JP2017034555A - System, equipment and method for data communication - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a data communication system, data communication equipment and a data communication method, enabling safe data communication.SOLUTION: At data communication, a master side ECU 10 and a slave side ECU 20 perform message authentication using a counter value which is stored in respective storage units 103, 203 and incremented per each time of data communication. The master side ECU 10 includes an initialization processing unit 108 which, prior to first-time data communication with the slave side ECU 20 after the start-up, stores a random number, generated by a random number generator 107, into the self-storage unit 103, as a counter value, and notifies the slave side ECU 20 of the stored value. The slave side ECU 20 includes a synchronous processing unit 207 which stores the notified value into the self-storage unit 203, as a counter value.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a data communication system, a data communication device, and a data communication method.

  In recent years, various electronic control units (ECUs) installed in automobiles are connected to an in-vehicle network, and ECUs perform data communication with each other via the in-vehicle network, realizing integrated vehicle control. In-vehicle data communication systems are in practical use. In such an in-vehicle data communication system, message authentication may be performed as a countermeasure against data falsification in the middle of communication or forged communication that pretends a transmission source. In message authentication, a message authentication code (MAC) generated from a main body (message) of data to be communicated and a common key shared between the transmission side and the reception side is used. That is, the transmission side generates a MAC from the common key stored in itself and the message to be transmitted, and sends the MAC together with the message to the reception side. The receiving side generates a MAC from the common key stored therein and the received message, and verifies the suitability of the received data by comparing the generated MAC with the MAC sent from the transmitting side.

  However, it is difficult to say that this measure alone is a stone against a reply attack by a device illegally connected to the in-vehicle network (hereinafter referred to as an unauthorized device). A reply attack is an attack that causes an illegal operation by intercepting and storing a message flowing on the network and then resending the intercepted message to the network. Here, even if message authentication is performed as described above, if the common key is fixed, if the message is wiretapped and retransmitted together with the MAC, it will be authenticated as a legitimate message, and thus a reply attack cannot be prevented. There is sex.

  Conventionally, in Patent Document 1, both a device that transmits data and a device that receives data each store a counter value that is incremented each time mutual data communication is performed, and the counter value is stored as a common key. A data communication system for generating a MAC is described. In such a case, since the value of the common key for generating the MAC is changed for each data communication, the above-described reply attack can be prevented.

  By the way, in the message authentication using the counter as described above, if the counter value is out of synchronization between the data transmission side and reception side devices, the message authentication cannot be performed properly. . Such a shift in counter value synchronization can be prevented to some extent by storing the counter in a nonvolatile memory. In addition, as described in Patent Document 2, the counter value can be prevented from being out of synchronization by transferring the initial counter value to the communication partner and re-synchronizing with the communication partner using a challenge / response method for each data communication session. can do.

JP2013-098719A JP 2014-204444 A

  By the way, in a data communication system that is frequently turned off and operated for a long period of time, such as an in-vehicle data communication system, a part of the data communication device may be exchanged during the operation period. For this reason, even if the counter value is stored in the nonvolatile memory as described above, if the device is exchanged, the counter value cannot be synchronized between the devices.

  On the other hand, when the method of Patent Document 2 is adopted, the counter value is transferred for each data communication session, so that the counter value can be kept synchronized even when the device is exchanged. On the other hand, when the initial value of the counter is transferred, there is a possibility that the communication for the transfer is intercepted and the initial value of the counter is transferred. Therefore, in the method of Patent Document 2 in which the initial value is frequently exchanged during the operation of the data communication system, the possibility that the counter value is decrypted and forged communication is allowed increases accordingly.

Such a problem can also occur in data communication other than in-vehicle data communication.
The present invention has been made in view of such circumstances, and a problem to be solved is to provide a data communication system, a data communication device, and a data communication method that enable safer data communication. .

  A data communication system that solves the above problems is a data communication system that performs data communication between data communication devices connected to a network. One of two data communication devices that perform data communication is a master device, and the other is a slave device. In this case, the master device and the slave device each include a storage unit that stores a counter value, and a counter operation that increments the counter value every time data communication is performed between the master device and the slave device. And a MAC generation unit that generates a message authentication code used for message authentication in data communication between the master device and the slave device using the counter, and the master device, A random number generator for generating a random number, and the threshold after the master device is started. Prior to the first data communication with the device, the random number generated by the random number generator is stored in the storage unit of the master device as the counter value, and the stored value is used as the initial value of the counter. An initialization processing unit for performing initialization processing to notify the slave device, and in response to the notification of the initial value, the slave device uses the notified initial value as the counter value. A synchronization processing unit that performs a synchronization process stored in the storage unit of the device is provided.

