CN116961887A - Key distribution method in vehicle-mounted network communication and vehicle-mounted network communication system - Google Patents
Key distribution method in vehicle-mounted network communication and vehicle-mounted network communication system Download PDFInfo
- Publication number
- CN116961887A CN116961887A CN202210396253.XA CN202210396253A CN116961887A CN 116961887 A CN116961887 A CN 116961887A CN 202210396253 A CN202210396253 A CN 202210396253A CN 116961887 A CN116961887 A CN 116961887A
- Authority
- CN
- China
- Prior art keywords
- random number
- true random
- request
- response
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 74
- 238000004891 communication Methods 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 38
- 230000004044 response Effects 0.000 claims abstract description 97
- 238000012795 verification Methods 0.000 claims abstract description 73
- 230000006870 function Effects 0.000 claims description 117
- 238000004590 computer program Methods 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 claims description 2
- 238000004458 analytical method Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000010485 coping Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Abstract
The invention relates to a key distribution method in vehicle-mounted network communication. The method comprises the following steps: the method comprises the steps that a sender sends a first request to a receiver to request generation of a session key and a first true random number which are different in each session; the receiver verifies the first request and generates a session key and a first true random number which are different for each session under the condition that the verification is passed; transmitting Fang Shengcheng the second true random number and transmitting the second true random number and the second request to the recipient; the receiver verifies the second request and sends a second response to the sender if the verification passes; and the sender verifies the second response and, in case of a successful verification, stores the session key as an encryption decryption key for subsequent communication between the sender and the receiver. According to the invention, the analysis difficulty of an attacker can be increased, and the safety of vehicle-mounted network communication can be improved.
Description
Technical Field
The present invention relates to a communication technology, and in particular, to a key distribution method in vehicle-mounted network communication and a vehicle-mounted network communication system.
Background
Currently, a set of communication authentication method, namely SecOC (Secure Onboard Communication, secure vehicle-mounted communication) has been introduced for the conventional vehicle-mounted CAN bus.
The SecOC can provide the necessary functionality to verify the authenticity and freshness of secure PDU (protocol data unit) -based communications between ECUs in a vehicle architecture. This scheme advocates that the communication content to be protected is communicated using symmetric encryption, meaning that both the sender and the receiver are generating the MAC (Message Authentication Code ) with the same key K that is symmetric, and optionally an external freshness value manager is required to provide message freshness to both the sender and the receiver. The specification is based on the assumption that a symmetric authentication method with a Message Authentication Code (MAC) is mainly used. Thus, the same key K, which is symmetric, plays a very important role in this scheme, will typically be stored in a dedicated hardware or logically isolated secure environment, providing encryption functionality and handling of encryption and decryption keys as well as sensitive security operations, such as HSM (hardware security module).
However, due to resource limitations and hardware design in the ECU, although a symmetric key mechanism is recommended, a detailed distribution scheme is not proposed. Moreover, an attacker CAN grasp a large number of messages transmitted on CAN/CAN-FD and then calculate a special symmetric key from these messages, so that these messages will pass verification at the receiving ECU, since the receiving ECU cannot distinguish whether the received message is from a legitimate ECU or from an attacker. On the other hand, in order to secure the security of the message, a solution for frequently updating the symmetric key has been proposed, but this has a problem that it is necessary to manually update and the operation is troublesome.
Disclosure of Invention
The invention aims to provide a key distribution method in vehicle-mounted network communication and a vehicle-mounted network communication system, which can increase cracking difficulty of an attacker and effectively avoid replay attack.
