CN106850230B - A kind of data safety exchange method based on CAN network - Google Patents

A kind of data safety exchange method based on CAN network Download PDF

Info

Publication number
CN106850230B
CN106850230B CN201710079849.6A CN201710079849A CN106850230B CN 106850230 B CN106850230 B CN 106850230B CN 201710079849 A CN201710079849 A CN 201710079849A CN 106850230 B CN106850230 B CN 106850230B
Authority
CN
China
Prior art keywords
data
encryption
key
gateway
transmitting terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710079849.6A
Other languages
Chinese (zh)
Other versions
CN106850230A (en
Inventor
余贵珍
王云鹏
胡超伟
吴新开
周彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inner Mongolia Tiechen Intelligent Equipment Co.,Ltd.
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201710079849.6A priority Critical patent/CN106850230B/en
Publication of CN106850230A publication Critical patent/CN106850230A/en
Application granted granted Critical
Publication of CN106850230B publication Critical patent/CN106850230B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Abstract

A kind of data safety exchange method based on CAN network, sender and recipient to data carry out legitimacy certification., it is necessary to confirm that the sender of data and recipient are legal controllers, unwarranted controller will notify user in a manner of alarm if finding, the data of transmission are encrypted in transmitting terminal, and the data of reception are decrypted in receiving terminal before data exchange.

Description

A kind of data safety exchange method based on CAN network
Technical field
The present invention relates to automobile information security technology area, the information that in-vehicle network vehicle is joined suitable for ensure ne is pacified Entirely, and in particular to a kind of data safety exchange method based on in-car CAN network.
Background technology
In recent years, the application in intelligent automobile is on the increase, and many applications are by in-vehicle network, using end-to-end communication Pattern, to complete the transmission of the information between control module.On the other hand, flourishing with car networking technology, part of module The functions such as remote monitoring can be completed by being connected into internet, automotive interior network is no longer the network of a closure.Such as Fruit information is maliciously intercepted and captured, distorted or deleted in exchange process, it is likely that can cause immeasurable consequence.It is same with this When, ensure that the information security of automotive interior network has become a research hotspot of industry.
The calculating and networked system used at this stage in automobile has followed existing calculating and networking framework, also inherits this The natural safety defect of a little systems, but not existence information security mechanism, people in the CAN network of existing most automobiles Can easily obtain CAN data and inject some data artificially changed.
The main target that the data safety of CAN network exchanges research is to ensure the privacy of automotive CAN network information transmission And integrality, while also need to ensure that the sender of data and recipient are components by certification.Existing communication security Mechanism is all based on greatly Encryption Algorithm and agreement, such as symmetric cryptography and rivest, shamir, adelman, is generally used only for solving computer Information security issue, the application in automobile information security fields are less.
The content of the invention
In view of the above problems, the present invention proposes a kind of data safety exchange method based on CAN network.This method can be with Legitimacy certification is carried out to the sender of data in CAN network and recipient by bus gateway, limits the mould in inferior grade CAN The high-grade module of block access, and transmitted in data exchange process using ciphertext.
The present invention is a kind of data safety exchange method based on CAN network.CAN network is interspersed by CAN bus The network of formation, CAN bus are a kind of serial data communication agreements, be integrated with its communication interface CAN protocol physical layer and Data link layer functions, can complete the framing processing to communication data.CAN bus on automobile fills the various electronics on automobile Put and be linked to be a network with equipment, realize mutual information sharing.The internetwork connection mode on automobile mainly uses 3 at present Bar CAN:One high-speed CAN for being used for drive system, is mainly directed towards the higher control unit of requirement of real-time, such as starts mechanical, electrical Motivation;One low speed CAN for being used for bodywork system, mainly for the collection of Body Control, such as car light, car door, vehicle window signal And feedback, it is relatively low to requirement of real-time;One is low speed CAN for information entertainment, and being mainly directed towards car entertainment should With Source Music, telecommunication are relatively low to requirement of real-time.
A kind of data safety exchange method based on CAN network is realized by following steps:
Step 1:Sender and recipient to data carry out legitimacy certification., it is necessary to confirm number before data exchange According to sender and recipient be all legal controller, if finding, unwarranted controller will notify to use in a manner of alarm Family.
Each controller is equipped with the certificate of a legitimacy for proving itself, certificate by the controller ID number and should The authorisation verification Au of controller is formed, and in addition each controller i is equipped with a pair of of public key PKiWith private key SKi, certificate is by corresponding Private key SKiData signature is carried out.Store information collection List (ID, Au, the PK of a series of legal controllers in gatewayi) and Symmetric key SYK for subsequent exchange of data process, it was demonstrated that work is completed by bus gateway.Before data exchange, net The legitimacy that transmitting terminal and receiving terminal certificate are verified using corresponding public key is closed, if certification success, gateway is again to transmitting terminal Judged with the rank of receiving terminal, the module level highest in acquiescence drive system CAN, the module level in bodywork system CAN Do not take second place, the module level in entertainment systems CAN is minimum.If transmitting terminal and receiving terminal are not the module in entertainment systems CAN, Gateway will open the data exchange channel of both sides, otherwise will remind user by in-car alarm.
Authentication method is as follows:
Step 2:The data of transmission are encrypted in transmitting terminal.The effective ways of lifting communications security are exactly that data are passed Defeated process is encrypted, and encryption method universal at present has symmetric cryptography and asymmetric encryption.In symmetric encryption system, encryption Identical key is used with decryption.Because encryption and decryption key is identical, it is necessary to both sides' selection of communication and to preserve them common close Key, each side, which must trust other side, to divulge a secret away key, can thus realize the confidentiality and integrity of data.Non- In symmetric encryption system, encryption and decryption are relatively independent, and encryption conciliates secret meeting and uses two different keys, encryption key To public, decruption key only has decryption side to know.Symmetric encipherment algorithm processing is simple, and encryption/decryption speed is fast, and key is shorter; Rivest, shamir, adelman encryption/decryption speed is slow, and keys sizes are big.
The present invention uses cipher mode as symmetric cryptography, and symmetric key SYK is stored in a gateway, in step 1 Transmitting terminal and receiving terminal are sent to.Assuming that transmitting terminal needs to send message M, encrypted message is C, and transmission process is as follows:
Step 3:The data of reception are decrypted in receiving terminal.Receiving terminal docks received ciphertext C using symmetric key SYK It is decrypted, receive process are as follows:
The beneficial effects of the present invention are:
(1) present invention is a kind of data safety exchange method based on CAN network, it is proposed that the automotive interior network information is pacified Total correlation concept, proposes a kind of data safety exchange method, mainly by cryptography specific to the CAN network of intelligent vehicle Correlation theory, the present invention can effectively lift the Information Security of automotive CAN network.
(2) present invention is a kind of data safety exchange method based on CAN network, can be used before data exchange The mode of data signature is authenticated the sender of data and recipient, it is ensured that the legitimacy of communication ends, limit without The module access CAN network of certification.
(3) present invention is a kind of data safety exchange method based on CAN network, can be before data exchange, logarithm It is detected according to sending module grade, the networking module that can be limited in inferior grade entertainment systems CAN accesses high-grade module.
(4) present invention is a kind of data safety exchange method based on CAN network, using symmetrical in data exchange process Cipher mode, relative to traditional method for interchanging data, can lift Information Security and data exchange real-time.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of data safety exchange method invention schematic diagram based on CAN network of the present invention.
Fig. 2 is a kind of data safety exchange method invention flow chart based on CAN network of the present invention.
Embodiment
The present invention is further described with reference to embodiment.
Below in conjunction with drawings and examples, the present invention is described in further detail.
It is as shown in Figure 1 the rough schematic of the present invention.Transmitting terminal S and receiving terminal R are needed by bus gateway V into line number According to exchange, legal controller information collection List (ID, Au, PK have been stored in Vi) and symmetric key.
The idiographic flow of data exchange is as shown in Fig. 2, its specific operation is as follows:
Step 1:Sender and reception debit to data carry out legitimacy certification.Each module is equipped with one and proves certainly The certificate of the legitimacy of body, certificate are made of the authorisation verification Au of the ID number of the module and the module, and in addition transmitting terminal is with connecing Receiving end is equipped with a pair of of public key PKiWith private key SKi, certificate is by corresponding private key SKiData signature is carried out.Deposited in gateway Store up information collection List (ID, Au, the PK of a series of legal controllersi) and symmetric key for subsequent exchange of data process SYK, verification work are completed by bus gateway.Before data exchange, gateway uses corresponding public key PKiTo verify transmitting terminal With the legitimacy of receiving terminal certificate, if certification success, gateway again judge transmitting terminal with connecing the rank at end, acquiescence driving Module level highest in system CAN, the module level in bodywork system CAN are taken second place, and the module level in entertainment systems CAN is most It is low.If transmitting terminal and receiving terminal are not the module in entertainment systems CAN, gateway will open the data exchange channel of both sides, no Then user will be reminded by in-car alarm.
Authentication method is as follows:
Step 2:The data of transmission are encrypted in transmitting terminal.The present invention uses cipher mode as symmetric cryptography, symmetrically Encryption Algorithm processing is simple, and encryption/decryption speed is fast, and key is shorter.The symmetric key SYK of use is stored in a gateway, is existed Transmitting terminal and receiving terminal are sent in step 1 to.Assuming that transmitting terminal needs to send message M, encrypted message is C, is transmitted across Journey is as follows:
Step 3:The data of reception are decrypted in receiving terminal.Receiving terminal docks received ciphertext C using symmetric key SYK Decryption, receive process are as follows:
Legitimacy can be carried out to the sender of data in CAN network and recipient by bus gateway by the above method Certification, limits the high-grade module of module accesses in entertainment systems CAN, and exchanges data using ciphertext, improves data friendship Change security.

Claims (1)

1. a kind of data safety exchange method based on CAN network, it is characterised in that realized by following steps:
Step 1:Sender and recipient to data carry out legitimacy certification, it is necessary to confirm data before data exchange Sender and recipient are legal controllers, if finding, unwarranted controller will notify user in a manner of alarm,
Each controller is equipped with the certificate of a legitimacy for proving itself, and certificate is by the ID number of the controller and the control The authorisation verification Au compositions of device, in addition each controller i is equipped with a pair of public key and private key, certificate are carried out by corresponding private key Data signature, a series of information collection List (ID, Au, PK) of legal controllers is store in gateway and is handed over for follow-up data Change the symmetric key SYK of process, it was demonstrated that work is completed by bus gateway, and before data exchange, gateway uses corresponding public affairs Key verifies the legitimacy of transmitting terminal and receiving terminal certificate, if certification success, gateway is again to the rank of transmitting terminal and receiving terminal Judged, the module level highest in acquiescence drive system CAN, the module level in bodywork system CAN is taken second place, entertainment systems Module level in CAN is minimum, if transmitting terminal and receiving terminal are not the module in entertainment systems CAN, gateway will open both sides Data exchange channel, otherwise will by in-car alarm remind user,
Step 2:The data of transmission are encrypted in transmitting terminal, and the effective ways for lifting communications security are exactly that data are transmitted across Journey is encrypted, and encryption method universal at present has symmetric cryptography and asymmetric encryption, and in symmetric encryption system, encryption is conciliate It is close using identical key because encryption and decryption key is identical, it is necessary to both sides' selection of communication and preserve their common keys, respectively Fang Bixu, which trusts other side, to divulge a secret away key, the confidentiality and integrity of data can be thus realized, asymmetric In encryption system, encryption and decryption are relatively independent, and encryption conciliates secret meeting and uses two different keys, and encryption key is to public affairs Crowd is open, and decruption key only has decryption side to know, symmetric encipherment algorithm processing is simple, and encryption/decryption speed is fast, and key is shorter;It is non-right Title Encryption Algorithm encryption/decryption speed is slow, and keys sizes are big, and the symmetric key SYK of symmetric cryptography is stored in a gateway, in step Transmitting terminal and receiving terminal have been sent in rapid 1, it is assumed that transmitting terminal needs to send message M, and encrypted message is C, transmission process It is as follows:
Step 3:The data of reception are decrypted in receiving terminal, and receiving terminal docks received ciphertext C using symmetric key SYK and carries out Decryption, receive process are as follows:
CN201710079849.6A 2017-02-15 2017-02-15 A kind of data safety exchange method based on CAN network Active CN106850230B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710079849.6A CN106850230B (en) 2017-02-15 2017-02-15 A kind of data safety exchange method based on CAN network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710079849.6A CN106850230B (en) 2017-02-15 2017-02-15 A kind of data safety exchange method based on CAN network

Publications (2)

Publication Number Publication Date
CN106850230A CN106850230A (en) 2017-06-13
CN106850230B true CN106850230B (en) 2018-04-17

Family

ID=59128809

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710079849.6A Active CN106850230B (en) 2017-02-15 2017-02-15 A kind of data safety exchange method based on CAN network

Country Status (1)

Country Link
CN (1) CN106850230B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117313B (en) * 2018-08-28 2022-03-18 成都信息工程大学 Vehicle intelligent security gateway with disaster isolation backup management and control mechanism and management and control method
TWI674778B (en) * 2018-11-01 2019-10-11 財團法人資訊工業策進會 Vehicle information security monitoring apparatus
CN110138642B (en) * 2019-04-15 2021-09-07 深圳市纽创信安科技开发有限公司 CAN bus-based secure communication method and system
CN110198314A (en) * 2019-05-28 2019-09-03 中山安信通机器人制造有限公司 Method, computer installation and the computer readable storage medium that the data transmitted in a kind of couple of on-vehicle machines people are encrypted
CN110913004A (en) * 2019-11-28 2020-03-24 乌鲁木齐明华智能电子科技有限公司 Data security exchange method based on cloud platform

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202093389U (en) * 2011-06-15 2011-12-28 厦门汉纳森汽车电子有限公司 Intelligent bus control system for vehicle
CN102658801A (en) * 2012-04-28 2012-09-12 浙江吉利汽车研究院有限公司杭州分公司 Controller area network (CAN) system network management method for new energy vehicle
CN104767618A (en) * 2015-04-03 2015-07-08 清华大学 CAN bus authentication method and system based on broadcasting
CN105893844A (en) * 2015-10-20 2016-08-24 乐卡汽车智能科技(北京)有限公司 Method and device for sending messages of vehicle bus networks
CN106027244A (en) * 2016-07-22 2016-10-12 北京航空航天大学 Integrated distributed electric automobile controller secure communication method and system
CN106357681A (en) * 2016-11-02 2017-01-25 合肥工业大学 Security access and secret communication method of vehicle-mounted remote diagnostic services

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11165851B2 (en) * 2015-06-29 2021-11-02 Argus Cyber Security Ltd. System and method for providing security to a communication network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202093389U (en) * 2011-06-15 2011-12-28 厦门汉纳森汽车电子有限公司 Intelligent bus control system for vehicle
CN102658801A (en) * 2012-04-28 2012-09-12 浙江吉利汽车研究院有限公司杭州分公司 Controller area network (CAN) system network management method for new energy vehicle
CN104767618A (en) * 2015-04-03 2015-07-08 清华大学 CAN bus authentication method and system based on broadcasting
CN105893844A (en) * 2015-10-20 2016-08-24 乐卡汽车智能科技(北京)有限公司 Method and device for sending messages of vehicle bus networks
CN106027244A (en) * 2016-07-22 2016-10-12 北京航空航天大学 Integrated distributed electric automobile controller secure communication method and system
CN106357681A (en) * 2016-11-02 2017-01-25 合肥工业大学 Security access and secret communication method of vehicle-mounted remote diagnostic services

Also Published As

Publication number Publication date
CN106850230A (en) 2017-06-13

Similar Documents

Publication Publication Date Title
CN106850230B (en) A kind of data safety exchange method based on CAN network
CN107105060B (en) Method for realizing information security of electric automobile
CN106330910B (en) Strong secret protection double authentication method in car networking based on node identities and prestige
CN104683359B (en) A kind of safe channel establishing method and its data guard method and escape way key update method
CN106603485A (en) Secret key negotiation method and device
CN101371550A (en) Method and system for automatically and freely providing user of mobile communication terminal with service access warrant of on-line service
CN105635147A (en) Vehicle-mounted-special-equipment-system-based secure data transmission method and system
RU2008146960A (en) METHOD AND SYSTEM OF PROVIDING PROTECTED COMMUNICATION USING A CELLULAR NETWORK FOR MANY PERSONALIZED COMMUNICATION DEVICES
Fassak et al. A secure protocol for session keys establishment between ECUs in the CAN bus
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN102984196B (en) A kind of car-mounted terminal of vehicle authentication of identity-based certification
CN112491550B (en) Mobile terminal equipment credibility authentication method and system based on Internet of vehicles
CN113452764B (en) SM 9-based vehicle networking V2I bidirectional authentication method
CN108933665B (en) Method for applying lightweight V2I group communication authentication protocol in VANETs
CN113207322B (en) Communication method and communication device
KR101481403B1 (en) Data certification and acquisition method for vehicle
CN103152326A (en) Distributed authentication method and authentication system
CN112804659B (en) Internet of vehicles safety communication method
CN106911655A (en) A kind of method of vehicle communication, car-mounted terminal and intelligent automobile
CN108600240A (en) A kind of communication system and its communication means
Dolev et al. Certificating vehicle public key with vehicle attributes a (periodical) licensing routine, against man-in-the-middle attacks and beyond
CN114599030A (en) Vehicle, remote control method thereof, storage medium and terminal device
CN113660271B (en) Security authentication method and device for Internet of vehicles
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
CN112636923B (en) Engineering machinery CAN equipment identity authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20211104

Address after: 017000 north of Tuanjie street and 40m west of Haoyang highway, Shagedu Town, Shagedu Economic Development Zone, Jungar banner, Ordos City, Inner Mongolia Autonomous Region

Patentee after: Inner Mongolia Tiechen Intelligent Equipment Co.,Ltd.

Address before: 100191 No. 37, Haidian District, Beijing, Xueyuan Road

Patentee before: BEIHANG University

TR01 Transfer of patent right