  In addition, a data communication device that solves the above problem is connected to a network, and in a data communication device that performs data communication with another data communication device connected to the network, a storage unit that stores a counter value; A counter operation unit that increments the value of the counter each time data communication with the other data communication device is performed, a random number generator that generates a random number, and the other data communication device after activation of the data communication device Prior to the first data communication with the random number generator, the random number generated by the random number generator is stored in the storage unit as the counter value, and the stored value is used as the initial value of the other data communication device. Used for message authentication in data communication between the initialization processing unit that performs initialization processing to notify the other data communication device Characterized in that it and a MAC generator for generating using the values of the counters a message authentication code stored in the storage unit.

  Furthermore, the data communication method for solving the above problem is a data communication method between data communication devices connected to a network, in which one of two data communication devices that perform data communication is a master device and the other is a slave device. The master device and the slave device each perform a counter operation process that increments the value of the counter that is stored each time data communication is performed between them, and the master device Prior to the first data communication with the device, a random number generated by a random number generator is set as an initial value of the counter, and an initialization process for notifying the slave device of the initial value is performed. The initial value notified from the master device is stored in the counter stored in itself. The master device and the slave device generate a message authentication code used for message authentication in mutual data communication using the value of the counter stored in the master device and the slave device. Features.

  According to these data communication systems, data communication devices, and data communication methods, it is possible to keep the values synchronized while changing the value of the counter used for generating the message authentication code for each data communication. Therefore, safer data communication is possible.

  In the system, device, and method, it is desirable to change the timing for notifying the initial value in the initialization process every time the data communication device (master device) is activated.

  In the system, apparatus, and method, it is desirable to re-execute the initialization process when a specified re-execution condition is satisfied after the initialization process is performed. In addition, when the said system, apparatus, and method are applied to the data communication between the vehicle equipments via a vehicle interior network, it is desirable for the said re-implementation conditions to make the engine stop the requirement of the establishment.

  Note that the above-described system, device, and method are particularly suitable for application to data communication between in-vehicle devices through an in-vehicle network.

  According to the data communication system, the data communication device, and the data communication method of the present invention, safer data communication is possible.

1 is a schematic diagram schematically illustrating a configuration of an embodiment of a data communication system. The flowchart of the data transmission process which the apparatus of the data transmission side implements in the data communication system. The flowchart of the data reception process which the apparatus of the data reception side implements in the data communication system. The flowchart of the initialization process which a master apparatus implements in the data communication system. The flowchart of the synchronous process which a slave apparatus implements in the data communication system.

  Hereinafter, an embodiment of a data communication system will be described in detail with reference to FIGS. The data communication system according to the present embodiment is configured as an in-vehicle data communication system that performs data communication between various electronic control units (ECUs) mounted on a vehicle. Examples of the ECU include an engine ECU that controls the engine, a brake ECU that controls the brake, and a power steering ECU that controls the power steering system. These ECUs correspond to data communication devices. Note that in a vehicle equipped with the data communication system of the present embodiment, so-called idling stop control is performed in which the engine is temporarily stopped when the vehicle stops, such as waiting for a signal.

  In the data communication system of the present embodiment, one of the two ECUs that perform data communication with each other functions as a master device, and the other functions as a slave device. Which of the two ECUs that perform data communication with each other becomes the master device and the slave device is determined only by the relationship between the two ECUs. Therefore, one ECU may be a master device in a relationship with a certain ECU, and may be a slave device in a relationship with another ECU.

  As shown in FIG. 1, an ECU functioning as a master device (hereinafter referred to as a master-side ECU 10) includes a data control unit 101 that generates data to be transmitted, determines a transmission destination, and processes received data. And a communication control unit 102 responsible for processing related to data transmission / reception with the network 30. The master-side ECU 10 also performs storage authentication for storing the value of the counter used for calculating the value (MAC value) of the message authentication code, MAC generating unit 104 for calculating the MAC value, and message authentication at the time of data reception. The MAC verification unit 105 and the counter operation unit 106 that operates the counter stored in the storage unit 103 are provided. The master ECU 10 further includes a random number generator 107 that generates random numbers, and an initialization processing unit 108 that performs processing related to initialization of counter values.

  On the other hand, an ECU functioning as a slave device (hereinafter referred to as a slave side ECU 20) includes a data control unit 201, a communication control unit 202, a storage unit 203, a MAC generation unit 204, a MAC verification unit 205, which are the same as the master side ECU 10. And a counter operation unit 206. Further, the slave side ECU 20 is provided with a synchronization processing unit 207 that performs processing related to synchronization of the counter value with the master side ECU 10.

  Note that a volatile memory is used for the storage units 103 and 203, and when the ignition switch is turned off, the counter values stored in them are cleared. Incidentally, when the master side ECU 10 and the slave side ECU 20 perform data communication with other ECUs, an individual counter is provided for each ECU that performs communication.

(Data transmission / reception processing)
Next, data communication between the master side ECU 10 and the slave side ECU 20 will be described. Here, a case where data is transmitted from the master ECU 10 to the slave ECU 20 will be described as an example. On the other hand, when the slave-side ECU 20 transmits data to the master-side ECU 10, data communication is similarly performed only by switching the data transmission side and reception side ECUs. In this case, a member whose code is described in parentheses performs processing.

  FIG. 2 shows a flowchart of data transmission processing performed in the ECU on the data transmission side during data communication between the master ECU 10 and the slave ECU 20. This processing is performed in response to a data transmission request from the data control unit 101 (201).

  In data transmission, first, in step S100, the MAC generation unit 104 (204) reads a counter stored in the storage unit 103 (203) of the ECU. In step S101, the MAC generation unit 104 (204) calculates the MAC value (MAC value) of the data to be transmitted using the read counter as a common key. The MAC value is obtained, for example, by calculating a hash for data obtained by combining transmission data and a counter value.

  Subsequently, in step S102, the communication control unit 102 (202) transmits the MAC value calculated by the MAC generation unit 104 (204) to the in-vehicle network 30 together with transmission data. In the subsequent step S103, the counter operation unit 106 (206) performs a counter operation process for incrementing the counter stored in the storage unit 103 (203). Specifically, the counter operation unit 106 (206) at this time adds “1” to the counter value stored in the storage unit 103 (203). Then, the data transmission process this time is finished.

  FIG. 3 shows a flowchart of data transmission processing executed in the ECU on the data receiving side. This process is performed in response to reception of data to the ECU by the communication control unit 202 (102).

  When data is received, first, in step S200, the MAC generation unit 204 (104) reads the counter stored in the storage unit 203 (103). Subsequently, in step S201, the MAC generation unit 204 (104) calculates the MAC value (matching MAC value) of the received data using the read counter as a common key. The calculation of the MAC value at this time is performed by the same calculation logic as that in step S101 in the data transmission process. In step S202, the MAC verification unit 205 (105) determines whether or not the calculated MAC value matches the MAC value attached to the received data.

  If the MAC values of the two do not match (S202: NO), the MAC collation unit 205 (105) discards the received data as invalid data in step S205, and the current data reception process ends. On the other hand, if both MAC values match (S202: YES), in step S203, the received data is transferred to the data control unit 201 (101) as legitimate data and processed. In step S204, the counter operation unit 206 (106) performs a counter operation process for incrementing the counter value stored in the storage unit 203, and then ends the current data reception process.

(Counter initialization / synchronization processing)
As described above, in this embodiment, the master-side ECU 10 and the slave-side ECU 20 send messages using the counters stored in the storage units 103 and 203 as common keys. Since the counter is incremented each time data communication is performed and the value thereof is changed, even if the intercepted MAC is retransmitted as it is, message authentication cannot be passed, and the reply attack becomes invalid. However, in order to perform message authentication in such a manner, it is necessary to guarantee synchronization of counters stored in the storage units 103 and 203 by the master side ECU 10 and the slave side ECU 20. In this embodiment, the master side ECU 10 and the slave side ECU 20 perform the following initialization process and synchronization process, respectively, to synchronize the counters of both ECUs.

  FIG. 4 shows a flowchart of the initialization process. This process is repeatedly performed periodically by the initialization processing unit 108 of the master ECU 10 during operation of the in-vehicle network system.

  When this processing is started, first, in step S300, the initialization processing unit 108 determines whether or not it is the initialization execution time. In the present embodiment, the following (A) and (B) are the initialization execution times. Note that the following waiting time is determined according to the random number generated by the random number generator 107. The following (A) shows the timing of the initial initialization process after starting the master ECU 10, and (B) below shows the timing of the initialization process after the initial initialization. Each is shown. That is, in the present embodiment, the following (b) is a re-execution condition for the initialization process.

(A) When a randomly determined waiting time has elapsed after the ignition switch is turned on.
(B) When the engine is temporarily stopped by idling stop control and a randomly determined standby time has elapsed since the engine stopped.

  Here, if it is not the initialization execution time (S300: NO), the initialization processing unit 108 ends the current processing as it is. On the other hand, if it is the initialization execution time (S300: YES), the initialization processing unit 108 acquires a random number from the random number generator 107 in step S301, and in the subsequent step S302, stores the random number value as a counter. 103. Then, the initialization processing unit 108 transmits the encrypted random number value to the slave ECU 20 as initialization data, and then ends the current process. The encryption at this time is performed using a common key shared by the master ECU 10 and the slave ECU 20.

  FIG. 5 shows a flowchart of the synchronization process. This process is repeatedly performed periodically by the synchronization processing unit 207 provided in the slave-side ECU 20 during operation of the in-vehicle network system.

  When this process is started, the synchronization processing unit 207 first determines in step S400 whether or not the above-described initialization data has been received. If initialization data has not been received (S400: NO), the synchronization processing unit 207 ends the processing of this routine as it is. On the other hand, if initialization data has been received (S400: YES), the synchronization processing unit 207 decodes the received initialization data in step S401. The synchronization processing unit 207 stores the value obtained by the decoding in step S402, that is, the initial value of the counter notified from the master-side ECU 10 in the storage unit 203 as a counter, and then performs the processing of this routine this time. Exit.

(Function)
When the ignition switch is turned on and the master ECU 10 is activated, the initialization processing unit 108 performs initialization processing after a randomly determined standby time has elapsed. Then, by the initialization process, the random number generated by the random number generator 107 is stored in the storage unit 103 as a counter value, and the value is notified to the slave ECU 20 as an initial value of the counter. On the other hand, in the slave-side ECU 20, the synchronization processing unit 207 performs synchronization processing in response to such notification of the initial value, and the notified initial value is stored in the storage unit 203 as a counter value. As described above, the counters stored in the storage units 103 and 203 of the master ECU 10 and the slave ECU 20 are randomly determined prior to the first data communication with the slave ECU 20 after the master ECU 10 is started. Is set to the value of

  During data communication between the master ECU 10 and the slave ECU 20, message authentication is performed using the MAC value calculated using the counter values stored in the storage units 103 and 203. Further, the counter values stored in both storage units 103 and 203 are incremented by counter operation units 106 and 206, respectively, after data communication. Therefore, the counter values stored in both the storage units 103 and 203 are changed while maintaining synchronization each time data communication is performed.

  On the other hand, even after the start of data communication, when the vehicle stops for a certain time, such as waiting for a signal, and the engine is temporarily stopped, the initialization process is performed again, and the counters stored in both storage units 103 and 203 are The value is reinitialized. That is, the master ECU 10 resets the randomly determined value as the counter value, and the value is transferred to the slave ECU 20 and the counter values stored in both the storage units 103 and 203 are set. Synchronization is taken.

  Incidentally, in this embodiment, when the initial value of the counter is transferred from the master ECU 10 to the slave ECU 20, the common key used for encrypting the initial value is fixed. Therefore, the decryption of the initial value from the encrypted initialization data is easier than the decryption of the counter value from the MAC value. That is, in this data communication system, there is a high possibility that the cyber attack will be most likely during the period immediately after the initial value is delivered. In this regard, in the present embodiment, the initial value is transferred during a vehicle and engine stop period in which the influence is relatively small even if an improper operation of the vehicle due to a cyber attack occurs immediately after that. It has become.

According to the data communication system of the present embodiment described above, the following effects can be achieved.
(1) Since message authentication is performed using a counter value that changes for each data communication, safer data communication is possible.

(2) Since the counter value can be kept synchronized even when the ECU is replaced, it can be easily adopted for a data communication system for a vehicle having a long operation period.
(3) Since the initial value of the counter is transferred during the vehicle and engine stop periods, even if the initial value is read and unauthorized operation by a cyber attack is permitted, the influence can be suppressed to a small level. .

(4) Since the timing for transferring the initial value is randomly determined, it is possible to make it more difficult to intercept the communication for the transfer.
(5) Since the value of the counter is changed at random when the re-execution condition is satisfied in addition to immediately after activation of the master side ECU 10, it is possible to make it more difficult to disguise data communication.

In addition, the said embodiment can also be changed and implemented as follows.
In the above-described embodiment, the time for transferring the initial value, that is, the time for transmitting the initialization data to the slave-side ECU 20 is randomly determined. However, the time may be fixed.

  In the above embodiment, the counter initialization process was re-executed while the engine was temporarily stopped by the idling stop control.For example, the initialization process was repeatedly performed at regular intervals. The re-execution conditions for such initialization processing may be arbitrarily changed.

In the above embodiment, each time data communication is performed, the counter value is incremented by 1. However, the counter value may be incremented by any number other than “1”.
In the above embodiment, the counter initialization process is performed in addition to immediately after the master ECU 10 is started. However, the initialization process may be performed only immediately after the master ECU 10 is started.

  In the above embodiment, the MAC value is calculated by calculating the hash of data obtained by combining the transmission / reception data and the counter value. However, if the calculation logic uses the counter value as a common key, Arithmetic logic other than may be adopted.

  The data communication system of the above embodiment can be similarly applied to data communication systems other than the in-vehicle data communication system.

  DESCRIPTION OF SYMBOLS 10 ... Master side ECU, 20 ... Slave side ECU, 30 ... In-vehicle network, 101 ... Data control part, 102 ... Communication control part, 103 ... Memory | storage part, 104 ... MAC production | generation part, 105 ... MAC collation part, 106 ... Counter operation 107: random number generator, 108 ... initialization processing unit, 201 ... data control unit, 202 ... communication control unit, 203 ... storage unit, 204 ... MAC generation unit, 205 ... MAC verification unit, 206 ... counter operation unit, 207 ... Synchronization processing unit.

Claims (15)

In a data communication system that performs data communication between data communication devices connected to a network,
When one of two data communication devices for data communication is a master device and the other is a slave device,
In the master device and the slave device, a storage unit that stores a counter value, a counter operation unit that increments the counter value every time data communication is performed between the master device and the slave device, A MAC generating unit that generates a message authentication code used for message authentication in data communication between the master device and the slave device using the counter, respectively,
Prior to the first data communication between the master device and the slave device after starting the master device, the random number generated by the random number generator is used as the counter value. An initialization processing unit is provided that performs an initialization process of storing the stored value in the storage unit of the master device and notifying the slave device of the stored value as an initial value of the counter,
In response to the notification of the initial value, the slave device is provided with a synchronization processing unit that performs a synchronization process of storing the notified initial value as the counter value in the storage unit of the slave device. A featured data communication system. The data communication system according to claim 1, wherein the initialization processing unit changes the timing of notifying the initial value every time the master device is activated. The data communication system according to claim 1, wherein the initialization processing unit re-executes the initialization process when a specified re-execution condition is satisfied after the initialization process is performed. The data communication system according to claim 3, wherein the data communication system is a system that performs data communication between in-vehicle devices through an in-vehicle network, and the re-execution condition is that the engine stop is a requirement for establishment. The data communication system according to any one of claims 1 to 3, wherein the data communication system is a system that performs data communication between in-vehicle devices through an in-vehicle network. In a data communication device connected to a network and performing data communication with other data communication devices connected to the network,
A storage unit for storing a counter value;
A counter operation unit that increments the value of the counter each time data communication with the other data communication device is performed;
A random number generator for generating random numbers;
Prior to the first data communication with the other data communication device after activation of the data communication device, the random number generated by the random number generator is stored in the storage unit as the counter value, and stored. An initialization processing unit for performing an initialization process of notifying the value to the other data communication device as an initial value of the counter;
A MAC generation unit that generates a message authentication code used for message authentication in data communication with the other data communication device using the value of the counter stored in the storage unit;
A data communication device comprising: The data communication device according to claim 6, wherein the initialization processing unit changes the timing of notifying the initial value every time the data communication device is activated. The data communication device according to claim 6, wherein the initialization processing unit re-executes the initialization process when a specified re-execution condition is satisfied after the initialization process is performed. The data communication device according to claim 8, wherein the data communication device is connected to an in-vehicle network, and the re-execution condition requires that the engine be stopped. The data communication device according to any one of claims 6 to 8, wherein the data communication device is connected to an in-vehicle network. In a data communication method between data communication devices connected to a network,
When one of two data communication devices for data communication is a master device and the other is a slave device,
Each of the master device and the slave device performs counter operation processing for incrementing the value of the counter stored each time data communication is performed between them.
Prior to the first data communication with the slave device after activation, the master device sets the random number generated by the random number generator as the initial value of the counter and notifies the slave device of the initial value. Perform initialization processing to
The slave device performs a synchronization process for setting the initial value notified from the master device to the initial value of the counter stored therein,
The master device and the slave device generate a message authentication code used for message authentication in mutual data communication using the value of the counter stored therein. The data communication method according to claim 11, wherein in the initialization process, the timing for notifying the initial value is changed every time the master device is activated. The data communication method according to claim 11 or 12, wherein the master device re-executes the initialization process when a specified re-execution condition is satisfied after the initialization process is performed. The data communication method according to claim 13, wherein the data communication method is applied to data communication between in-vehicle devices via an in-vehicle network, and the re-execution condition sets the stop of the engine as a requirement for establishment. The data communication method according to any one of claims 11 to 13, wherein the data communication method is applied to data communication between in-vehicle devices through an in-vehicle network.