The key distribution method in vehicle-mounted network communication according to one aspect of the present invention is realized by a sender and a receiver, and is characterized by comprising:
the method comprises the steps that a sender sends a first request to a receiver, wherein the first request comprises a verification value which is encrypted by using an initial key symmetrical to the receiver and is used for receiver verification, and the first request is used for requesting to generate a session key and a first true random number which are different in each session;
the receiving side receives the first request, decrypts the first request by using the initial key symmetrical to the sending side, verifies the first request by using a prestored verification value, generates a session key and a first true random number which are different from each session to each other and stores the session key and the first true random number in the condition that the verification is passed, and returns a first response aiming at the first request to the sending side, wherein the first response comprises the session key and the first true random number, the session key and the first true random number are both encrypted by the initial key, and the first true random number is used for preventing replay attack;
the sender receives the first response, decrypts using the initial key, verifies a first true random number, stores the session key and the first true random number if verification passes, generates and stores a second true random number, and sends a second request for the first response to the receiver. Wherein the second request includes the second true random number and the first true random number calculated with an operation function, both the second true random number and the first true random number calculated with the operation function are encrypted by the session key to request verification of authenticity of the first true random number, and the second true random number is used to prevent replay attack;
the receiver receives the second request, decrypts the session key stored in the first response, calculates a first true random number stored in the first response by using the operation function, compares the first true random number with a first function value of the first true random number based on the operation function to verify the second request, stores the second true random number and sends a second response to the sender when the verification is passed, wherein the second response contains the second true random number calculated by the operation function and is encrypted by the session key in the first response to verify the authenticity of the second true random number and prevent replay attack; and
the sender receives the second response, decrypts the session key stored in the first response, calculates the second true random number stored in the second request using the operation function, compares the second true random number with a second function value of the second true random number based on the operation function to verify the second response, and stores the session key as an encryption decryption key used for subsequent communication between the sender and the receiver in case that the verification is successful.
Optionally, the symmetric initial key, the verification value, and the operation function are negotiated in advance between the sender and the receiver, and the symmetric initial key, the verification value, and the operation function are securely stored in advance at the sender and the receiver, respectively.
Optionally, the receiving party verifying the first request includes: the receiving party decrypts based on the pre-securely stored initial key symmetric to the sending party, verifies the first request using the pre-stored verification value,
the receiving party validating the second request includes: the receiver decrypts the session key stored in the first response based on the use of the operation function, calculates a first true random number stored in the first response based on the use of the operation function, verifies the authenticity of the first true random number with a first function value of the first true random number based on the operation function,
the sender verifying the second response includes: decrypting using the session key stored in the first response, and calculating the second true random number stored in the second request using the operation function, and verifying the authenticity of the second true random number by verifying a second function value of the second true random number based on the operation function.
Optionally, said verifying the authenticity of the first truly random number is achieved by comparing a first function value of said first truly random number based on said operation function,
the verifying of the authenticity of the second truly random number is achieved by comparing a second function value of the second truly random number based on the operation function.
Optionally, the verifying the first true random number, the second true random number, and the corresponding first function value based on the operation function and the corresponding second function value based on the operation function are used for preventing replay attack.
Optionally, the initial key, the authentication value and the operation function are stored in advance in security modules of the sender and the receiver,
the session key and the first true random number are generated by a security module of the recipient,
the second true random number is generated by a security module of the sender.
Optionally, an identifier for distinguishing the content of the secure access service request is included in the first request, the first response, the second request, and the second response.
Optionally, the number of verification failure retries is preset for the first request, the first response, the second request and the second response, so as to prevent replay attacks.
An in-vehicle network communication system of an aspect of the present invention, the system including a sender and a receiver, characterized in that,
the sender is used for sending a first request to a receiver, encrypting a prestored verification value for receiver verification by using an initial key symmetrical to the receiver, wherein the first request is used for requesting to generate a session key and a first true random number which are different every time a session is performed,
the receiving side is used for receiving the first request, decrypting the first request by using the initial key symmetrical to the transmitting side, verifying the first request by using the prestored verification value, generating a session key and a first true random number which are different from each session to each session and storing the session key and the first true random number when the verification is passed, and returning a first response aiming at the first request to the transmitting side by the receiving side, wherein the first response comprises the session key and the first true random number, both of which are encrypted by the initial key, and the first true random number is used for preventing replay attack,
the sender is configured to receive the first response, decrypt using the initial key, verify a first true random number, store the session key and the first true random number if the verification passes, generate and store a second true random number, and send a second request for the first response to the receiver. Wherein the second request includes the second true random number and the first true random number calculated by an operation function for verifying the authenticity of the first true random number, both the second true random number and the first true random number calculated by the operation function are encrypted by the session key for requesting verification of the authenticity of the first true random number, and the second true random number is used for preventing replay attacks;
the receiver is configured to receive the second request, decrypt the session key stored in the first response, calculate a first true random number stored in the first response using the operation function, compare the first true random number with a first function value of the first true random number based on the operation function to verify the second request, store the second true random number if the verification is passed, and send a second response to the sender, where the second response includes the second true random number calculated by the operation function and is encrypted by the session key in the first response to verify the authenticity of the second true random number,
the sender is configured to receive the second response, decrypt the session key stored in the first response, calculate the second true random number stored in the second request using the operation function, compare the second true random number with a second function value of the second true random number based on the operation function to verify the second response, and store an encryption decryption key that uses the session key and is used for subsequent communication between the sender and the receiver in case that the verification is successful.
