface is bound;Eventually through N roads Ethernet at the same time and the data packet be about in N number of data splitter to be sent is sent to communication pair End;
6) by used in step 3 two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame, RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order Data type, is added the dataType data fields of secret order data frame, secret order data frame number by the md5Check data fields of data frame The length data fields of secret order data frame are added according to length, complete the encapsulation to secret order data, its data structure such as 3 kinds of attached drawing is close Make data frame structure;Sent by Ethernet all the way to security gateway;
7) after security gateway receives data packet, by the data frame in multichannel communication multiple telecommunication protocol analysis data packet, data are extracted Length length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type, If communications data frame, then the data data fields for receiving data frame and headNum data fields are calculated using MD5 algorithms MD5 digital finger-prints are compared with receiving MD5 digital finger-prints, so that checking data integrity;If data are tampered or lose, The reissue commands data frame comprising communications data frame type and the data frame number, its data knot are sent to host computer control terminal Reissue commands data frame structure in structure such as attached drawing 3;If verification is complete, using data Field Number headNum as number field, And carry out building table as content field as index, data field data;If secret order data, then calculated and connect using MD5 algorithms Receive data frame randomType1, randomType2 and seedValue and dataNum data fields MD5 digital finger-prints with The MD5 digital finger-prints received compare, checking data integrity;It is whole to PC control if data are tampered or lose End, which is sent, includes the reissue commands data frame of secret order data frame type, reissue commands data frame knot in its data structure such as attached drawing 3 Structure, headNum data fields are by 0 filling at this time;If verification is complete, self-defined secret order algorithm Secret, algorithm definition are used:
Parse secret order data frame, obtain receive pseudo random number algorithm randomType1 in secret order data frame, RandomType2 and random number seed seedValue and fractionation data block number dataNum, uses the nesting of formula (1.5) pseudo- Random number algorithm generates random sequence, carries out traversal to the preceding dataNum element in random number sequence and tables look-up, often traverses one A element, whether there is the element in look-up table, if it is present the corresponding data data fields of the element are retrieved, it is suitable by traveling through The data data fields that ordered pair retrieves are joined the team into recombination data queue in tail of the queue;Compiled if it does not exist, then the random number corresponds to Number dropout of data block, to host computer control terminal send comprising the data block numbering reissue commands, until security gateway connects The data frame containing the numbering is received, the data data fields of the data frame are joined the team to recombination data queue in tail of the queue;It is final complete The restructuring of paired Transmission Control Protocol data;
8) the Transmission Control Protocol data protocol of restructuring is converted into CAN bus data, is sent by multichannel CAN bus to in-car Controller and in-car detection device, and wait reply CAN message;
9) security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message by CAN protocol is converted to Transmission Control Protocol data, by security gateway use with step 2,3,4 identical methods to TCP protocol datas into Row splits, MD5 digital finger-prints is added after numbering, completes the protocol encapsulation of data block;Q/N are randomly selected using step 5 method Data frame is one group, forms N group data packets, passes through N roads Ethernet transmitted in parallel to host computer control terminal;
10) data verified with step 7 same way by the use of PC control terminal, organize bag, obtained complete Transmission Control Protocol data;So as to complete once complete PC control terminal by multichannel Ethernet connect multichannel CAN buses with In-car controller and the process of in-car detection device secure communication;
In-car controller and in-car detection device and the communication of PC control terminal can be realized with above-mentioned steps.
