CN113285956B - Controller area network bus encryption method, device, equipment and medium - Google Patents

Controller area network bus encryption method, device, equipment and medium Download PDF

Info

Publication number
CN113285956B
CN113285956B CN202110643942.1A CN202110643942A CN113285956B CN 113285956 B CN113285956 B CN 113285956B CN 202110643942 A CN202110643942 A CN 202110643942A CN 113285956 B CN113285956 B CN 113285956B
Authority
CN
China
Prior art keywords
message
key
sent
bus
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110643942.1A
Other languages
Chinese (zh)
Other versions
CN113285956A (en
Inventor
李玉发
孙琦
孙克文
边泽宇
刘丽敏
赵萌
王彦聪
汤利顺
张天
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FAW Group Corp
Original Assignee
FAW Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FAW Group Corp filed Critical FAW Group Corp
Priority to CN202110643942.1A priority Critical patent/CN113285956B/en
Publication of CN113285956A publication Critical patent/CN113285956A/en
Application granted granted Critical
Publication of CN113285956B publication Critical patent/CN113285956B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Abstract

The embodiment of the invention discloses a method, a device, equipment and a medium for encrypting a controller area network bus. Wherein, the method comprises the following steps: determining a key of a message to be sent corresponding to a Controller Area Network (CAN) bus, and sending the key to a receiving end through the CAN bus; and encrypting the message to be sent according to the key to obtain an encrypted message, and sending the encrypted message to the receiving end through the CAN bus so that the receiving end decrypts the received encrypted message according to the key. According to the technical scheme provided by the embodiment of the invention, the CAN bus encryption CAN be simply and quickly realized through the interaction between the sending end and the receiving end, the message to be sent corresponding to the CAN bus does not need to be processed, and the network load and the burden of a processor are reduced.

Description

Controller area network bus encryption method, device, equipment and medium
Technical Field
Embodiments of the present invention relate to encryption technologies, and in particular, to a method, an apparatus, a device, and a medium for encrypting a controller area network bus.
Background
With the application of the vehicle-mounted ethernet, the safety and the vulnerability of a vehicle-mounted Controller Area Network (CAN) bus are exposed, and how to encrypt the CAN bus becomes an important research direction.
In a common CAN bus Encryption method, an Advanced Encryption Standard (AES) Encryption algorithm is widely used, but the block length of the AES Encryption algorithm is fixed to 128 bits, and the maximum data length of the message data of the CAN bus is 64 bits, so that the message data of the CAN bus needs to be recombined to obtain new data, the new data is encrypted by the AES Encryption algorithm, and the encrypted data is transmitted by the CAN bus.
At present, no better CAN bus encryption method exists.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a medium for encrypting a controller area network bus, which CAN simply and quickly realize CAN bus encryption and reduce the burden of network load.
In a first aspect, an embodiment of the present invention provides a controller area network bus encryption method, applied to a sending end, where the method includes:
determining a key of a message to be sent corresponding to a Controller Area Network (CAN) bus, and sending the key to a receiving end through the CAN bus;
and encrypting the message to be sent according to the secret key to obtain an encrypted message, and sending the encrypted message to the receiving end through the CAN bus so that the receiving end decrypts the received encrypted message according to the secret key.
In a second aspect, an embodiment of the present invention provides a controller area network bus encryption method, which is applied to a receiving end, and the method includes:
receiving a key of a message to be sent, which is sent by a sending end through a Controller Area Network (CAN) bus and corresponds to the CAN bus, wherein the key is determined by the sending end;
and receiving an encrypted message sent by the sending end through the CAN bus, and decrypting the received encrypted message according to the key, wherein the encrypted message is obtained by encrypting the message to be sent by the sending end according to the key.
In a third aspect, an embodiment of the present invention provides a controller area network bus encryption apparatus, applied to a sending end, where the apparatus includes:
the device comprises a key sending module, a receiving end and a sending module, wherein the key sending module is used for determining a key of a message to be sent corresponding to a Controller Area Network (CAN) bus and sending the key to the receiving end through the CAN bus;
and the message sending module is used for encrypting the message to be sent according to the secret key to obtain an encrypted message and sending the encrypted message to the receiving end through the CAN bus so that the receiving end decrypts the received encrypted message according to the secret key.
In a fourth aspect, an embodiment of the present invention provides a controller area network bus encryption apparatus, applied to a receiving end, where the apparatus includes:
the device comprises a key receiving module, a sending end and a sending end, wherein the key receiving module is used for receiving a key of a message to be sent corresponding to a Controller Area Network (CAN) bus sent by the sending end through the CAN bus, and the key is determined by the sending end;
and the message decryption module is used for receiving the encrypted message sent by the sending end through the CAN bus and decrypting the received encrypted message according to the secret key, wherein the encrypted message is obtained by encrypting the message to be sent by the sending end according to the secret key.
In a fifth aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the controller area network bus encryption method according to any embodiment of the present invention.
In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the controller area network bus encryption method according to any embodiment of the present invention.