Optionally, the sender includes:
the first communication module is used for communicating with a receiver; and
a first security module for generating said first request, generating a second true random number from said first response, and for generating a second request, further for verifying said second response and in case the verification is successful storing an encryption decryption key using said session key as a subsequent communication between the sender and the receiver,
the receiver includes:
the second communication module is used for communicating with the sender; and
the second security module is used for verifying the first request and generating a session key and a first true random number which are different for each session and storing the session key and the first true random number under the condition that the first request passes the verification; and for validating the first response, and further for validating the second request and, if validated, storing a second true random number and generating the second response.
Optionally, the initial key, the verification value and the operation function are stored in advance in the first security module of the sender and the second security module of the receiver, respectively.
Optionally, the second security module of the receiver performs authentication of the first request by authentication based on the initial key and the authentication value stored in advance, the second security module of the receiver performs authentication of the first true random number by authentication based on the stored first true random number and the operation function stored in advance by the receiver, and the first security module of the sender performs authentication of the second true random number by authentication based on the stored session key and the operation function stored in advance.
Optionally, the first security module includes: a first true random number generator for generating the second true random number, the second security module comprising: a second true random number generator for generating the first true random number.
A computer-readable medium according to an aspect of the present invention has stored thereon a computer program, characterized in that the computer program is executed by a processor in the key distribution method in vehicle network communication.
The computer equipment according to one aspect of the invention comprises a storage module, a processor and a computer program which is stored on the storage module and can run on the processor, and is characterized in that the processor realizes the key distribution method in the vehicle-mounted network communication based on fresh value verification when executing the computer program.
Drawings
Fig. 1 is a flow chart of a key distribution method in vehicle-mounted network communication according to an embodiment of the present invention.
Fig. 2 is a schematic diagram showing a use scenario of the session key Skey.
Fig. 3 is a schematic diagram showing another usage scenario of the session key Skey.
Fig. 4 is a block diagram showing a configuration of an in-vehicle network communication system according to an embodiment of the present invention.
Detailed Description
The following presents a simplified summary of the invention in order to provide a basic understanding of the invention. It is not intended to identify key or critical elements of the invention or to delineate the scope of the invention.
For the purposes of brevity and explanation, the principles of the present invention are described herein primarily with reference to exemplary embodiments thereof. However, those skilled in the art will readily recognize that the same principles are equally applicable to all types of in-vehicle network communication methods and in-vehicle network communication systems and that these same principles may be implemented therein, and that any such variations do not depart from the true spirit and scope of the present patent application.
Fig. 1 is a flow chart of a key distribution method in vehicle-mounted network communication according to an embodiment of the present invention.
The key distribution method in the in-vehicle network communication of the present invention is performed between the sender and the receiver. In the present invention, the sender refers to the sender ECU, and the receiver refers to the receiver ECU. In the in-vehicle network communication method of the present invention, the initial key Ikey (Initial Key) is stored in advance in both the sender and the receiver, and both negotiate in advance and store the authentication value SAreq and the arithmetic function f (x) for exchanging the session key in support of the secure access request (Secure Access request).
The initial key IKey, the authentication value SAreq, and the operation function f (x) are stored in a security module of the receiving side and the transmitting side, for example, HSM (hardware security module), and operations or calculations related thereto are also performed in the security module. On the other hand, a first Nonce1 and a second Nonce2 to be generated hereinafter are also generated and stored by the security module.
A key distribution method in vehicle-mounted network communication according to an embodiment of the present invention will be described below with reference to fig. 1.
