CN113872969B - Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism - Google Patents

Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism Download PDF

Info

Publication number
CN113872969B
CN113872969B CN202111139922.7A CN202111139922A CN113872969B CN 113872969 B CN113872969 B CN 113872969B CN 202111139922 A CN202111139922 A CN 202111139922A CN 113872969 B CN113872969 B CN 113872969B
Authority
CN
China
Prior art keywords
ecu
message
gecu
mac
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111139922.7A
Other languages
Chinese (zh)
Other versions
CN113872969A (en
Inventor
崔杰
沈韵
仲红
许艳
张静
应作斌
陈志立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui University
Original Assignee
Anhui University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui University filed Critical Anhui University
Priority to CN202111139922.7A priority Critical patent/CN113872969B/en
Publication of CN113872969A publication Critical patent/CN113872969A/en
Application granted granted Critical
Publication of CN113872969B publication Critical patent/CN113872969B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses an automatic driving in-car message re-encryption method based on a proxy re-encryption mechanism, which comprises the processes of system initialization, key generation, re-encryption key generation, message encryption, primary message decryption, message re-encryption, secondary message decryption and the like. The invention is based on the dual redundancy environment of the ECU and the bus in the automatic driving automobile, and uses the proxy re-encryption technology to ensure the confidentiality of the message and the security of the message under the condition of single-point fault or network attack, in addition, when the automatic driving automobile has single-point fault or suffers network attack, the message forwarding and processing under the encryption condition can be realized; in addition, the re-encryption part in the invention does not need a completely trusted third party to act as a proxy, and the whole technical scheme has stronger practicability.