The embodiment of the invention provides a method, a device, equipment and a medium for encrypting a controller area network bus, which are used for encrypting a message to be sent corresponding to a CAN bus, firstly determining a key of the message to be sent corresponding to the CAN bus, sending the key to a receiving end through the CAN bus, then encrypting the message to be sent according to the key to obtain an encrypted message, and sending the encrypted message to the receiving end through the CAN bus so that the receiving end decrypts the received encrypted message according to the key. Through the interaction between the sending end and the receiving end in the scheme, the CAN bus encryption CAN be simply and quickly realized, the message to be sent corresponding to the CAN bus does not need to be processed, and the network load and the burden of a processor are reduced.
Drawings
Fig. 1 is a flowchart of a method for encrypting a controller area network bus according to an embodiment of the present invention;
fig. 2A is a flowchart of a method for encrypting a controller area network bus according to a second embodiment of the present invention;
fig. 2B is a schematic diagram of a process in which a sending end sends a key and an encrypted message to a receiving end in the method according to the second embodiment of the present invention;
fig. 3 is a flowchart of a method for encrypting a controller area network bus according to a third embodiment of the present invention;
Fig. 4 is a schematic structural diagram of a controller area network bus encryption apparatus according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a controller area network bus encryption apparatus according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a controller area network bus encryption method according to an embodiment of the present invention, which is applicable to a situation where a sending end encrypts a message to be sent corresponding to a CAN bus. The controller area network bus encryption method applied to the sending end provided by this embodiment of the present invention may be implemented by the controller area network bus encryption apparatus applied to the sending end provided by this embodiment of the present invention, and the apparatus may be implemented in a software and/or hardware manner and integrated into an electronic device that executes the method.
Referring to fig. 1, the method of the present embodiment includes, but is not limited to, the following steps:
and S110, determining a key of the message to be sent corresponding to the CAN bus, and sending the key to a receiving end through the CAN bus.
The sending end and the receiving end may be: a processor in any one of the electronic devices in the vehicle, the electronic device may be: gateways, air conditioners or radars, etc. In general, the transmitting end and the receiving end may be processors in different electronic devices. The message to be sent can be understood as a message to be sent by the sending end to the receiving end. In general, the data length of a to-be-sent message corresponding to the CAN bus may be 8 bytes (Byte) and 64 bits (Binary Digit, simply referred to as Bit), the first 1.5 bytes may be an Identity Document (ID) of the to-be-sent message, and the remaining bytes may be signals. A key may be understood as information used to encrypt a message to be sent.
Because the CAN bus is in plaintext transmission and broadcasts messages, when the messages are directly sent through the CAN bus, the safety of the messages is low, and the messages are easy to be illegally used. Therefore, it is very necessary to encrypt the CAN bus. In the embodiment of the invention, a sending end determines the key of a message to be sent corresponding to the CAN bus, wherein the number of the message to be sent CAN be one or more, and if the number of the message to be sent is more than one, the same key CAN be used for the plurality of messages to be sent. The method for determining the key by the sending end may be to invoke a related encryption algorithm, may also be determined by a pre-written code, and may also be other determination manners, which is not limited in this embodiment. After the key is determined, the sending end sends the key to the receiving end through the CAN bus, so that the subsequent sending end CAN encrypt the message to be sent according to the key to obtain an encrypted message, and sends the encrypted message to the receiving end through the CAN bus, and the receiving end CAN decrypt the received encrypted message according to the key.
And S120, encrypting the message to be sent according to the key to obtain an encrypted message, and sending the encrypted message to the receiving end through the CAN bus so that the receiving end decrypts the received encrypted message according to the key.
The key can be used for encrypting the message to be sent and decrypting the encrypted message.
The sending end CAN encrypt the message to be sent through corresponding encryption processing according to the secret key so as to obtain an encrypted message, and after the encrypted message is obtained, the encrypted message is sent to the receiving end through the CAN bus, so that the safety of the message in the transmission process is ensured, the receiving end CAN decrypt the received encrypted message according to the secret key, and the secret key and the encrypted message CAN flow between the sending end and the receiving end.
According to the technical scheme provided by the embodiment, the key of the message to be sent corresponding to the CAN bus is determined, the key is sent to the receiving end through the CAN bus, then the message to be sent is encrypted according to the key to obtain the encrypted message, and the encrypted message is sent to the receiving end through the CAN bus, so that the receiving end decrypts the received encrypted message according to the key. Through the interaction between the sending end and the receiving end in the scheme, the CAN bus encryption CAN be simply and quickly realized, the message to be sent corresponding to the CAN bus does not need to be processed, and the network load and the burden of a processor are reduced.
In some embodiments, the determining the key of the message to be sent corresponding to the CAN bus may specifically include: acquiring the total number of signals and the importance degree of each signal in the message to be sent corresponding to the CAN bus; and determining the key of the message to be sent according to the total number of the signals and the importance degree of each signal.
Wherein, the importance degree of each signal can be understood as the importance degree of the information carried by each signal, and if the importance degree of a certain signal is high, it can be understood that the signal may cause a large loss if stolen, that is: if the importance degree of a certain signal is high, the signal is encrypted, so that the safety in the signal transmission process can be improved, and the risk of theft is reduced.
Because the message to be sent may include a plurality of signals, and the total number of bits corresponding to each signal and the importance level corresponding to each signal may be different, the sending end needs to obtain the total number of signals included in the message to be sent corresponding to the CAN bus and the importance level of each signal, thereby determining which signal is more important, which is beneficial to subsequently determining the key of the message to be sent. After obtaining the total number of signals and the importance of each signal, the transmitting end can determine which signal should be encrypted according to the total number of signals and the importance of each signal, thereby determining a key of a message to be transmitted.