As shown in fig. 1, an in-vehicle network communication method of an embodiment of the present invention is performed between a sender 100 and a receiver 200, the method including the steps of:
s1, a first request is sent from a sending party to a receiving party, wherein the first request comprises IDmsg and E (Ikey, SAreq), the IDmsg represents an identifier of a content of a secure access service request, and the E (Ikey, SAreq) represents first encrypted data obtained by encrypting a verification value SAreq by adopting the initial key Ikey;
s2: the receiving party receives a first request, decrypts the first encrypted data by adopting the pre-stored initial key Ikey to obtain a verification value SA 'req, verifies whether the verification value SA' req obtained by decryption is identical with the pre-stored verification value SAreq, and if the verification is successful, the receiving party generates and stores a session key Skey and a first true random number Nonce1 which are different in each session;
s3: the receiving party sends a first response to the sending party, wherein the first response comprises IDmsg+E (Ikey, SKey II Nonce 1), IDmsg represents an identifier of the content of the security access service request, E (Ikey, SKey II Nonce 1) represents second encrypted data generated by adopting the initial key Ikey to encrypt a session key Skey and a first true random number Nonce 1;
s4: the sender receives the first response, decrypts the second encrypted data by adopting the initial key Ikey to obtain a session key Skey and a first true random number Nonce1, stores the session key Skey and the first true random number Nonce1, and then sends Fang Shengcheng a second true random number Nonce2 and stores the second true random number Nonce 2;
s5: the sender sends a second request to the receiver to verify the authenticity of the first true random number, wherein the second request contains idmsg+e (Skey, f (Nonce 1) |nonce2), where IDmsg represents an identifier of the content of the secure access service request, E (Skey, f (Nonce 1) |nonce2) represents third encrypted data generated by using the session key Skey to encrypt the first true random number based on the operation function f (x) and the first function f (Nonce 1) and the second true random number Nonce 2;
s6: the receiver receives a second request, decrypts the third encrypted data by using the session key Skey stored by the receiver to obtain a first function value f (Nonce 1) and a second true random number Nonce2, calculates a function of the first true random number Nonce1 by using the calculation function f (x) stored in advance by the receiver to obtain a first function value f (Nonce 1) ', verifies whether the first function value f (Nonce 1)' obtained by calculation and the first function value f (Nonce 1) obtained by decryption are consistent, and if verification is successful, calculates a function of the second true random number Nonce2 by using the calculation function f (x) stored in advance by the receiver to obtain a second function value f (Nonce 2);
s7: the receiving side transmits a second response to the transmitting side to verify the authenticity of the second true random number, wherein the second response includes idmsg+e (Skey, f (Nonce 2)), where IDmsg represents an identifier of the security access service request content and E (Skey, f (Nonce 2)) represents fourth encrypted data obtained by encrypting the second function value f (Nonce 2) using the session key Skey;
s8: the receiver receives the second response, decrypts the fourth encrypted data by using the stored session key Skey to obtain a second function value f (Nonce 2), calculates a function of the second true random number Nonce2 by using the stored calculation function f (x) to obtain a second function value f (Nonce 2) ', verifies whether the calculated second function value f (Nonce 2)' and the decrypted second function value f (Nonce 2) are consistent, and stores the session key Skey for subsequent communication if verification is successful, and can but is not limited to activating another secure access service request if verification is unsuccessful.
In addition, because there may be a large amount of illegal first requests or second requests initiated, as a preferred mode, the sender and the receiver may self-negotiate a reasonable coping mechanism to avoid DoS denial of service attack, and as a coping mechanism, for example, a threshold may be set, if the first transmission request or the second transmission request of the same sender is received for 3 consecutive times, the response is no longer performed in the power-on period, and the alarm lamp is prompted, so that the driver is informed that the vehicle is threatened, and the power-on and power-off trigger is required again. This way replay attacks can be effectively prevented.
According to the vehicle-mounted network communication method of the embodiment of the invention, in the communication process, the safety modules of the sender and the receiver generate two true random numbers, and the authenticity of the two true random numbers is utilized to verify, so that replay attacks between the sender and the receiver can be prevented, and moreover, the true random numbers are difficult for an attacker to acquire, so that the cracking difficulty of the attacker can be increased, the replay attacks can be effectively avoided, and the communication safety can be improved.
Next, a description is given of a use scenario of the session key Skey.
Fig. 2 is a schematic diagram showing a use scenario of the session key Skey.