Description

Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism
Technical Field
The invention belongs to the vehicle communication technology, and particularly relates to an automatic driving vehicle interior message re-encryption method based on a proxy re-encryption mechanism.
Background
In order to make people travel more intelligently, safely and comfortably, development of automatic driving automobiles has been carried out, and accordingly, the safety of automatic driving has been paid attention to.
In-vehicle communication for autopilot vehicles is more complex and busy than for ordinary vehicles, with many Electronic Control Units (ECU) interconnected via different buses, such as Controller Area Network (CAN), flexRay, etc. The gateway serves as a protocol bridge between the different buses to facilitate data transfer between the subnetworks.
In a car, CAN bus is the most commonly used bus, CAN has broadcast properties, no encryption nor authentication field, data packets will be broadcast to all nodes through the bus, malicious nodes that intrude into the car's interior CAN therefore listen to all communications, or broadcast data packets carrying malicious codes to other components, which intrusion CAN lead to very serious consequences, even potentially fatal to passengers on the car. In addition, autonomous vehicles require redundant designs that address single point of failure or network attacks, and redundant configurations should ensure that the minimum control of the vehicle is maintained in any event, thereby ensuring passenger safety.
Thus, an autonomous vehicle typically has a set of backup ECUs (e.g., accelerator ECU, steering ECU, brake ECU, etc.) and a redundant bus, which are unsafe for in-vehicle messaging.
Currently, there have been some schemes for encrypting and authenticating messages in the in-vehicle network using cryptographic techniques. Unfortunately, conventional in-vehicle cryptography schemes do not take into account the configuration of bus and ECU dual redundancy in an autonomous vehicle, which makes the conventional schemes unsuitable for autonomous vehicles. Furthermore, there is no safety protection mechanism specific to the dual redundant in-vehicle environment of an autonomous vehicle.
When a single point failure or network attack occurs for a certain ECU, how to ensure that the backup ECU decrypts the encrypted message when the backup ECU processes the failure ECU related message, and at the same time, to safely isolate the backbone network from the backup network is a problem to be solved.
Disclosure of Invention
The invention aims to: the invention aims to solve the defects in the prior art and provide an in-car message re-encryption method based on a proxy re-encryption mechanism.
The technical scheme is as follows: the invention discloses a message re-encryption method in an automatic driving vehicle based on a proxy re-encryption mechanism, which comprises the following steps:
(1) The preparation process comprises the following steps:
(1.1) initializing: generating the required common parameters (G, G, q, n) by the manufacturer OEM 1 ,n 2 ,h 1 ,h 2 ,h 3 ,h 4 ,h 5 ) And the common parameters are saved by all the electronic control units ECU;
wherein G is a cyclic multiplication group, and is also a subgroup of Zq; g is the generator of G, kappa is a preset safety parameter, q is the order of G and is the prime number of length kappa, n 1 And n 2 Two security parameters, h, determined by κ 1 ,h 2 ,h 3 ,h 4 And h 5 Is a corresponding hash function;
(1.2) Key Generation: the electronic control unit ECU comprises an ECU without backup and an ECU with backup, all the electronic control units ECU generate and generate respective public keys pk and private keys sk, wherein the ECU with backup calculates an encryption key CK and an authentication key AK through a key derivation function KDF, and the electronic control unit ECU is convenient to communicate with a gateway electronic control unit GECU through the encryption key CK and the authentication key AK;
(1.3) generating a re-encryption key: the ECU with the backup generates a re-encryption key used in future in advance and sends the re-encryption key to the GECU in a safe mode, and the GECU verifies and saves the received re-encryption key;
not all ECUs in the in-vehicle network perform this process; only the ECU that can communicate with the backup ECU and that transmits a message that is a critical message need perform this step; the ECU without backup directly executes the step (2) by skipping the step;
(2) The communication process comprises the following steps:
(2.1) encrypting the message: in the case where the ECU does not fail, the sender ECU i To receiver ECU j Encrypting the message before sending the message to obtain a first-level ciphertext;
(2.2) decrypting the primary ciphertext: under normal conditions, the receiving-side ECU j Received messageDecrypting to obtain a plaintext;
(2.3) re-encryption: if the message is abnormal, the GECU re-encrypts the received message;
(2.4) decrypting the secondary ciphertext: receiver ECU j Corresponding backup ECU k After receiving the re-encrypted message sent by the GECU, firstly checking the integrity of the message by using any hash function H (), and if not tampered, judging whether the timestamp and the identity meet the requirements; under the condition that all requirements are verified, decrypting the secondary ciphertext; ECU (electronic control Unit) k And communicating with other ECUs in the redundant system to make a decision for safe parking.
Further, the corresponding parameters in the step (1.1) are specifically as follows:
the manufacturer selects five hash functions The message space is {0,1} n1
The GECU and the ECUs requiring redefined re-encryption keys are stored with a key derivation function KDF, and all ECUs have one long-term key LK, while the GECU stores the long-term keys of all ECUs and their corresponding identity IDs, such as<ID i ,LK i >;
Yet another prime number p in the common parameter satisfies q|p-1.
Further, the specific method for generating the key in the step (1.2) is as follows:
(1.2.1) any one of the ECUs every time the vehicle is started i Selection ofThe ECU i Is sk i =(sk i1 ,sk i2 ),ECU i Calculate its public key +.>Public key is disclosed, private key is saved by ECU safely;
(1.2.2) any one of the ECUs with backup (e.g., ECU) each time the vehicle is operated j ) Immediately selecting a random number nonce and disclosing it; the ECU then j Calculating an encryption key CK and an authentication key AK thereof by using a KDF: here, it is: KDF (LK) j ||nonce)=AK j ||CK j
(1.2.3) GECU receives random number nonces and uses stored LK j And KDF to generate AK j And CK (CK) j
Further, the specific method for generating the re-encryption key in the step (1.3) is as follows:
(1.3.1)ECU j selecting a random number σ ε R {0,1} n1 Random number w ε R {0,1} n2 The method comprises the steps of carrying out a first treatment on the surface of the Each time a re-encryption key is sent, the ECU j The two random numbers will be reselected;
(1.3.2)ECU j calculating a first value of a re-encryption keyRandom value s=h # - 3 Sigma, w), second value of the re-encryption key +.>Third value of the re-encryption key +.>Make ECU j To ECU (electronic control Unit) k Re-encryption key of rk) j→k =(rk 1 ,rk 2 ,rk 3 );rk 1 ,rk 2 ,rk 3 Respectively corresponding intermediate calculated values;
(1.3.3)ECU j re-encrypting key rk of oneself j→k Sending the encrypted key to the GECU, and performing mutual authentication to ensure that the GECU receives the correct re-encryption key; the GECU then sends the ECU j Is the ID of (C), ECU k Is the ID of (C), ECU j Re-encryption key list of (a)<ID j 、ID k 、rk j→k >Safe storage; the process uses AES as encryption algorithm and SHA as key hash algorithm;
(1.3.4)ECU j by CK j Encryption rk j→k Generating ciphertext sigma j =E CKj (rk j→k );
(1.3.5)ECU j Obtaining the current timestamp T 1 Generating message authentication code MAC 1 =H AKj (ID j ||σ j ||T 1 ||I k ) D, and with request Req j =σ j ||MAC 1 Broadcast to the GECU together;
(1.3.6) GECU received request Req j After that, first use ID j 、σ j 、T 1 、ID k Calculating a new MAC value MAC 1 ' authenticate the message; if MAC 1 ' and MAC 1 If the messages are equal, judging that the messages are true and reliable; the GECU then checks the current time T current And a timestamp T 1 Whether the difference value of (2) satisfies a set time difference threshold: i T 1 -T current If the total sum is less than or equal to delta T, the GECU is equal to sigma j Decrypting to obtain rk j->k And store the corresponding ID j 、ID k And rk j->k
DeltaT is the worst response time of the CAN message, deltaT is defined by J m 、W m And C m Composition; j (J) m Jitter for queuing; w (W) m Is queuing delay; c (C) m The transmission time of the message;
(1.3.7) GECU obtains the current timestamp T 2 And generate a packet with rk j->k And ID g MAC value MAC of (2) 2 The method comprises the steps of carrying out a first treatment on the surface of the And then to ECU j Transmitting a containing ID g 、MAC 2 =H rkj→k (ID g ||T 2 ) And a timestamp T 2 Is to respond to request Rep j =T 2 ||MAC 2
(1.3.8)ECU j Verification of new MAC value MAC using re-encryption key after receipt 2 ' whether or not to equal MAC 2 The method comprises the steps of carrying out a first treatment on the surface of the If equal, continue to verify T 2 Whether or not it satisfies |T 2 -T current And when the two requirements are met, confirming that the GECU obtains the correct re-encryption key.
Further, the specific method for encrypting in the step (2.1) is as follows:
(2.1.1)ECU i in the direction of ECU j Acquiring a current timestamp T before sending a message 3 And concatenates payload and its identity ID i The method comprises the steps of carrying out a first treatment on the surface of the Message m is denoted as m=payload|id i ||T 3
(2.1.2) selecting two random numbersπ∈ R {0,1} n2
(2.1.3) calculating a random value d=h 3 (m, pi), first element of ciphertextAuxiliary valueThird element->
Then calculate the second element of ciphertextFourth element->c 1 ,c 2 ,c 3 Calculating a value for the corresponding intermediate;
(2.1.4) obtaining ciphertext of message mECU i Send ciphertext c to the ECU j
Further, the specific method for decryption in the step (2.2) is as follows:
(2.2.1)ECU j and (3) calculating:
(2.2.2) then extract message m:
(2.2.3)ECU j verification equationAnd->If true, the message m is considered to be true; otherwise, the message will be discarded;
(2.2.4) checking the sender ECU after decryption j Identity ID i The method comprises the steps of carrying out a first treatment on the surface of the Judging the time stamp T 3 Whether or not it satisfies |T 3 -T current And if the delta T is less than or equal to the delta T, receiving a payload (plaintext).
Further, the specific method for re-encrypting in the step (2.3) is as follows:
(2.3.1) if the ECU j The ECU cannot receive the signal for the second time i Transmitted data packet, CAN judging ECU j Failure or attack, cannot handle the message sent to it; here, to notify all nodes, the CAN controller broadcasts a special Error frame (e.g., error Flag in five frame types of CAN bus) to alert the node ECU on the bus j Has been damaged and put it into a bus off state;
when an error flag occurs, the ECU i The message before the third transmission: ECU (electronic control Unit) i Regenerating the timestamp T 4 And a new MAC value MAC 4 =H LKi (ID i ||ID j ||T 4 I c) and sends a packet irep=c i MAC 4 Upon receipt of the IRep, the GECU first checks the integrity of the message and the timestamp T 4 Whether the requirements are met;
(2.3.2) hash functions H () and LK stored with it by the GECU i Calculating a new MAC value MAC 4 ' in MAC 4 Equal to MAC 4 In the case of' timestamp T 4 And ciphertext c is verifiedThe time of the certificate is proved to be not modified, if the time stamp also meets the requirement, the GECU proceeds to the next step;
(2.3.3) GECU calculationCalculate->Generating a re-encrypted ciphertext c' = (c) 5 ,c 3 ,rk 2 ,rk 3 );
(2.3.4) GECU obtains the current timestamp T 5 Identification ID of connection GECU g 、T 5 And c, the GECU passes through the hash function and the ECU k Long-term key LK k Calculating a MAC 5 =H LKk (ID g ||T 5 ||c); GECU will MAC 5 C 'are connected to form a request grep=c' ||mac 5
Further, the specific method for decrypting the secondary ciphertext in the step (2.4) is as follows:
(2.4.1) passing ID g And T 5 Using secret key LK k Computing MAC 5 'A'; if MAC 5 ' equal to received MAC 5 ECU then k Continuing to execute the step (2.4.2);
(2.4.2)ECU k calculation ofExtracting->