In the embodiment of the invention, the sending end determines the key of the message to be sent according to the total number of the signals and the importance degree of each signal, which is favorable for more accurately encrypting the signals included in the message to be sent without performing other processing on the message to be sent, thereby reducing the network load and the burden of a processor.
In some embodiments, the determining the key of the message to be sent according to the total number of the signals and the importance degree of each signal may specifically include: determining whether the total number of the signals exceeds a threshold value of the number of digits contained in the key, wherein the digits contained in the key are used for representing the position of the key corresponding to the first digit of the message to be sent; if so, determining signals to be encrypted according to the importance degree of each signal, determining a first position of an encryption bit of a current signal to be encrypted relative to a first position of the current signal to be encrypted and a second position of the first position of the current signal to be encrypted relative to a first position of a message to be sent for each signal to be encrypted in the signals to be encrypted, obtaining a first number corresponding to the current signal to be encrypted according to the first position and the second position, summarizing all the first numbers to obtain a key of the message to be sent, wherein the total number of the encryption bits of all the signals to be encrypted does not exceed the threshold value; if not, determining a third position of the encryption bit of the current signal relative to the head of the current signal and a fourth position of the head of the current signal relative to the head of the message to be sent for each signal, determining a second number corresponding to the current signal according to the third position and the fourth position, and summarizing all the second numbers to obtain a key of the message to be sent, wherein the total number of the encryption bits of all the signals does not exceed the threshold value.
The threshold of the number of digits contained in the key may be predetermined, for example, 6, or may be determined according to specific situations, and embodiments of the present invention are not limited specifically. The encryption bit of the signal to be encrypted currently may be understood as an encryption bit if the third bit of the signal to be encrypted currently is to be encrypted. An encrypted bit of the current signal may be understood as an encrypted bit if a second bit of the current signal is to be encrypted. The encryption bit of the current signal to be encrypted and the encryption bit in the encryption bit of the current signal may be selected according to a preset mode, or may be selected randomly, and the embodiment of the present invention is not particularly limited.
Since the number of digits contained in the key has a threshold limit, the sending end CAN determine whether the total number of signals exceeds the threshold by comparing the total number of signals with the threshold after acquiring the total number of signals contained in the message to be sent corresponding to the CAN bus, which is beneficial to subsequently determining the digits contained in the key.
If the sending end determines that the total number of the signals exceeds the threshold, it indicates that there are more signals in the message to be sent, and at this time, the signals to be encrypted can be determined according to the importance degree of each signal, that is, the signals with high importance degree in all the signals in the message to be sent can be determined as the signals to be encrypted. For each signal to be encrypted in the signals to be encrypted, determining a first position of an encryption bit of the current signal to be encrypted relative to a first bit of the current signal to be encrypted, namely, a sequence of the encryption bit of the current signal to be encrypted in all bits contained in the current signal to be encrypted, and a second position of the first bit of the current signal to be encrypted relative to a first bit of a message to be sent, namely, a sequence of the first bit of the current signal to be encrypted in all bits contained in the message to be sent. According to the first position and the second position, the ordering of the encryption bits of the current signal to be encrypted in all the bits contained in the message to be sent, namely the first number corresponding to the current signal to be encrypted, can be determined. By summing all the first digits, the key of the message to be sent can be obtained, which may be 8, 16, 19, 35, 53, for example.
If the sending end determines that the total number of the signals does not exceed the threshold, a third position of the encryption bit of the current signal relative to the head bit of the current signal, namely the ordering of the encryption bit of the current signal in all the bits contained in the current signal, and a fourth position of the head bit of the current signal relative to the head bit of the message to be sent, namely the ordering of the head bit of the current signal in all the bits contained in the message to be sent are determined for each signal. And determining the ordering of the encryption bits of the current signal in all the bits contained in the message to be sent, namely the second number corresponding to the current signal, according to the third position and the fourth position. And summarizing all the second digits to obtain the key of the message to be sent.
It should be noted that, in the process of selecting the encryption bit of the current signal to be encrypted and the encryption bit in the encryption bit of the current signal, the encryption bit may be one bit or multiple bits in a certain signal, and the specific number of bits may be determined according to specific situations, which is not limited in the embodiments of the present invention. The encryption bit can be flexibly selected, so the key determination method in the embodiment of the invention is simpler and more flexible.
In the embodiment of the invention, the key of the message to be sent is obtained by determining whether the total number of the signals exceeds the threshold value of the number of the numbers contained in the key and adopting a corresponding method under the condition that the total number of the signals exceeds or does not exceed two different conditions, so that the correlation between the key and the signals contained in the message to be sent is ensured, the subsequent sending end is favorable for encrypting the message to be sent according to the key, and the safety of the message to be sent in the transmission process is improved.
Preferably, in the embodiment of the present invention, by setting the threshold of the number of digits contained in the key, the length of the key CAN be limited, so as to reduce the load pressure of the CAN bus, for example, if the data length of the key is 1Byte, the load of the CAN bus may increase by 12.5%.