Fig. 2 shows a master-slave relationship between one master ECU and a plurality of other ECUs that perform key management. 10 in fig. 2 represents a key management master ECU as a master node, and 20 and 30 represent ECU a and ECU B as slave nodes. The key management master ECU10 is configured to manage a session key, and send the session key to other ECUs, in the case of fig. 2, to the ECU a 20 and the ECU b 30. The ECU a 20 receives the session key of the master ECU10 and constructs the MAC value required to generate/validate the secure-PDU. The ECUB 30 receives the session key of the master ECU10 and constructs the MAC value required to generate/validate the secure-PDU.
The mode shown in fig. 2 is a master-slave mode. Among them, the key management master ECU10 is responsible for distributing session keys, and the ECU a 20 and the ECU b 30 are responsible for receiving session keys provided by the key management master ECU 10. Here, the ECU a 20 and the ECU b 30 request a session key from the key management master ECU10 as the transmission side and the reception side, respectively, and acquire the session key from the key management master ECU 10. Preferably, the order of requests and the message format of the requests may be defined by the key management master ECU 10. In this mode, the session key Skey, the initial key Ikey, and the arithmetic function f (x) corresponding to each pair of master and slave ECUs (key management master ECU10 and ECU a 20, key management master ECU10 and ECU B30) may be negotiated in advance to be all the same or all different according to actual needs, but IDmsg is unique for distinguishing requests initiated by different ECUs.
Fig. 3 is a schematic diagram showing another usage scenario of the session key Skey.
Fig. 3 shows a relationship between a plurality of master ECUs performing key management and a plurality of other ECUs. In fig. 3, 10 denotes ECU a, 20 denotes ECU B, 30 denotes ECU C, and 40 denotes ECU D.
For example, the ECU a10 performs session key exchange with the ECU B20, the ECU C30, and the ECU D40, but who is the sender and who is the receiver is negotiated by the ECU itself, for example, the ECU a may be the receiver, and further the request sequence and the message format of the request may be defined.
Further, in this mode, the session key SAreq, the initial key Ikey, and the arithmetic function f (x) corresponding to each pair of ECUs (for example, ECU a10 and ECU B20, ECU a10 and ECU C30, ECU a10 and ECU D40) may also be negotiated in advance as all the same or all different according to actual needs, but IDmsg is unique and is used to distinguish requests initiated by different ECUs.
Fig. 4 is a block diagram showing a configuration of an in-vehicle network communication system according to an embodiment of the present invention.
As shown in fig. 4, the in-vehicle network communication system according to an embodiment of the present invention includes: sender 100 and receiver 200.
Specifically, the sender 100 is configured to send a first request to the receiver 200, where the first request includes an authentication value encrypted with the symmetric initial key of the receiver for receiver authentication, and the first request is used to request generation of a session key and a first true random number that are different for each session.
The receiving side 200 is configured to receive the first request, decrypt the first request using the initial key symmetric to the transmitting side, verify the first request using the prestored verification value, generate and store a session key and a first true random number different every session if verification passes, and return a first response to the first request to the transmitting side 100, wherein the first response contains the session key and the first true random number, both of which are encrypted by the initial key, and the first true random number is used to prevent replay attacks.
The sender 100 is configured to receive the first response, decrypt the first response using the initial key, verify the first true random number, store the session key and the first true random number if the verification is passed, generate and store a second true random number, and send a second request for the first response to the receiver. Wherein the second request includes the second true random number and the first true random number calculated with an operation function, both the second true random number and the first true random number calculated with the operation function are encrypted by the session key to request verification of authenticity of the first true random number, and the second true random number is used to prevent replay attacks.
The receiver 200 is configured to receive the second request, decrypt the session key stored in the first response, calculate a first true random number stored in the first response using the operation function, compare the first true random number with a first function value based on the operation function of the first true random number to verify the second request, store the second true random number if the verification passes, and send a second response to the sender, where the second response includes the second true random number calculated by the operation function, and is encrypted by the session key in the first response, so as to verify the authenticity of the second true random number and prevent replay attack.
The sender 100 is configured to receive the second response, decrypt the session key stored in the first response, calculate the second true random number stored in the second request using the operation function, compare the second true random number with a second function value of the second true random number based on the operation function to verify the second response, and store an encryption/decryption key that uses the session key and is used for subsequent communication between the sender 100 and the receiver 200 in case the verification is successful.
Wherein the sender 100 includes:
a first communication module 110 for communicating with a receiver; and
the first security module 120 is configured to generate the first request, generate a second true random number from the first response, and generate a second request, and further be configured to verify the second response and store an encryption decryption key that uses the session key as an encryption decryption key for subsequent communication between the sender and the receiver if the verification is successful.
