GB2590282A - Cryptographic key management for end-to-end communication security - Google Patents
Cryptographic key management for end-to-end communication security Download PDFInfo
- Publication number
- GB2590282A GB2590282A GB2101118.4A GB202101118A GB2590282A GB 2590282 A GB2590282 A GB 2590282A GB 202101118 A GB202101118 A GB 202101118A GB 2590282 A GB2590282 A GB 2590282A
- Authority
- GB
- United Kingdom
- Prior art keywords
- message
- version
- sender
- counter
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
Abstract
Technology can be used for sending and receiving messages on a CAN bus with a plurality of ECUs. The technology can include identifying a first message to send to a receiving ECU from a sending ECU; incrementing a sender-version message counter for the message type; determining to create a second session for the message type in the sending ECU; generating a second sender-version session key to be used during the second session in the sending ECU; and resetting the sender-version message counter. The technology further includes processing the first message using the second sender-version session key, including performing an operation to combine the sender-version message counter with the first message to create a combined message and encoding the combined message using the second sender-version session key to create an encoded message. The technology further includes sending the encoded message to the receiving ECU on the CAN bus.
Claims (24)
1. A method for sending and receiving messages on a controller area network (CAN bus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate, the method comprising: identifying a first message to send to a receiving ECU from a sending ECU, the first message being of a particular message type, the sending ECU in a first session that has a first sender-version session key; incrementing a sender-version message counter for the message type; determining, based on the sender-version message counter, to create a second session for the message type in the sending ECU, including: incrementing a sender-version session counter for the message type; generating a second sender-version session key to be used during the second session in the sending ECU; and resetting the sender-version message counter; processing the first message using the second sender-version session key, including: performing an operation to combine the sender-version message counter with the first message to create a combined message; encoding the combined message using the second sender-version session key to create an encoded message; and sending the encoded message to the receiving ECU on the CAN bus.
2. The method of claim 1, further comprising: receiving the encoded message, by the receiving ECU, from the CAN bus, the receiving ECU in a first session that has a first receiver-version session key, the first receiver- version session key matching the first sender-version session key; incrementing a receiver-version message counter for the message type; determining, based on the receiver-version message counter, to create the second session for the message type in the receiving ECU, including: incrementing a receiver-version session counter for the message type; generating a second receiver-version session key to be used during the second session in the receiving ECU, the second receiver-version session key matching the second sender-version session key; and resetting the receiver-version message counter; processing the encoded message using the second receiver-version session key, including: identifying a cipher based on the message type; using the cipher and the second receiver-version session key to decode the encoded message to create decoded data; performing the operation on the decoded data to extract the first message; validating the extracted first message; and in response to determining that the extracted first message is valid, providing the extracted first message to a target application in the receiving ECU; and in response to determining that the extracted first message is invalid, generating an alert.
3. The method of claim 2, wherein the operation is a logical exclusive-or operation.
4. The method of claim 1, wherein the sender-version message counter is encoded with a master key for the message type before being combined with the first message.
5. The method of claim 2, wherein determining to create the second session is based on the sender-version message counter being more than a predefined maximum session length for the message type.
6. The method of claim 5, further comprising: identifying a second message to send to the receiving ECU, the second message having a second message type that is different from the particular message type, the second message type being associated with a different sender-version message counter, a different receiver-version session counter, a different sender-version session counter, a different receiver-version session-counter, and a different predefined maximum session length than the particular message type.
7. The method of claim 1, further comprising: identifying a third message to send to the receiving ECU from the sending ECU, the third message being of the particular message type; incrementing the sender-version message counter for the message type; determining, based on the sender-version message counter, to not create a new third session for the message type; processing the second message using the second sender-version session key to create a second encoded message; and sending the second encoded message to the receiving ECU on the CAN bus.
8. The method of claim 2, wherein the sender-version message counter and the receiver- version message counter are the same size as a data portion of the message type.
9. A system for sending and receiving messages on a controller area network (CAN bus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate, the system comprising: a processor and a computer-readable memory, the memory containing instructions, that, when executed by the processor, cause the processor to perform operations comprising: identifying a first message to send to a receiving ECU from a sending ECU, the first message being of a particular message type, the sending ECU in a first session that has a first sender-version session key; incrementing a sender-version message counter for the message type; determining, based on the sender-version message counter, to create a second session for the message type in the sending ECU, including: incrementing a sender-version session counter for the message type; generating a second sender-version session key to be used during the second session in the sending ECU; and resetting the sender-version message counter; processing the first message using the second sender-version session key, including: performing an operation to combine the sender-version message counter with the first message to create a combined message; encoding the combined message using the second sender-version session key to create an encoded message; and sending the encoded message to the receiving ECU on the CAN bus.
10. The system of claim 9, the operations further comprising: receiving the encoded message, by the receiving ECU, from the CAN bus, the receiving ECU in a first session that has a first receiver-version session key, the first receiver- version session key matching the first sender-version session key; incrementing a receiver-version message counter for the message type; determining, based on the receiver-version message counter, to create the second session for the message type in the receiving ECU, including: incrementing a receiver-version session counter for the message type; generating a second receiver-version session key to be used during the second session in the receiving ECU, the second receiver-version session key matching the second sender-version session key; and resetting the receiver-version message counter; processing the encoded message using the second receiver-version session key, including: identifying a cipher based on the message type; using the cipher and the second receiver-version session key to decode the encoded message to create decoded data; performing the operation on the decoded data to extract the first message; validating the extracted first message; and in response to determining that the extracted first message is valid, providing the extracted first message to a target application in the receiving ECU; and in response to determining that the extracted first message is invalid, generating an alert.
11. The system of claim 10, wherein the operation is a logical exclusive-or operation.
12. The system of claim 9, wherein the sender-version message counter is encoded with a master key for the message type before being combined with the first message.
13. The system of claim 10, wherein determining to create the second session is based on the sender-version message counter being more than a predefined maximum session length for the message type.
14. The system of claim 13, the operations further comprising: identifying a second message to send to the receiving ECU, the second message having a second message type that is different from the particular message type, the second message type being associated with a different sender-version message counter, a different receiver-version session counter, a different sender-version session counter, a different receiver-version session-counter, and a different predefined maximum session length than the particular message type.
15. The system of claim 9, the operations further comprising: identifying a third message to send to the receiving ECU from the sending ECU, the third message being of the particular message type; incrementing the sender-version message counter for the message type; determining, based on the sender-version message counter, to not create a new third session for the message type; processing the second message using the second sender-version session key to create a second encoded message; and sending the second encoded message to the receiving ECU on the CAN bus.
16. The system of claim 10, wherein the sender-version message counter and the receiver- version message counter are the same size as a data portion of the message type.
17. A non-transitory, computer-readable storage medium comprising instructions that, when executed by a processor, cause the processor to perform operations for sending and receiving messages on a controller area network (CAN bus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate, the operations comprising: identifying a first message to send to a receiving ECU from a sending ECU, the first message being of a particular message type, the sending ECU in a first session that has a first sender-version session key; incrementing a sender-version message counter for the message type; determining, based on the sender-version message counter, to create a second session for the message type in the sending ECU, including: incrementing a sender-version session counter for the message type; generating a second sender-version session key to be used during the second session in the sending ECU; and resetting the sender-version message counter; processing the first message using the second sender-version session key, including: performing an operation to combine the sender-version message counter with the first message to create a combined message; encoding the combined message using the second sender-version session key to create an encoded message; and sending the encoded message to the receiving ECU on the CAN bus.
18. The system of claim 17, the operations further comprising: receiving the encoded message, by the receiving ECU, from the CAN bus, the receiving ECU in a first session that has a first receiver-version session key, the first receiver- version session key matching the first sender-version session key; incrementing a receiver-version message counter for the message type; determining, based on the receiver-version message counter, to create the second session for the message type in the receiving ECU, including: incrementing a receiver-version session counter for the message type; generating a second receiver-version session key to be used during the second session in the receiving ECU, the second receiver-version session key matching the second sender-version session key; and resetting the receiver-version message counter; processing the encoded message using the second receiver-version session key, including: identifying a cipher based on the message type; using the cipher and the second receiver-version session key to decode the encoded message to create decoded data; performing the operation on the decoded data to extract the first message; validating the extracted first message; and in response to determining that the extracted first message is valid, providing the extracted first message to a target application in the receiving ECU; and in response to determining that the extracted first message is invalid, generating an alert.
19. The system of claim 18, wherein the operation is a logical exclusive-or operation.
20. The system of claim 17, wherein the sender-version message counter is encoded with a master key for the message type before being combined with the first message.
21. The system of claim 18, wherein determining to create the second session is based on the sender-version message counter being more than a predefined maximum session length for the message type.
22. The system of claim 21, the operations further comprising: identifying a second message to send to the receiving ECU, the second message having a second message type that is different from the particular message type, the second message type being associated with a different sender-version message counter, a different receiver-version session counter, a different sender-version session counter, a different receiver-version session-counter, and a different predefined maximum session length than the particular message type.
23. The system of claim 17, the operations further comprising: identifying a third message to send to the receiving ECU from the sending ECU, the third message being of the particular message type; incrementing the sender-version message counter for the message type; determining, based on the sender-version message counter, to not create a new third session for the message type; processing the second message using the second sender-version session key to create a second encoded message; and sending the second encoded message to the receiving ECU on the CAN bus.
24. The system of claim 18, wherein the sender-version message counter and the receiver- version message counter are the same size as a data portion of the message type.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2019/036042 WO2020246989A1 (en) | 2019-06-07 | 2019-06-07 | Cryptographic key management for end-to-end communication security |
Publications (2)
Publication Number | Publication Date |
---|---|
GB202101118D0 GB202101118D0 (en) | 2021-03-10 |
GB2590282A true GB2590282A (en) | 2021-06-23 |
Family
ID=67060497
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB2101118.4A Pending GB2590282A (en) | 2019-06-07 | 2019-06-07 | Cryptographic key management for end-to-end communication security |
Country Status (2)
Country | Link |
---|---|
GB (1) | GB2590282A (en) |
WO (1) | WO2020246989A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019225259A1 (en) * | 2018-05-23 | 2019-11-28 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ | Communication control device, unauthorized access-detecting electronic control unit, mobility network system, communication control method, unauthorized access detection method and program |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100243732A1 (en) * | 2009-03-25 | 2010-09-30 | George Wallner | Audio/acoustically coupled card reader |
US20150089236A1 (en) * | 2013-09-24 | 2015-03-26 | The Regents Of The University Of Michigan | Real-Time Frame Authentication Using ID Anonymization In Automotive Networks |
EP3425867A1 (en) * | 2017-07-05 | 2019-01-09 | Nxp B.V. | Communication devices and associated method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10243732B1 (en) * | 2018-06-27 | 2019-03-26 | Karamba Security | Cryptographic key management for end-to-end communication security |
-
2019
- 2019-06-07 WO PCT/US2019/036042 patent/WO2020246989A1/en active Application Filing
- 2019-06-07 GB GB2101118.4A patent/GB2590282A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100243732A1 (en) * | 2009-03-25 | 2010-09-30 | George Wallner | Audio/acoustically coupled card reader |
US20150089236A1 (en) * | 2013-09-24 | 2015-03-26 | The Regents Of The University Of Michigan | Real-Time Frame Authentication Using ID Anonymization In Automotive Networks |
EP3425867A1 (en) * | 2017-07-05 | 2019-01-09 | Nxp B.V. | Communication devices and associated method |
Also Published As
Publication number | Publication date |
---|---|
WO2020246989A1 (en) | 2020-12-10 |
GB202101118D0 (en) | 2021-03-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110324143B (en) | Data transmission method, electronic device and storage medium | |
US10243732B1 (en) | Cryptographic key management for end-to-end communication security | |
JP6289680B2 (en) | Packet transmission device, packet reception device, packet transmission program, and packet reception program | |
CN112600665B (en) | Hidden communication method, device and system based on block chain and encryption technology | |
CN115580396B (en) | Tight trace query system and method | |
CN112804133B (en) | Encryption group chat method and system based on blockchain technology | |
CN113225297B (en) | Data hybrid encryption method, device and equipment | |
CN109286500B (en) | Vehicle Electronic Control Unit (ECU) authentication method, device and equipment | |
CN111935197A (en) | Bidding document encryption and decryption method and device | |
CN113890730A (en) | Data transmission method and system | |
CN115277219A (en) | Message encryption method, message decryption method, message encryption device, message decryption device, and storage medium | |
GB2590282A (en) | Cryptographic key management for end-to-end communication security | |
CN113849859A (en) | Linux kernel modification method, terminal device and storage medium | |
CN116488919A (en) | Data processing method, communication node and storage medium | |
CN106487761B (en) | Message transmission method and network equipment | |
CN107395772B (en) | Management method and management system for repeated data | |
CN106405591A (en) | Method for processing the message information of satellite radio navigation system | |
CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
CN110418343B (en) | Paging method, network equipment and terminal | |
CN115102768A (en) | Data processing method and device and computer equipment | |
CN108933950B (en) | Terminal identification determining method and device, computer equipment and storage medium | |
CN113158218A (en) | Data encryption method and device and data decryption method and device | |
CN113285956B (en) | Controller area network bus encryption method, device, equipment and medium | |
CN113364756B (en) | Intelligent electronic equipment data transmission method, device, system and medium | |
CN117040913B (en) | Cloud resource sharing data security transmission method and system |