(2.4.3) if equationAnd->It is true that the message m and the payload are obtained, otherwise the message m will be discarded.
The beneficial effects are that: compared with the prior art, the invention has the following advantages:
(1) The invention uses the agency re-encryption mechanism to improve the confidentiality of the information, so that in practical application, all malicious nodes without private keys can not decrypt the information in the vehicle;
(2) The invention provides a corresponding in-vehicle network communication method based on the automatic driving automobile, and considers the dual redundancy environment of the ECU and the bus of the automatic driving automobile.
(3) In the invention, when the automatic driving automobile has single-point fault or suffers network attack, the message forwarding and processing under the encryption condition can be realized, the safety is further improved, the interruption of message forwarding is avoided, and the communication efficiency is improved.
Drawings
FIG. 1 is a schematic diagram of a system architecture in an embodiment;
FIG. 2 is a schematic diagram of a CAN bus and ECU dual redundancy architecture in an embodiment;
FIG. 3 is an overall flow chart of an embodiment;
fig. 4 is a flowchart of sending a re-encryption key in an embodiment.
Detailed Description
The technical scheme of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.
Example 1:
in order to facilitate understanding of the overall technical scheme, table 1 correspondingly explains part of the parameters.
TABLE 1
As shown in fig. 1, two kinds of participants are involved in the method for encrypting the message in the automatic driving vehicle based on the proxy encrypting mechanism in the embodiment, and a conventional ECU and a gateway ECU (i.e., GECU) communicate with each other through buses (e.g., CAN, flexRay, etc.).
The conventional ECU also comprises a backup ECU and an ECU without backup.
As shown in fig. 2, the method for encrypting the message in the automatic driving vehicle based on the proxy encrypting mechanism of the embodiment includes the following steps in a normal state: the sent ECU encrypts the message into a ciphertext, sends the ciphertext to the receiving ECU, and then decrypts the ciphertext to obtain a message plaintext (shown in FIG. 2A).
As shown in fig. 2B, in the case of a failure state, the following steps are included:
(1) The preparation process comprises the steps of initializing a system, generating a key and generating a re-encryption key;
(2) And in the communication process, encrypting, decrypting, re-encrypting and decrypting the secondary ciphertext.
The invention is based on the dual redundancy environment of the ECU and the bus in the automatic driving automobile, and ensures the confidentiality of the message and the security of the message under the condition of single-point fault or network attack by using the proxy re-encryption technology. The specific process is as follows:
system initialization phase
The system generates necessary system parameters, and then the system parameters are disclosed through a CAN bus, and the specific steps are as follows:
1) When manufacturing the automobile part, the manufacturer selects a safety parameter kappa, one prime number q with the length kappa, and the other prime number p meets q|p-1; n is n 1 And n 2 Two security parameters determined by κ; let G be a cyclic multiplication group and also be a subgroup of Zq. The order of G is q and the generator is G.
2) The manufacturer selects five hash functions Let the common parameter be (G, G, q, n) 1 ,n 2 ,h 1 ,h 2 ,h 3 ,h 4 ,h 5 ). The message space is->Each ECU stores the above-described common parameters internally.
3) During the manufacturing process, the GECU and the ECU that need to define the re-encryption key in advance all store the key derivation function KDF. The hash function H () is stored in any ECU.
4) The manufacturer selects one long-term key LK for each ECU, and the GECU stores the long-term keys of all ECUs, e.g<ID i ,LK i >And<ID j ,LK j >。
stage of generating key
The ECU generates a public-private key using the public parameters generated by the manufacturer, and the backed-up ECU needs to calculate the encryption key CK and the authentication key AK in order to communicate with the GECU. The process is carried out every time the vehicle is started, and the specific process is as follows:
1) Each time the vehicle is started, the ECU i Selection ofThe private key is sk i =(sk i1 ,sk i2 ). Then, the ECU i Calculate public key +.>All ECUs select their private keys and derive their public keys in a similar manner. The public key is disclosed and the private key is securely maintained by the ECU.
2) Each time the vehicle is operated, an ECU (e.g. ECU) having a backup j ) Immediately selecting a random number nonce and disclosing it; ECU (electronic control Unit) j Calculating an encryption key CK and an authentication key AK thereof by using a KDF: KDF (LK) j ||nonce)=AK j ||CK j
3) The GECU receives the random number nonce and uses the stored LK j And KDF to generate AK j And CK (CK) j As described above.
Stage of generating re-encryption key
That is, the ECU with backup generates its own re-encryption key and sends it securely to the GECU, which verifies and stores the key, and the specific procedure is as shown in fig. 3:
1) ECUj selects a random number sigma epsilon R {0,1} n1 Random number w epsilon R {0,1} n2 The method comprises the steps of carrying out a first treatment on the surface of the Each time the re-encryption key is sent, the ecu j will reselect the two random numbers.
2)、ECU j Calculating a first value of a re-encryption keyRandom value s=h # - 3 Sigma, w), the second value rk of the re-encryption key 2 =pk k s 2 Third value of the re-encryption key +.>Make ECU j To ECU (electronic control Unit) k Re-encryption key of rk) j→k =(rk 1 ,rk 2 ,rk 3 )。
3)、ECU j Re-encrypting key rk of oneself j→k Sending the encrypted key to the GECU, and performing mutual authentication to ensure that the GECU receives the correct re-encryption key; the GECU then sends the ECU j Is the ID of (C), ECU k Is the ID of (C), ECU j Re-encryption key list of (a)<ID j 、ID k 、rk j→k >Safe storage; the process uses AES as encryption algorithm and SHA as key hash algorithm;
4)、ECU j by CK j Encryption rk j→k Generating ciphertext sigma j =E CKj (rk j→k )。
5)、ECU j Obtaining the current timestamp T 1 GeneratingAnd is combined with Req j =σ j ||MAC 1 Broadcast to the GECU together.
6) The GECU receives the request Req j After that, firstly usingID j 、σ j 、T 1 、ID k Calculating a new MAC value MAC 1 ' authenticate the message; if MAC 1 ' and MAC 1 If the messages are equal, judging that the messages are true and reliable; the GECU then checks the current time T current And a timestamp T 1 Whether the difference value of (2) satisfies a set time difference threshold: i T 1 -T current If the total sum is less than or equal to delta T, the GECU is equal to sigma j Decrypting to obtain rk j->k And store the corresponding ID j 、ID k And rk j->k
DeltaT is the worst response time of the CAN message, deltaT is defined by J m 、W m And C m Composition; j (J) m Jitter for queuing; w (W) m Is queuing delay; c (C) m The transmission time of the message;
7) GECU obtains the current timestamp T 2 And generate a packet with rk j->k And ID g MAC of (d) 2 The method comprises the steps of carrying out a first treatment on the surface of the And then to ECU j Transmitting a containing ID g 、MAC 2 =H rkj→k (ID g ||T 2 ) And a timestamp T 2 Is to respond to request Rep j =T 2 ||MAC 2
8)、ECU j Verification of new MAC value MAC using re-encryption key after receipt 2 ' whether or not to equal MAC 2 The method comprises the steps of carrying out a first treatment on the surface of the If equal, continue to verify T 2 Whether or not it satisfies |T 2 -T current And when the two requirements are met, confirming that the GECU obtains the correct re-encryption key.
In the step (2), the sender ECU encrypts the message, broadcasts the message through the bus after encryption, and the receiver ECU receives the data packet and decrypts the data packet by using the private key. If the receiving party ECU suddenly fails, the receiving party ECU cannot process the message, at the moment, the bus broadcasts an error frame, all nodes on the bus are notified that the node fails, then a sending and resending data frame is sent, the GECU receives the data frame, the message is re-encrypted by using a re-encryption key, the message is forwarded to the backup ECU of the other bus, and the backup ECU receives the message and decrypts the ciphertext.
Encryption phase for messages
1)、ECU i In the direction of ECU j Acquiring a current timestamp T before sending a message m 3 And concatenates payload and its identity ID i The method comprises the steps of carrying out a first treatment on the surface of the Message m is denoted as m=payload|id i ||T 3
2) Selecting two random numbersπ∈ R {0,1} n2
3) Calculating a random value d=h 3 (m, pi), first element of ciphertextAuxiliary valueThird element->
Then calculate the second element of ciphertextFourth element->
4) Obtaining ciphertext of message mECU i Send ciphertext c to the ECU j
Decryption phase for message
1)、ECU j And (3) calculating:
2) And then extract the message
3)、ECU k Validating two equationsAnd->If true, the message m is considered to be true; otherwise, the message will be discarded;
4) Check sender ECU after decryption j Identity ID i The method comprises the steps of carrying out a first treatment on the surface of the Judging the time stamp T 3 Whether or not it satisfies |T 3 -T current And if the I is less than or equal to delta T, receiving the plaintext payload.
Re-encryption of messages
1) Due to the ECU j The ECU cannot receive the signal for the second time i Transmitted data packet, CAN judging ECU j Failure or attack, cannot process the message sent to it. To notify all nodes, the CAN controller sends a special error flag to alert the node ECU on the bus j Has been damaged and brought into a bus off state. When an error flag occurs, the ECU i The message before the third transmission: ECU (electronic control Unit) i Regenerating the timestamp T 4 And a new MAC value MAC 4 =H LKi (ID i ||ID j ||T 4 I c) and sends a packet irep=c i MAC 4 Upon receipt of the IRep, the GECU first checks the integrity of the message and the timestamp T 4 Whether the requirements are met.
2) Hash functions H () and LK stored by the GECU i Calculating a new MAC value MAC 4 ' in MAC 4 Equal to MAC 4 In the case of' timestamp T 4 And the ciphertext c is proved to be not modified during verification, if the timestamp also meets the requirement, the GECU proceeds to the next step;
3)、GECU calculationCalculate->Generating a re-encrypted ciphertext c' = (c) 5 ,c 3 ,rk 2 ,rk 3 )。
4) GECU obtains the current timestamp T 5 Identification ID of connection GECU g 、T 5 And c, the GECU passes through the hash function and the ECU k Long-term key LK k Calculating a MAC 5 =H LKk (ID g ||T 5 ||c); GECU will MAC 5 C 'are connected to form a request grep=c' ||mac 5
Decryption of a second ciphertext stage
ECU k After receiving the message sent by the GECU, firstly checking the integrity of the message by using a hash function H (), and judging the timestamp T if the message is not tampered 5 And whether the identity meets the requirements. In case all requirements are verified, c' is decrypted. ECU (electronic control Unit) k And communicating with other ECUs in the redundant system to make a decision for safe parking.
The method comprises the following specific steps:
1)、MAC 5 ' pass ID g And T 5 Using secret key LK k And (5) calculating. If the result is equal to the received MAC 5 ECU then k The next process continues.
2)、ECU k Calculation ofExtracting->
3) If (if)And->It is true that the message m and the payload are obtained, otherwise the message m will be discarded.
According to the embodiment, the confidentiality of the message and the security of the message under the condition of single-point fault or network attack are ensured by using the proxy re-encryption technology, because malicious nodes without private keys cannot decrypt the message transmitted between legal ECUs; meanwhile, because the dual redundancy environment of the ECU and the bus in the automatic driving automobile is considered, and when the automatic driving automobile has single-point fault or suffers network attack, the invention can realize the forwarding and processing of the message under the encryption condition. In addition, the re-encryption part in the invention does not need a completely trusted third party to act as a proxy, and the practicability of the whole technical scheme is stronger.

Claims (8)

1. An automatic driving vehicle interior message re-encryption method based on a proxy re-encryption mechanism is characterized by comprising the following steps of: the method comprises the following steps:
(1) The preparation process comprises the following steps:
(1.1) initializing: generating the required common parameters (G, G, q, n) by the manufacturer OEM 1 ,n 2 ,h 1 ,h 2 ,h 3 ,h 4 ,h 5 ) And the common parameters are saved by all the electronic control units ECU;
wherein G is a cyclic multiplication group, and is also a subgroup of Zq; g is the generator of G, kappa is a preset safety parameter, q is the order of G and is the prime number of length kappa, n 1 And n 2 Two security parameters, h, determined by κ 1 ,h 2 ,h 3 ,h 4 And h 5 Is a corresponding hash function;
(1.2) Key Generation: the electronic control unit ECU comprises an ECU without backup and an ECU with backup, all the electronic control unit ECUs generate and generate respective public keys pk and private keys sk, wherein the ECU with backup calculates an encryption key CK and an authentication key AK through a key derivation function KDF;
(1.3) generating a re-encryption key: the ECU with the backup generates a re-encryption key used in future in advance and sends the re-encryption key to the GECU in a safe mode, and the GECU verifies and saves the received re-encryption key;
(2) The communication process comprises the following steps:
(2.1) encrypting the message: in the case where the ECU does not fail, the sender ECU i To receiver ECU j Encrypting the message m before sending the message m to obtain a ciphertext c;
(2.2) decrypting the primary ciphertext: under normal conditions, the receiving-side ECU j Decrypting the received message to obtain a plaintext payload;
(2.3) re-encryption: if the message is abnormal, the GECU re-encrypts the received message;
(2.4) decrypting the secondary ciphertext: receiver ECU j Corresponding backup ECU k After receiving the re-encrypted message sent from the GECU, firstly checking the integrity of the message by a hash function, and judging the timestamp T if the message is not tampered 5 And whether the identity meets the requirements; if both the verification passes, decrypting c' to obtain plaintext, and ECU k Communicate with other ECUs in the redundant system.
2. The method for encrypting the message in the automatic driving vehicle based on the proxy encrypting mechanism according to claim 1, wherein: the corresponding parameters in the step (1.1) are specifically as follows:
the manufacturer selects five hash functions The message space is->
The GECU and the ECU needing to predefine the re-encryption key are internally provided with a key derivation function KDF, all the ECUs are provided with a long-term key LK, and the GECU is provided with the long-term keys of all the ECUs and the corresponding identity IDs;
yet another prime number p in the common parameter satisfies q|p-1.
3. The method for encrypting the message in the automatic driving vehicle based on the proxy encrypting mechanism according to claim 2, wherein: the specific method for generating the secret key in the step (1.2) comprises the following steps:
(1.2.1) any one of the ECUs every time the vehicle is started i Selection ofThe ECU i Is sk i =(sk i1 ,sk i2 ),ECU i Calculate its public key +.>
(1.2.2) each time the vehicle is running, any ECU having a backup immediately selects a random number nonce and discloses it; and calculates its encryption key CK and authentication key AK using KDF: KDF (lk||nonce) =ak|ck;
(1.2.3) the GECU receives the random number nonce and generates AK and CK using the stored LK and KDF.
4. The method for encrypting the message in the automatic driving vehicle based on the proxy encrypting mechanism according to claim 3, wherein: the specific method for generating the re-encryption key in the step (1.3) comprises the following steps:
(1.3.1)ECU j selecting random numbersRandom number->Each time a re-encryption key is sent, the ECU j The two random numbers will be reselected;
(1.3.2)ECU j calculating a first value of a re-encryption keyRandom value s=h 3 (sigma, w) second value of the re-encryption key +.>Third value of the re-encryption key +.> Make ECU j To ECU (electronic control Unit) k Re-encryption key of rk) j→k =(rk 1 ,rk 2 ,rk 3 );pk j1 And pk j2 For the receiving party ECU j Sk is used as the two public keys of (1), sk is used as the public key of (1) j1 And sk j2 For the receiving party ECU j Is a private key of (a);
(1.3.3)ECU j re-encrypting key rk of oneself j→k Sending the encrypted key to the GECU, and performing mutual authentication to ensure that the GECU receives the correct re-encryption key; the GECU then sends the ECU j Is the ID of (C), ECU k Is the ID of (C), ECU j Re-encryption key list of (a)<ID j 、ID k 、rk j→k >Safe storage;
(1.3.4)ECU j by CK j Encryption rk j→k Generating ciphertext
(1.3.5)ECU j Obtaining the current timestamp T 1 Generating a message authentication code And is connected with request Req j =σ j ||MAC 1 Broadcast to the GECU together;
(1.3.6) GECU received request Req j After that, firstWith ID j 、σ j 、T 1 、ID k Calculating a new MAC value MAC 1 ' authenticate the message; if MAC 1 ' and MAC 1 If the messages are equal, judging that the messages are true and reliable; the GECU then checks the current time T current And a timestamp T 1 Whether the difference value of (2) satisfies a set time difference threshold: i T 1 -T current If the total sum is less than or equal to delta T, the GECU is equal to sigma j Decrypting to obtain rk j->k And store the corresponding ID j 、ID k And rk j->k
DeltaT is the worst response time of the CAN message, deltaT is defined by J m 、W m And C m Composition; j (J) m Jitter for queuing; w (W) m Is queuing delay; c (C) m The transmission time of the message;
(1.3.7) GECU obtains the current timestamp T 2 And generate a packet with rk j->k And ID g MAC value MAC of (2) 2 The method comprises the steps of carrying out a first treatment on the surface of the And then to ECU j Transmitting a containing ID g 、MAC 2 =H rkj→k (ID g ||T 2 ) And a timestamp T 2 Is to respond to request Rep j =T 2 ||MAC 2
(1.3.8)ECU j Verification of new MAC value MAC using re-encryption key after receipt 2 ' whether or not to equal MAC 2 The method comprises the steps of carrying out a first treatment on the surface of the If equal, continue to verify T 2 Whether or not it satisfies |T 2 -T current And when the two requirements are met, confirming that the GECU obtains the correct re-encryption key.
5. The method for encrypting the message in the automatic driving vehicle based on the proxy encrypting mechanism according to claim 4, wherein: the specific method for encrypting in the step (2.1) comprises the following steps:
(2.1.1)ECU i in the direction of ECU j Acquiring a current timestamp T before sending a message m 3 And concatenates payload and its identity ID i The method comprises the steps of carrying out a first treatment on the surface of the Message m is denoted as m=payload|id i ||T 3
(2.1.2) selecting two random numbers
(2.1.3) calculating the random value d=h3 (m, pi), the first element of ciphertextAuxiliary valueThird element->
Then calculate the second element of ciphertextFourth element->
(2.1.4) obtaining ciphertext of message mECU i Send ciphertext c to the ECU j
6. The method for encrypting the message in the automatic driving vehicle based on the proxy encrypting mechanism according to claim 5, wherein: the decryption method in the step (2.2) comprises the following specific steps:
(2.2.1)ECU j and (3) calculating:
(2.2.2) then extract message m:
(2.2.3) if equationAnd-> If true, the message m is considered to be true; otherwise, the message will be discarded;
(2.2.4) checking the sender ECU after decryption j Identity ID i The method comprises the steps of carrying out a first treatment on the surface of the Judging the time stamp T 3 Whether or not it satisfies |T 3 -T current If the delta T is less than or equal to the delta T, receiving a payload;
c 1 、c 2 、c 3 、c 4 、c 5 is a set of five elements in the ciphertext,T current is the current time.
7. The method for encrypting the message in the automatic driving vehicle based on the proxy encrypting mechanism according to claim 6, wherein: the specific method for re-encrypting in the step (2.3) comprises the following steps:
(2.3.1) if the ECU j The ECU cannot receive the signal for the second time i Transmitted data packet, CAN judging ECU j Failure or attack, cannot handle the message sent to it; here, to notify all nodes, the CAN controller broadcasts a special error frame reminding the node ECU on the bus j Has been damaged and put it into a bus off state;
when an error flag occurs, the ECU i The message before the third transmission: ECU (electronic control Unit) i Regenerating the timestamp T 4 And a new MAC value MAC 4 =H LKi (ID i ||ID j ||T 4 I c) and sends a packet irep=c i MAC 4 Upon receipt of the IRep, the GECU first checks the integrity of the message and the timestamp T 4 Whether the requirements are met;
(2.3.2) hash functions H () and LK stored with it by the GECU i Calculating a new MAC value MAC 4 ' in MAC 4 Equal to MAC 4 In the case of' timestamp T 4 And the ciphertext c is proved to be not modified during verification, if the timestamp also meets the requirement, the GECU proceeds to the next step;
(2.3.3) GECU calculationCalculate->Generating a re-encrypted ciphertext c' = (c) 5 ,c 3 ,rk 2 ,rk 3 );
(2.3.4) GECU obtains the current timestamp T 5 Identification ID of connection GECU j 、T 5 And c, the GECU passes through the hash function and the ECU k Long-term key LK k Calculate oneGECU will MAC 5 C 'are connected to form a request grep=c' ||mac 5
Where m is the message, c is the corresponding ciphertext, ID i And ID j Respectively refer to ECU i ECU (electronic control Unit) j Corresponding identity ID, rk 1 ,rk 2 ,rk 3 Refers to ECU j To ECU (electronic control Unit) k Re-encryption key of rk) j→k
8. The method for encrypting the message in the automatic driving vehicle based on the proxy encrypting mechanism according to claim 7, wherein: the specific method for decrypting the secondary ciphertext in the step (2.4) comprises the following steps:
(2.4.1) passing ID g And T 5 Using long-term key LK k Computing MAC 5 'A'; if MAC 5 ' equal to received MAC 5 ECU then k Continuing to execute the step (2.4.2);
(2.4.2)ECU k calculation ofExtracting m: />
(2.4.3) ifAnd->It is true that the message m and the payload are obtained, otherwise the message m will be discarded.
CN202111139922.7A 2021-09-28 2021-09-28 Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism Active CN113872969B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111139922.7A CN113872969B (en) 2021-09-28 2021-09-28 Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111139922.7A CN113872969B (en) 2021-09-28 2021-09-28 Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism

Publications (2)

Publication Number Publication Date
CN113872969A CN113872969A (en) 2021-12-31
CN113872969B true CN113872969B (en) 2024-01-19

Family

ID=78991511

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111139922.7A Active CN113872969B (en) 2021-09-28 2021-09-28 Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism

Country Status (1)

Country Link
CN (1) CN113872969B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013091348A1 (en) * 2011-12-20 2013-06-27 华为技术有限公司 Encryption and decryption method based on proxy, network apparatus, network device, and system
CN110098919A (en) * 2019-04-26 2019-08-06 西安电子科技大学 The acquisition methods of data permission based on block chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8873754B2 (en) * 2011-12-20 2014-10-28 Huawei Technologies Co., Ltd. Proxy-based encryption method, proxy-based decryption method, network equipment, network device and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013091348A1 (en) * 2011-12-20 2013-06-27 华为技术有限公司 Encryption and decryption method based on proxy, network apparatus, network device, and system
CN110098919A (en) * 2019-04-26 2019-08-06 西安电子科技大学 The acquisition methods of data permission based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于双线性对的无证书代理重加密方案;崔宁;李艳琼;;信息技术(07);全文 *

Also Published As

Publication number Publication date
CN113872969A (en) 2021-12-31

Similar Documents

Publication Publication Date Title
US10965450B2 (en) In-vehicle networking
US10742409B2 (en) Legitimacy verification of a node in a distributed network
EP3386163B1 (en) Apparatuses and methods for use in a can system
US20180270052A1 (en) Cryptographic key distribution
US8577036B2 (en) Method and device for transmitting messages in real time
KR101549034B1 (en) Method for guarantying the confidentiality and integrity of a data in Controller Area Networks
CN110572418A (en) Vehicle identity authentication method and device, computer equipment and storage medium
EP3432511B1 (en) Communication network system, vehicle, counter-value notification node, counter-value sharing method, and computer program
CN112448941B (en) Authentication system and method for authenticating a microcontroller
CN113132098B (en) Large-scale in-vehicle network-oriented extensible CAN bus safety communication method and device
CN111865922A (en) Communication method, device, equipment and storage medium
CN111740825A (en) CAN bus multi-network node authentication method and system
EP3713190B1 (en) Secure bridging of controller area network buses
CN113872969B (en) Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism
Tashiro et al. A secure protocol consisting of two different security-level message authentications over CAN
CN110995671A (en) Communication method and system
CN113839782B (en) Light-weight safe communication method for CAN (controller area network) bus in vehicle based on PUF (physical unclonable function)
Cultice et al. A PUF based CAN security framework
KR102419057B1 (en) Message security system and method of railway communication network
Daimi et al. Securing Vehicle’s Electronic Control Units
Cui et al. A Multilevel Electronic Control Unit Re-Encryption Scheme for Autonomous Vehicles
GB2544175A (en) Cryptographic key distribution
Piao et al. Research of FlexRay Network Security based on Star Topology
Park Cryptanalysis and Improvement of an Advanced Security Scheme Based on Clustering and Key Distribution in Vehicular Ad-Hoc Networks
Yang et al. Cyber Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant