CN106850230A - A kind of data safety exchange method based on CAN network - Google Patents
A kind of data safety exchange method based on CAN network Download PDFInfo
- Publication number
- CN106850230A CN106850230A CN201710079849.6A CN201710079849A CN106850230A CN 106850230 A CN106850230 A CN 106850230A CN 201710079849 A CN201710079849 A CN 201710079849A CN 106850230 A CN106850230 A CN 106850230A
- Authority
- CN
- China
- Prior art keywords
- data
- receiving
- gateway
- receiving terminal
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Abstract
A kind of data safety exchange method based on CAN network, sender and recipient to data carry out legitimacy certification., it is necessary to the sender and recipient that confirm data are legal controllers before data exchange, if finding, unwarranted controller will notify user in the way of alarm, and transmitting terminal is encrypted to the data for sending, and receiving terminal is decrypted to the data for receiving.
Description
Technical field
The present invention relates to automobile information security technology area, it is adaptable to the information peace of in-vehicle network in ensure ne connection vehicle
Entirely, and in particular to a kind of data safety exchange method based on in-car CAN network.
Background technology
In recent years, the application in intelligent automobile is on the increase, many to apply by in-vehicle network, using end-to-end communication
Pattern completes the information transfer between control module.On the other hand, flourishing with car networking technology, part of module
The functions such as remote monitoring can be completed by being connected into internet, automotive interior network is no longer a network for closure.Such as
Fruit information is maliciously intercepted and captured, distorted or deleted in exchange process, it is likely that can cause immeasurable consequence.It is same with this
When, it is ensured that the information security of automotive interior network has become a study hotspot of industry.
The calculating and networked system for being used in automobile at this stage have followed existing calculating and networking framework, also inherit this
The natural safety defect of a little systems, but not existence information security mechanism, people in the CAN network of existing most automobiles
Can easily obtain CAN data and inject data of some artificial modifications.
The main target that the data safety of CAN network exchanges research is the privacy for ensureing automotive CAN network information transfer
And integrality, while the sender and recipient that also need to ensure data are by the part of certification.Existing communication security
Mechanism is all based on greatly AES and agreement, such as symmetric cryptography and rivest, shamir, adelman, is generally used only for solving computer
Information security issue, the application in automobile information security fields is less.
The content of the invention
For problem above, the present invention proposes a kind of data safety exchange method based on CAN network.The method can be with
Legitimacy certification, the mould in limitation inferior grade CAN are carried out to the sender and recipient of data in CAN network by bus gateway
The high-grade module of block access, and transmitted using ciphertext in data exchange process.
The present invention is a kind of data safety exchange method based on CAN network.CAN network is interspersed by CAN
The network of formation, CAN is a kind of serial data communication agreement, be integrated with its communication interface CAN protocol physical layer and
Data link layer functions, can complete the framing processing to communication data.CAN on automobile fills the various electronics on automobile
Put and be linked to be a network with equipment, realize information sharing each other.Internetwork connection mode on current automobile mainly uses 3
Bar CAN:One high-speed CAN for being used for drive system, is mainly directed towards requirement of real-time control unit higher, such as starts mechanical, electrical
Motivation;One low speed CAN for being used for bodywork system, mainly for Body Control, such as car light, car door, the collection of vehicle window signal
And feedback, it is relatively low to requirement of real-time;One is low speed CAN for information entertainment, and being mainly directed towards car entertainment should
With Source Music, telecommunication are relatively low to requirement of real-time.
A kind of data safety exchange method based on CAN network is realized by following steps:
Step 1:Sender and recipient to data carry out legitimacy certification., it is necessary to confirm number before data exchange
According to sender and recipient be all legal controller, if find unwarranted controller will be notified in the way of alarm use
Family.
Each controller is equipped with a certificate for the legitimacy for proving itself, and certificate is by No. ID of the controller and should
The authorisation verification Au of controller is constituted, and each controller i is equipped with a pair of public key PK in additioniWith private key SKi, certificate is by corresponding
Private key SKiData signature is carried out.Information collection List (ID, Au, the PK of a series of legal controllers are store in gatewayi) and
For the symmetric key SYK of subsequent exchange of data process, it was demonstrated that work is completed by bus gateway.Before data exchange, net
Pass verifies the legitimacy of transmitting terminal and receiving terminal certificate using corresponding public key, if certification success, gateway is again to transmitting terminal
Rank with receiving terminal judged, the module level highest in acquiescence drive system CAN, the module level in bodywork system CAN
Do not take second place, the module level in entertainment systems CAN is minimum.If transmitting terminal and receiving terminal are not the module in entertainment systems CAN,
Gateway will open the data exchange channel of both sides, otherwise will remind user by in-car siren.
Authentication method is as follows:
Step 2:Transmitting terminal is encrypted to the data for sending.The effective ways for lifting communications security are exactly that data are passed
Defeated process is encrypted, and encryption method universal at present has symmetric cryptography and asymmetric encryption.In symmetric encryption system, encryption
Identical key is used with decryption.Because encryption and decryption key is identical, it is necessary to both sides' selection of communication and to preserve them common close
Key, each side must trust other side will not divulge a secret away key, can thus realize the confidentiality and integrity of data.Non-
In symmetric encryption system, encryption and decryption are relatively independent, and encryption is conciliate secret meeting and uses two different keys, encryption key
To public, decruption key only decryption side is known.Symmetric encipherment algorithm treatment is simple, and encryption/decryption speed is fast, and key is shorter;
Rivest, shamir, adelman encryption/decryption speed is slow, and keys sizes are big.
It is symmetric cryptography that the present invention uses cipher mode, and symmetric key SYK is stored in a gateway, in step 1
Transmission gives transmitting terminal and receiving terminal.Assuming that transmitting terminal needs to send message M, the message after encryption is C, and transmission process is as follows:
Step 3:Receiving terminal is decrypted to the data for receiving.Receiving terminal is using symmetric key SYK to the ciphertext C that receives
It is decrypted, receives process as follows:
The beneficial effects of the present invention are:
(1) present invention is a kind of data safety exchange method based on CAN network, it is proposed that the automotive interior network information is pacified
Total correlation concept, the CAN network specific to intelligent vehicle proposes a kind of data safety exchange method, mainly by cryptography
Correlation theory, the present invention can effectively lift the Information Security of automotive CAN network.
(2) present invention is a kind of data safety exchange method based on CAN network, can be used before data exchange
The mode of data signature is authenticated to the sender and recipient of data, it is ensured that the legitimacy of communication ends, limit without
The module of certification accesses CAN network.
(3) present invention is a kind of data safety exchange method based on CAN network, can be before data exchange, logarithm
Detected according to sending module grade, the networking module that can be limited in inferior grade entertainment systems CAN accesses high-grade module.
(4) present invention is a kind of data safety exchange method based on CAN network, using symmetrical in data exchange process
Cipher mode, relative to traditional method for interchanging data, can lift Information Security, and data exchange real-time is can guarantee that again.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of data safety exchange method invention schematic diagram based on CAN network of the present invention.
Fig. 2 is a kind of data safety exchange method invention flow chart based on CAN network of the present invention.
Specific embodiment
The present invention is further described with reference to embodiment.
Below in conjunction with drawings and Examples, the present invention is described in further detail.
It is as shown in Figure 1 rough schematic of the invention.Transmitting terminal S and receiving terminal R needs to enter line number by bus gateway V
Legal controller information collection List (ID, Au, PK have been stored according to exchange, in Vi) and symmetric key.
The idiographic flow of data exchange is as shown in Fig. 2 its specific operation is as follows:
Step 1:Sender and reception debit to data carry out legitimacy certification.Each module is equipped with one and proves certainly
The certificate of the legitimacy of body, certificate is constituted by No. ID of the module and the authorisation verification Au of the module, in addition transmitting terminal with connect
Receiving end is equipped with a pair of public key PKiWith private key SKi, certificate is by corresponding private key SKiData signature is carried out.Deposited in gateway
Store up information collection List (ID, Au, the PK of a series of legal controllersi) and for the symmetric key of subsequent exchange of data process
SYK, checking work is completed by bus gateway.Before data exchange, gateway uses corresponding public key PKiTo verify transmitting terminal
With the legitimacy of receiving terminal certificate, if certification success, gateway judges transmitting terminal that acquiescence drives with the rank for connecing end again
Module level highest in system CAN, the module level in bodywork system CAN is taken second place, and the module level in entertainment systems CAN is most
It is low.If transmitting terminal and receiving terminal are not the module in entertainment systems CAN, gateway will open the data exchange channel of both sides, no
Then user will be reminded by in-car siren.
Authentication method is as follows:
Step 2:Transmitting terminal is encrypted to the data for sending.It is symmetric cryptography that the present invention uses cipher mode, symmetrically
AES treatment is simple, and encryption/decryption speed is fast, and key is shorter.Symmetric key SYK to using is stored in a gateway, is existed
Transmission gives transmitting terminal and receiving terminal in step 1.Assuming that transmitting terminal needs to send message M, the message after encryption is C, is transmitted across
Journey is as follows:
Step 3:Receiving terminal is decrypted to the data for receiving.Receiving terminal is using symmetric key SYK to the ciphertext C that receives
Decryption, receives process as follows:
Legitimacy can be carried out to the sender and recipient of data in CAN network by bus gateway by the above method
Certification, the high-grade module of module accesses in limitation entertainment systems CAN, and ciphertext exchange data is used, improve data friendship
Change security.
Claims (4)
1. a kind of data safety exchange method based on CAN network, it is characterised in that realized by following steps:
Step 1. carries out legitimacy certification to the sender and recipient of data, it is necessary to confirm data before data exchange
Sender and recipient are legal controllers, and gateway verifies the conjunction of transmitting terminal and receiving terminal certificate using corresponding public key
Method, if certification success, gateway judges transmitting terminal with the rank of receiving terminal again, if transmitting terminal and receiving terminal are not
Module during rank is minimum, gateway will open the data exchange channel of both sides, if finding, unwarranted controller will be with alarm
Mode notify user;
Step 2. transmitting terminal is encrypted to the data for sending, and it is symmetric cryptography to use cipher mode, and symmetric key SYK storages exist
In gateway, transmission gives transmitting terminal and receiving terminal in step 1;
Step 3. receiving terminal is decrypted to the data for receiving, and receiving terminal is carried out using symmetric key SYK to the ciphertext for receiving
Decryption.
2. the data safety exchange method based on CAN network according to claim 1, it is characterised in that the controller
All it is equipped with a certificate for proving the legitimacy of itself, certificate is by No. ID of the controller and the authorisation verification Au of the controller
Constitute, each controller i is equipped with a pair of public key PK in additioniWith private key SKi, certificate is by corresponding private key SKiData label are carried out
Name, stores a series of information collection List (ID of legal controllers in gatewayi,Aui,PKi) and for subsequent exchange of data mistake
The symmetric key SYK of journey, it was demonstrated that work is completed by bus gateway, and authentication method is as follows:
。
3. the data safety exchange method based on CAN network according to claim 1, it is characterised in that the step 2
It is as follows that encryption data sends transmission process:Assuming that transmitting terminal needs to send message M, the message after encryption is C,
。
4. the data safety exchange method based on CAN network according to claim 1, it is characterised in that the step 3:
Receiving terminal is decrypted to the data for receiving, and receiving terminal is decrypted using symmetric key SYK to the ciphertext C for receiving, and is received
Process is as follows:
。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710079849.6A CN106850230B (en) | 2017-02-15 | 2017-02-15 | A kind of data safety exchange method based on CAN network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710079849.6A CN106850230B (en) | 2017-02-15 | 2017-02-15 | A kind of data safety exchange method based on CAN network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106850230A true CN106850230A (en) | 2017-06-13 |
CN106850230B CN106850230B (en) | 2018-04-17 |
Family
ID=59128809
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710079849.6A Active CN106850230B (en) | 2017-02-15 | 2017-02-15 | A kind of data safety exchange method based on CAN network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106850230B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109117313A (en) * | 2018-08-28 | 2019-01-01 | 成都信息工程大学 | A kind of band isolation calamity for mechanism of control vehicle wisdom security gateway and management-control method |
CN110138642A (en) * | 2019-04-15 | 2019-08-16 | 深圳市纽创信安科技开发有限公司 | A kind of CAN bus based safety communicating method and system |
CN110198314A (en) * | 2019-05-28 | 2019-09-03 | 中山安信通机器人制造有限公司 | Method, computer installation and the computer readable storage medium that the data transmitted in a kind of couple of on-vehicle machines people are encrypted |
CN110913004A (en) * | 2019-11-28 | 2020-03-24 | 乌鲁木齐明华智能电子科技有限公司 | Data security exchange method based on cloud platform |
CN111131136A (en) * | 2018-11-01 | 2020-05-08 | 财团法人资讯工业策进会 | Vehicle information safety monitoring device |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202093389U (en) * | 2011-06-15 | 2011-12-28 | 厦门汉纳森汽车电子有限公司 | Intelligent bus control system for vehicle |
CN102658801A (en) * | 2012-04-28 | 2012-09-12 | 浙江吉利汽车研究院有限公司杭州分公司 | Controller area network (CAN) system network management method for new energy vehicle |
CN104767618A (en) * | 2015-04-03 | 2015-07-08 | 清华大学 | CAN bus authentication method and system based on broadcasting |
CN105893844A (en) * | 2015-10-20 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Method and device for sending messages of vehicle bus networks |
CN106027244A (en) * | 2016-07-22 | 2016-10-12 | 北京航空航天大学 | Integrated distributed electric automobile controller secure communication method and system |
US20160381055A1 (en) * | 2015-06-29 | 2016-12-29 | Argus Cyber Security Ltd. | System and method for providing security to a communication network |
CN106357681A (en) * | 2016-11-02 | 2017-01-25 | 合肥工业大学 | Security access and secret communication method of vehicle-mounted remote diagnostic services |
-
2017
- 2017-02-15 CN CN201710079849.6A patent/CN106850230B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202093389U (en) * | 2011-06-15 | 2011-12-28 | 厦门汉纳森汽车电子有限公司 | Intelligent bus control system for vehicle |
CN102658801A (en) * | 2012-04-28 | 2012-09-12 | 浙江吉利汽车研究院有限公司杭州分公司 | Controller area network (CAN) system network management method for new energy vehicle |
CN104767618A (en) * | 2015-04-03 | 2015-07-08 | 清华大学 | CAN bus authentication method and system based on broadcasting |
US20160381055A1 (en) * | 2015-06-29 | 2016-12-29 | Argus Cyber Security Ltd. | System and method for providing security to a communication network |
CN105893844A (en) * | 2015-10-20 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Method and device for sending messages of vehicle bus networks |
CN106027244A (en) * | 2016-07-22 | 2016-10-12 | 北京航空航天大学 | Integrated distributed electric automobile controller secure communication method and system |
CN106357681A (en) * | 2016-11-02 | 2017-01-25 | 合肥工业大学 | Security access and secret communication method of vehicle-mounted remote diagnostic services |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109117313A (en) * | 2018-08-28 | 2019-01-01 | 成都信息工程大学 | A kind of band isolation calamity for mechanism of control vehicle wisdom security gateway and management-control method |
CN109117313B (en) * | 2018-08-28 | 2022-03-18 | 成都信息工程大学 | Vehicle intelligent security gateway with disaster isolation backup management and control mechanism and management and control method |
CN111131136A (en) * | 2018-11-01 | 2020-05-08 | 财团法人资讯工业策进会 | Vehicle information safety monitoring device |
CN111131136B (en) * | 2018-11-01 | 2022-01-11 | 财团法人资讯工业策进会 | Vehicle information safety monitoring device |
CN110138642A (en) * | 2019-04-15 | 2019-08-16 | 深圳市纽创信安科技开发有限公司 | A kind of CAN bus based safety communicating method and system |
CN110198314A (en) * | 2019-05-28 | 2019-09-03 | 中山安信通机器人制造有限公司 | Method, computer installation and the computer readable storage medium that the data transmitted in a kind of couple of on-vehicle machines people are encrypted |
CN110913004A (en) * | 2019-11-28 | 2020-03-24 | 乌鲁木齐明华智能电子科技有限公司 | Data security exchange method based on cloud platform |
Also Published As
Publication number | Publication date |
---|---|
CN106850230B (en) | 2018-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106850230B (en) | A kind of data safety exchange method based on CAN network | |
CN107105060B (en) | Method for realizing information security of electric automobile | |
CN106101111B (en) | Vehicle electronics safe communication system and communication means | |
EP2320621B1 (en) | Method for establishing cryptographic communications between a remote device and a medical device and system for carrying out the method | |
CN105635147A (en) | Vehicle-mounted-special-equipment-system-based secure data transmission method and system | |
CN103699920B (en) | RF identification mutual authentication method based on elliptic curve | |
CN106603485A (en) | Secret key negotiation method and device | |
WO2018127081A1 (en) | Method and system for obtaining encryption key | |
CN106685653B (en) | Vehicle remote firmware updating method and device based on information security technology | |
Wang et al. | NOTSA: Novel OBU with three-level security architecture for internet of vehicles | |
CN106664311A (en) | Supporting differentiated secure communications among heterogeneous electronic devices | |
CN108683647A (en) | A kind of data transmission method based on multi-enciphering | |
CN112636923B (en) | Engineering machinery CAN equipment identity authentication method and system | |
CN108259465A (en) | A kind of authentication encryption method of intelligent automobile internal network | |
CN111769938B (en) | Key management system and data verification system of block chain sensor | |
CN108632820B (en) | Identity-based anonymous authentication method in vehicle-mounted ad hoc network | |
CN110753321A (en) | Safe communication method for vehicle-mounted TBOX and cloud server | |
KR20140023799A (en) | Method for guarantying the confidentiality and integrity of a data in controller area networks | |
CN113452764B (en) | SM 9-based vehicle networking V2I bidirectional authentication method | |
KR101481403B1 (en) | Data certification and acquisition method for vehicle | |
CN113207322B (en) | Communication method and communication device | |
CN113612617A (en) | CAN-based in-vehicle communication protocol security improvement method | |
CN107896369A (en) | A kind of message efficient devolved authentication method based on mobile vehicle ad-hoc network | |
CN103152326A (en) | Distributed authentication method and authentication system | |
CN113221136B (en) | AIS data transmission method, AIS data transmission device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20211104 Address after: 017000 north of Tuanjie street and 40m west of Haoyang highway, Shagedu Town, Shagedu Economic Development Zone, Jungar banner, Ordos City, Inner Mongolia Autonomous Region Patentee after: Inner Mongolia Tiechen Intelligent Equipment Co.,Ltd. Address before: 100191 No. 37, Haidian District, Beijing, Xueyuan Road Patentee before: BEIHANG University |