The receiving side 200 includes:
a second communication module 210, configured to communicate with a sender; and
a second security module 220 for verifying the first request and generating a session key and a first true random number, which are different every time a session is verified, and storing; and for validating the first response, and further for validating the second request and, if validated, storing a second true random number and generating the second response.
Preferably, the first security module 120 further includes (not shown): a first true random number generator (TRNG True Random Number Generator) from which a second true random number is generated.
Preferably, the second security module 220 further includes (not shown): a second true random number generator from which the first true random number is generated.
Wherein the initial key, the authentication value, and the operation function are stored in advance in the first security module 120 of the sender 100 and the second security module 220 of the receiver 200, respectively. Specifically, the second security module 220 of the receiving side 200 implements the authentication of the first request through authentication based on the initial key and the authentication value stored in advance. The second security module 220 of the receiving side 200 implements the authenticity verification of the first true random number by verification based on the stored first true random number and the operation function stored in advance by the receiving side. The first security module 120 of the sender 100 implements the authenticity verification of the second truly random number by verification of the operation function stored in advance based on the stored session key.
Further, the authenticity verification of the first true random number is achieved by comparing a first function value of the first true random number based on the operation function. The authenticity verification of the second true random number is achieved by comparing a second function value of the second true random number based on the operation function. Here, replay attacks can be prevented by generating a first true random number and a second true random number and verifying a first function value based on the operation function and a second function value based on the operation function, respectively, to which the first true random number and the second true random number correspond.
In the key distribution method in the vehicle-mounted network communication and the vehicle-mounted network communication system, the session key which is different from each session between the sender and the receiver is generated and can be used for communication interaction between the subsequent sender and the receiver, wherein the session key value is different from each session initiation to each session initiation because the session key value is valid at the time, so that the difficulty of analysis of an attacker can be increased.
Further, in the key distribution method in vehicle-mounted network communication and the vehicle-mounted network communication system of the present invention, by introducing the true random number generator to generate the true random number and verifying the generated true random number, replay attacks between the sender and the receiver can be avoided. On the other hand, the in-vehicle network communication method and the in-vehicle network communication system of the present invention have no influence on the normal SecOC communication scheme, and the cost and maintenance workload are lower than those of the periodic update only.
The above examples mainly explain the key distribution method in the in-vehicle network communication and the in-vehicle network communication system of the present invention. Although only a few specific embodiments of the present invention have been described, those skilled in the art will appreciate that the present invention may be embodied in many other forms without departing from the spirit or scope thereof. Accordingly, the present examples and embodiments are to be considered as illustrative and not restrictive, and the invention is intended to cover various modifications and substitutions without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (14)
1. A key distribution method in vehicle-mounted network communication, the method being implemented by a sender and a receiver, the method comprising:
the method comprises the steps that a sender sends a first request to a receiver, wherein the first request comprises an authentication value encrypted by an initial key symmetrical to the receiver and used for authenticating the receiver, and the first request is used for requesting to generate a session key and a first true random number which are different in each session;
the receiving party receives the first request, decrypts the first request by using the initial key symmetrical to the sending party, verifies the first request by using a prestored verification value, generates a session key and a first true random number which are different from each session under the condition that verification is passed, stores the session key and the first true random number, and returns a first response aiming at the first request to the sending party, wherein the first response comprises the session key and the first true random number, and the session key and the first true random number are both encrypted by the initial key;
the sender receives the first response, decrypts the first true random number by using the initial key, verifies the first true random number, stores the session key and the first true random number under the condition that verification is passed, generates and stores a second true random number, and sends a second request for the first response to the receiver, wherein the second request comprises the second true random number and the first true random number calculated by an operation function, and both the second true random number and the first true random number calculated by the operation function are encrypted by the session key to request verification of the authenticity of the first true random number;
the receiver receives the second request, decrypts the session key stored in the first response, calculates a first true random number stored in the first response by using the operation function, compares the first true random number with a first function value of the first true random number based on the operation function to verify the second request, stores the second true random number and sends a second response to the sender when the verification is passed, wherein the second response contains the second true random number calculated by the operation function and is encrypted by using the stored session key to verify the authenticity of the second true random number; and
the sender receives the second response, decrypts the session key stored in the first response, calculates the second true random number stored in the second request using the operation function, compares the second true random number with a second function value of the second true random number based on the operation function to verify the second response, and stores the session key as an encryption decryption key used for subsequent communication between the sender and the receiver in case that the verification is successful.
2. The key distribution method in vehicle-mounted network communication according to claim 1, wherein,
the symmetric initial key, the authentication value, and the operation function are negotiated in advance between the sender and the receiver, and the negotiated symmetric initial key, authentication value, and operation function are securely stored in advance in the sender and the receiver, respectively.
3. The key distribution method in vehicle-mounted network communication according to claim 2, wherein,
the receiving party validating the first request includes: the receiving party decrypts based on the pre-securely stored initial key symmetric to the sending party, verifies the first request using the pre-stored verification value,
the receiving party validating the second request includes: the receiver decrypts the session key stored in the first response based on the use of the operation function, calculates a first true random number stored in the first response based on the use of the operation function, verifies the authenticity of the first true random number with a first function value of the first true random number based on the operation function,
the sender verifying the second response includes: decrypting using the session key stored in the first response, and calculating the second true random number stored in the second request using the operation function, and verifying the authenticity of the second true random number by verifying a second function value of the second true random number based on the operation function.
4. A key distribution method in vehicular network communication according to claim 3, wherein,
said verifying the authenticity of said first truly random number is achieved by comparing a first function value of said first truly random number based on said operation function,
the verifying of the authenticity of the second true random number is achieved by comparing a second function value of the second true random number based on the operation function.
5. The key distribution method in vehicle-mounted network communication according to claim 2, wherein,
the initial key, the authentication value and the operation function are securely stored in advance in security modules of the sender and the receiver,
the session key and the first true random number are generated by a security module of the recipient,
the second true random number is generated by a security module of the sender.
6. The key distribution method in vehicle-mounted network communication according to claim 2, wherein,
an identifier for distinguishing contents of a secure access service request is included in the first request, the first response, the second request, and the second response.
7. The key distribution method in vehicle-mounted network communication according to claim 1, wherein,
and presetting verification failure retry times and corresponding processing mechanisms for the first request, the first response, the second request and the second response.
8. An in-vehicle network communication system including a sender and a receiver, characterized in that,
the sender is used for sending a first request to a receiver, encrypting a prestored verification value for receiver verification by using an initial key symmetrical to the receiver, wherein the first request is used for requesting to generate a session key and a first true random number which are different every time a session is performed,
the receiving side is used for receiving the first request, decrypting by using the initial key symmetrical to the transmitting side, verifying the first request by using the prestored verification value, generating a session key and a first true random number which are different from each session to store the session key and the first true random number when the verification is passed, and returning a first response aiming at the first request to the transmitting side by the receiving side, wherein the first response comprises the session key and the first true random number, both of which are encrypted by the initial key,
the sender is configured to receive the first response, decrypt the first true random number using the initial key, verify the first true random number, store the session key and the first true random number if verification passes, generate and store a second true random number, and send a second request for the first response to the receiver, wherein the second request includes the second true random number and the first true random number calculated by an operation function to verify the authenticity of the first true random number, both the second true random number and the first true random number calculated by the operation function are encrypted by the session key to request verification of the authenticity of the first true random number,
the receiver is configured to receive the second request, decrypt the session key stored in the first response, calculate a first true random number stored in the first response using the operation function, compare the first true random number with a first function value of the first true random number based on the operation function to verify the second request, store the second true random number if the verification is passed, and send a second response to the sender, where the second response includes the second true random number calculated by the operation function and is encrypted by the session key in the first response to verify the authenticity of the second true random number,
the sender is configured to receive the second response, decrypt the session key stored in the first response, calculate the second true random number stored in the second request using the operation function, compare the second true random number with a second function value of the second true random number based on the operation function to verify the second response, and store an encryption decryption key that uses the session key and is used for subsequent communication between the sender and the receiver in case that the verification is successful.
9. The vehicle network communication system of claim 8, wherein,
the sender includes:
the first communication module is used for communicating with a receiver; and
a first security module for generating said first request, generating a second true random number from said first response, and for generating a second request, further for verifying said second response and in case the verification is successful storing an encryption decryption key using said session key as a subsequent communication between the sender and the receiver,
the receiver includes:
the second communication module is used for communicating with the sender; and
the second security module is used for verifying the first request and generating a session key and a first true random number which are different for each session and storing the session key and the first true random number under the condition that the first request passes the verification; and for generating said first response, further for validating said second request and in case of a validated, storing a second true random number and generating said second response.
10. The vehicle network communication system of claim 9, wherein,
the initial key, the verification value and the operation function are negotiated in advance between a sender and a receiver, and the negotiated initial key, verification value and operation function are stored in advance in the first security module of the sender and the second security module of the receiver, respectively.
11. The vehicle network communication system of claim 10, wherein,
the second security module of the recipient enables authentication of the first request by authentication based on the initial key and the authentication value stored in advance,
the second security module of the receiving party performs authenticity verification of the first true random number by verification based on the stored first true random number and the operation function stored in advance by the receiving party,
the first security module of the sender performs authenticity verification of the second true random number by verification of the operation function stored in advance based on a stored session key.
12. The vehicle network communication system of claim 11, wherein,
the first security module includes: a first true random number generator for generating the second random number,
the second security module includes: a second true random number generator for generating the first true random number.
13. A computer readable medium having a computer program stored thereon, characterized in that,
the computer program, when executed by a processor, implements the key distribution method in vehicle-mounted network communication according to any one of claims 1 to 7.
14. A computer device comprising a memory module, a processor and a computer program stored on the memory module and executable on the processor, characterized in that the processor implements the key distribution method in vehicle network communication according to claims 1-7 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210396253.XA CN116961887A (en) | 2022-04-15 | 2022-04-15 | Key distribution method in vehicle-mounted network communication and vehicle-mounted network communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210396253.XA CN116961887A (en) | 2022-04-15 | 2022-04-15 | Key distribution method in vehicle-mounted network communication and vehicle-mounted network communication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116961887A true CN116961887A (en) | 2023-10-27 |
Family
ID=88458960
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210396253.XA Pending CN116961887A (en) | 2022-04-15 | 2022-04-15 | Key distribution method in vehicle-mounted network communication and vehicle-mounted network communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116961887A (en) |
-
2022
- 2022-04-15 CN CN202210396253.XA patent/CN116961887A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11606341B2 (en) | Apparatus for use in a can system | |
| CN109600350B (en) | System and method for secure communication between controllers in a vehicle network | |
| CN109076078B (en) | Method for establishing and updating a key for secure on-board network communication | |
| CN111010410B (en) | Mimicry defense system based on certificate identity authentication and certificate signing and issuing method | |
| US10279775B2 (en) | Unauthorized access event notification for vehicle electronic control units | |
| KR101838511B1 (en) | Method of providing security for controller using encryption and appratus for implementing the same | |
| US11245535B2 (en) | Hash-chain based sender identification scheme | |
| CN110890962B (en) | Authentication key negotiation method, device, storage medium and equipment | |
| CN110768938A (en) | Vehicle safety communication method and device | |
| US11418328B2 (en) | System for key control for in-vehicle network | |
| JP2010011400A (en) | Cipher communication system of common key system | |
| KR20140023799A (en) | Method for guarantying the confidentiality and integrity of a data in controller area networks | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| Kukkala et al. | SEDAN: Security-aware design of time-critical automotive networks | |
| CN116074000A (en) | Conversation key distribution method and system based on CAN bus | |
| US20220131839A1 (en) | Systems, methods and controllers for secure communications | |
| CN106789963B (en) | Asymmetric white-box password encryption method, device and equipment | |
| Püllen et al. | Securing FlexRay-based in-vehicle networks | |
| CN113115309B (en) | Data processing method and device for Internet of vehicles, storage medium and electronic equipment | |
| CN113014391B (en) | Authentication method of embedded system, terminal equipment and computer readable storage medium | |
| CN116961887A (en) | Key distribution method in vehicle-mounted network communication and vehicle-mounted network communication system | |
| CN116633530A (en) | Quantum key transmission method, device and system | |
| KR102523416B1 (en) | Security Device providing Security function for image, Camera Device having the same and System on Chip controlling Camera Device | |
| CN104378337A (en) | Communication safety guarantee method and system for communication gateway of intelligent building | |
| WO2023095394A1 (en) | Information processing device and key management device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |