CN115361230B - In-vehicle safety information communication method, system and medium of vehicle-mounted Ethernet - Google Patents
In-vehicle safety information communication method, system and medium of vehicle-mounted Ethernet Download PDFInfo
- Publication number
- CN115361230B CN115361230B CN202211271745.2A CN202211271745A CN115361230B CN 115361230 B CN115361230 B CN 115361230B CN 202211271745 A CN202211271745 A CN 202211271745A CN 115361230 B CN115361230 B CN 115361230B
- Authority
- CN
- China
- Prior art keywords
- encryption
- algorithm
- data packet
- decryption
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a vehicle-mounted Ethernet in-vehicle safety information communication method, a system and a medium, wherein the method comprises the following steps: configuring a double-character encryption algorithm at a data sending end; configuring a double decryption checking algorithm at a data receiving end; detecting an information transmission requirement, and executing a text encryption operation at a data sending end based on the information transmission requirement and a double-character encryption algorithm to obtain a data packet to be verified; sending the data packet to be verified to a data receiving end; detecting a data packet transmission request state at a data receiving end, and selecting to receive or discard a data packet based on a double decryption verification algorithm and the data packet transmission request state; the invention can realize double encryption and double verification with extremely high safety when information in the vehicle is transmitted or received, ensures the confidentiality, authenticity and freshness of information transmitted by the vehicle-mounted Ethernet, and effectively improves the safety of information communication transmission in the vehicle-mounted Ethernet through a high-flexibility encryption and verification system.
Description
Technical Field
The invention relates to the technical field of information transmission, in particular to a vehicle-mounted Ethernet in-vehicle safety information communication method, a vehicle-mounted Ethernet in-vehicle safety information communication system and a vehicle-mounted Ethernet in-vehicle safety information communication medium.
Background
At present, with the development of vehicle driving automation, intelligent networking automobile, intelligent automobile interaction, intelligent cabin and other vehicle digitalization, vehicle informatization and vehicle intellectualization, the data volume needing to be transmitted in a vehicle is increased sharply, in order to improve vehicle-mounted communication performance and reduce network complexity, an electronic and electrical framework of the vehicle is continuously upgraded, and vehicle-mounted Ethernet is also introduced into an automobile network, but with the introduction of the vehicle-mounted Ethernet, the safety problem is more and more; currently, most of vehicle-mounted ethernet information transfer is plaintext transmission, and the following security risks may exist in the information communication mode:
on the first hand, the risk of information stealing means that an information attacker steals a large amount of communication messages and analyzes data, while the plaintext mode under the transmission method does not carry out encryption transmission, so that the data is easily leaked and cracked, and in severe cases, the secret of a manufacturer is possibly leaked and even the safety of passengers is damaged;
in the second aspect, the risk of information tampering refers to that an attacker attacks a node after invading legal equipment, and tampers the received information, and then sends the tampered error information to other nodes, so as to achieve the purpose of disturbing and even controlling the automobile by means of the information to be sent by the tampering equipment;
thirdly, replaying the attack risk, wherein the risk condition means that an attacker can attack the node, steal the authentication certificate of the legal node, and simultaneously resend the authentication certificate to other authentication nodes to destroy the correctness of authentication so as to achieve the purposes of deceiving authentication and invading the node;
in the fourth aspect, the risk of node spoofing refers to the risk condition that an attacker pretends to be other network nodes or equipment, accesses the in-vehicle network and completes identity authentication, further obtains the related authority in the vehicle, and supplies or steals information; for example, IP spoofing, an attacker can impersonate a target device to access an in-vehicle network without intruding the device;
therefore, in summary, the existing vehicle-mounted Ethernet information transmission mode has higher potential safety hazard, easily causes information safety crisis such as information leakage, and influences the vehicle safety and the passenger safety.
Disclosure of Invention
The invention aims to provide a method, a system and a medium for communicating safety information in a vehicle of a vehicle-mounted Ethernet, aiming at the problems in the prior art, and further solving the problems that the vehicle safety and the passenger safety are affected because a vehicle-mounted Ethernet information transmission mode in the prior art has higher potential safety hazard, information safety crisis such as information leakage is easy to cause and the like.
In order to solve the technical problems, the specific technical scheme of the invention is as follows:
on one hand, the invention provides a vehicle-mounted Ethernet in-vehicle safety information communication method, which comprises the following steps:
and an encryption and decryption algorithm configuration step:
configuring a double-character encryption algorithm at a data sending end; configuring a double decryption checking algorithm at a data receiving end;
data encryption and transmission:
detecting an information transmission requirement, and executing an original text encryption operation at the data sending end based on the information transmission requirement and the double-character encryption algorithm to obtain a data packet to be verified; sending the data packet to be verified to a data receiving end;
data decryption and verification:
and detecting the data packet transmission request state at the data receiving end, and selecting to receive or discard the data packet based on the double decryption and verification algorithm and the data packet transmission request state.
As an improved solution, the information transmission requirement includes: a first demand and a second demand; the first requirement is that an original text to be transmitted exists; the second requirement is that no original text to be transmitted exists;
the plaintext encryption operation comprises:
identifying the information transmission need;
when the information transmission requirement is the first requirement, calling the double-character encryption algorithm to encrypt the original text to be transmitted to obtain random characters, an encrypted ciphertext and an encrypted abstract; and integrating the random character, the encrypted ciphertext and the encrypted abstract to obtain the data packet to be verified.
As an improved scheme, the double-character encryption algorithm is as follows:
generating the random character based on a random number generation algorithm;
performing double-character string filling on the random character to obtain a first character string and a second character string;
generating a first encryption key and a second authentication key based on the first character string and the second character string;
and carrying out double encryption on the original text to be transmitted based on the first encryption key and the second authentication key to obtain the encrypted ciphertext and the encrypted abstract.
As an improved scheme, the double-string padding is performed on the random character to obtain a first character string and a second character string, including;
filling the random character by adopting a first filling strategy to obtain the first character string;
and filling the random character by adopting a second filling strategy to obtain the second character string.
As an improved solution, the generating a first encryption key and a second authentication key based on the first character string and the second character string includes:
encrypting the first character string by adopting an MD5 algorithm, and intercepting the first character string by a corresponding rule designed by a random number to obtain a first encryption key;
and encrypting the second character string by adopting an MD5 algorithm to obtain the second authentication key.
As an improved scheme, the doubly encrypting the original text to be transmitted based on the first encryption key and the second authentication key to obtain the encrypted ciphertext and the encrypted digest includes:
creating a message sequence number;
adding the message sequence number in the original text to be transmitted to obtain the original text to be encrypted;
encrypting the original text to be encrypted by the first encryption key based on an AES-128 algorithm to obtain the encrypted ciphertext;
and encrypting the original text to be encrypted by the second authentication key based on the HAMC-MD5 algorithm to obtain the encrypted digest.
As an improved solution, the packet transmission request state includes: a first state and a second state; the first state is that the data packet to be verified exists to request transmission; the second state is that the data packet to be verified does not exist for requesting transmission;
the detecting a data packet transmission request state at the data receiving end, and selecting to receive or discard a data packet based on the double decryption checking algorithm and the data packet receiving state includes:
identifying the data packet transmission request state;
and when the data packet transmission request state is the first state, calling the double decryption check algorithm to receive and judge the data packet based on the data packet to be verified.
As an improved scheme, the double decryption checking algorithm is as follows:
extracting the random characters in the data packet to be verified;
filling and encrypting the random characters according to the first filling strategy and the MD5 algorithm to obtain a first decryption key;
filling and encrypting the random characters according to the second filling strategy and the MD5 algorithm to obtain a second decryption authentication key;
decrypting the encrypted ciphertext through the first decryption key to obtain a decrypted text and a decrypted serial number;
judging whether the decryption serial number meets the serial number strategy of the message serial number; if yes, encrypting the decryption text and the decryption serial number based on the second decryption authentication key to obtain a decryption abstract;
judging whether the decryption abstract is the same as the encryption abstract or not; if the data packets are the same, receiving the data packets to be verified; and if not, discarding the data packet to be verified.
On the other hand, the invention also provides an in-vehicle safety information communication system of the vehicle-mounted Ethernet, which comprises the following components:
the encryption and decryption algorithm configuration unit is used for configuring a double-character encryption algorithm at a data sending end and configuring a double-decryption checking algorithm at a data receiving end;
the data encryption sending unit is used for detecting information transmission requirements and executing original text encryption operation on the data sending end based on the information transmission requirements and the double-character encryption algorithm to obtain a data packet to be verified; the data encryption sending unit sends the data packet to be verified to a data receiving end;
and the data decryption checking unit is used for detecting the transmission request state of the data packet at the data receiving end and selecting to receive or discard the data packet based on the double decryption checking algorithm and the receiving state of the data packet.
In another aspect, the present invention further provides a computer-readable storage medium having a computer program stored thereon, where the computer program, when executed by a processor, implements the steps of the in-vehicle security information communication method of the in-vehicle ethernet.
The technical scheme of the invention has the beneficial effects that:
1. according to the in-vehicle safety information communication method of the vehicle-mounted Ethernet, provided by the invention, double encryption and double verification with extremely high safety can be carried out during in-vehicle information transmission or receiving, wherein the information confidentiality of the in-vehicle Ethernet information transmission is further ensured through high encryption of the information, the information is prevented from being stolen, illegal equipment is prevented and controlled through an encryption mechanism with an added message serial number, the authenticity of the information is ensured, the freshness of the information is ensured through a filling mechanism of random characters, replay attack is avoided, finally, the information stealing risk, the information tampering risk, the replay attack risk and the node risk in the application of the vehicle-mounted Ethernet in the prior art are effectively avoided through a high-flexibility encryption and verification system, the safety of information communication transmission in the vehicle-mounted Ethernet is improved, the defects in the prior art are made up, and the application value is extremely high.
2. According to the in-vehicle safety information communication system of the vehicle-mounted Ethernet, disclosed by the invention, the mutual cooperation of the encryption and decryption algorithm configuration unit, the data encryption sending unit and the data decryption verification unit can be further realized, so that the high-safety double encryption and double verification are carried out during the transmission or reception of in-vehicle information, the information confidentiality of the vehicle-mounted Ethernet information transmission is further ensured through the high encryption of the information, the information is prevented from being stolen, the illegal equipment is prevented and controlled through an encryption mechanism with an added message serial number, the authenticity of the information is ensured, the freshness of the information is ensured through a filling mechanism of random characters, the replay attack is avoided, finally, the information stealing risk, the information tampering risk, the replay attack risk and the node risk in the application of the vehicle-mounted Ethernet in the prior art are effectively avoided through a high-flexibility encryption and verification system, the safety of the information communication transmission in the vehicle-mounted Ethernet is improved, the defects in the prior art are overcome, and the application value is very high.
3. The computer readable storage medium can realize the cooperation of the guide encryption and decryption algorithm configuration unit, the data encryption sending unit and the data decryption verification unit, and further realize the in-vehicle safety information communication method of the vehicle-mounted Ethernet.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flow chart of a method for communicating safety information in a vehicle using a vehicle-mounted ethernet according to embodiment 1 of the present invention;
fig. 2 is a detailed flow logic diagram of a method for communicating safety information in a vehicle through a vehicle-mounted ethernet according to embodiment 1 of the present invention;
fig. 3 is a schematic structural diagram of an in-vehicle safety information communication system of a vehicle-mounted ethernet according to embodiment 2 of the present invention;
the reference numerals in the drawings are as follows:
1010. an encryption and decryption algorithm configuration unit; 1020. a data encryption transmitting unit; 1030. and a data decryption checking unit.
Detailed Description
The following detailed description of the preferred embodiments of the present invention, taken in conjunction with the accompanying drawings, will make the advantages and features of the present invention more comprehensible to those skilled in the art, and will thus provide a clear and concise definition of the scope of the present invention.
In the description of the present invention, it should be noted that the described embodiments of the present invention are a part of the embodiments of the present invention, and not all embodiments; all other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," and the like in the description and in the claims, as well as in the drawings, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments herein described are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or device.
Example 1
The embodiment provides an in-vehicle safety information communication method of a vehicle-mounted ethernet, as shown in fig. 1 and fig. 2, including the following steps:
s100, an encryption and decryption algorithm configuration step, which specifically comprises the following steps:
s110, configuring a double-character encryption algorithm at a data sending end; configuring a double decryption checking algorithm at a data receiving end;
s200, a data encryption sending step, which specifically comprises:
s210, detecting an information transmission requirement, and executing an original text encryption operation at the data sending end based on the information transmission requirement and the double-character encryption algorithm to obtain a data packet to be verified; sending the data packet to be verified to a data receiving end;
s300, a data decryption verification step specifically comprises:
s310, detecting the data packet transmission request state at the data receiving end, and selecting to receive or discard the data packet based on the double decryption and verification algorithm and the data packet transmission request state.
In the embodiment, the encryption operation with high randomness, low repetition degree and good encryption effect and the decryption operation with high safety are mainly completed through a double-character encryption algorithm and a double-decryption check algorithm, so that the safety data communication in the vehicle is ensured;
as an embodiment of the present invention, the information transmission requirement includes: a first demand and a second demand; the first requirement is that an original text to be transmitted exists; the second requirement is that no original text to be transmitted exists;
the plaintext encryption operation comprises: identifying the information transmission need;
when the information transmission requirement is the first requirement, the fact that data needs to be transmitted and encrypted in the vehicle-mounted application is explained, so that the double-character encryption algorithm is called to encrypt the original text to be transmitted to obtain random characters, an encrypted ciphertext and an encrypted abstract; and integrating the random character, the encrypted ciphertext and the encrypted abstract to obtain the data packet to be verified.
As an embodiment of the present invention, the double character encryption algorithm is:
generating the random character based on a random number generation algorithm, in the embodiment, generating a random number with 0 to 9 digits based on HSM, wherein the random number is the random character; then, double-character string filling is carried out on the random character to obtain a first character string and a second character string; generating a first encryption key and a second authentication key based on the first character string and the second character string; and carrying out double encryption on the original text to be transmitted based on the first encryption key and the second authentication key to obtain the encrypted ciphertext and the encrypted abstract.
As an embodiment of the present invention, the performing double-string padding on the random character to obtain a first character string and a second character string includes; filling the random character by adopting a first filling strategy to obtain the first character string; filling the random character by adopting a second filling strategy to obtain a second character string; in this embodiment, the first filling strategy and the second filling strategy are both owner information and vehicle identification codes that are allowed to be read by the owner of the vehicle, such as owner name, birthday, height, weight, etc. of the vehicle applied by the method, and the random characters are randomly filled to obtain random character strings consisting of upper and lower case letters, numbers and symbols.
As an embodiment of the present invention, the generating a first encryption key and a second authentication key based on the first character string and the second character string includes:
encrypting the first character string by adopting an MD5 algorithm to generate another group of characters, and intercepting the other group of characters by a corresponding rule designed by a random number to obtain a first encryption key, wherein the first encryption key is used as an encryption key of a symmetric encryption algorithm; similarly, the MD5 algorithm is adopted to encrypt the second character string without intercepting to obtain a second authentication key which is used as a message authentication key;
as an embodiment of the present invention, the performing double encryption on the original text to be transmitted based on the first encryption key and the second authentication key to obtain the encrypted ciphertext and the encrypted digest includes:
according to specific requirements, a message sequence number is created in a self-defined mode; adding the message sequence number in the original text to be transmitted to obtain the original text to be encrypted; encrypting the original text to be encrypted added with the message serial number through the generated first encryption key based on an AES-128 algorithm to obtain the encrypted ciphertext; encrypting the original text to be encrypted with the added message serial number based on the HAMC-MD5 algorithm by the second authentication key to obtain the encrypted digest; correspondingly, through the operation, namely the encryption processing of the original text to be transmitted is completed, the security is extremely high, the original text to be transmitted is not easy to crack, and the risk of the key leakage of the symmetric encryption algorithm in the transmission process is effectively compensated because the data is not related to the transmission of the key when being sent finally; when the vehicle applied by the method needs to send data to the vehicle or the vehicle, the data is encrypted through the unified encryption flow;
as an embodiment of the present invention, the packet transmission request state includes: a first state and a second state; the first state is that the data packet to be verified exists to request transmission; the second state is that the data packet to be verified does not exist for requesting transmission;
the detecting a data packet transmission request state at the data receiving end, and selecting to receive or discard a data packet based on the double decryption checking algorithm and the data packet receiving state includes:
identifying the data packet transmission request state; when the data packet transmission request state is the first state, it indicates that there is a data transmission request in the vehicle, the data needs to be safely verified, and the data can be received only if the safety verification must meet the encryption flow, so that the data packet to be verified is called to perform the receiving judgment of the data packet based on the data packet to be verified.
As an embodiment of the present invention, the double decryption checking algorithm is:
firstly, extracting the random characters in the data packet to be verified; then filling the random character according to the first filling strategy, and then carrying out MD5 algorithm encryption to obtain a first decryption key; filling the random characters according to the second filling strategy, then carrying out MD5 algorithm encryption to obtain a second decryption authentication key, and after obtaining a corresponding decryption key and a decryption authentication key, decrypting the encrypted ciphertext, so that the encrypted ciphertext is decrypted by the first decryption key to obtain a decrypted text and a decrypted serial number; at this time, whether the decryption serial number meets the serial number strategy of the message serial number is judged, namely whether the decryption serial number is matched with the serial number in the encryption process, wherein the matching comprises but is not limited to the arrangement rule of the serial number, the format of the serial number, the matching relation between the number lengths of the serial number and the like; if so, the preliminary verification is satisfied, and then the decrypted text and the decrypted serial number are encrypted based on the second decryption authentication key to obtain a corresponding decryption abstract; then judging whether the decryption abstract is the same as the encryption abstract or not; if the data packets are the same, the sent data packets are encrypted according to the encryption flow strictly, so that the data packets are regarded as safety data, and the data packets to be verified are received; if not, the sent data is not encrypted strictly according to the encryption flow and may be unsafe data, so the data packet to be verified is discarded; correspondingly, when the decryption serial number does not meet the serial number strategy of the message serial number, the data to be verified is discarded as well as the data to be verified is judged not to be encrypted strictly according to the encryption flow in the preliminary verification; furthermore, by the method, sectional data verification is performed, the serial number is detected first, and then the abstract comparison is performed, so that the safety of double verification is met, and unnecessary labor waste is avoided.
Example 2
The present embodiment provides an in-vehicle safety information communication system of a vehicle-mounted ethernet based on the same inventive concept as the in-vehicle safety information communication method of the vehicle-mounted ethernet described in embodiment 1, as shown in fig. 3, including:
an encryption and decryption algorithm configuration unit 1010, configured to configure a double-character encryption algorithm at the data sending end, and configure a double-decryption checking algorithm at the data receiving end;
a data encryption sending unit 1020, configured to detect an information transmission requirement, and execute an original text encryption operation at the data sending end based on the information transmission requirement and the double-character encryption algorithm to obtain a data packet to be verified; the data encryption sending unit 1020 sends the data packet to be verified to a data receiving end;
a data decryption checking unit 1030, configured to detect a data packet transmission request state at the data receiving end, and select to receive or discard a data packet based on the double decryption checking algorithm and the data packet transmission request state.
As an embodiment of the present invention, the information transmission requirement includes: a first demand and a second demand; the first requirement is that an original text to be transmitted exists; the second requirement is that no original text to be transmitted exists;
as an embodiment of the present invention, the data encryption transmission unit 1020 includes: the system comprises a demand identification module and an encryption processing module;
the plaintext encryption operation comprises: the requirement identification module is used for identifying the information transmission requirement;
when the information transmission requirement is the first requirement, the encryption processing module calls the double-character encryption algorithm to encrypt the original text to be transmitted to obtain a random character, an encrypted ciphertext and an encrypted abstract; and the encryption processing module integrates the random character, the encrypted ciphertext and the encrypted abstract to obtain the data packet to be verified.
As an embodiment of the present invention, the double character encryption algorithm is: the encryption processing module generates the random characters based on a random number generation algorithm; the encryption processing module carries out double-character string filling on the random character to obtain a first character string and a second character string; the encryption processing module generates a first encryption key and a second authentication key based on the first character string and the second character string; and the encryption processing module performs double encryption on the original text to be transmitted based on the first encryption key and the second authentication key to obtain the encrypted ciphertext and the encrypted abstract.
As an embodiment of the present invention, the encryption processing module performs double-string padding on the random character to obtain a first character string and a second character string, including; the encryption processing module fills the random character by adopting a first filling strategy to obtain the first character string; and the encryption processing module fills the random character by adopting a second filling strategy to obtain the second character string.
As an embodiment of the present invention, the encryption processing module generates a first encryption key and a second authentication key based on the first character string and the second character string, and includes: the encryption processing module encrypts the first character string by adopting an MD5 algorithm, and then intercepts the first character string by a corresponding rule designed by a random number to obtain the first encryption key; and the encryption processing module encrypts the second character string by adopting an MD5 algorithm to obtain the second authentication key.
As an embodiment of the present invention, the performing, by the encryption processing module, a double encryption of the original text to be transmitted based on the first encryption key and the second authentication key to obtain the encrypted ciphertext and the encrypted digest includes: the encryption processing module creates a message serial number; the encryption processing module adds the message serial number in the original text to be transmitted to obtain the original text to be encrypted; the encryption processing module encrypts the original text to be encrypted through the first encryption key based on an AES-128 algorithm to obtain the encrypted ciphertext; and the encryption processing module encrypts the original text to be encrypted through the second authentication key based on the HAMC-MD5 algorithm to obtain the encrypted digest.
As an embodiment of the present invention, the packet transmission request state includes: a first state and a second state; the first state is that the data packet to be verified exists to request transmission; the second state is that the data packet to be verified does not exist for requesting transmission;
as an embodiment of the present invention, the data decryption checking unit 1030 includes: a request identification module and a decryption module;
the data decryption checking unit 1030 detects a data packet transmission request state at the data receiving end, and selects to receive or discard a data packet based on the double decryption checking algorithm and the data packet receiving state, including:
the request identification module is used for identifying the data packet transmission request state;
and when the data packet transmission request state is the first state, the decryption module calls the double decryption check algorithm to perform data packet receiving judgment based on the data packet to be verified.
As an embodiment of the present invention, the double decryption checking algorithm is: the decryption module extracts the random characters in the data packet to be verified; the decryption module fills and encrypts the random character according to the first filling strategy and the MD5 algorithm to obtain a first decryption key; the decryption module fills and encrypts the random character according to the second filling strategy and the MD5 algorithm to obtain a second decryption authentication key; the decryption module decrypts the encrypted ciphertext through the first decryption key to obtain a decrypted text and a decrypted serial number; the decryption module judges whether the decryption serial number meets the serial number strategy of the message serial number; if so, the decryption module encrypts the decrypted text and the decrypted serial number based on the second decryption authentication key to obtain a decrypted abstract; the decryption module judges whether the decryption abstract is the same as the encryption abstract or not; if the data packets are the same, the decryption module receives the data packets to be verified; and if not, the decryption module discards the data packet to be verified.
Example 3
The present embodiments provide a computer-readable storage medium comprising:
the storage medium is used for storing computer software instructions for implementing the in-vehicle safety information communication method of the vehicle-mounted Ethernet in the embodiment 1, and comprises a program for executing the in-vehicle safety information communication method of the vehicle-mounted Ethernet; specifically, the executable program may be embedded in the in-vehicle safety information communication device of the vehicle-mounted ethernet network according to embodiment 2, so that the in-vehicle safety information communication device of the vehicle-mounted ethernet network may implement the in-vehicle safety information communication method of the vehicle-mounted ethernet network according to embodiment 1 by executing the embedded executable program.
Furthermore, the computer-readable storage medium of the present embodiments may take any combination of one or more readable storage media, where a readable storage medium includes an electronic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof.
Different from the prior art, the in-vehicle safety information communication method, the device and the medium of the vehicle-mounted Ethernet can realize double encryption and double verification with extremely high safety during in-vehicle information transmission or receiving, wherein the information confidentiality of the in-vehicle Ethernet information transmission is ensured through high encryption of the information, the information is prevented from being stolen, illegal equipment is prevented and controlled through an encryption mechanism added with a message serial number, the authenticity of the information is ensured, the freshness of the information is ensured through a filling mechanism of random characters, replay attack is avoided, and finally, the information stealing risk, the information tampering risk, the replay attack risk and the node risk during application of the vehicle-mounted Ethernet in the prior art are effectively avoided through a high-flexibility encryption and verification system, the safety of the in-vehicle Ethernet information communication transmission is improved, the defects of the prior art are overcome, and the application value is extremely high.
It should be understood that, in various embodiments herein, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments herein.
It should also be understood that, in the embodiments herein, the term "and/or" is only one kind of association relation describing an associated object, meaning that three kinds of relations may exist. For example, a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided herein, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purposes of the embodiments herein.
In addition, functional units in the embodiments herein may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present invention may be implemented in a form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (3)
1. A vehicle-mounted Ethernet in-vehicle safety information communication method is characterized by comprising the following steps:
and an encryption and decryption algorithm configuration step:
configuring a double-character encryption algorithm at a data sending end; configuring a double decryption checking algorithm at a data receiving end;
data encryption and transmission:
detecting an information transmission requirement, and executing an original text encryption operation at the data sending end based on the information transmission requirement and the double-character encryption algorithm to obtain a data packet to be verified; sending the data packet to be verified to a data receiving end;
data decryption and verification:
detecting a data packet transmission request state at the data receiving end, and selecting to receive or discard a data packet based on the double decryption checking algorithm and the data packet transmission request state;
the information transmission requirements include: a first demand and a second demand; the first requirement is that an original text to be transmitted exists; the second requirement is that no original text to be transmitted exists;
the plaintext encryption operation comprises:
identifying the information transmission need;
when the information transmission requirement is the first requirement, calling the double-character encryption algorithm to encrypt the original text to be transmitted to obtain random characters, an encrypted ciphertext and an encrypted abstract; integrating the random character, the encrypted ciphertext and the encrypted abstract to obtain the data packet to be verified;
the double-character encryption algorithm is as follows:
generating the random character based on a random number generation algorithm;
performing double-character string filling on the random character to obtain a first character string and a second character string;
generating a first encryption key and a second authentication key based on the first character string and the second character string;
performing double encryption on the original text to be transmitted based on the first encryption key and the second authentication key to obtain the encrypted ciphertext and the encrypted digest;
performing double-character string filling on the random character to obtain a first character string and a second character string, wherein the first character string and the second character string comprise;
filling the random character by adopting a first filling strategy to obtain the first character string;
filling the random character by adopting a second filling strategy to obtain a second character string;
the generating a first encryption key and a second authentication key based on the first and second character strings comprises:
encrypting the first character string by adopting an MD5 algorithm, and intercepting the first character string by a corresponding rule designed by a random number to obtain a first encryption key;
encrypting the second character string by using an MD5 algorithm to obtain a second authentication key;
the double encryption of the original text to be transmitted based on the first encryption key and the second authentication key to obtain the encrypted ciphertext and the encrypted digest comprises the following steps:
creating a message sequence number;
adding the message serial number in the original text to be transmitted to obtain the original text to be encrypted;
encrypting the original text to be encrypted by the first encryption key based on an AES-128 algorithm to obtain the encrypted ciphertext;
encrypting the original text to be encrypted by the second authentication key based on the HAMC-MD5 algorithm to obtain the encrypted digest;
the packet transmission request state comprises: a first state and a second state; the first state is that the data packet to be verified exists to request transmission; the second state is that the data packet to be verified does not exist for requesting transmission;
the detecting a data packet transmission request state at the data receiving end, and selecting to receive or discard a data packet based on the double decryption checking algorithm and the data packet receiving state includes:
identifying the data packet transmission request state;
when the data packet transmission request state is the first state, calling the double decryption check algorithm to receive and judge the data packet based on the data packet to be verified;
the double decryption checking algorithm is as follows:
extracting the random characters in the data packet to be verified;
filling and encrypting the random characters according to the first filling strategy and the MD5 algorithm to obtain a first decryption key;
filling and encrypting the random characters according to the second filling strategy and the MD5 algorithm to obtain a second decryption authentication key;
decrypting the encrypted ciphertext through the first decryption key to obtain a decrypted text and a decrypted serial number;
judging whether the decryption serial number meets the serial number strategy of the message serial number; if so, encrypting the decrypted text and the decrypted serial number based on the second decryption authentication key to obtain a decrypted abstract;
judging whether the decryption abstract is the same as the encryption abstract or not; if the data packets are the same, receiving the data packets to be verified; if not, discarding the data packet to be verified;
the first filling strategy and the second filling strategy both use owner information and a vehicle identification code to randomly fill the random characters;
the padding and encrypting the random character according to the first padding strategy and the MD5 algorithm to obtain a first decryption key comprises the following steps: filling the extracted random characters according to the first filling strategy, and encrypting the MD5 algorithm after filling to obtain the first decryption key;
the padding and encrypting the random character according to the second padding strategy and the MD5 algorithm to obtain a second decryption authentication key comprises the following steps: and filling the extracted random characters according to the second filling strategy, and encrypting the MD5 algorithm after filling to obtain the second decryption authentication key.
2. The vehicular ethernet vehicular safety information communication system according to the vehicular ethernet vehicular safety information communication method of claim 1, comprising:
the encryption and decryption algorithm configuration unit is used for configuring a double-character encryption algorithm at a data sending end and configuring a double-decryption checking algorithm at a data receiving end;
the data encryption sending unit is used for detecting information transmission requirements and executing original text encryption operation on the data sending end based on the information transmission requirements and the double-character encryption algorithm to obtain a data packet to be verified; the data encryption sending unit sends the data packet to be verified to a data receiving end;
and the data decryption checking unit is used for detecting the transmission request state of the data packet at the data receiving end and selecting to receive or discard the data packet based on the double decryption checking algorithm and the receiving state of the data packet.
3. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, realizes the steps of the in-vehicle security information communication method of the in-vehicle ethernet in claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211271745.2A CN115361230B (en) | 2022-10-18 | 2022-10-18 | In-vehicle safety information communication method, system and medium of vehicle-mounted Ethernet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211271745.2A CN115361230B (en) | 2022-10-18 | 2022-10-18 | In-vehicle safety information communication method, system and medium of vehicle-mounted Ethernet |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115361230A CN115361230A (en) | 2022-11-18 |
| CN115361230B true CN115361230B (en) | 2023-03-24 |
Family
ID=84008470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211271745.2A Active CN115361230B (en) | 2022-10-18 | 2022-10-18 | In-vehicle safety information communication method, system and medium of vehicle-mounted Ethernet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115361230B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116226911B (en) * | 2023-01-06 | 2023-10-27 | 中电车联信安科技有限公司 | Information processing method for preventing track leakage based on vehicle cloud communication |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108123805A (en) * | 2017-12-15 | 2018-06-05 | 上海汽车集团股份有限公司 | Communication security authentication method between vehicle-mounted ECU |
| CN112653719A (en) * | 2019-10-12 | 2021-04-13 | 深圳市奇虎智能科技有限公司 | Automobile information safety storage method and device, electronic equipment and storage medium |
| JP2024500489A (en) * | 2020-12-24 | 2024-01-09 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | Secure access methods and devices |
| CN112469003B (en) * | 2021-02-04 | 2021-07-27 | 南京理工大学 | Traffic sensor network data transmission method, system and medium based on hybrid encryption |
| CN113612852A (en) * | 2021-08-11 | 2021-11-05 | 山东爱德邦智能科技有限公司 | Communication method, device, equipment and storage medium based on vehicle-mounted terminal |
| CN114117517A (en) * | 2021-11-12 | 2022-03-01 | 浪潮通信信息系统有限公司 | Information transmission method, system, device and computer medium |
-
2022
- 2022-10-18 CN CN202211271745.2A patent/CN115361230B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115361230A (en) | 2022-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220337405A1 (en) | End-to-end communication security | |
| US20170208049A1 (en) | Key agreement method and device for verification information | |
| US11381585B2 (en) | Method and system for providing security on in-vehicle network | |
| CN115396121B (en) | Security authentication method for security chip OTA data packet and security chip device | |
| CN106685653A (en) | Vehicle remote firmware updating method and device based on information security technology | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN101582896A (en) | Third-party network authentication system and authentication method thereof | |
| CN111914291A (en) | Message processing method, device, equipment and storage medium | |
| CN113612617A (en) | CAN-based in-vehicle communication protocol security improvement method | |
| CN115361230B (en) | In-vehicle safety information communication method, system and medium of vehicle-mounted Ethernet | |
| CN113612852A (en) | Communication method, device, equipment and storage medium based on vehicle-mounted terminal | |
| CN116405302A (en) | System and method for in-vehicle safety communication | |
| CN115665138A (en) | Automobile OTA (over the air) upgrading system and method | |
| WO2024017255A1 (en) | Vehicle communication method, terminal, vehicle and computer-readable storage medium | |
| CN113115255A (en) | Certificate issuing method, secret key authentication method, vehicle unlocking method, equipment and storage medium | |
| CN106096336B (en) | Software anti-crack method and system | |
| CN116743470A (en) | Service data encryption processing method and device | |
| Carsten et al. | A system to recognize intruders in controller area network (can) | |
| CN113115309B (en) | Data processing method and device for Internet of vehicles, storage medium and electronic equipment | |
| CN105430022B (en) | A kind of data input control method and terminal device | |
| CN116633530A (en) | Quantum key transmission method, device and system | |
| CN103179088A (en) | Protection method and protection system of common gateway interface business | |
| CN114501591B (en) | Intelligent equipment network access method and device and computer readable storage medium | |
| CN117714055B (en) | In-vehicle network communication method based on identity information | |
| CN110532741B (en) | Personal information authorization method, authentication center and service provider |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |