CN107104868A - A kind of In-vehicle networking encryption communication method and device - Google Patents

A kind of In-vehicle networking encryption communication method and device Download PDF

Info

Publication number
CN107104868A
CN107104868A CN201710401097.0A CN201710401097A CN107104868A CN 107104868 A CN107104868 A CN 107104868A CN 201710401097 A CN201710401097 A CN 201710401097A CN 107104868 A CN107104868 A CN 107104868A
Authority
CN
China
Prior art keywords
message
node
communication
module
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710401097.0A
Other languages
Chinese (zh)
Other versions
CN107104868B (en
Inventor
张万胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huizhou Foryou General Electronics Co Ltd
Original Assignee
Huizhou Foryou General Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huizhou Foryou General Electronics Co Ltd filed Critical Huizhou Foryou General Electronics Co Ltd
Priority to CN201710401097.0A priority Critical patent/CN107104868B/en
Publication of CN107104868A publication Critical patent/CN107104868A/en
Application granted granted Critical
Publication of CN107104868B publication Critical patent/CN107104868B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/403Bus networks with centralised control, e.g. polling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention provides In-vehicle networking encryption communication method and device, host node closed communication passage upon power-up of the system, and the message for carrying communication key is sent to respectively from node, after the message for carrying communication key is received from node, response message is sent to host node, host node, which is retransmited, carries the message for allowing communications command to each from node, after the message for allowing communications command is received from node, response message is sent to host node, host node opens communication port, allow each from node transmission communication packet, communication is encrypted by communication key in main and subordinate node, realize the security of In-vehicle networking communication.

Description

A kind of In-vehicle networking encryption communication method and device
Technical field
The present invention relates to network communication technology field, more particularly to a kind of In-vehicle networking encryption communication method and device.
Background technology
At present, the communication network of automotive interior generally uses CAN network, is a kind of opening communication network.Car On various data can be sent in CAN network, these data will not specify unique recipient, these data of every needs Receiving terminal the information of needs can be read from network.So, network hacker is easy for illegally getting CAN nets The data of network, or vehicle is controlled by CAN network, exercised to vehicle safety and bring very big hidden danger.
Therefore, prior art is further improved.
The content of the invention
The present invention provides a kind of In-vehicle networking encryption communication method and device, it is intended to solve defect of the prior art, real Existing In-vehicle networking is securely communicated.
To reach above-mentioned purpose, the technical solution used in the present invention is:
One aspect of the present invention provides a kind of In-vehicle networking encryption communication method, including:
One node sets of vehicle mounted communication network are host node, remaining node sets by S10, system electrification initialization For from node;
S20, host node closed communication passage, send the first message of default frame number, it is close that first message carries communication Key, and be encrypted by public keys;
S30, each received from node are decrypted after first message, obtain the communication key;
S40, the host node judge any response message from node whether is received in preset time, are to enter Enter next step, otherwise return to S20;
S50, the host node send the second message to respectively from node after delay preset time, and second message is carried Allow communications command, and be encrypted by public keys;
S60, it is described respectively received from node after second message, the host node opens communication port, it is allowed to described each Communication packet is sent from node, the communication packet is encrypted by the communication key.
Further, after the S10, before S20, in addition to:
S11, renewal communication key.
Specifically, the communication key is distributed by host node, and communication packet is encrypted according to communication key for each node.
Specifically, the default frame number is 5.
Specifically, the preset time is 100ms.
Another aspect of the present invention provides a kind of In-vehicle networking coded communication device, including a Master node element and at least one It is individual from node unit, the Master node element is provided with the first message encryption module, the first message sending module, the first message Receiving module, the first message deciphering module, timing module, repeating transmission control module, channel control module, described from node unit In be provided with the second message encryption module, the second message sending module, the second message receiving module, the second message deciphering module, Communication key memory module, message response module;
The first message encryption module, the message that will be sent is encrypted for host node, including public key encryption Submodule, communication key encryption submodule;
The first message sending module, for sending message to from node;
The first message receiving module, for receiving the message sent from node;
The first message deciphering module, for the message sent from node received to be decrypted;
The timing module, for timing;
The repeating transmission control module, for being controlled whether to retransmit message according to the reception condition of response message;
The channel control module, for controlling the communication packet sending permission from node;
The second message encryption module, for the message that will be sent to be encrypted by communication key from node;
The second message sending module, for sending message to host node;
The second message receiving module, message is sent for receiving host node;
The second message deciphering module, for the message that host node is sent to be decrypted;
The communication key memory module, the newest communication key for storing host node transmission;
The message response module, for acknowledging receipt of communication key to host node.
Further, the In-vehicle networking coded communication device also includes key updating module, in system electrification Update communication key.
The beneficial effects of the present invention are:The present invention passes through host node closed communication passage, and sending upon power-up of the system The message of communication key is carried to respectively from node, after the message for carrying communication key is received from node, transmission response message To host node, host node, which is retransmited, carries the message for allowing communications command to each from node, allows communication when being received from node After the message of order, response message is sent to host node, host node opens communication port, it is allowed to each to send communication report from node Communication is encrypted by communication key in text, main and subordinate node, realizes the security of In-vehicle networking communication.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the In-vehicle networking encryption communication method of the present invention;
Fig. 2 is another schematic flow sheet of the In-vehicle networking encryption communication method of the present invention;
Fig. 3 is the structural representation of the In-vehicle networking coded communication device of the present invention;
Fig. 4 is another structural representation of the In-vehicle networking coded communication device of the present invention.
Embodiment
Specifically illustrate embodiments of the present invention below in conjunction with the accompanying drawings, accompanying drawing is only for reference and explanation is used, do not constitute pair The limitation of scope of patent protection of the present invention.
As shown in figure 1, on the one hand embodiments of the invention provide a kind of In-vehicle networking encryption communication method, including:
One node sets of vehicle mounted communication network are host node, remaining node is set by step 10, system electrification initialization It is set to from node.
The vehicle mounted communication network includes but is not limited to CAN, LIN, FlexRay, Ethernet.
CAN is Controller Area Network abbreviation, is the serial communication protocol of ISO International standardizations, extensively Applied to automobile network communication.LIN is Local Interconnect Network) abbreviation, be a kind of inexpensive serial Communication network, for realizing that the distributed electronic system in automobile is controlled.FlexRay is a kind of high speed for automobile, can be true Qualitatively, possesses the bussing technique of failure tolerant ability, event triggering and time triggered two ways are combined by it, with height The network utilization and system flexibility feature of effect.
In the present embodiment, the host node can be car body control module (BCM) or gateway.
Step 20, host node closed communication passage, send the first message of default frame number, and first message carries communication Key, and be encrypted by public keys.
In the present embodiment, the closed communication passage refers to forbid to send communication packet from node, but host node can be with Send command message.
The default frame number is equal to or more than 1 frame, and the purpose for sending multiframe message is to prevent the situation for leaking frame from occurring, Ensure that respectively the message can be received from node.
In the present embodiment, the default frame number is 5.
In the present embodiment, the communication key is distributed by host node, and each node enters according to communication key to communication packet Row encryption.
Step 30, each received from node are decrypted after first message, obtain the communication key.
Step 40, the host node judge any response message from node whether is received in preset time, are Then enter next step, otherwise return to step 20.
In the present embodiment, the preset time is 100ms.
When return to step 20 resends first message, the communication key can be with last time, can also not Equally.
Step 50, the host node send the second message to respectively from node after delay preset time, second message Carrying allows communications command, and is encrypted by public keys.
Step 60, it is described respectively received from node after second message, the host node opens communication port, it is allowed to described Each to send communication packet from node, the communication packet is encrypted by the communication key.
As shown in Fig. 2 in another example of the present invention, after the step 10, before step 20, in addition to:
Step 11, renewal communication key.
New communication key is produced by way of random algorithm so that system goes up the communication key after electricity and all differed every time Sample, further increases communication security.
As shown in figure 3, another aspect of the present invention provides a kind of In-vehicle networking coded communication device, including a host node list Member, from node unit, is provided with the first message encryption module, the first message in the Master node element and sends mould with least one Block, the first message receiving module, the first message deciphering module, timing module, repeating transmission control module, channel control module, in institute State and the second message encryption module, the second message sending module, the second message receiving module, the second report are provided with from node unit Literary deciphering module, communication key memory module, message response module;
The first message encryption module, the message that will be sent is encrypted for host node;
Public key encryption submodule of the first message encryption module including the use of public key encryption, and use communication key The communication key encryption submodule of encryption;
The first message sending module, for sending message to from node;
The first message receiving module, for receiving the message sent from node;
The first message deciphering module, for the message sent from node received to be decrypted;
The timing module, for timing;
The repeating transmission control module, for being controlled whether to retransmit message according to the reception condition of response message;
The channel control module, for controlling the communication packet sending permission from node;
The second message encryption module, for the message that will be sent to be encrypted by communication key from node;
The second message sending module, for sending message to host node;
The second message receiving module, message is sent for receiving host node;
The second message deciphering module, for the message that host node is sent to be decrypted;
The communication key memory module, the newest communication key for storing host node transmission;
The message response module, for acknowledging receipt of communication key to host node.
The course of work of In-vehicle networking coded communication device of the present invention is:
First, system electrification is initialized, and is host node, remaining node sets by a node sets of vehicle mounted communication network For from node.
Then, channel control module closed communication passage after the power-up, the first message encryption module will carry communication key The first message be encrypted, the first message after the encryption is sent to each from node by the first message sending module.
The second message receiving module from node sends it to second after the first message after receiving the encryption Deciphering module is decrypted, and obtains communication key, and store it in communication key memory module;Meanwhile, message response mould Block sends the response message for receiving communication key by the second message sending module to host node.
Host node is after the first message is sent, while starting timing module carries out timing, if being received in preset time The response message returned from node, then sending to carry to each node by the first message sending module allows the second of communications command Message, second message is encrypted also by the first message encryption module, otherwise retransmits control module and controls the first message Sending module is to respectively from node repeating transmission first message.
The second message receiving module from node after the second message after receiving the encryption, still according to decryption, The order for sending response message is confirmed to host node.
Host node opens communication port after the confirmation message of any node return is received by channel control module, Allow described each from node transmission communication packet.From node when sending the communication packet, pass through the second message encryption module It is encrypted using the communication key.
As shown in figure 4, in another embodiment of the invention, the In-vehicle networking coded communication device also includes key more New module, for updating communication key in system electrification.
Above disclosed is only presently preferred embodiments of the present invention, it is impossible to the rights protection model of the present invention is limited with this Enclose, therefore the equivalent variations made according to scope of the present invention patent, still belong to the scope that the present invention is covered.

Claims (8)

1. a kind of In-vehicle networking encryption communication method, it is characterised in that including:
S10, system electrification initialization, by a node sets of vehicle mounted communication network be host node, remaining node sets be from Node;
S20, host node closed communication passage, send the first message of default frame number, and first message carries communication key, and It is encrypted by public keys;
S30, each received from node are decrypted after first message, obtain the communication key;
S40, the host node judge any response message from node whether is received in preset time, are, under entering One step, otherwise returns to S20;
S50, the host node send the second message to respectively from node after delay preset time, and second message, which is carried, to be allowed Communications command, and be encrypted by public keys;
S60, it is described respectively received from node after second message, the host node opens communication port, it is allowed to described each from section Point sends communication packet, and the communication packet is encrypted by the communication key.
2. In-vehicle networking encryption communication method according to claim 1, it is characterised in that after the S10, S20 it Before, in addition to:
S11, renewal communication key.
3. In-vehicle networking encryption communication method according to claim 1, it is characterised in that the communication key is by host node Communication packet is encrypted according to communication key for distribution, each node.
4. In-vehicle networking encryption communication method according to claim 1, it is characterised in that the default frame number is 5.
5. In-vehicle networking encryption communication method according to claim 1, it is characterised in that the preset time is 100ms.
6. a kind of In-vehicle networking coded communication device, it is characterised in that including a Master node element and at least one from node Unit, is provided with the first message encryption module, the first message sending module, the first message in the Master node element and receives mould Block, the first message deciphering module, timing module, repeating transmission control module, channel control module, are set described from node unit There are the second message encryption module, the second message sending module, the second message receiving module, the second message deciphering module, communication close Key memory module, message response module;
The first message encryption module, the message that will be sent is encrypted for host node, including public key encryption submodule Block, communication key encryption submodule;
The first message sending module, for sending message to from node;
The first message receiving module, for receiving the message sent from node;
The first message deciphering module, for the message sent from node received to be decrypted;
The timing module, for timing;
The repeating transmission control module, for being controlled whether to retransmit message according to the reception condition of response message;
The channel control module, for controlling the communication packet sending permission from node;
The second message encryption module, for the message that will be sent to be encrypted by communication key from node;
The second message sending module, for sending message to host node;
The second message receiving module, message is sent for receiving host node;
The second message deciphering module, for the message that host node is sent to be decrypted;
The communication key memory module, the newest communication key for storing host node transmission;
The message response module, for acknowledging receipt of communication key to host node.
7. In-vehicle networking coded communication device according to claim 6, it is characterised in that the In-vehicle networking coded communication Device also includes key updating module, for updating communication key in system electrification.
8. In-vehicle networking coded communication device according to claim 7, it is characterised in that the first message encryption module Including the use of the public key encryption submodule of public key encryption, and the communication key encryption submodule encrypted using communication key.
CN201710401097.0A 2017-05-31 2017-05-31 Vehicle-mounted network encrypted communication method and device Active CN107104868B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710401097.0A CN107104868B (en) 2017-05-31 2017-05-31 Vehicle-mounted network encrypted communication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710401097.0A CN107104868B (en) 2017-05-31 2017-05-31 Vehicle-mounted network encrypted communication method and device

Publications (2)

Publication Number Publication Date
CN107104868A true CN107104868A (en) 2017-08-29
CN107104868B CN107104868B (en) 2020-07-03

Family

ID=59660070

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710401097.0A Active CN107104868B (en) 2017-05-31 2017-05-31 Vehicle-mounted network encrypted communication method and device

Country Status (1)

Country Link
CN (1) CN107104868B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420306A (en) * 2008-12-12 2009-04-29 肖佐楠 Automobile mounted automatic diagnosis method based on RSA ciphering and signature algorithm
CN105141579A (en) * 2015-07-23 2015-12-09 惠州华阳通用电子有限公司 Security verification method of vehicular equipment
CN105246071A (en) * 2014-07-11 2016-01-13 电信科学技术研究院 Message generation and authentication methods and equipment in Internet-of-vehicles system
CN105577613A (en) * 2014-10-11 2016-05-11 电信科学技术研究院 Secret key information transmitting method, secret key information receiving method, equipment and system thereof
CN105794146A (en) * 2014-11-13 2016-07-20 松下电器(美国)知识产权公司 Key management method, vehicle-mounted network system and key management device
WO2016113897A1 (en) * 2015-01-16 2016-07-21 株式会社オートネットワーク技術研究所 Communication system and comparison method
CN105897819A (en) * 2015-10-21 2016-08-24 乐卡汽车智能科技(北京)有限公司 Data communication method and system and gateway applied to in-vehicle network comprising multiple sub-networks

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420306A (en) * 2008-12-12 2009-04-29 肖佐楠 Automobile mounted automatic diagnosis method based on RSA ciphering and signature algorithm
CN105246071A (en) * 2014-07-11 2016-01-13 电信科学技术研究院 Message generation and authentication methods and equipment in Internet-of-vehicles system
CN105577613A (en) * 2014-10-11 2016-05-11 电信科学技术研究院 Secret key information transmitting method, secret key information receiving method, equipment and system thereof
CN105794146A (en) * 2014-11-13 2016-07-20 松下电器(美国)知识产权公司 Key management method, vehicle-mounted network system and key management device
WO2016113897A1 (en) * 2015-01-16 2016-07-21 株式会社オートネットワーク技術研究所 Communication system and comparison method
CN105141579A (en) * 2015-07-23 2015-12-09 惠州华阳通用电子有限公司 Security verification method of vehicular equipment
CN105897819A (en) * 2015-10-21 2016-08-24 乐卡汽车智能科技(北京)有限公司 Data communication method and system and gateway applied to in-vehicle network comprising multiple sub-networks

Also Published As

Publication number Publication date
CN107104868B (en) 2020-07-03

Similar Documents

Publication Publication Date Title
CN105187376B (en) The safety communicating method of automotive interior network in car networking
Matsumoto et al. A method of preventing unauthorized data transmission in controller area network
Schweppe et al. Car2x communication: securing the last meter-a cost-effective approach for ensuring trust in car2x applications using in-vehicle symmetric cryptography
CN106664311B (en) Supporting differentiated secure communications between heterogeneous electronic devices
CN106533655B (en) Method for safe communication of ECU (electronic control Unit) in vehicle interior network
US10708248B2 (en) Vehicle and method for controlling same
CN106899404B (en) Vehicle-mounted CAN FD bus communication system and method based on pre-shared key
CN106576096B (en) Apparatus, method, and medium for authentication of devices with unequal capability
KR102243114B1 (en) Real-time frame authentication using id anonymization in automotive networks
CN105897819A (en) Data communication method and system and gateway applied to in-vehicle network comprising multiple sub-networks
US20130219170A1 (en) Data communication authentication system for vehicle gateway apparatus for vehicle data communication system for vehicle and data communication apparatus for vehicle
CN108011708B (en) Message encryption method based on automobile bus, vehicle controller and vehicle
US8577036B2 (en) Method and device for transmitting messages in real time
CN106453326B (en) A kind of certification of CAN bus and access control method
CN105827587A (en) Relay apparatus, terminal apparatus, and communication method
CN107819730B (en) Data transmission method, safety isolation device and vehicle-mounted Ethernet system
WO2017010172A1 (en) Gateway device and control method therefor
US10110599B2 (en) Motor vehicle communication network with switch device
Halabi et al. A lightweight synchronous cryptographic hash chain solution to securing the vehicle CAN bus
US20240184734A1 (en) Enhanced secure onboard communication for can
US20200045057A1 (en) Motor vehicle having a data network which is divided into multiple separate domains and method for operating the data network
KR101620954B1 (en) Method for group key agreement
CN107104868A (en) A kind of In-vehicle networking encryption communication method and device
Mokhadder et al. Evaluation of vehicle system performance of an SAE J1939-91C network security implementation
CN112567713A (en) Anti-attack network interface

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant