KR101825486B1 - Apparatus for strenthening security based on otp and method thereof - Google Patents

Abstract

An OTP-based security enforcement system and method thereof according to the present invention are disclosed. The OTP-based security enhancement system according to the present invention comprises an interface for interworking with another control device in a vehicle through a predetermined vehicle network; A logic controller for forming a secure communication channel based on the interlocked control device and the public key, encrypting and transmitting data based on OTP (One Time Pass) through the formed secure communication channel; And a memory for storing a public key for each control device and an OTP setting value list for generating an OTP.

Description

TECHNICAL FIELD [0001] The present invention relates to an OTP-based security enhancement system,

BACKGROUND OF THE INVENTION 1. Field of the Invention [0002] The present invention relates to security enhancement technology, and more particularly, to a One Time Password (OTP) based security enhancement system and method for in-vehicle communications.

Recently, the technology of automobiles has increased the safety, convenience, and convenience of the driver through the combination of electronics and IT technology, and has been used in the fields of Connected Car, Telematics, V2X (Vehicle to Vehicle, Infrastructure, , Hydrogen cars, and autonomous vehicles. In particular, various electronic control units (ECUs) have been introduced to enable various sensing, sensing, monitoring and monitoring.

As the number of electronic control devices to be introduced has increased, a communication network for exchanging and sharing information between electronic control devices has been very importantly researched and commercialized. Communication networks introduced in automobiles include Local Interconnect Network (LIN), Car Area Network (CAN), Mdeia Oriented Systems and Transport (MOST), and FlexRay. Such communication networks deal with the whole, partly, and concurrently with the use of the electronic control device, the amount of information communicated, the importance of the function, and security.

With the integration of electric technology and information technology, the structure of automobile technology is more complicated and security issues in IT technology field are emerging. Particularly, CAN and FlexRay communication are broadcasting type and there is no authentication logic. Therefore, it is difficult to distinguish between the originating ECU and the receiving ECU in the ECU, and the data message is not encrypted and is vulnerable to authentication bypass of the originating or receiving ECU in the process of mutual transmission and reception. And modulation is possible. Furthermore, there is a concern that a denial of service through the communication channel may occur.

However, most of the existing security enhancement technologies focus on security enhancement and certification through classification of communication channels through gateways. Enhanced security through gateways may prevent communication and security services when the gateway fails.

Korean Unexamined Patent Application Publication No. 2008-0023056, Mar. 12, 2008. Korean Patent Registration No. 1021914, Mar. 07, 2011. Korean Patent Registration No. 1481403, Jan. 21, 2015 Korean Patent Laid-Open Publication No. 2013-0083619, Jul. 23, 2013. Korean Patent Laid-Open Publication No. 2013-0136852, December 13, 2013.

Kim, Kang - Seok, CAN Analysis of external threats of vehicle ECU through eavesdropping and manipulation, dissertation, 2011.

SUMMARY OF THE INVENTION Accordingly, it is an object of the present invention to provide a method and apparatus for transmitting and receiving data between control devices in a vehicle, forming a secure communication channel based on a public key, The present invention also provides an OTP-based security enhancement system and method for transmitting and receiving data based on a pass-through.

However, the objects of the present invention are not limited to those mentioned above, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

In order to achieve the above objects, an OTP-based security enhancement system according to an aspect of the present invention includes an interface for interworking with another control device in a vehicle through a predetermined vehicle network; A logic controller for forming a secure communication channel based on the interlocked control device and the public key, encrypting and transmitting data based on OTP (One Time Pass) through the formed secure communication channel; And a memory for storing a public key for each control device, and an OTP setting value list for generating an OTP.

Preferably, the logic controller exchanges its first ID and the first certificate with the second ID of the interlocked control device over the vehicle network to verify the exchanged second ID and second certificate The secure communication channel can be formed by encrypting the OTP setting ID randomly selected from the pre-stored OTP setting value list with the public key.

Preferably, if the second ID and the second certificate are successfully verified, the logic controller extracts a public key from the second certificate and randomly generates a session key, and generates a randomly selected OTP setting Encrypt the ID with the public key, sign the encrypted data with its private key, and transmit the signed encrypted data, the first ID of the user, and the session key.

Preferably, the logic controller generates an OTP using a public key of the interlocked control device, a message ID per service flow, and a message transmission counter, and first encrypts data to be transmitted using the generated OTP, Encrypts the first encrypted data with the public key of the associated control device, signs the second encrypted data with its own private key, and encrypts the signed second encrypted data, the first identity of the first device, Key can be transmitted.

Preferably, the logic controller extracts and exponents a message ID for identifying a message unique to each service flow in the service ID list, extracts the public key, expands the message ID, The message transmission counter is decimated into a usage rule conforming to the OTP setting ID, and the OTP is decoded using the decoded message ID, the decoded public key, the decoded message counter, Can be generated.

Preferably, the logic controller alternately computes OTP coefficients N1 and OTP coefficients N2 corresponding to the OTP setting IDs from the end of the combined values using a predetermined calculation method for each digit, And subtracting the sum of the closest numbers from the sum of the maximum values of the used decimals and the closest number, and subtracting the sum, the OTP value can be calculated as the OTP value to be obtained.

According to another aspect of the present invention, an OTP-based security enhancement system includes an interface for interworking with another control device in a vehicle through a predetermined vehicle network; A logic controller for forming a secure communication channel based on the interlocked control device and the public key, receiving and decoding the encrypted data based on OTP (One Time Pass) through the formed secure communication channel; And a memory for storing a public key for each control device, and an OTP setting value list for generating an OTP.

Preferably, the logic controller exchanges its second ID and the second certificate with the first ID of the interlocked control device over the vehicle network to verify the exchanged first ID and the first certificate Extract a public key from the first certificate, randomly generate a session key, and transmit the second ID, the second certificate, and the session key.

Preferably, upon receipt of the first ID, the session key, and the signed encryption data from the interlocked control device, the logic controller verifies the first ID, the session key, the signature, and encrypts the encrypted data And extract the OTP setting ID included in the encrypted data as a result of the decryption.

Preferably, upon receipt of the encrypted data, the logic controller generates an OTP using its public key, a message ID per service flow, and a message reception counter, and first enciphers the encrypted data with its own private key , And can store the original data extracted as a result of performing the secondary decoding on the primary decoded data using the generated OTP and performing the secondary decoding on the primary decoded data.

Preferably, the logic controller extracts and exponents a message ID for identifying a message unique to each service flow in the service ID list, extracts the public key, expands the message ID, The message transmission counter is decimated into a usage rule conforming to the OTP setting ID, and the OTP is decoded using the decoded message ID, the decoded public key, the decoded message counter, Can be generated.

Preferably, the logic controller alternately computes OTP coefficients N1 and OTP coefficients N2 corresponding to the OTP setting IDs from the end of the combined values using a predetermined calculation method for each digit, And subtracting the sum of the closest numbers from the sum of the maximum values of the used decimals and the closest number, and subtracting the sum, the OTP value can be calculated as the OTP value to be obtained.

According to another aspect of the present invention, there is provided an OTP-based security enforcement method comprising: storing a public key for each control device for in-vehicle communication; an OTP setting value list for OTP generation; Forming a secure communication channel based on the interlocked control device and the public key in cooperation with another control device in the vehicle through a predetermined vehicle network; And encrypting and transmitting data based on OTP (One Time Pass) through the secure communication channel.

Preferably, the forming may include verifying the exchanged second ID and the second certificate by exchanging the first ID and the first certificate with the second ID of the interlocked control device through the vehicle network, The OTP setting ID randomly selected from the pre-stored OTP setting value list is encrypted with the public key and transmitted, thereby forming a secure communication channel.

Preferably, the forming step may include extracting a public key from the second certificate and randomly generating a session key when the second ID and the second certificate are successfully verified, extracting a randomly selected OTP Encrypt the setup ID with the public key, sign the encrypted data with its private key, and transmit the signed encrypted data, the user's first ID, and the session key.

Preferably, the transmitting step generates an OTP using a public key of the interlocking control device, a message ID per service flow, and a message transmission counter, and first encrypts data to be transmitted using the generated OTP, Encrypting the primary encrypted data with a public key of the associated control device, signing the secondary encrypted data with its private key, and encrypting the signed secondary encrypted data, The session key can be transmitted.

Preferably, in the transmitting step, the message ID for identifying a message unique to each service flow of the service is extracted from the message ID list stored in advance, the message ID is extracted, and the public key is extracted and decoded. The message transmission counter is decimated to a usable value conforming to the OTP setting ID, and the decoded message ID, the decoded public key, and the decoded message counter are combined and the OTP Lt; / RTI >

Preferably, in the transmitting step, the OTP coefficient N1 and the OTP coefficient N2 corresponding to the OTP setting ID are alternately calculated from the end of the combined value using a predetermined calculation method for each digit, Values are summed and the OTP value to be obtained can be calculated by subtracting the total sum from the closest number, which is larger than the sum of the maximum values of the used decimals, and subtracting the sum.

According to another aspect of the present invention, there is provided an OTP-based security enforcement method comprising: storing a public key for each control device for in-vehicle communication; an OTP setting value list for OTP generation; Interfacing with another control device in the vehicle through a predetermined vehicle network to form a secure communication channel based on the interlocked control device and the public key; And decrypting the received encrypted data based on a pre-generated One Time Pass (OTP) by receiving the encrypted data through the secure communication channel.

Preferably, the forming includes exchanging a second ID and a second certificate of the interlocked control device through a vehicle network with a first ID of the interlocked control device to verify the exchanged first ID and the first certificate Extract a public key from the first certificate, randomly generate a session key, and transmit the second ID, the second certificate, and the session key.

Preferably, the step of forming comprises the steps of: verifying the first ID, the session key, and the signature when receiving the first ID, the session key, and the signed encrypted data from the interlocked control device; The OTP setting ID included in the encrypted data can be extracted as a result of decrypting the data and decrypting the decrypted data.

Preferably, in the decrypting step, when the encrypted data is received, an OTP is generated using its own public key, a message ID per service flow, and a message reception counter, and the encrypted data is subjected to first- And the original data extracted as a result of the secondary decoding of the primary decoded data using the generated OTP and the secondary decoding of the primary decoded data can be stored.

Preferably, the decrypting step extracts and exponents a message ID for identifying a message unique to each service flow of the service in the stored message ID list, extracts and exponents the public key, The message transmission counter is decimated to a usable value conforming to the OTP setting ID, and the decoded message ID, the decoded public key, and the decoded message counter are combined and the OTP Lt; / RTI >

Preferably, the decrypting step may include a step of calculating the OTP coefficient N1 and the OTP coefficient N2 corresponding to the OTP setting ID from the end of the combined value using the predetermined arithmetic operation method for each digit, Values are summed and the OTP value to be obtained can be calculated by subtracting the total sum from the closest number, which is larger than the sum of the maximum values of the used decimals, and subtracting the sum.

As described above, according to the present invention, data is transmitted and received between control devices in a vehicle, a secure communication channel is formed based on a public key, and data is transmitted and received based on OTP (One Time Pass) It is possible to guarantee the confidentiality and integrity of a message that is stronger than that of the public key infrastructure of the public key infrastructure.

In addition, the present invention can reduce the availability risk to the failure of the security gateway compared to the method using the centralized security-related control and security gateway for arbitration.

In addition, since the present invention performs security processing using peer to peer (P2P) method between each control unit, it can be easily expanded to various communication services.

In addition, since the verification of the ID of the connection admission control unit and the message ID of each service flow is performed before decrypting the encrypted message, it is possible to prevent unnecessary load from occurring in advance, thereby securing a more robust structure for the in- .

1 is a diagram illustrating an OTP-based security enforcement system according to an embodiment of the present invention.
2 is a diagram illustrating an OTP-based security enforcement method according to an embodiment of the present invention.
FIG. 3 is a diagram for explaining a secure communication channel forming process shown in FIG. 2 in detail.
4 is a diagram illustrating a message ID list per service flow according to an exemplary embodiment of the present invention.
5 is a diagram illustrating an OTP setup value list according to an embodiment of the present invention.
FIG. 6 is a diagram for explaining the encrypted data transmission process shown in FIG. 2 in detail.
FIG. 7 is a view for explaining the encrypted data receiving process shown in FIG. 2 in detail.
8 is a diagram for explaining an OTP generation process according to an embodiment of the present invention.
FIG. 9 is a diagram for explaining the OTP value generation process shown in FIG. 8 in detail.
10 is a view for explaining a principle of generating an OTP value according to an embodiment of the present invention.
11 is a diagram showing a detailed configuration of a control apparatus according to an embodiment of the present invention.
12 is a view for explaining the principle of storing authentication information according to an embodiment of the present invention.

Hereinafter, an OTP-based security enhancement system and method according to an embodiment of the present invention will be described with reference to the accompanying drawings. The present invention will be described in detail with reference to the portions necessary for understanding the operation and operation according to the present invention.

In describing the constituent elements of the present invention, the same reference numerals may be given to constituent elements having the same name, and the same reference numerals may be given thereto even though they are different from each other. However, even in such a case, it does not mean that the corresponding component has different functions according to the embodiment, or does not mean that the different components have the same function. It should be judged based on the description of each component in the example.

In particular, according to the present invention, a new secure communication channel for transmitting / receiving data between control devices in a vehicle, forming a secure communication channel based on a public key, and transmitting / receiving data based on OTP (One Time Pass) We propose a communication technique.

Here, the control device is connected to a vehicle network such as LIN, CAN, MOST, FlexRay, and Ethernet, and communicates with the inside or outside of the vehicle to control a vehicle driving device such as an engine and a transmission of the vehicle, A control device for controlling a sensor device for sensing the inside or outside environment of a vehicle, an ECU used for a driver's convenience device, or a device communicating therewith, etc., may request and respond to arbitrary information, periodically provide information It is a concept that encompasses all the broad devices that monitor information.

At this time, the LIN communication divides the token (Token) representing the right to occupy the network and start the transmission to the slave ECUs as the network master, . CAN communication means that all the ECUs in the sub network segment are connected to one network bus and that each device has access to a network channel without any special device for arbitration. to be. MOST communication enables transmission of high-speed video and audio data by connecting in-vehicle electronic devices and multimedia devices to optical networks, enabling simultaneous transmission of high-quality audio and video packet data and real-time control of single transmission media And is a vehicle communication technology having characteristics that can be achieved. FlexRay communication was developed by the FlexRay-consortium as a network communication protocol for automobiles. It was developed by overcoming the limitations of CAN communication which is short in bandwidth and difficult to monitor the schedule, taking advantage of LIN and CAN, and the channel access method is driven by TDMA (Time Division Multiple Access) The elements or messages have fixed time slots with exclusive access. Ethernet communication is a method of applying general-purpose Ethernet technology used in Internet services to vehicles.

Figure 1 is a cross- In the embodiment  Following OTP  Based security enhancement system.

1, an OTP-based security enhancement system for in-vehicle communication according to an exemplary embodiment of the present invention includes a plurality of control apparatuses 100, and a plurality of control apparatuses includes a first A control device 110, and a second control device 120 as a communication target.

The first control device 110 forms a secure communication channel based on a public key in cooperation with the second control device, and can encrypt and transmit data based on OTP through the formed secure communication channel.

The second controller 120 forms a secure communication channel based on the public key in cooperation with the first controller, and receives and decrypts the data based on the OTP through the formed secure communication channel.

At this time, the first control device 110 and the second control device 120 are used not only as a device to start communication or a device to be communicated, but also to be used as a device to start communication, So that the corresponding function can be performed.

FIG. 2 is a cross- In the embodiment  And FIG.

As shown in FIG. 2, first, the first control device exchanges its own ID and certificate with the second control device to verify the identity and certificate of the other party, and transmits a randomly selected OTP setting value or OTP setting ID is encrypted with a public key and transmitted, thereby forming a secure communication channel with the second control device (S210).

Next, the first controller generates the first OTP based on the selected OTP setting value, encrypts the data using the generated first OTP, and transmits the encrypted data to the second controller (S220).

Next, the second controller receives the encrypted data, decrypts the received encrypted data using the second OTP generated in advance, and extracts the decrypted data (S230).

FIG. 3 is a diagram for explaining a secure communication channel forming process shown in FIG. 2 in detail.

3, the first controller 110 may transmit its first ID and the first certificate to the second controller 120 through the vehicle network in a predetermined communication manner (S310) . Here, the predetermined communication method may be, for example, a unicast, broadcast, or multicast communication method.

Next, upon receiving the first ID and the first certificate of the first control device, the second control device 120 may verify the first ID and the first certificate of the received first control device (S311).

As an example, the second control device can verify the first ID of the first control device by checking whether the access permission ID matching the ID of the first control device exists in the stored message ID list.

FIG. 4 is a cross- In the embodiment  Service according to By flow  And a message ID list.

Referring to FIG. 4, there is shown a data structure of a message ID list containing contents defining the characteristics of messages according to service flows. Here, the service may be a concept including both a service for requesting information or a service for transmitting information through an in-vehicle network.

For example, in the case of a service opening a door with a smart key, the smart key interlocking controller makes a service request to open a door to a BCM (Body Control Module) controller, the BCM controller opens a door upon request, It can be a service that responds.

Such a message ID list may include an access permission ID, a service ID, and a message ID.

The access permission ID is the ID of the control device that has the authority to exchange information with any control device and allows access to any control device. This serves as the network firewall of the general information technology system, so that only the access permission ID is used to determine whether or not access is allowed before all the data received through the arbitrary vehicle network is parsed. Discard without processing. This avoids unnecessary waste of resources and reduces the load on any primary vehicle network.

The service ID is an ID that defines the service characteristic to be provided or performed by an arbitrary control device. For example, a service for opening / closing a door of a driver's side is defined as S5.

The message ID is an ID that matches the service ID and defines message characteristics such as a service request message, a response message, or a periodic transmission message. For example, the service request message for opening and closing the driver's seat is matched to S6, and the message ID is defined as M11.

As another example, the second control device can verify the first certificate of the first control device using the public key of the certification authority for issuing the certificate or the server operated by the manufacturer.

Next, if the first controller of the first control device 120 and the first certificate are successfully verified, the second controller 120 extracts the public key from the first certificate and stores the extracted public key (S312).

Next, the second controller 120 may generate and store a session key for setting a session at random (S313).

Next, the second control device 120 may transmit its second ID, second certificate, and session key to the first control device 110 (S314).

Next, when the first control device 110 receives the second ID and the second certificate of the second control device, it can verify the second ID and the second certificate of the received second control device (S315).

Next, when the first control device 110 succeeds in verifying the second ID and the second certificate of the second control device, the first control device 110 extracts the public key from the first certificate and stores the extracted public key together with the session key (S316).

Next, the first controller 110 may randomly select one OTP setting value from the OTP setting value list and encrypt the selected OTP setting value using the public key (S317).

FIG. 5 is a cross- In the embodiment  Following OTP Setting value  Fig.

Referring to FIG. 5, the OTP setting value list according to the present invention includes an OTP setting ID, a usage rule, an OTP coefficient N1, an OTP coefficient N2, a message counter up coefficient, and a message counter up coefficient initial value.

The OTP setting ID is a value to be set and referred to when generating an OTP value in the two control devices communicating with an OTP setting value finally delivered to the second communication device as a communication target in the first control device starting communication, OTP coefficient N1, OPT coefficient N2, message counter up coefficient, and initial value thereof.

Usage law refers to a base or an octal number, for example, binary (hexadecimal), octal (hexadecimal), decimal (hexadecimal), and hexadecimal (hexadecimal).

The OTP coefficient N1 and the OTP coefficient N2 are arbitrary two numbers used when performing an arbitrary operation in an odd number or an even number according to the manufacturer's policy of the controller for any number of OTP generation. For example, if the OTP setting ID is 3, the OTP coefficient N1 is 2, and the OTP coefficient N2 is 4. In this case, if the manufacturer's policy of the control device is implicitly assumed to be an odd number N1 and N2 is an even number, the OTP coefficient N1 multiplied by the OTP coefficient N2 multiplied by 1 is 4 * 7 * 2 when the operated number is 1734, 3 * 4, 4 * 2.

The message counter up factor and the message counter up factor are important items that determine the characteristics of the OTP. Since the in-vehicle control unit is mostly an embedded system without a clock (Clock, Clock), it is difficult to generate an OTP using a conventional time.

Next, the first control device 110 signs the encrypted data with its own private key (S318), and transmits its ID and session key to the second control device 120 together with the signed data (S319 ).

Next, when the second control device 120 receives the signed data, the first ID, and the session key of the first control device 110, the first control device 110 receives the first ID, the session key, The signature can be verified (S320).

At this time, the second controller 120 verifies the session key by checking whether the session key received from the first controller 110 is a session key previously generated by itself.

Next, the second controller 120 decrypts the encrypted data with its own private key (S321), extracts the OTP setting value from the decrypted data, and stores the extracted OTP setting value (S322).

FIG. 6 is a diagram for explaining the encrypted data transmission process shown in FIG. 2 in detail.

As shown in FIG. 6, the first controller 110 to transmit data may generate an OTP using a public key of the second controller, a message ID for each service flow, and a message transmission counter (S610) . Here, the message transmission counter may indicate the number of times the message has been transmitted.

Next, the first controller 110 may first encrypt the data to be transmitted using the generated OTP (S611).

Next, the first control device 110 can encrypt the primary encrypted data with the public key of the second communication device (S612).

Next, the first control device 110 signs the secondary encrypted data with its own private key (S613), and transmits the signed secondary encrypted data, the first ID, and the session key to the second control device 120 (S614).

FIG. 7 is a view for explaining the encrypted data receiving process shown in FIG. 2 in detail.

7, when receiving the first ID of the first control device and the session key together with the encrypted data (S710), the second control device 120 receiving the data transmits the received first control device 110, the session ID, the session key, and the signature (S711).

Next, the second controller 120 can generate the OTP using its own public key, message ID for each service flow, and message reception counter (S712). Here, the message reception counter may indicate the number of times the message has been received.

Next, the second control device 120 can perform the primary decoding of the data encrypted with its own private key (S713).

Next, the second controller 120 may extract the data that the first controller 120 intends to transmit as a result of performing the second-order decoding on the first-decoded data using the OTP and decoding the first-decoded data (S714).

Next, the second controller 120 refers to the message counter up coefficient of the OTP setting value list to raise the message reception counter, to store the advanced message reception counter, and the extracted data (S715).

Figure 8 is a cross- In the embodiment  Following OTP  And FIG.

8, the control device (the first control device or the second control device) according to the embodiment of the present invention transmits a message ID for identifying a message unique to each service flow of the corresponding service And extracts it and expands it (S810).

For example, if the first ID of the first control device to communicate to request BCM control to open the door of the vehicle and the access permission ID of the second control device that receives the BCM control request is 0x7299, If the message ID requested to control the BCM is M11 and the shared OTP setting ID is 1 in order to open the door of the vehicle, it is confirmed that the used method is a decimal number in the OTP setting value list and the message ID M11 is set to the predetermined character code system, Then convert to decimal number to get 774949.

At this time, the character code method can be arbitrarily set in ASCII, UTF8, EBCDIC, etc., and any of them can be used. In the present invention, an example in which a double ASCII code is applied will be described.

Next, the control device extracts the stored or received public key, and expands it (S811).

For example, the first controller requesting to open the door of the vehicle obtains 773349 in decimal according to the ASCII code when the public key of the second control device to be communicated is M11.

In step S812, the control device may decode the message counter, that is, the message transmission counter or the message reception counter, which is the number of transmitted or received messages, to the usage method conforming to the OTP setting ID.

For example, when the counter of the transmitted or received message, that is, the message transmission counter or the message reception counter is 21, it changes to decimal according to the ASCII code to obtain 5049.

Next, the control device can generate the OTP by combining the triggered message ID, the public key, and the message counter, and using the OTP generation algorithm preset to the combined value (S813).

For example, the combination of the decrypted message ID 774949, the public key 773349, and the message counter 5049 obtained in the previous example, and obtains 7749497733495049 as a result of the combination.

FIG. 9 is a cross- OTP  FIG. 10 is a view for explaining a process of generating a value In the embodiment  Following OTP  FIG. 7 is a diagram for explaining a principle of generating a value. FIG.

9, the control device (the first control device or the second control device) according to the embodiment of the present invention obtains the OTP setting value O1, which is a corresponding OTP setting value, from the OTP setting value list, , And the OTP coefficient N2 (S910).

Referring to FIG. 10, the decimals used in the deciphering are decimal, the decoded message ID is 12, the decrypted public key is 34567890, the decoded message counter is 10, the OTP coefficient N1 is 3, the OTP coefficient N2 is one.

Next, the control device can alternately calculate the OTP coefficient N1 and the OTP coefficient N2 retrieved from the end of the combined value by using a predetermined calculation method for each digit (S911).

For example, referring to FIG. 10, an OTP coefficient N1 of 3 and an OTP coefficient N2 of 1 are alternately computed from the end of the combined decimal value 123456789010. In other words, multiply the odd digits by 3 and the even digits by 1 from the end of the combined decimal value. That is, when 131313131313 is multiplied by the number of digits, the number of each digit is 1, 6, 3, 12, 5, 18, 7, 24, 9, 0, 1,

Here, the calculation method is a mathematical operation such as arithmetic operation, factorization, XOR, etc., and is performed according to a method determined by the manufacturer of the vehicle or the control part considering the calculation performance of the control part or other policies.

Next, the control device can sum up the result values calculated for each digit (S912).

For example, the value obtained by adding all of the computed result values of 1, 6, 3, 12, 5, 18, 7, 24, 9,

Next, the controller subtracts the sum of the closest number, which is larger than the sum of the maximum values of the used decimals, and subtracts the sum, thereby calculating the OTP value to be obtained (S913).

For example, if the closest value is greater than 86, which is a sum of 10, 20, 30, 40, 50, 60, 70, 80, 90, The value obtained by subtracting the previous sum 86 from 90 is 4.

Fig. 11 is a cross- In the embodiment  And Fig.

11, the control apparatus 100 according to an embodiment of the present invention may include a processor 111, a logic controller 112, a memory 113, and an interface 114. [

The processor 111 can control each function in conjunction with various devices in the control device.

The logic controller 112 may include a logic processing unit 112a and an encryption processing unit 112b. The logic processing unit 112a can process basic functions and security functions for in-vehicle communication. Here, the security function means the OTP-based security enhancement function described above.

The encryption processing unit 112b is an encryption algorithm such as DES, 3DES, AES, ARIA, LEA, MASK of a stream symmetric key method, RSA, DSA, DSS, ECC which are encryption algorithms of an asymmetric key scheme Encryption and decryption can be handled.

The memory 113 may store a certificate, a public key, a private key, a message ID list, and an OTP setting value list allocated for each control device. The public certificate, the public key, and the private key are referred to in a general public key infrastructure (PKI) technology. In addition, the message ID list mentioned here includes contents defining the characteristics of messages per service flow that can grasp the service flow. Also, the OTP setting value list includes parameters for OTP generation.

The interface 114 may interwork with other control devices via one or more various vehicle networks. Here, the scope of one or more various vehicle networks may include LIN, CAN, MOsT, FlexRay, Ethernet as well as future communication (network) technologies.

Figure 12 is a graph In the embodiment  FIG. 4 is a diagram for explaining the principle of storing authentication information according to FIG.

12, a certificate authority 210 that is discussed in the architecture of a Public Key Infrastructure (PKI) downloads a certificate to the information injector 230 through a wired or wireless network, Information such as a message ID list including the public key, the private key, and the ID of the connection admission controller and defining a message for each service flow, and an OTP setting value list indicating the parameters required for generating the OTP, 220 via wired or wireless communication, and the information injector 230 injects information into the memory of the in-vehicle control device 240.

The certification authority 210 and the manufacturer server 220 of the control apparatus may be one server or the manufacturer server 220 of the control apparatus, May be a vehicle manufacturer or a server of a third party.

In addition, when injecting information into the control device 240, logic for verifying the cycling must be added according to the cycling policy. Through the cycling process, the information can be stored or written in the control device 240 at the reliable information injector 230. This sincing process is done through thorough security management for each manufacturer.

It is to be understood that the present invention is not limited to these embodiments, and all of the elements constituting the embodiments of the present invention described above may be combined or operated in one operation. That is, within the scope of the present invention, all of the components may be selectively coupled to one or more of them. In addition, although all of the components may be implemented as one independent hardware, some or all of the components may be selectively combined to perform a part or all of the functions in one or a plurality of hardware. As shown in FIG. In addition, such a computer program may be stored in a computer-readable medium such as a USB memory, a CD disk, a flash memory, etc., and read and executed by a computer to implement embodiments of the present invention. As the storage medium of the computer program, a magnetic recording medium, an optical recording medium, a carrier wave medium, or the like may be included.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or essential characteristics thereof. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

100: Control device
110: first control device
120: second control device
111: Processor
112: logic controller
113: Memory
114: Interface

Claims (24)

An interface interlocking with another control device in the vehicle through a predetermined vehicle network;
A logic controller for forming a secure communication channel based on the interlocked control device and the public key, encrypting and transmitting data based on an OTP (One Time Password) through the formed secure communication channel; And
And a memory for storing a public key for each control device and an OTP setting value list for generating an OTP,
Wherein the logic controller comprises:
Generates an OTP using a public key of the interlocked control device, a message ID per service flow, and a message transmission counter,
Encrypts the data to be transmitted by using the generated OTP,
Encrypts the primary encrypted data with the public key of the control apparatus linked to the secondary,
Sign the secondary encrypted data with its private key, transmit the signed secondary encrypted data, its own first ID, the session key,
Wherein the logic controller comprises:
Extracts a message ID for identifying a message unique to each service flow of the corresponding service from the list of previously stored message IDs,
Extracts and publicizes the public key,
The message transmission counter, which is the number of transmitted messages, is decimated into a usage rule conforming to the OTP setting ID,
Wherein the OTP is generated by combining the expedited message ID, the exponentiated public key, and the expedited message counter, and using the combined value.
The method according to claim 1,
Wherein the logic controller comprises:
Exchanging the first ID and the first certificate of the interlocked control device with the second ID of the interlocked control device through the vehicle network to verify the exchanged second ID and the second certificate,
Wherein the secure communication channel is formed by encrypting the OTP setting ID randomly selected from the pre-stored OTP setting value list with the public key and transmitting the encrypted OTP setting ID.
3. The method of claim 2,
Wherein the logic controller comprises:
Extracts a public key from the second certificate and randomly generates a session key if the second ID and the second certificate are successfully verified,
Encrypts an OTP setup ID randomly selected from the OTP setup value list with the public key,
Signing the encrypted data with its own private key, and transmitting the signed encrypted data, the first ID of the first user, and the session key.
delete delete The method according to claim 1,
Wherein the logic controller comprises:
An OTP coefficient N1 and an OTP coefficient N2 corresponding to the OTP setting ID are alternately calculated from the end of the combined value by using a pre-set calculation method for each digit,
Sum the result values calculated for each digit,
Wherein the OTP value is calculated by subtracting the sum of the closest number from the sum of the maximum values of the used decimals and subtracting the sum and subtracting the sum as an OTP value to be obtained.
An interface interlocking with another control device in the vehicle through a predetermined vehicle network;
A logic controller for forming a secure communication channel based on the interlocked control device and the public key, receiving and decoding the encrypted data based on the One Time Password (OTP) through the formed secure communication channel; And
And a memory for storing a public key for each control device and an OTP setting value list for generating an OTP,
Wherein the logic controller comprises:
Upon receipt of the encrypted data, the OTP is generated using its own public key, message ID per service flow, and message reception counter,
Decrypts the encrypted data with its own private key,
Decodes the primary decoded data using the generated OTP and stores the original data extracted as a result of the secondary decoding,
Wherein the logic controller comprises:
Extracts a message ID for identifying a message unique to each service flow of the corresponding service from the list of previously stored message IDs,
Extracts and publicizes the public key,
The message reception counter, which is the number of received messages, is decimated into a usage rule conforming to the OTP setting ID,
Wherein the OTP is generated by combining the expedited message ID, the exponentiated public key, and the expedited message counter, and using the combined value.
8. The method of claim 7,
Wherein the logic controller comprises:
Exchanging its own second ID and the second certificate with the first ID of the interlocked control device through the vehicle network to verify the exchanged first ID and the first certificate,
Extracting a public key from the first certificate and randomly generating a session key,
And transmits the second ID, the second certificate, and the session key.
9. The method of claim 8,
Wherein the logic controller comprises:
And a signature verification unit for verifying the first ID, the session key, and the signature when receiving the first ID, the session key, and the signed encryption data from the interlocked control apparatus,
And extracts the OTP setting ID included in the encrypted data as a result of decoding the encrypted data using its own private key and decrypting the decrypted data.
delete delete 8. The method of claim 7,
Wherein the logic controller comprises:
An OTP coefficient N1 and an OTP coefficient N2 corresponding to the OTP setting ID are alternately calculated from the end of the combined value by using a pre-set calculation method for each digit,
Sum the result values calculated for each digit,
Wherein the OTP value is calculated by subtracting the sum of the closest number from the sum of the maximum values of the used decimals and subtracting the sum and subtracting the sum as an OTP value to be obtained.
Storing a public key for each control device for in-vehicle communication and an OTP setting value list for OTP generation;
Forming a secure communication channel based on the interlocked control device and the public key in cooperation with another control device in the vehicle through a predetermined vehicle network; And
And encrypting and transmitting data based on an OTP (One Time Password) through the secure communication channel,
Wherein the transmitting comprises:
Generates an OTP using a public key of the interlocked control device, a message ID per service flow, and a message transmission counter,
Encrypts the data to be transmitted by using the generated OTP,
Encrypts the primary encrypted data with the public key of the control apparatus linked to the secondary,
Sign the secondary encrypted data with its private key, transmit the signed secondary encrypted data, its own first ID, the session key,
Wherein the transmitting comprises:
Extracts a message ID for identifying a message unique to each service flow of the corresponding service from the list of previously stored message IDs,
Extracts and publicizes the public key,
The message transmission counter, which is the number of transmitted messages, is decimated into a usage rule conforming to the OTP setting ID,
Wherein the OTP is generated using a combination of the expedited message ID, the expedited public key, the expedited message counter, and the combined values.
14. The method of claim 13,
Wherein the forming comprises:
Exchanging the first ID and the first certificate of the interlocked control device with the second ID of the interlocked control device through the vehicle network to verify the exchanged second ID and the second certificate,
Wherein the secure communication channel is formed by encrypting the OTP setup ID randomly selected from the pre-stored OTP setup value list with the public key and transmitting the encrypted OTP setup ID.
15. The method of claim 14,
Wherein the forming comprises:
Extracts a public key from the second certificate and randomly generates a session key if the second ID and the second certificate are successfully verified,
Encrypts an OTP setup ID randomly selected from the OTP setup value list with the public key,
And signing the encrypted data with its own private key to transmit the signed encrypted data, the first identity thereof, and the session key.
delete delete 14. The method of claim 13,
Wherein the transmitting comprises:
An OTP coefficient N1 and an OTP coefficient N2 corresponding to the OTP setting ID are alternately calculated from the end of the combined value by using a pre-set calculation method for each digit,
Sum the result values calculated for each digit,
Wherein the OTP value is calculated by subtracting the sum of the closest number from the sum of the maximum values of the used decimals and subtracting the sum and subtracting the sum as an OTP value to be obtained.
Storing a public key for each control device for in-vehicle communication and an OTP setting value list for OTP generation;
Interfacing with another control device in the vehicle through a predetermined vehicle network to form a secure communication channel based on the interlocked control device and the public key; And
Receiving the encrypted data through the secure communication channel and decrypting the received encrypted data based on a pre-generated OTP (One Time Password)
Wherein the step of decrypting comprises:
Upon receipt of the encrypted data, the OTP is generated using its own public key, message ID per service flow, and message reception counter,
Decrypts the encrypted data with its own private key,
Decodes the primary decoded data using the generated OTP and stores the original data extracted as a result of the secondary decoding,
Wherein the step of decrypting comprises:
Extracts a message ID for identifying a message unique to each service flow of the corresponding service from the list of previously stored message IDs,
Extracts and publicizes the public key,
The message reception counter, which is the number of received messages, is decimated into a usage rule conforming to the OTP setting ID,
Wherein the OTP is generated using a combination of the expedited message ID, the expedited public key, the expedited message counter, and the combined values.
20. The method of claim 19,
Wherein the forming comprises:
Exchanging its own second ID and the second certificate with the first ID of the interlocked control device through the vehicle network to verify the exchanged first ID and the first certificate,
Extracting a public key from the first certificate and randomly generating a session key,
And transmitting the second ID, the second certificate, and the session key.
21. The method of claim 20,
Wherein the forming comprises:
And a signature verification unit for verifying the first ID, the session key, and the signature when receiving the first ID, the session key, and the signed encryption data from the interlocked control apparatus,
And extracting the OTP setting ID included in the encrypted data as a result of decoding the encrypted data with its own private key and decrypting the decrypted data.
delete delete 20. The method of claim 19,
Wherein the step of decrypting comprises:
An OTP coefficient N1 and an OTP coefficient N2 corresponding to the OTP setting ID are alternately calculated from the end of the combined value by using a pre-set calculation method for each digit,
Sum the result values calculated for each digit,
Wherein the OTP value is calculated by subtracting the sum of the closest number from the sum of the maximum values of the used decimals and subtracting the sum and subtracting the sum as an OTP value to be obtained.

Images