The present invention provides a kind of equipment of the method for the security gateway of CAN bus and ethernet communication based on multichannel, bag Include:ARM is the embedded platform of core processor;CAN bus module and ethernet module;
The ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
The CAN bus module includes CAN controller and CAN transceiver;
The ethernet module includes ethernet transceiver;
Wherein, for security gateway based on the embedded platform using ARM as core processor, which is equipped with Linux operations System;The CAN passages of ARM core processors are connected with multichannel CAN controller and transceiver, the other end access of CAN transceiver CAN bus is connected with in-car controller with in-car detection device, for receiving and dispatching CAN message;The Ethernet of ARM core processors connects Mouth is connected with multichannel ethernet transceiver, the other end connection PC control terminal of Ethernet, for receiving and dispatching ethernet communication Protocol data;The embedded platform includes multichannel CAN bus module, multichannel ethernet module after above-mentioned extension;Specific CAN Bus links quantity depends on the quantity of in-car controller and in-car detection device and the demand to communication efficiency, ether network chain Way amount depends on specific safe class, and number of links more multi-security level(MSL) is higher;
The security gateway based on multichannel CAN bus and ethernet communication provided, is core processor due to the use of ARM Embedded platform, and transplanted under Linux CAN bus and driven;When ethernet module communicates with PC control terminal Using Socket API, Socket Can API are used when CAN bus module communicates with in-car control and detection device;Use When multichannel CAN bus and ethernet link communicate, can utilize network service API detections link whether idle or failure, if There is link failure or busy, select idle link, and notify PC control terminal-pair faulty link to back up and repair.
The backbone network that the present invention is transmitted using multichannel Ethernet as information, connection multichannel CAN bus are directly controlled with in-car Device processed and the security gateway and its communication means of in-car detection device communication, it is possible to achieve safe and efficient real-time data communication. Since the security gateway uses multichannel CAN bus and ethernet link, call duration time is greatly reduced, improves communication effect Rate.
Security gateway one end connects CAN bus and communicates with multiple in-car controllers and multiple in-car detection devices, the other end Connection Ethernet communicates with PC control terminal;The agreement that the present invention is realized between CAN bus data and TCP data turns Change, while data are split as the random data block of length using the nested pseudo random number algorithm that the present invention defines;By data block It is encapsulated into the random multichannel communication multiple telecommunication protocol communication data frame defined by the present invention of numbering;Last security gateway is according to Ethernet Number of ports, repeatedly randomly selects N number of data frame and forms multiple data packets, each data packet is bound with an Ethernet interface, more Transmitted in parallel data packet to Correspondent Node, will receive data packet by Correspondent Node and be defined by the present invention a ethernet link at the same time Multichannel communication multiple telecommunication protocol analysis, be reassembled as complete TCP data so that PC control terminal connects car by security gateway Internal controller and in-car detection device, are realized based on multichannel CAN bus and the safety net of the conversion of multichannel Ethernet protocol and communication Close.
The positive effect of the present invention is:Using multichannel CAN bus and the security gateway of ethernet communication, car connection is realized Conversion in net between in-car CAN bus agreement and the communication protocol of Ethernet, while torn open data using pseudo random number algorithm After being divided into data block, data block is put into and numbers random data frame, then randomly selects N number of data frame as data packet, system Multiple data packets will be generated according to Ethernet interface number, each data packet is bound with an Ethernet interface, multiple ether network chains Road sends data packet at the same time.Its random algorithm arithmetic speed is fast, while real-time is ensured, due to data frame number, data Frame group packet mode with communication institute using ethernet link numbering be all by the present invention define nested pseudo random number algorithm generation, Data chunk in communication can not be synthesized intentional partial data by invader, can not be sent in communication system significant Data, efficiently avoid communication system by illegal invasion, ensure that the security and anti-destructive of communication system.Use at the same time Multiple ethernet link transmitting data in parallel, used the multiple in-car control devices of multichannel CAN bus links connection with it is in-car Detection device, it is ensured that PC control terminal and multiple in-car control devices, multiple in-car detection device parallel communications, show Improve communication efficiency with writing.
Brief description of the drawings
Fig. 1 is the structure chart of the present invention;
Fig. 2 is the system flow chart of the present invention;
Fig. 3 is the data structure diagram of the present invention;
In Fig. 3:DataType represents data type, such as communications data frame, secret order data frame, reissue commands data frame, position In the 4 high of each the 1st byte of data frame;Length represents data frame length, 4 low positioned at each the 1st byte of data frame; HeadNum represents data field coding, positioned at the 2nd byte of communications data frame and reissue commands data frame;Data represents data field, Positioned at communications data frame the 19th byte to the 38th byte;RandomType1 represents the first pseudo random number algorithm, positioned at secret order number It is 4 high according to the 2nd byte of frame;RandomType2 represents second of pseudo random number algorithm, positioned at the 2nd byte low 4 of secret order data frame Position;SeedValue represents random number seed, positioned at the 3rd byte of secret order data frame;DataNum represents fractionation data field number, Positioned at the 4th byte of secret order data frame;Md5Check represents MD5 digital finger-prints, in communications data frame and reissue commands data frame Positioned at the 3rd byte to 18 bytes, the 5th byte to the 20th byte is located in secret order data frame.