Example two
Fig. 2A is a flowchart of a method for encrypting a controller area network bus according to a second embodiment of the present invention. The embodiment of the invention is optimized on the basis of the embodiment. Optionally, this embodiment explains the process of determining a key of a message to be sent and encrypting the message to be sent according to the key to obtain an encrypted message in detail.
Referring to fig. 2A, the method of the present embodiment includes, but is not limited to, the following steps:
s210, acquiring the total number of signals included in the message to be sent corresponding to the CAN bus and the importance degree of each signal.
S220, it is determined whether the total number of signals exceeds a threshold value for the number of digits contained in the key.
If yes, go to S230; if not, executing S240;
and S230, determining signals to be encrypted according to the importance degree of each signal, determining a first position of an encryption bit of the current signal to be encrypted relative to a first position of the current signal to be encrypted and a second position of the first position of the current signal to be encrypted relative to a first position of a message to be sent for each signal to be encrypted in the signals to be encrypted, obtaining a first number corresponding to the current signal to be encrypted according to the first position and the second position, summarizing all the first numbers to obtain a key of the message to be sent, and sending the key to a receiving end through a CAN bus.
S240, aiming at each signal, determining a third position of the encryption bit of the current signal relative to the first position of the current signal and a fourth position of the first position of the current signal relative to the first position of the message to be sent, determining a second number corresponding to the current signal according to the third position and the fourth position, summarizing all the second numbers to obtain a key of the message to be sent, and sending the key to a receiving end through a CAN bus.
And S250, according to the number contained in the key, negating the content corresponding to the number in the message to be sent to obtain an encrypted message, and sending the encrypted message to the receiving end through the CAN bus, so that the receiving end decrypts the received encrypted message according to the key.
The number contained in the key is used for representing the position corresponding to the first position of the key relative to the message to be sent.
After the sending end determines the key of the message to be sent, the content corresponding to the number in the message to be sent can be negated according to the number contained in the key, and the encrypted message is obtained. And after the encrypted message is obtained, the encrypted message is sent to a receiving end through a CAN bus, so that the receiving end CAN decrypt the received encrypted message according to the secret key.
Illustratively, the following is an example of obtaining an encrypted message:
if the message to be sent is (64 bits in total, the first digit is 0, the corresponding bit is 0, the last digit is 0, the corresponding bit is 63):
01010101 11000110 00110000 10001001 10111001 11000111 00011111 00010010
the secret key is: 8,16, 19, 35, 53
The encrypted message is:
01010101 01000110 10100000 10001001 10101001 11000111 00011011 00010010
optionally, the method may further specifically include: and after the first preset time, re-determining the numbers contained in the key of the message to be sent corresponding to the CAN bus to obtain a new key of the message to be sent, and sending the new key to the receiving end, wherein the numbers contained in the key of the message to be sent are used for representing the position of the key corresponding to the head of the message to be sent.
The first preset time may be preset, or may be determined according to a specific situation, and this embodiment is not particularly limited.
In the embodiment of the invention, after the first preset time, the sending end re-determines the number contained in the key of the message to be sent corresponding to the CAN bus to obtain the new key of the message to be sent, and sends the new key to the receiving end, and the number contained in the key is re-determined, which is equivalent to replacing the encryption bit, so that after the encryption bit is changed, the safety in the CAN bus transmission process CAN be further ensured.
Further, the method may further specifically include: and after the second preset time, determining a new key of the message to be sent corresponding to the CAN bus, and sending the new key of the message to be sent to a receiving end through the CAN bus.
The second preset time may be preset, for example, 1s, and may also be determined according to specific situations, which is not limited in this embodiment.
In the embodiment of the invention, the time interval for sending the key is favorable for reducing the load of the network load.
Fig. 2B is a schematic diagram of a process of sending a key and an encrypted message from a sending end to a receiving end in the method according to the second embodiment of the present invention, and an exemplary sending method is provided. As shown in fig. 2B:
a sending end sends a first key to a receiving end;
a sending end sends an encrypted message 1 to a receiving end;
the sending end sends the encrypted message 2 to the receiving end;
a sending end sends an encrypted message 3 to a receiving end;
after the interval is 1s, the sending end sends a second secret key to the receiving end;
the sending end sends an encrypted message 4 to the receiving end;
the sending end sends an encrypted message 5 to the receiving end;
……
the original text corresponding to the encrypted message 1 is a message 1 to be sent, the original text corresponding to the encrypted message 2 is a message 2 to be sent, the original text corresponding to the encrypted message 3 is a message 3 to be sent, the original text corresponding to the encrypted message 4 is a message 4 to be sent, the original text corresponding to the encrypted message 5 is a message 5 to be sent, the keys corresponding to the message 1 to be sent, the message 2 to be sent and the message 3 to be sent are first keys, and the keys corresponding to the message 4 to be sent and the message 5 to be sent are second keys.
The technical solution provided in this embodiment first obtains the total number of signals included in the message to be sent corresponding to the CAN bus and the importance degree of each signal, then determines whether the total number of signals exceeds the threshold value of the number of digits included in the key, then if the total number of the signals exceeds the threshold value of the number of the numbers contained in the key, determining the signals to be encrypted according to the importance degree of each signal, determining a first position of the encryption bit of the current signal to be encrypted relative to the first position of the current signal to be encrypted and a second position of the first position of the current signal to be encrypted relative to the first position of the message to be encrypted for each signal to be encrypted in the signals to be encrypted, obtaining a first number corresponding to a current signal to be encrypted according to the first position and the second position, summarizing all the first numbers to obtain a key of a message to be sent, and sending the key to a receiving end through a CAN bus; if the total number of the signals does not exceed the threshold value of the number of the digits contained in the key, determining a third position of an encryption bit of the current signal relative to a head of the current signal and a fourth position of the head of the current signal relative to the head of a message to be sent for each signal, determining a second digit corresponding to the current signal according to the third position and the fourth position, summarizing all the second digits to obtain the key of the message to be sent, sending the key to a receiving end through a CAN bus, finally, negating the content corresponding to the digits in the message to be sent according to the digits contained in the key to obtain an encrypted message, and sending the encrypted message to the receiving end through the CAN bus so that the receiving end decrypts the received encrypted message according to the key. Whether the total number of the signals exceeds a threshold value of the number of the numbers contained in the key or not is determined, and the key of the message to be sent is obtained by adopting a corresponding method under the conditions that the total number of the signals exceeds the threshold value of the number of the numbers contained in the key and the number of the signals does not exceed two different conditions, so that the correlation between the key and the signals contained in the message to be sent is ensured, the subsequent sending end is favorable for encrypting the message to be sent according to the key, the safety of the message to be sent in the transmission process is improved, the CAN bus encryption CAN be simply and quickly realized through the interaction between the sending end and the receiving end, the message to be sent corresponding to the CAN bus does not need to be processed, the network load and the burden of a processor are reduced, the encryption and decryption speeds CAN be improved through negation the calculation process of the processor, and the burden on the calculation process is avoided.
EXAMPLE III
Fig. 3 is a flowchart of a method for encrypting a bus of a controller area network according to a third embodiment of the present invention, and this embodiment is applicable to a situation where a receiving end receives a key of a message to be sent by a sending end and encrypts the message. The controller area network bus encryption method applied to the receiving end provided by this embodiment may be executed by the controller area network bus encryption device applied to the receiving end provided by the embodiment of the present invention, and the device may be implemented in a software and/or hardware manner and integrated into an electronic device executing the method.
Referring to fig. 3, the method of the present embodiment includes, but is not limited to, the following steps:
and S310, receiving a key of the message to be sent, which is sent by the sending end through the CAN bus and corresponds to the CAN bus, wherein the key is determined by the sending end.
After the sending end sends the key of the message to be sent corresponding to the CAN bus to the receiving end through the CAN bus, the receiving end CAN receive the key, and the key is determined by the sending end.
And S320, receiving the encrypted message sent by the sending end through the CAN bus, and decrypting the received encrypted message according to the key, wherein the encrypted message is obtained by encrypting the message to be sent by the sending end according to the key.
After receiving the encrypted message sent by the sending end through the CAN bus, the receiving end CAN perform corresponding decryption processing on the received encrypted message according to the secret key, so as to obtain the original message (namely the message to be sent), thereby ensuring the security of the message in the transmission process, and the receiving end CAN decrypt the received encrypted message according to the secret key, so that the secret key and the encrypted message CAN be circulated between the sending end and the receiving end.
According to the technical scheme provided by the embodiment, a key of a message to be sent corresponding to a CAN bus sent by a sending end through the CAN bus is received, wherein the key is determined by the sending end, an encrypted message sent by the sending end through the CAN bus is received, the received encrypted message is decrypted according to the key, and the encrypted message is obtained by encrypting the message to be sent by the sending end according to the key. Through the interaction between the sending end and the receiving end in the scheme, the CAN bus encryption CAN be simply and quickly realized, the message to be sent corresponding to the CAN bus does not need to be processed, the network load and the burden of a processor are reduced, and the receiving end CAN quickly decrypt the encrypted message.
In some embodiments, the key is determined by the sender by: acquiring the total number of signals and the importance degree of each signal in the message to be sent corresponding to the CAN bus; and determining the key of the message to be sent according to the total number of the signals and the importance degree of each signal.
In some embodiments, decrypting the received encrypted message according to the key may specifically include: and negating the content corresponding to the number in the received encrypted message according to the number contained in the received key to obtain an original message (namely a message to be sent), wherein the number contained in the key is used for representing the position of the original message corresponding to the first bit of the encrypted message.
Specifically, since the encrypted message is obtained by negating the content corresponding to the number in the message to be sent according to the number included in the key, the original message can be obtained by negating the content corresponding to the number in the received encrypted message according to the number included in the received key.
In the embodiment of the invention, the original message can be quickly obtained through negation processing, the decryption speed is increased, and the burden of a processor in the calculation process is reduced.
Example four
Fig. 4 is a schematic structural diagram of a controller area network bus encryption apparatus according to a fourth embodiment of the present invention, where the apparatus is applied to a sending end, and as shown in fig. 4, the apparatus may include:
a key sending module 410, configured to determine a key of a message to be sent corresponding to a Controller Area Network (CAN) bus, and send the key to a receiving end through the CAN bus;
A message sending module 420, configured to encrypt the message to be sent according to the key to obtain an encrypted message, and send the encrypted message to the receiving end through the CAN bus, so that the receiving end decrypts the received encrypted message according to the key.
According to the technical scheme provided by the embodiment, the key of the message to be sent corresponding to the CAN bus is determined, the key is sent to the receiving end through the CAN bus, then the message to be sent is encrypted according to the key to obtain the encrypted message, and the encrypted message is sent to the receiving end through the CAN bus, so that the receiving end decrypts the received encrypted message according to the key. Through the interaction between the sending end and the receiving end in the scheme, the CAN bus encryption CAN be simply and quickly realized, the message to be sent corresponding to the CAN bus does not need to be processed, and the network load and the burden of a processor are reduced.
Further, the key sending module 410 may include: the importance degree acquiring unit is used for acquiring the total number of signals and the importance degree of each signal in the message to be sent corresponding to the CAN bus; and the key determining unit is used for determining the key of the message to be sent according to the total number of the signals and the importance degree of each signal.
Further, the key determining unit may be specifically configured to: determining whether the total number of the signals exceeds a threshold value of the number of the digits contained in the secret key, wherein the digits contained in the secret key are used for representing the corresponding positions of the secret key relative to the first position of the message to be sent; if so, determining signals to be encrypted according to the importance degree of each signal, determining a first position of an encryption bit of a current signal to be encrypted relative to a first position of the current signal to be encrypted and a second position of the first position of the current signal to be encrypted relative to a first position of a message to be sent for each signal to be encrypted in the signals to be encrypted, obtaining a first number corresponding to the current signal to be encrypted according to the first position and the second position, summarizing all the first numbers to obtain a key of the message to be sent, wherein the total number of the encryption bits of all the signals to be encrypted does not exceed the threshold value; if not, determining a third position of the encryption bit of the current signal relative to the head of the current signal and a fourth position of the head of the current signal relative to the head of the message to be sent for each signal, determining a second number corresponding to the current signal according to the third position and the fourth position, and summarizing all the second numbers to obtain a key of the message to be sent, wherein the total number of the encryption bits of all the signals does not exceed the threshold value.
Further, the message sending module 420 may be specifically configured to: and negating the content corresponding to the number in the message to be sent according to the number contained in the key to obtain an encrypted message, wherein the number contained in the key is used for representing the position of the key corresponding to the head of the message to be sent.
Further, the controller area network bus encryption device may further include: a new key determination module to: and after the first preset time, re-determining the numbers contained in the key of the message to be sent corresponding to the CAN bus to obtain a new key of the message to be sent, and sending the new key to the receiving end, wherein the numbers contained in the key of the message to be sent are used for representing the position of the key corresponding to the head of the message to be sent.
The controller area network bus encryption device applied to the sending end provided by this embodiment is applicable to the controller area network bus encryption method applied to the sending end provided by any of the above embodiments, and has corresponding functions and beneficial effects.
EXAMPLE five
Fig. 5 is a schematic structural diagram of a controller area network bus encryption apparatus according to a fifth embodiment of the present invention, which is applied to a receiving end, and as shown in fig. 5, the apparatus may include:
A key receiving module 510, configured to receive a key of a to-be-sent message, which is sent by a sending end through a controller area network CAN bus and corresponds to the CAN bus, where the key is determined by the sending end;
a message decryption module 520, configured to receive an encrypted message sent by the sending end through the CAN bus, and decrypt the received encrypted message according to the key, where the encrypted message is obtained by encrypting, by the sending end, the message to be sent according to the key.
According to the technical scheme provided by the embodiment, the key of the message to be sent corresponding to the CAN bus sent by the sending end through the CAN bus is received, wherein the key is determined by the sending end, then the encrypted message sent by the sending end through the CAN bus is received, the received encrypted message is decrypted according to the key, and the encrypted message is obtained by encrypting the message to be sent by the sending end according to the key. Through the interaction between the sending end and the receiving end in the scheme, the CAN bus encryption CAN be simply and quickly realized, the message to be sent corresponding to the CAN bus does not need to be processed, the network load and the burden of a processor are reduced, and the receiving end CAN quickly decrypt the encrypted message.
The controller area network bus encryption device applied to the receiving end provided by the embodiment can be applied to the controller area network bus encryption method applied to the receiving end provided by any embodiment, and has corresponding functions and beneficial effects.
EXAMPLE six
Fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention, as shown in fig. 6, the electronic device includes a processor 610, a storage device 620, and a communication device 630; the number of the processors 610 in the electronic device may be one or more, and one processor 610 is taken as an example in fig. 6; the processor 610, the storage 620 and the communication device 630 in the electronic device may be connected by a bus or other means, and fig. 6 illustrates an example of connection by a bus.
The storage device 620, as a computer-readable storage medium, may be used to store software programs, computer-executable programs, and modules, such as modules corresponding to the controller area network bus encryption method applied to the sending end in the embodiment of the present invention (for example, the key sending module 410 and the message sending module 420 applied to the controller area network bus encryption device of the sending end); for another example, the modules corresponding to the controller area network bus encryption method applied to the receiving end in the embodiment of the present invention (for example, the key receiving module 510 and the message decrypting module 520 applied to the controller area network bus encryption device of the receiving end). The processor 610 executes various functional applications and data processing of the electronic device by running software programs, instructions and modules stored in the storage device 620, that is, implements the above-described controller area network bus encryption method.
The storage device 620 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the storage 620 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the storage 620 may further include memory located remotely from the processor 610, which may be connected to the electronic device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
A communication device 630 for implementing network connection or mobile data connection between servers.
The electronic device provided by this embodiment may be configured to execute the controller area network bus encryption method provided by any of the above embodiments, and has corresponding functions and beneficial effects.
EXAMPLE seven
The seventh embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for encrypting a bus of a local area network of a controller in any embodiment of the present invention, where the method specifically includes:
Determining a key of a message to be sent corresponding to a Controller Area Network (CAN) bus, and sending the key to a receiving end through the CAN bus;
and encrypting the message to be sent according to the secret key to obtain an encrypted message, and sending the encrypted message to the receiving end through the CAN bus so that the receiving end decrypts the received encrypted message according to the secret key.
Or receiving a key of a message to be sent corresponding to a Controller Area Network (CAN) bus, which is sent by a sending end through the CAN bus, wherein the key is determined by the sending end;
and receiving an encrypted message sent by the sending end through the CAN bus, and decrypting the received encrypted message according to the secret key, wherein the encrypted message is obtained by encrypting the message to be sent by the sending end according to the secret key.
Of course, the storage medium containing the computer-executable instructions provided by the embodiments of the present invention is not limited to the method operations described above, and may also perform related operations in the controller area network bus encryption method provided by any embodiments of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the controller area network bus encryption apparatus, each unit and each module included in the embodiment are only divided according to functional logic, but are not limited to the above division, as long as the corresponding function can be implemented; in addition, the specific names of the functional units are only for the convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made to the present invention by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (9)

1. A controller area network bus encryption method is applied to a sending end, and comprises the following steps:
determining a key of a message to be sent corresponding to a Controller Area Network (CAN) bus, and sending the key to a receiving end through the CAN bus;
encrypting the message to be sent according to the secret key to obtain an encrypted message, and sending the encrypted message to the receiving end through the CAN bus so that the receiving end decrypts the received encrypted message according to the secret key;
the determining of the key of the message to be sent corresponding to the CAN bus comprises the following steps:
acquiring the total number of signals and the importance degree of each signal in the message to be sent corresponding to the CAN bus;
determining a key of the message to be sent according to the total number of the signals and the importance degree of each signal;
Determining a key of the message to be sent according to the total number of the signals and the importance degree of each signal; the method comprises the following steps:
encrypting signals with higher importance degree;
and the number of the numbers in the key is smaller than a preset threshold value.
2. The method of claim 1, wherein the determining the key of the message to be transmitted according to the total number of the signals and the importance of each signal comprises:
determining whether the total number of the signals exceeds a threshold value of the number of digits contained in the key, wherein the digits contained in the key are used for representing the position of the key corresponding to the first digit of the message to be sent;
if so, determining signals to be encrypted according to the importance degree of each signal, determining a first position of an encryption bit of a current signal to be encrypted relative to a first position of the current signal to be encrypted and a second position of the first position of the current signal to be encrypted relative to a first position of a message to be sent for each signal to be encrypted in the signals to be encrypted, obtaining a first number corresponding to the current signal to be encrypted according to the first position and the second position, summarizing all the first numbers to obtain a key of the message to be sent, wherein the total number of the encryption bits of all the signals to be encrypted does not exceed the threshold value;
If not, determining a third position of the encryption bit of the current signal relative to the first position of the current signal and a fourth position of the first position of the current signal relative to the first position of the message to be sent for each signal, determining a second number corresponding to the current signal according to the third position and the fourth position, and summarizing all the second numbers to obtain a key of the message to be sent, wherein the total number of the encryption bits of all the signals does not exceed the threshold value.
3. The method according to claim 1, wherein said encrypting the message to be sent according to the key to obtain an encrypted message comprises:
and negating the content corresponding to the number in the message to be sent according to the number contained in the key to obtain an encrypted message, wherein the number contained in the key is used for representing the position of the key corresponding to the first position of the message to be sent.
4. The method of claim 1, further comprising:
and after the first preset time, re-determining the numbers contained in the key of the message to be sent corresponding to the CAN bus to obtain a new key of the message to be sent, and sending the new key to the receiving end, wherein the numbers contained in the key of the message to be sent are used for representing the position of the key corresponding to the head of the message to be sent.
5. A controller area network bus encryption method is applied to a receiving end, and comprises the following steps:
receiving a key of a message to be sent corresponding to a Controller Area Network (CAN) bus, which is sent by a sending end through the CAN bus, wherein the key is determined by the sending end;
receiving an encrypted message sent by the sending end through the CAN bus, and decrypting the received encrypted message according to the secret key, wherein the encrypted message is obtained by encrypting the message to be sent by the sending end according to the secret key;
the key is determined by the total number of signals in the message to be sent and the importance degree of each signal; the encrypted signal is a signal with higher importance degree;
and the number of the numbers in the key is less than a preset threshold value.
6. A controller area network bus encryption apparatus, applied to a sending end, the apparatus comprising:
the device comprises a key sending module, a receiving end and a sending end, wherein the key sending module is used for determining a key of a message to be sent corresponding to a Controller Area Network (CAN) bus and sending the key to the receiving end through the CAN bus;
the message sending module is used for encrypting the message to be sent according to the secret key to obtain an encrypted message and sending the encrypted message to the receiving end through the CAN bus so that the receiving end decrypts the received encrypted message according to the secret key;
Wherein, the key sending module includes:
the importance degree acquiring unit is used for acquiring the total number of signals included in the message to be sent corresponding to the CAN bus and the importance degree of each signal;
a key determining unit, configured to determine a key of the message to be sent according to the total number of the signals and the importance degree of each signal;
wherein, the key determination unit is specifically configured to:
encrypting signals with higher importance;
and the number of the numbers in the key is less than a preset threshold value.
7. A controller area network bus encryption apparatus, applied to a receiving end, the apparatus comprising:
the device comprises a key receiving module, a sending end and a sending end, wherein the key receiving module is used for receiving a key of a message to be sent corresponding to a Controller Area Network (CAN) bus sent by the sending end through the CAN bus, and the key is determined by the sending end;
the message decryption module is used for receiving an encrypted message sent by the sending end through the CAN bus and decrypting the received encrypted message according to the secret key, wherein the encrypted message is obtained by encrypting the message to be sent by the sending end according to the secret key;
The key is determined by the total number of signals in the message to be sent and the importance degree of each signal; the encrypted signal is a signal with higher importance degree;
and the number of the numbers in the key is smaller than a preset threshold value.
8. An electronic device, characterized in that the electronic device comprises:
one or more processors;
storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method recited in any of claims 1-5.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-5.
CN202110643942.1A 2021-06-09 2021-06-09 Controller area network bus encryption method, device, equipment and medium Active CN113285956B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110643942.1A CN113285956B (en) 2021-06-09 2021-06-09 Controller area network bus encryption method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110643942.1A CN113285956B (en) 2021-06-09 2021-06-09 Controller area network bus encryption method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN113285956A CN113285956A (en) 2021-08-20
CN113285956B true CN113285956B (en) 2022-07-19

Family

ID=77284018

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110643942.1A Active CN113285956B (en) 2021-06-09 2021-06-09 Controller area network bus encryption method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN113285956B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150835A (en) * 2018-07-20 2019-01-04 国科量子通信网络有限公司 Method, apparatus, equipment and the computer readable storage medium of cloud data access
CN109635586A (en) * 2018-12-13 2019-04-16 苏州科达科技股份有限公司 Media file encryption key managing method, system, equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471874A (en) * 2015-11-30 2016-04-06 深圳市元征软件开发有限公司 Data transmission method and device
CN110661746B (en) * 2018-06-28 2022-03-18 中车株洲电力机车研究所有限公司 Train CAN bus communication security encryption method and decryption method
CN110545257B (en) * 2019-07-22 2022-02-25 北京航盛新能科技有限公司 Automobile CAN bus encryption method
CN112564907B (en) * 2021-03-01 2021-07-20 北京信安世纪科技股份有限公司 Key generation method and device, encryption method and device, and decryption method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150835A (en) * 2018-07-20 2019-01-04 国科量子通信网络有限公司 Method, apparatus, equipment and the computer readable storage medium of cloud data access
CN109635586A (en) * 2018-12-13 2019-04-16 苏州科达科技股份有限公司 Media file encryption key managing method, system, equipment and storage medium

Also Published As

Publication number Publication date
CN113285956A (en) 2021-08-20

Similar Documents

Publication Publication Date Title
CN110650010B (en) Method, device and equipment for generating and using private key in asymmetric key
US20170118020A1 (en) Data communication method, system and gateway for in-vehicle network including a plurality of subnets
CN110912690A (en) Data encryption and decryption method, vehicle and storage medium
CN104205117A (en) Device file encryption and decryption method and device
CN107005577B (en) Fingerprint data processing method and processing device
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN111294795B (en) System for realizing communication in vehicle
WO2018047510A1 (en) Processing device for mounting in vehicle
US20200112439A1 (en) Secure controller area network in vehicles
CN113595717A (en) ECB mode block encryption method, ECB mode block decryption method, ECB mode block encryption control device, ECB mode block decryption control device and vehicle
CN109088729B (en) Key storage method and device
US9002010B2 (en) Secure communication of information over a wireless link
CN112738037A (en) Data encryption communication method
CN116094714B (en) Code stream encryption and decryption methods, devices, equipment and media
CN113285956B (en) Controller area network bus encryption method, device, equipment and medium
JP6203798B2 (en) In-vehicle control system, vehicle, management device, in-vehicle computer, data sharing method, and computer program
CN115021919A (en) SSL negotiation method, device, equipment and computer readable storage medium
KR20220000537A (en) System and method for transmitting and receiving data based on vehicle network
CN111131158A (en) Single byte symmetric encryption and decryption method, device and readable medium
CN115208569B (en) Encryption and decryption method and device for dynamic key distribution
GB2590282A (en) Cryptographic key management for end-to-end communication security
CN113364756B (en) Intelligent electronic equipment data transmission method, device, system and medium
CN115955306B (en) Data encryption transmission method and device, electronic equipment and storage medium
CN114342315B (en) Symmetric key generation, authentication and communication between multiple entities in a network
CN113411347B (en) Transaction message processing method and processing device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant