CN106850230A - A kind of data safety exchange method based on CAN network - Google Patents

A kind of data safety exchange method based on CAN network Download PDF

Info

Publication number
CN106850230A
CN106850230A CN201710079849.6A CN201710079849A CN106850230A CN 106850230 A CN106850230 A CN 106850230A CN 201710079849 A CN201710079849 A CN 201710079849A CN 106850230 A CN106850230 A CN 106850230A
Authority
CN
China
Prior art keywords
data
receiving
gateway
receiving terminal
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710079849.6A
Other languages
Chinese (zh)
Other versions
CN106850230B (en
Inventor
余贵珍
王云鹏
胡超伟
吴新开
周彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inner Mongolia Tiechen Intelligent Equipment Co.,Ltd.
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201710079849.6A priority Critical patent/CN106850230B/en
Publication of CN106850230A publication Critical patent/CN106850230A/en
Application granted granted Critical
Publication of CN106850230B publication Critical patent/CN106850230B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Abstract

A kind of data safety exchange method based on CAN network, sender and recipient to data carry out legitimacy certification., it is necessary to the sender and recipient that confirm data are legal controllers before data exchange, if finding, unwarranted controller will notify user in the way of alarm, and transmitting terminal is encrypted to the data for sending, and receiving terminal is decrypted to the data for receiving.

Description

A kind of data safety exchange method based on CAN network
Technical field
The present invention relates to automobile information security technology area, it is adaptable to the information peace of in-vehicle network in ensure ne connection vehicle Entirely, and in particular to a kind of data safety exchange method based on in-car CAN network.
Background technology
In recent years, the application in intelligent automobile is on the increase, many to apply by in-vehicle network, using end-to-end communication Pattern completes the information transfer between control module.On the other hand, flourishing with car networking technology, part of module The functions such as remote monitoring can be completed by being connected into internet, automotive interior network is no longer a network for closure.Such as Fruit information is maliciously intercepted and captured, distorted or deleted in exchange process, it is likely that can cause immeasurable consequence.It is same with this When, it is ensured that the information security of automotive interior network has become a study hotspot of industry.
The calculating and networked system for being used in automobile at this stage have followed existing calculating and networking framework, also inherit this The natural safety defect of a little systems, but not existence information security mechanism, people in the CAN network of existing most automobiles Can easily obtain CAN data and inject data of some artificial modifications.
The main target that the data safety of CAN network exchanges research is the privacy for ensureing automotive CAN network information transfer And integrality, while the sender and recipient that also need to ensure data are by the part of certification.Existing communication security Mechanism is all based on greatly AES and agreement, such as symmetric cryptography and rivest, shamir, adelman, is generally used only for solving computer Information security issue, the application in automobile information security fields is less.
The content of the invention
For problem above, the present invention proposes a kind of data safety exchange method based on CAN network.The method can be with Legitimacy certification, the mould in limitation inferior grade CAN are carried out to the sender and recipient of data in CAN network by bus gateway The high-grade module of block access, and transmitted using ciphertext in data exchange process.
The present invention is a kind of data safety exchange method based on CAN network.CAN network is interspersed by CAN The network of formation, CAN is a kind of serial data communication agreement, be integrated with its communication interface CAN protocol physical layer and Data link layer functions, can complete the framing processing to communication data.CAN on automobile fills the various electronics on automobile Put and be linked to be a network with equipment, realize information sharing each other.Internetwork connection mode on current automobile mainly uses 3 Bar CAN:One high-speed CAN for being used for drive system, is mainly directed towards requirement of real-time control unit higher, such as starts mechanical, electrical Motivation;One low speed CAN for being used for bodywork system, mainly for Body Control, such as car light, car door, the collection of vehicle window signal And feedback, it is relatively low to requirement of real-time;One is low speed CAN for information entertainment, and being mainly directed towards car entertainment should With Source Music, telecommunication are relatively low to requirement of real-time.
A kind of data safety exchange method based on CAN network is realized by following steps:
Step 1:Sender and recipient to data carry out legitimacy certification., it is necessary to confirm number before data exchange According to sender and recipient be all legal controller, if find unwarranted controller will be notified in the way of alarm use Family.
Each controller is equipped with a certificate for the legitimacy for proving itself, and certificate is by No. ID of the controller and should The authorisation verification Au of controller is constituted, and each controller i is equipped with a pair of public key PK in additioniWith private key SKi, certificate is by corresponding Private key SKiData signature is carried out.Information collection List (ID, Au, the PK of a series of legal controllers are store in gatewayi) and For the symmetric key SYK of subsequent exchange of data process, it was demonstrated that work is completed by bus gateway.Before data exchange, net Pass verifies the legitimacy of transmitting terminal and receiving terminal certificate using corresponding public key, if certification success, gateway is again to transmitting terminal Rank with receiving terminal judged, the module level highest in acquiescence drive system CAN, the module level in bodywork system CAN Do not take second place, the module level in entertainment systems CAN is minimum.If transmitting terminal and receiving terminal are not the module in entertainment systems CAN, Gateway will open the data exchange channel of both sides, otherwise will remind user by in-car siren.
Authentication method is as follows:
Step 2:Transmitting terminal is encrypted to the data for sending.The effective ways for lifting communications security are exactly that data are passed Defeated process is encrypted, and encryption method universal at present has symmetric cryptography and asymmetric encryption.In symmetric encryption system, encryption Identical key is used with decryption.Because encryption and decryption key is identical, it is necessary to both sides' selection of communication and to preserve them common close Key, each side must trust other side will not divulge a secret away key, can thus realize the confidentiality and integrity of data.Non- In symmetric encryption system, encryption and decryption are relatively independent, and encryption is conciliate secret meeting and uses two different keys, encryption key To public, decruption key only decryption side is known.Symmetric encipherment algorithm treatment is simple, and encryption/decryption speed is fast, and key is shorter; Rivest, shamir, adelman encryption/decryption speed is slow, and keys sizes are big.
It is symmetric cryptography that the present invention uses cipher mode, and symmetric key SYK is stored in a gateway, in step 1 Transmission gives transmitting terminal and receiving terminal.Assuming that transmitting terminal needs to send message M, the message after encryption is C, and transmission process is as follows:
Step 3:Receiving terminal is decrypted to the data for receiving.Receiving terminal is using symmetric key SYK to the ciphertext C that receives It is decrypted, receives process as follows:
The beneficial effects of the present invention are:
(1) present invention is a kind of data safety exchange method based on CAN network, it is proposed that the automotive interior network information is pacified Total correlation concept, the CAN network specific to intelligent vehicle proposes a kind of data safety exchange method, mainly by cryptography Correlation theory, the present invention can effectively lift the Information Security of automotive CAN network.
(2) present invention is a kind of data safety exchange method based on CAN network, can be used before data exchange The mode of data signature is authenticated to the sender and recipient of data, it is ensured that the legitimacy of communication ends, limit without The module of certification accesses CAN network.
(3) present invention is a kind of data safety exchange method based on CAN network, can be before data exchange, logarithm Detected according to sending module grade, the networking module that can be limited in inferior grade entertainment systems CAN accesses high-grade module.
(4) present invention is a kind of data safety exchange method based on CAN network, using symmetrical in data exchange process Cipher mode, relative to traditional method for interchanging data, can lift Information Security, and data exchange real-time is can guarantee that again.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of data safety exchange method invention schematic diagram based on CAN network of the present invention.
Fig. 2 is a kind of data safety exchange method invention flow chart based on CAN network of the present invention.
Specific embodiment
The present invention is further described with reference to embodiment.
Below in conjunction with drawings and Examples, the present invention is described in further detail.
It is as shown in Figure 1 rough schematic of the invention.Transmitting terminal S and receiving terminal R needs to enter line number by bus gateway V Legal controller information collection List (ID, Au, PK have been stored according to exchange, in Vi) and symmetric key.
The idiographic flow of data exchange is as shown in Fig. 2 its specific operation is as follows:
Step 1:Sender and reception debit to data carry out legitimacy certification.Each module is equipped with one and proves certainly The certificate of the legitimacy of body, certificate is constituted by No. ID of the module and the authorisation verification Au of the module, in addition transmitting terminal with connect Receiving end is equipped with a pair of public key PKiWith private key SKi, certificate is by corresponding private key SKiData signature is carried out.Deposited in gateway Store up information collection List (ID, Au, the PK of a series of legal controllersi) and for the symmetric key of subsequent exchange of data process SYK, checking work is completed by bus gateway.Before data exchange, gateway uses corresponding public key PKiTo verify transmitting terminal With the legitimacy of receiving terminal certificate, if certification success, gateway judges transmitting terminal that acquiescence drives with the rank for connecing end again Module level highest in system CAN, the module level in bodywork system CAN is taken second place, and the module level in entertainment systems CAN is most It is low.If transmitting terminal and receiving terminal are not the module in entertainment systems CAN, gateway will open the data exchange channel of both sides, no Then user will be reminded by in-car siren.
Authentication method is as follows:
Step 2:Transmitting terminal is encrypted to the data for sending.It is symmetric cryptography that the present invention uses cipher mode, symmetrically AES treatment is simple, and encryption/decryption speed is fast, and key is shorter.Symmetric key SYK to using is stored in a gateway, is existed Transmission gives transmitting terminal and receiving terminal in step 1.Assuming that transmitting terminal needs to send message M, the message after encryption is C, is transmitted across Journey is as follows:
Step 3:Receiving terminal is decrypted to the data for receiving.Receiving terminal is using symmetric key SYK to the ciphertext C that receives Decryption, receives process as follows:
Legitimacy can be carried out to the sender and recipient of data in CAN network by bus gateway by the above method Certification, the high-grade module of module accesses in limitation entertainment systems CAN, and ciphertext exchange data is used, improve data friendship Change security.

Claims (4)

1. a kind of data safety exchange method based on CAN network, it is characterised in that realized by following steps:
Step 1. carries out legitimacy certification to the sender and recipient of data, it is necessary to confirm data before data exchange Sender and recipient are legal controllers, and gateway verifies the conjunction of transmitting terminal and receiving terminal certificate using corresponding public key Method, if certification success, gateway judges transmitting terminal with the rank of receiving terminal again, if transmitting terminal and receiving terminal are not Module during rank is minimum, gateway will open the data exchange channel of both sides, if finding, unwarranted controller will be with alarm Mode notify user;
Step 2. transmitting terminal is encrypted to the data for sending, and it is symmetric cryptography to use cipher mode, and symmetric key SYK storages exist In gateway, transmission gives transmitting terminal and receiving terminal in step 1;
Step 3. receiving terminal is decrypted to the data for receiving, and receiving terminal is carried out using symmetric key SYK to the ciphertext for receiving Decryption.
2. the data safety exchange method based on CAN network according to claim 1, it is characterised in that the controller All it is equipped with a certificate for proving the legitimacy of itself, certificate is by No. ID of the controller and the authorisation verification Au of the controller Constitute, each controller i is equipped with a pair of public key PK in additioniWith private key SKi, certificate is by corresponding private key SKiData label are carried out Name, stores a series of information collection List (ID of legal controllers in gatewayi,Aui,PKi) and for subsequent exchange of data mistake The symmetric key SYK of journey, it was demonstrated that work is completed by bus gateway, and authentication method is as follows:
3. the data safety exchange method based on CAN network according to claim 1, it is characterised in that the step 2 It is as follows that encryption data sends transmission process:Assuming that transmitting terminal needs to send message M, the message after encryption is C,
4. the data safety exchange method based on CAN network according to claim 1, it is characterised in that the step 3: Receiving terminal is decrypted to the data for receiving, and receiving terminal is decrypted using symmetric key SYK to the ciphertext C for receiving, and is received Process is as follows:
CN201710079849.6A 2017-02-15 2017-02-15 A kind of data safety exchange method based on CAN network Active CN106850230B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710079849.6A CN106850230B (en) 2017-02-15 2017-02-15 A kind of data safety exchange method based on CAN network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710079849.6A CN106850230B (en) 2017-02-15 2017-02-15 A kind of data safety exchange method based on CAN network

Publications (2)

Publication Number Publication Date
CN106850230A true CN106850230A (en) 2017-06-13
CN106850230B CN106850230B (en) 2018-04-17

Family

ID=59128809

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710079849.6A Active CN106850230B (en) 2017-02-15 2017-02-15 A kind of data safety exchange method based on CAN network

Country Status (1)

Country Link
CN (1) CN106850230B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117313A (en) * 2018-08-28 2019-01-01 成都信息工程大学 A kind of band isolation calamity for mechanism of control vehicle wisdom security gateway and management-control method
CN110138642A (en) * 2019-04-15 2019-08-16 深圳市纽创信安科技开发有限公司 A kind of CAN bus based safety communicating method and system
CN110198314A (en) * 2019-05-28 2019-09-03 中山安信通机器人制造有限公司 Method, computer installation and the computer readable storage medium that the data transmitted in a kind of couple of on-vehicle machines people are encrypted
CN110913004A (en) * 2019-11-28 2020-03-24 乌鲁木齐明华智能电子科技有限公司 Data security exchange method based on cloud platform
CN111131136A (en) * 2018-11-01 2020-05-08 财团法人资讯工业策进会 Vehicle information safety monitoring device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202093389U (en) * 2011-06-15 2011-12-28 厦门汉纳森汽车电子有限公司 Intelligent bus control system for vehicle
CN102658801A (en) * 2012-04-28 2012-09-12 浙江吉利汽车研究院有限公司杭州分公司 Controller area network (CAN) system network management method for new energy vehicle
CN104767618A (en) * 2015-04-03 2015-07-08 清华大学 CAN bus authentication method and system based on broadcasting
CN105893844A (en) * 2015-10-20 2016-08-24 乐卡汽车智能科技(北京)有限公司 Method and device for sending messages of vehicle bus networks
CN106027244A (en) * 2016-07-22 2016-10-12 北京航空航天大学 Integrated distributed electric automobile controller secure communication method and system
US20160381055A1 (en) * 2015-06-29 2016-12-29 Argus Cyber Security Ltd. System and method for providing security to a communication network
CN106357681A (en) * 2016-11-02 2017-01-25 合肥工业大学 Security access and secret communication method of vehicle-mounted remote diagnostic services

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202093389U (en) * 2011-06-15 2011-12-28 厦门汉纳森汽车电子有限公司 Intelligent bus control system for vehicle
CN102658801A (en) * 2012-04-28 2012-09-12 浙江吉利汽车研究院有限公司杭州分公司 Controller area network (CAN) system network management method for new energy vehicle
CN104767618A (en) * 2015-04-03 2015-07-08 清华大学 CAN bus authentication method and system based on broadcasting
US20160381055A1 (en) * 2015-06-29 2016-12-29 Argus Cyber Security Ltd. System and method for providing security to a communication network
CN105893844A (en) * 2015-10-20 2016-08-24 乐卡汽车智能科技(北京)有限公司 Method and device for sending messages of vehicle bus networks
CN106027244A (en) * 2016-07-22 2016-10-12 北京航空航天大学 Integrated distributed electric automobile controller secure communication method and system
CN106357681A (en) * 2016-11-02 2017-01-25 合肥工业大学 Security access and secret communication method of vehicle-mounted remote diagnostic services

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117313A (en) * 2018-08-28 2019-01-01 成都信息工程大学 A kind of band isolation calamity for mechanism of control vehicle wisdom security gateway and management-control method
CN109117313B (en) * 2018-08-28 2022-03-18 成都信息工程大学 Vehicle intelligent security gateway with disaster isolation backup management and control mechanism and management and control method
CN111131136A (en) * 2018-11-01 2020-05-08 财团法人资讯工业策进会 Vehicle information safety monitoring device
CN111131136B (en) * 2018-11-01 2022-01-11 财团法人资讯工业策进会 Vehicle information safety monitoring device
CN110138642A (en) * 2019-04-15 2019-08-16 深圳市纽创信安科技开发有限公司 A kind of CAN bus based safety communicating method and system
CN110198314A (en) * 2019-05-28 2019-09-03 中山安信通机器人制造有限公司 Method, computer installation and the computer readable storage medium that the data transmitted in a kind of couple of on-vehicle machines people are encrypted
CN110913004A (en) * 2019-11-28 2020-03-24 乌鲁木齐明华智能电子科技有限公司 Data security exchange method based on cloud platform

Also Published As

Publication number Publication date
CN106850230B (en) 2018-04-17

Similar Documents

Publication Publication Date Title
CN106850230B (en) A kind of data safety exchange method based on CAN network
CN107105060B (en) Method for realizing information security of electric automobile
CN106101111B (en) Vehicle electronics safe communication system and communication means
EP2320621B1 (en) Method for establishing cryptographic communications between a remote device and a medical device and system for carrying out the method
CN105635147A (en) Vehicle-mounted-special-equipment-system-based secure data transmission method and system
CN103699920B (en) RF identification mutual authentication method based on elliptic curve
CN106603485A (en) Secret key negotiation method and device
WO2018127081A1 (en) Method and system for obtaining encryption key
CN106685653B (en) Vehicle remote firmware updating method and device based on information security technology
Wang et al. NOTSA: Novel OBU with three-level security architecture for internet of vehicles
CN106664311A (en) Supporting differentiated secure communications among heterogeneous electronic devices
CN108683647A (en) A kind of data transmission method based on multi-enciphering
CN112636923B (en) Engineering machinery CAN equipment identity authentication method and system
CN108259465A (en) A kind of authentication encryption method of intelligent automobile internal network
CN111769938B (en) Key management system and data verification system of block chain sensor
CN108632820B (en) Identity-based anonymous authentication method in vehicle-mounted ad hoc network
CN110753321A (en) Safe communication method for vehicle-mounted TBOX and cloud server
KR20140023799A (en) Method for guarantying the confidentiality and integrity of a data in controller area networks
CN113452764B (en) SM 9-based vehicle networking V2I bidirectional authentication method
KR101481403B1 (en) Data certification and acquisition method for vehicle
CN113207322B (en) Communication method and communication device
CN113612617A (en) CAN-based in-vehicle communication protocol security improvement method
CN107896369A (en) A kind of message efficient devolved authentication method based on mobile vehicle ad-hoc network
CN103152326A (en) Distributed authentication method and authentication system
CN113221136B (en) AIS data transmission method, AIS data transmission device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20211104

Address after: 017000 north of Tuanjie street and 40m west of Haoyang highway, Shagedu Town, Shagedu Economic Development Zone, Jungar banner, Ordos City, Inner Mongolia Autonomous Region

Patentee after: Inner Mongolia Tiechen Intelligent Equipment Co.,Ltd.

Address before: 100191 No. 37, Haidian District, Beijing, Xueyuan Road

Patentee before: BEIHANG University