Embodiment
With reference to Fig. 1 and Fig. 2 and Fig. 3, the present invention is described further by following embodiments.Not in any way The limitation present invention, on the premise of without departing substantially from the technical solution of the present invention, ordinary skill made for the present invention Personnel's any modifications or changes easy to implement are fallen within scope of the presently claimed invention.
Embodiment 1
With reference to Fig. 1, Fig. 2 and Fig. 3, embedded platform, the eight road CAN that the device of the invention has ARM to be core processor are total Wire module and two-way ethernet module;
The ARM is that the embedded platform of core processor is equipped with (SuSE) Linux OS;
The CAN bus module includes CAN controller and CAN transceiver;
The ethernet module includes ethernet transceiver;
Wherein, the CAN passages of ARM core processors are connected with eight tunnel CAN controllers and transceiver, CAN transceiver it is another One end accesses CAN bus and is connected with in-car control and detection device, for receiving and dispatching CAN message;The Ethernet of ARM core processors Interface is connected with two-way ethernet transceiver, the other end connection PC control terminal of Ethernet, for receiving and dispatching ether netting index According to;
PC control terminal connects eight tunnel CAN bus links by two-way Ethernet and leads to in-car control and detection device The process of letter is as follows:
1. connect CAN bus by Ethernet in PC control terminal to communicate with in-car controller and in-car detection device When, the authentication using the static password that both sides arrange by security gateway, PC control terminal is obtained to be controlled with in-car The communication authority of device and in-car detection device;
2. PC control terminal is after communication authority is obtained, by the formula (1.5) in multichannel communication multiple telecommunication agreement and (1.6):
A random sequence is produced, the first random number r taken out in random sequence uses DataLen functions (1.7):
Using obtained numerical value ω (r) as the length for splitting data block, since the first byte of Transmission Control Protocol data, take Go out the data that length is ω (r) bytes and obtain data block as fractionation, the data block that fractionation is obtained is filled into attached drawing 3 and communicates The data data fields of data frame, this communications data frame are first communications data frame;Use first taken out in random sequence Element r obtains the numbering of data block as fractionation, which is filled in the headNum data fields of first communications data frame; And so on, second is taken out in random sequence, Transmission Control Protocol data are split as counting by the 3rd ... element using aforesaid way According to block and number, until the ω (r ') that the random number r ' of taking-up is obtained by DataLen functions is greater than or equal to remaining TCP associations Data block length is discussed, then Transmission Control Protocol data cannot be split again, at this time by remaining Transmission Control Protocol data block filling to the end The data data fields of one frame data, last frame data are filled into using the random number r ' of taking-up as the numbering of the data block HeadNum data fields, complete the fractionation to Transmission Control Protocol data and numbering;Counter is used during splitting Transmission Control Protocol data Record splits obtained data block number Q;
3. the data data fields in step 2 communications data frame and headNum data fields are input to MD5 algorithms generation MD5 Digital finger-print, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Finally by data type (communications data frame) and communication data frame length are separately added into the dataType data fields and length data fields of communications data frame, Full communication data frame is obtained, completes encapsulation;Communication data frame structure in its data structure such as attached drawing 3;Most encapsulation finishes at last Data frame is sent into data queue to be sent;
4. preceding Q (the data block number that fractionation obtains) a element in the random sequence that step 2 is generated is sequentially placed into greatly In the small dynamic array for Q;Random integers of the scope in [0, Q-1] are produced using linear congruential method, are searched and the random number Identical array index value, the data corresponding to the array element (i.e. data block is numbered) of the array index value meaning found Frame is sent into data splitter to be sent;For the first time Q/2 (2 be Ethernet interface number) a data frame composition data bag is randomly selected to send Enter first data splitter to be sent, the data packet in first queue is transmitted by first via Ethernet;Second of random choosing Q/2 data frame composition data bag is taken to be sent into second data splitter to be sent, the data packet in second queue is by second Road Ethernet transmission;All communications data frames are randomly divided into two groups, and two groups of data packets are bound with two-way Ethernet interface; By two-way Ethernet by the data packet transmitted in parallel in two data splitters to be sent to Correspondent Node;
5. by used in step 2 two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame, RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order Data type, is added the dataType data fields of secret order data frame, secret order data frame number by the md5Check data fields of data frame According to length add secret order data frame length data fields, complete the encapsulation to secret order data, by Ethernet all the way send to Security gateway;
After 6. security gateway receives data packet, by the data frame in multichannel communication multiple telecommunication protocol analysis data packet, extract data Length length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type, If communications data frame, then the data data fields for receiving data frame and headNum data fields are calculated using MD5 algorithms MD5 digital finger-prints are compared with receiving MD5 digital finger-prints, so that checking data integrity;If data are tampered or lose, The reissue commands comprising communications data frame type and the data frame number are sent to host computer control terminal;If verification is complete, Then using data Field Number headNum as number field, and built as index, data field data as content field Table;If secret order data, then calculated using MD5 algorithms randomType1, randomType2 for receiving data frame and The MD5 digital finger-prints of seedValue and dataNum data fields are compared with the MD5 digital finger-prints received, and verification data is complete Property;If data are tampered or lose, the reissue commands for including secret order data frame type are sent to host computer control terminal, its The headNum data fields of middle reissue commands data frame are by 0 filling;If verification is complete, made by self-defined secret order algorithm Secret With pseudo random number algorithm randomType1, randomType2 and random number seed received in secret order data frame SeedValue, generates random sequence, before in random number sequence using the nested pseudo random number algorithm of formula (1.5) DataNum element carries out traversal and tables look-up, and often traverses an element, whether there is the element in look-up table, if it is present The corresponding data data fields of the element are retrieved, are joined the team by traversal order to the data field retrieved in tail of the queue to recombination data team In row;If it does not exist, then the admission control of the random number reference numeral, sends to host computer control terminal and includes the data The reissue commands of frame number, until security gateway receives the data frame containing the numbering, by the data data fields of the data frame Join the team in tail of the queue to recombination data queue;It is finally completed the restructuring to Transmission Control Protocol data;
7. obtained Transmission Control Protocol data protocol is converted to CAN bus data, sent by eight tunnel CAN bus to in-car Controller and in-car detection device, and wait reply data;
8. security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message number Transmission Control Protocol data are converted to according to by CAN protocol, are used by security gateway with step 2,3,4 identical methods to Transmission Control Protocol number According to MD5 digital finger-prints are added after being split, being numbered, the protocol encapsulation of data block is completed;Q/ is randomly selected using step 4 method 2 data frames are one group, form two groups of data packets, pass through two-way Ethernet transmitted in parallel to host computer control terminal;
9. being verified by the use of PC control terminal with step 6 same way to data, organizing bag, obtain complete Transmission Control Protocol data;Eight tunnel CAN bus and car are connected by two-way Ethernet so as to complete once complete PC control terminal Internal controller and the process of in-car detection device secure communication.
Test case
The eight tunnel CAN bus and the security gateway and method of two-way ethernet communication provided embodiment 1 carry out following Experiment:
1. eight tunnel CAN bus and car are connected by two-way Ethernet to PC control terminal by 1 the method for embodiment Internal controller and in-car detection device communicate, and it is 250K to set CAN communication baud rate, per second in theory to receive 2500 Frame CAN extends frame data, and CAN data framing protocols are converted to Transmission Control Protocol data, at most available 20000 byte significant figures According to, the data of every 2000 byte be split as 100 data blocks be packaged into after data frame to be divided into two groups of data packets, by two-way with Too net is transferred to PC control terminal;
2. during data are transmitted to PC control terminal by two-way Ethernet, if existed using packet capturing technology Ethernet data link layer data intercept bag all the way, then the data being truncated in data packet are imperfect, are reassembled as effectively complete The probability of data is 0;If using packet capturing technology in two-way ethernet link layer data intercept bag, it is difficult to considerably increase monitoring Degree;If intercepting and capturing two groups of data packets in two-way ethernet link, since data pass through multichannel communication multiple telecommunication protocol encapsulation in data packet, It can not learn the data data fields position in data intercept bag;Even if obtain 100 data data in all data intercept bags Domain, then all 100 data data fields of combination are probably 100!=9.33262154439400e+157 kinds, use China No. two supercomputers of the Milky Way that the National University of Defense technology develops, with the flop operating speed of 33.86 petaflops per second by force Crack method and calculate 100!Kind may be, it is necessary to (9.33262154439400e+157)/(3.3860e+018)=2.75623e+139 Second=8.73997e+131, as a consequence it is hardly possible to which completion cracks.
The safety net of multichannel CAN bus used in the present invention and multichannel ethernet communication is able to demonstrate that by above-mentioned experiment Pass, which can effectively prevent communication data and be stolen caused by, information leakage and distorts communication data, and then invades Communication system does illegal manipulation, greatly ensure that the security and anti-destructive of communication.
Conclusion:
The security gateway and its communication means based on multichannel CAN bus and ethernet communication that the present invention uses, even if number Intercepted and captured according in ethernet link layer by packet capturing technology, and imperfect, irregular and not reconstitutable invalid fragment type data. Meanwhile invader can not send meaningful data in communication system, communication system is effectively avoided by illegal invasion.And Communication both-end can but use the method that the present invention uses to complete to recombinate to data, obtain complete effective data, it is ensured that logical The security and anti-destructive of letter system.

Claims (1)

1. a kind of communication means of the security gateway of CAN bus and ethernet communication based on multichannel, comprises the following steps:
1) when PC control terminal connects CAN bus by Ethernet and communicates with in-car controller and in-car detection device, Using the static password that both sides arrange by the authentication of security gateway, PC control terminal obtain with in-car controller with The communication authority of in-car detection device;
2) after PC control terminal obtains communication authority, nested pseudo random number algorithm that gateway safe to use defines, generation one A fixed random number sequence, when pseudo random number algorithm nested order and random number seed determine, the random number sequence that generates every time Element value determines in row;
Nested pseudo random number algorithm is as follows:
<mrow> <mi>f</mi> <mrow> <mo>(</mo> <msub> <mi>X</mi> <mi>n</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mfrac> <msub> <mi>x</mi> <mi>n</mi> </msub> <mi>m</mi> </mfrac> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>1.2</mn> <mo>)</mo> </mrow> </mrow>
Wherein:
R represents nested random number;
Represent a kind of pseudo-random number generator;
θ represents another pseudo-random number generator;
T is expressed as present system time;
G represents a kind of mapping of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C, i.e. A → B, A →C;
F represents the random number functions being distributed on output [0,1] section;
N represents natural number;
XnRepresent random number seed;
M is expressed as modulus;
Represent downward rounding symbol;
A random real number being evenly distributed between [0,1] is produced first by above-mentioned linear congruential method (1.2), mapping is chosen Any two kinds of pseudo random number algorithms included in nested pseudo random number algorithm, mapping method are as follows:
Function g in formula (1.1) is the one of set of random numbers A to pseudo random number algorithm set B and pseudo random number algorithm set C Kind mapping, i.e. A → B, A → C;The random real number for being evenly distributed on [0,1] produced by formula (1.2)In set B, ifThenα represents linear congruential method;IfThenβ represents shift register sequence Row;Thenγ represents super prime number method;In set C, ifThenIfThenIfThen
By above-mentioned mapping method, a kind of pseudo-random number generator will be obtained by formula (1.1)Using system time T as with Random real number r of the several sub- formation ranges of machine between [1,100]1As radix, obtained another pseudo-random number generator θ, using random real number rs of the two times of 2T of system time as random number seed formation range between [1,100]2As offset Amount, by r1With r2Lower rounding backward is added, obtains a nested random integers r;Often generate a random number r, all therewith previous existence into Each random number compare, except first random number of generation, if therewith previous existence into random number it is equal, give up, Otherwise generating random number sequence is inserted;Finally obtain the unduplicated nested random number sequence of an element numerical value;
3) Transmission Control Protocol data to be sent are split, the data block length bytes range defined in multichannel communication multiple telecommunication agreement is in [10,20] Between;First element r in the random sequence of step 2) generation is taken out, by self-defined DataLen functions, function definition For:
Obtained numerical value ω (r) ∈ [10,20], using the numerical value as the length for splitting data block, from the first of Transmission Control Protocol data Byte starts, and takes out length and obtains data block as fractionation for the data of ω (r) bytes, the data block that fractionation is obtained is filled into The data data fields of middle communications data frame, this communications data frame are first communications data frame;Using in taking-up random sequence First element r obtains the numbering of data block as fractionation, which is filled in the headNum numbers of first communications data frame According to domain;And so on, second is taken out in random sequence, the 3rd ... communication data is split as by element using aforesaid way Data block is simultaneously numbered, until the ω (r ') that the random number r ' of taking-up is obtained by DataLen functions is greater than or equal to remaining TCP Protocol data block length, then Transmission Control Protocol data cannot be split again, remaining Transmission Control Protocol data block is filled into most at this time The data data fields of latter frame data, last frame data are filled into using the random number r ' of taking-up as the numbering of the data block HeadNum data fields, complete the fractionation to Transmission Control Protocol data and numbering;Counter is used during splitting Transmission Control Protocol data Record splits obtained data block number Q;
4) the data data fields in step 3) communications data frame and headNum data fields are input to MD5 algorithms generation MD5 numerals Fingerprint, the md5Check data fields MD5 digital finger-prints of generation being filled into communications data frame;Wherein MD5 algorithms are a kind of Hash algorithm;MD5 algorithms are defined as:
The data of input are handled for packet with 512, and each packet is divided into 16 32 seats packets again, by a system After the processing of row, the output of MD5 algorithms is formed by four 32, one 128 will be generated after this four 32 packet concatenations The hashed value of position, which is digital finger-print;
Data type and communication data frame length are finally separately added into the dataType data fields and length of communications data frame Data field, obtains full communication data frame, completes encapsulation;Most encapsulation finishes data frame and is sent into data queue to be sent at last;
5) the preceding Q element in the random sequence of step 2) generation is sequentially placed into the dynamic array that size is Q first, Q is Split obtained data block number;Then random integers of the scope in [0, Q-1] are produced using linear congruential method, searches and be somebody's turn to do The identical array index value of random number, is sent into the data frame corresponding to the array element of the array index value meaning found and treats Send data splitter;Q/N is randomly selected for the first time, and N is sent into first for the several data frame composition data bags of Ethernet interface Data splitter to be sent, the data packet in first queue are transmitted by first via Ethernet;And so on, n times are performed repeatedly, N groups data packet is chosen altogether and is sent into N number of data splitter to be sent, is transmitted by N roads Ethernet in N number of data splitter to be sent Data packet;The random packet to all communications data frames is completed, and all groups are bound with Ethernet interface;Eventually through N roads Ethernet is at the same time and the data packet be about in N number of data splitter to be sent is sent to Correspondent Node;
6) by used in step 3) two kinds of pseudo random number algorithms randomType1, randomType2 and random number seed SeedValue and split data block number dataNum composition secret order data frame, by the randomType1 in secret order data frame, RandomType2 and seedValue and dataNum data fields are input to MD5 algorithms generation MD5 digital finger-prints and are added to secret order number According to the md5Check data fields of frame, by the dataType data fields of data type addition secret order data frame, secret order data frame data Length adds the length data fields of secret order data frame, completes the encapsulation to secret order data;Sent by Ethernet all the way to peace Full gateway;
7) after security gateway receives data packet, by the data frame in multichannel communication multiple telecommunication protocol analysis data packet, data length is extracted Length and the data frame length received verify;The data frame finished to verification further parses, and extracts data type, if For communications data frame, then the data data fields of data frame and the MD5 numbers of headNum data fields are received using the calculating of MD5 algorithms Word fingerprint is compared with receiving MD5 digital finger-prints, so that checking data integrity;If data are tampered or lose, upwards Position machine control terminal sends the reissue commands data frame comprising communications data frame type and the data frame number;If verify It is whole, then using data Field Number headNum as number field, and built as index, data field data as content field Table;If secret order data, then calculated using MD5 algorithms randomType1, randomType2 for receiving data frame and The MD5 digital finger-prints of seedValue and dataNum data fields are compared with the MD5 digital finger-prints received, and verification data is complete Property;If data are tampered or lose, the reissue commands number for including secret order data frame type is sent to host computer control terminal According to frame, headNum data fields are by 0 filling at this time;If verification is complete, using self-defined secret order algorithm Secret, which determines Justice:
Parse secret order data frame, obtain receive pseudo random number algorithm randomType1 in secret order data frame, RandomType2 and random number seed seedValue and fractionation data block number dataNum, uses the nesting of formula (1.1) pseudo- Random number algorithm generates random sequence, carries out traversal to the preceding dataNum element in random number sequence and tables look-up, often traverses one A element, whether there is the element in look-up table, if it is present the corresponding data data fields of the element are retrieved, it is suitable by traveling through The data data fields that ordered pair retrieves are joined the team into recombination data queue in tail of the queue;Compiled if it does not exist, then the random number corresponds to Number dropout of data block, to host computer control terminal send comprising the data block numbering reissue commands, until security gateway connects The data frame containing the numbering is received, the data data fields of the data frame are joined the team to recombination data queue in tail of the queue;It is final complete The restructuring of paired Transmission Control Protocol data;
8) the Transmission Control Protocol data protocol of restructuring is converted into CAN bus data, is sent to in-car and controlled by multichannel CAN bus Device and in-car detection device, and wait reply CAN message;
9) security gateway is after the CAN message that in-car controller and in-car detection device are replied is received, by CAN message by CAN Protocol conversion is Transmission Control Protocol data, and Transmission Control Protocol data are carried out using the method with step 2), 3), 4) identical by security gateway Split, MD5 digital finger-prints are added after numbering, complete the protocol encapsulation of data block;Q/N number is randomly selected using step 5) method It is one group according to frame, forms N group data packets, pass through N roads Ethernet transmitted in parallel to host computer control terminal;
10) data verified with step 7) same way by the use of PC control terminal, organize bag, obtain complete TCP Protocol data;Multichannel CAN bus and in-car are connected by multichannel Ethernet so as to complete once complete PC control terminal Controller and the process of in-car detection device secure communication.
CN201710789108.7A 2017-09-05 2017-09-05 The communication means of security gateway based on multichannel CAN bus and ethernet communication Active CN107426075B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710789108.7A CN107426075B (en) 2017-09-05 2017-09-05 The communication means of security gateway based on multichannel CAN bus and ethernet communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710789108.7A CN107426075B (en) 2017-09-05 2017-09-05 The communication means of security gateway based on multichannel CAN bus and ethernet communication

Publications (2)

Publication Number Publication Date
CN107426075A CN107426075A (en) 2017-12-01
CN107426075B true CN107426075B (en) 2018-05-08

Family

ID=60434590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710789108.7A Active CN107426075B (en) 2017-09-05 2017-09-05 The communication means of security gateway based on multichannel CAN bus and ethernet communication

Country Status (1)

Country Link
CN (1) CN107426075B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10831911B2 (en) * 2017-12-19 2020-11-10 Industrial Technology Research Institute Method, computer program product and processing system for generating secure alternative representation
CN108712315A (en) * 2018-05-25 2018-10-26 北京长城华冠汽车科技股份有限公司 A kind of methods, devices and systems of control new-energy automobile vehicle body load
JP7042417B2 (en) * 2018-09-03 2022-03-28 株式会社オートネットワーク技術研究所 Communication equipment, transmission method and computer program
US10909261B2 (en) 2018-12-12 2021-02-02 Industrial Technology Research Institute Method and computer program product for generating secure alternative representation for numerical datum
CN111327575B (en) * 2018-12-14 2022-11-22 中车唐山机车车辆有限公司 Communication method and device based on Ethernet in train
CN110086566B (en) * 2019-03-18 2022-09-06 深圳市元征科技股份有限公司 Vehicle-mounted data transmission method and vehicle-mounted equipment
WO2021005875A1 (en) * 2019-07-09 2021-01-14 住友電気工業株式会社 On-vehicle communication system, on-vehicle device, and vehicle communication method
CN111782506A (en) * 2020-05-27 2020-10-16 中汽研汽车检验中心(天津)有限公司 Automobile gateway information safety testing device
CN112187936B (en) * 2020-09-29 2024-03-29 北京车和家信息技术有限公司 Vehicle data processing method, device, equipment, storage medium and vehicle
CN112491648B (en) * 2020-11-17 2022-03-08 重庆美沣秦安汽车驱动系统有限公司 Automobile communication data conversion method based on CAN communication matrix and storage medium
CN113411268B (en) * 2021-05-24 2022-08-12 深圳市元征未来汽车技术有限公司 Data transmission method, data transmission device and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1671097A (en) * 2004-03-17 2005-09-21 华为技术有限公司 A method and system for end-to-end wireless encryption communication
CN101155357A (en) * 2006-09-29 2008-04-02 英华达(上海)电子有限公司 Device and method for recording and saving voice call on mobile phone

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1417980A (en) * 2002-11-07 2003-05-14 吕京建 Intelligent gateway device for vehicle controller LAN
CN1852184A (en) * 2005-04-22 2006-10-25 鸿富锦精密工业(深圳)有限公司 Vehicle network system
CN2932844Y (en) * 2006-07-18 2007-08-08 吉林大学 Vehicle body controller that supports multiple bus connection
CN1960347A (en) * 2006-11-06 2007-05-09 吉林大学 Wireless car borne gateway system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1671097A (en) * 2004-03-17 2005-09-21 华为技术有限公司 A method and system for end-to-end wireless encryption communication
CN101155357A (en) * 2006-09-29 2008-04-02 英华达(上海)电子有限公司 Device and method for recording and saving voice call on mobile phone

Also Published As

Publication number Publication date
CN107426075A (en) 2017-12-01

Similar Documents

Publication Publication Date Title
CN107426075B (en) The communication means of security gateway based on multichannel CAN bus and ethernet communication
US11546448B2 (en) System and method for data compression based on data position in frames structure
Groza et al. Security solutions for the controller area network: Bringing authentication to in-vehicle networks
US11722293B2 (en) Selective real-time cryptography in a vehicle communication network
Cho et al. Deep packet filter with dedicated logic and read only memories
EP3297247A1 (en) In-vehicle encrypted networking
CN101834840B (en) There is efficient key derivation system, the method and apparatus for end-to-end network security of business visuality
CN102291268B (en) Safety domain name server and hostile domain name monitoring system and method based on same
CN103929428B (en) A kind of method for realizing vehicle electronics information system communication safety
Attig et al. Implementation results of bloom filters for string matching
CN103875214B (en) Intelligent phy with security detection for ethernet networks
CN102523219B (en) Regular expression matching system and regular expression matching method
CN105320034A (en) Securely providing diagnostic data from a vehicle to a remote server using a diagnostic tool
JPH06315027A (en) Method and equipment for data authentication in data communication environment
Groza et al. Highly efficient authentication for CAN by identifier reallocation with ordered CMACs
CN102970228B (en) A kind of message transmitting method based on IPsec and equipment
CN102624726A (en) Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method
Giannopoulos et al. Securing vehicular controller area networks: An approach to active bus-level countermeasures
CN110381075A (en) Equipment identities authentication method and device based on block chain
Huang et al. A novel identity authentication for FPGA based IP designs
Wu et al. A digital watermark method for in-vehicle network security enhancement
CN114124416A (en) System and method for quickly exchanging data between networks
CN110381074B (en) Distributed attack defense method aiming at DHCP framework based on big data
Shreejith et al. Zero latency encryption with FPGAs for secure time-triggered automotive networks
Xue et al. Reverse fast replay attack tunnel lighting system based on CAN bus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant