CN107104868B - Vehicle-mounted network encrypted communication method and device - Google Patents

Vehicle-mounted network encrypted communication method and device Download PDF

Info

Publication number
CN107104868B
CN107104868B CN201710401097.0A CN201710401097A CN107104868B CN 107104868 B CN107104868 B CN 107104868B CN 201710401097 A CN201710401097 A CN 201710401097A CN 107104868 B CN107104868 B CN 107104868B
Authority
CN
China
Prior art keywords
message
communication
module
node
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710401097.0A
Other languages
Chinese (zh)
Other versions
CN107104868A (en
Inventor
张万胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huizhou Foryou General Electronics Co Ltd
Original Assignee
Huizhou Foryou General Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huizhou Foryou General Electronics Co Ltd filed Critical Huizhou Foryou General Electronics Co Ltd
Priority to CN201710401097.0A priority Critical patent/CN107104868B/en
Publication of CN107104868A publication Critical patent/CN107104868A/en
Application granted granted Critical
Publication of CN107104868B publication Critical patent/CN107104868B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/403Bus networks with centralised control, e.g. polling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention provides a vehicle-mounted network encryption communication method and a device, wherein a master node closes a communication channel after a system is powered on and sends a message carrying a communication key to each slave node, when the slave nodes receive the message carrying the communication key, a response message is sent to the master node, the master node sends a message carrying an allowable communication command to each slave node, when the slave nodes receive the message carrying the allowable communication command, the response message is sent to the master node, the master node opens the communication channel and allows each slave node to send the communication message, and the master node and the slave nodes carry out encryption communication through the communication key, so that the safety of vehicle-mounted network communication is realized.

Description

Vehicle-mounted network encrypted communication method and device
Technical Field
The invention relates to the technical field of network communication, in particular to a vehicle-mounted network encrypted communication method and device.
Background
At present, a CAN network is generally adopted as a communication network in an automobile, and is an open communication network. Various data on the vehicle CAN be sent to the CAN network, the data CAN not specify a unique receiver, and all receiving ends needing the data CAN read required information from the network. Therefore, a network hacker CAN easily illegally acquire the data of the CAN network or control the vehicle through the CAN network, and great hidden danger is brought to safe running of the vehicle.
Therefore, the prior art is in need of further improvement.
Disclosure of Invention
The invention provides a vehicle-mounted network encrypted communication method and device, aiming at solving the defects in the prior art and realizing the safe communication of a vehicle-mounted network.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
one aspect of the present invention provides a vehicle-mounted network encrypted communication method, including:
s10, carrying out power-on initialization on the system, setting one node of the vehicle-mounted communication network as a main node, and setting the other nodes as slave nodes;
s20, the main node closes the communication channel, and sends a first message with a preset frame number, wherein the first message carries a communication key and is encrypted through a public key;
s30, each slave node receives the first message and then decrypts the first message to obtain the communication key;
s40, the master node judges whether a response message of any slave node is received within a preset time, if yes, the next step is carried out, and if not, the step returns to S20;
s50, the master node sends a second message to each slave node after delaying preset time, wherein the second message carries a communication permission command and is encrypted through a public key;
and S60, after the slave nodes receive the second message, the master node opens a communication channel to allow the slave nodes to send communication messages, and the communication messages are encrypted through the communication key.
Further, after the S10 and before the S20, the method further includes:
and S11, updating the communication key.
Specifically, the communication key is distributed by the master node, and each node encrypts the communication packet according to the communication key.
Specifically, the preset frame number is 5.
Specifically, the preset time is 100 ms.
The invention provides a vehicle-mounted network encryption communication device, which comprises a main node unit and at least one slave node unit, wherein the main node unit is provided with a first message encryption module, a first message sending module, a first message receiving module, a first message decryption module, a timing module, a retransmission control module and a channel control module;
the first message encryption module is used for encrypting a message to be sent by the main node and comprises a public key encryption submodule and a communication key encryption submodule;
the first message sending module is used for sending a message to the slave node;
the first message receiving module is used for receiving a message sent by a slave node;
the first message decryption module is used for decrypting the received message sent by the slave node;
the timing module is used for timing;
the retransmission control module is used for controlling whether to retransmit the message according to the receiving condition of the response message;
the channel control module is used for controlling the communication message sending authority of the slave node;
the second message encryption module is used for encrypting a message to be sent by the slave node through a communication key;
the second message sending module is used for sending a message to the main node;
the second message receiving module is used for receiving a message sent by the main node;
the second message decryption module is used for decrypting the message sent by the main node;
the communication key storage module is used for storing the latest communication key sent by the main node;
and the message response module is used for confirming the receiving of the communication key to the main node.
Further, the vehicle-mounted network encrypted communication device further comprises a key updating module used for updating the communication key when the system is powered on.
The invention has the beneficial effects that: the master node closes the communication channel after the system is powered on, and sends the message carrying the communication key to each slave node, when the slave node receives the message carrying the communication key, the master node sends a response message to the master node, and then sends the message carrying the communication permission command to each slave node, when the slave node receives the message carrying the communication permission command, the master node sends the response message to the master node, the master node opens the communication channel, and allows each slave node to send the communication message, and the master node and the slave node carry out encryption communication through the communication key, so that the safety of vehicle-mounted network communication is realized.
Drawings
FIG. 1 is a flow chart diagram of an encrypted communication method of a vehicle network according to the invention;
FIG. 2 is another schematic flow chart of the vehicular network encrypted communication method of the present invention;
FIG. 3 is a schematic structural diagram of an encrypted communication device of a vehicle network according to the present invention;
fig. 4 is another configuration diagram of the vehicular network encrypted communication apparatus of the present invention.
Detailed Description
The embodiments of the present invention will be described in detail with reference to the accompanying drawings, which are for reference and illustrative purposes only and are not intended to limit the scope of the invention.
As shown in fig. 1, in one aspect, an embodiment of the present invention provides an encrypted communication method for a vehicle-mounted network, including:
and step 10, electrifying and initializing the system, setting one node of the vehicle-mounted communication network as a main node, and setting the other nodes as slave nodes.
The vehicle-mounted communication network comprises but is not limited to CAN, LIN, FlexRay and Ethernet.
CAN is an abbreviation of Controller Area Network, is a serial communication protocol of ISO international standardization, and is widely applied to automobile Network communication. LIN is an abbreviation for Local Interconnect Network), a low-cost serial communication Network, used to implement distributed electronic system control in automobiles. FlexRay is a high-speed, determinable bus technology with fault tolerance capability for automobiles, combines event triggering and time triggering, and has the characteristics of high-efficiency network utilization rate and system flexibility.
In this embodiment, the master node may be a Body Control Module (BCM) or a gateway.
And 20, the main node closes the communication channel, sends a first message with a preset frame number, wherein the first message carries a communication key and is encrypted through a public key.
In this embodiment, the closing of the communication channel means that the slave node is prohibited from sending the communication packet, but the master node may send the command packet.
The preset frame number is equal to or more than 1 frame, and the purpose of sending the multi-frame message is to prevent the occurrence of frame leakage and ensure that each slave node can receive the message.
In this embodiment, the preset frame number is 5.
In this embodiment, the communication key is distributed by the master node, and each node encrypts the communication packet according to the communication key.
And step 30, each slave node receives the first message and then decrypts the first message to obtain the communication key.
And step 40, the master node judges whether a response message of any slave node is received within preset time, if so, the next step is carried out, and if not, the step 20 is returned.
In this embodiment, the preset time is 100 ms.
When returning to step 20 to resend the first message, the communication key may or may not be the same as the last time.
And step 50, the master node sends a second message to each slave node after delaying preset time, wherein the second message carries a communication permission command and is encrypted through a public key.
And step 60, after the slave nodes receive the second message, the master node opens a communication channel to allow the slave nodes to send communication messages, and the communication messages are encrypted through the communication key.
As shown in fig. 2, in another embodiment of the present invention, after step 10 and before step 20, the method further includes:
and step 11, updating the communication key.
And a new communication key is generated in a random algorithm mode, so that the communication keys after the system is powered on every time are different, and the communication safety is further improved.
As shown in fig. 3, another aspect of the present invention provides a vehicle-mounted network encryption communication apparatus, including a master node unit and at least one slave node unit, where the master node unit is provided with a first message encryption module, a first message sending module, a first message receiving module, a first message decryption module, a timing module, a retransmission control module, and a channel control module, and the slave node unit is provided with a second message encryption module, a second message sending module, a second message receiving module, a second message decryption module, a communication key storage module, and a message response module;
the first message encryption module is used for encrypting a message to be sent by the master node;
the first message encryption module comprises a public key encryption submodule encrypted by using a public key and a communication key encryption submodule encrypted by using a communication key;
the first message sending module is used for sending a message to the slave node;
the first message receiving module is used for receiving a message sent by a slave node;
the first message decryption module is used for decrypting the received message sent by the slave node;
the timing module is used for timing;
the retransmission control module is used for controlling whether to retransmit the message according to the receiving condition of the response message;
the channel control module is used for controlling the communication message sending authority of the slave node;
the second message encryption module is used for encrypting a message to be sent by the slave node through a communication key;
the second message sending module is used for sending a message to the main node;
the second message receiving module is used for receiving a message sent by the main node;
the second message decryption module is used for decrypting the message sent by the main node;
the communication key storage module is used for storing the latest communication key sent by the main node;
and the message response module is used for confirming the receiving of the communication key to the main node.
The working process of the vehicle-mounted network encryption communication device comprises the following steps:
firstly, the system is electrified and initialized, one node of the vehicle-mounted communication network is set as a main node, and the other nodes are set as slave nodes.
Then, the channel control module closes the communication channel after being powered on, the first message encryption module encrypts a first message carrying a communication key, and the first message sending module sends the encrypted first message to each slave node.
After receiving the encrypted first message, a second message receiving module of the slave node sends the encrypted first message to a second decryption module for decryption to obtain a communication key, and the communication key is stored in a communication key storage module; meanwhile, the message response module sends a response message of the received communication key to the main node through the second message sending module.
After the master node sends the first message, the timing module is started to time, if a response message returned by the slave node is received within a preset time, a second message carrying a communication permission command is sent to each node through the first message sending module, the second message is encrypted through the first message encryption module, and otherwise, the retransmission control module controls the first message sending module to retransmit the first message to each slave node.
And after receiving the encrypted second message, the second message receiving module of the slave node still confirms to the master node according to the sequence of decrypting and sending the response message.
After receiving the confirmation message returned by any node, the master node opens a communication channel through the channel control module, and allows each slave node to send the communication message. And when the slave node sends the communication message, the communication key is used for encryption through a second message encryption module.
In another embodiment of the present invention, as shown in fig. 4, the vehicular network encrypted communication apparatus further includes a key updating module, configured to update the communication key when the system is powered on.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the scope of the present invention.

Claims (8)

1. An encrypted communication method for a vehicle-mounted network is characterized by comprising the following steps:
s10, carrying out power-on initialization on the system, setting one node of the vehicle-mounted communication network as a main node, and setting the other nodes as slave nodes;
s20, the main node closes the communication channel, and sends a first message with a preset frame number, wherein the first message carries a communication key and is encrypted through a public key;
s30, each slave node receives the first message and then decrypts the first message to obtain the communication key;
s40, the master node judges whether a response message of any slave node is received within a preset time, if yes, the next step is carried out, and if not, the step returns to S20;
s50, the master node sends a second message to each slave node after delaying preset time, wherein the second message carries a communication permission command and is encrypted through a public key;
and S60, after the slave nodes receive the second message, the master node opens a communication channel to allow the slave nodes to send communication messages, and the communication messages are encrypted through the communication key.
2. The vehicular network encrypted communication method according to claim 1, further comprising, after S10 and before S20:
and S11, updating the communication key.
3. The vehicular network encryption communication method according to claim 1, wherein the communication key is distributed by the master node, and each node encrypts the communication message according to the communication key.
4. The vehicular network encrypted communication method according to claim 1, wherein the preset number of frames is 5.
5. The vehicular network encrypted communication method according to claim 1, wherein the preset time is 100 ms.
6. A vehicular network encryption communication device is characterized by comprising a main node unit and at least one slave node unit, wherein the main node unit is provided with a first message encryption module, a first message sending module, a first message receiving module, a first message decryption module, a timing module, a retransmission control module and a channel control module;
the first message encryption module is used for encrypting a message to be sent by the main node and comprises a public key encryption submodule and a communication key encryption submodule;
the first message sending module is used for sending a message to the slave node;
the first message receiving module is used for receiving a message sent by a slave node;
the first message decryption module is used for decrypting the received message sent by the slave node;
the timing module is used for timing;
the retransmission control module is used for controlling whether to retransmit the message according to the receiving condition of the response message;
the channel control module is used for controlling the communication message sending authority of the slave node;
the second message encryption module is used for encrypting a message to be sent by the slave node through a communication key;
the second message sending module is used for sending a message to the main node;
the second message receiving module is used for receiving a message sent by the main node;
the second message decryption module is used for decrypting the message sent by the main node;
the communication key storage module is used for storing the latest communication key sent by the main node;
and the message response module is used for confirming the receiving of the communication key to the main node.
7. The vehicular network encryption communication device according to claim 6, further comprising a key update module for updating the communication key when the system is powered on.
8. The vehicular network encryption communication device according to claim 7, wherein the first message encryption module includes a public key encryption sub-module for encrypting using a public key, and a communication key encryption sub-module for encrypting using a communication key.
CN201710401097.0A 2017-05-31 2017-05-31 Vehicle-mounted network encrypted communication method and device Active CN107104868B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710401097.0A CN107104868B (en) 2017-05-31 2017-05-31 Vehicle-mounted network encrypted communication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710401097.0A CN107104868B (en) 2017-05-31 2017-05-31 Vehicle-mounted network encrypted communication method and device

Publications (2)

Publication Number Publication Date
CN107104868A CN107104868A (en) 2017-08-29
CN107104868B true CN107104868B (en) 2020-07-03

Family

ID=59660070

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710401097.0A Active CN107104868B (en) 2017-05-31 2017-05-31 Vehicle-mounted network encrypted communication method and device

Country Status (1)

Country Link
CN (1) CN107104868B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117040891A (en) * 2023-08-31 2023-11-10 大陆软件系统开发中心(重庆)有限公司 Electronic equipment, communication method, vehicle-mounted communication system and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420306A (en) * 2008-12-12 2009-04-29 肖佐楠 Automobile mounted automatic diagnosis method based on RSA ciphering and signature algorithm
CN105141579A (en) * 2015-07-23 2015-12-09 惠州华阳通用电子有限公司 Security verification method of vehicular equipment
CN105246071A (en) * 2014-07-11 2016-01-13 电信科学技术研究院 Message generation and authentication methods and equipment in Internet-of-vehicles system
CN105577613A (en) * 2014-10-11 2016-05-11 电信科学技术研究院 Secret key information transmitting method, secret key information receiving method, equipment and system thereof
CN105794146A (en) * 2014-11-13 2016-07-20 松下电器(美国)知识产权公司 Key management method, vehicle-mounted network system and key management device
WO2016113897A1 (en) * 2015-01-16 2016-07-21 株式会社オートネットワーク技術研究所 Communication system and comparison method
CN105897819A (en) * 2015-10-21 2016-08-24 乐卡汽车智能科技(北京)有限公司 Data communication method and system and gateway applied to in-vehicle network comprising multiple sub-networks

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420306A (en) * 2008-12-12 2009-04-29 肖佐楠 Automobile mounted automatic diagnosis method based on RSA ciphering and signature algorithm
CN105246071A (en) * 2014-07-11 2016-01-13 电信科学技术研究院 Message generation and authentication methods and equipment in Internet-of-vehicles system
CN105577613A (en) * 2014-10-11 2016-05-11 电信科学技术研究院 Secret key information transmitting method, secret key information receiving method, equipment and system thereof
CN105794146A (en) * 2014-11-13 2016-07-20 松下电器(美国)知识产权公司 Key management method, vehicle-mounted network system and key management device
WO2016113897A1 (en) * 2015-01-16 2016-07-21 株式会社オートネットワーク技術研究所 Communication system and comparison method
CN105141579A (en) * 2015-07-23 2015-12-09 惠州华阳通用电子有限公司 Security verification method of vehicular equipment
CN105897819A (en) * 2015-10-21 2016-08-24 乐卡汽车智能科技(北京)有限公司 Data communication method and system and gateway applied to in-vehicle network comprising multiple sub-networks

Also Published As

Publication number Publication date
CN107104868A (en) 2017-08-29

Similar Documents

Publication Publication Date Title
CN106899404B (en) Vehicle-mounted CAN FD bus communication system and method based on pre-shared key
CN107846395B (en) Method, system, medium, and vehicle for securing communications on a vehicle bus
EP3050251B1 (en) Real-time frame authentication using id anonymization in automotive networks
EP3386163B1 (en) Apparatuses and methods for use in a can system
CN106453269B (en) Internet of vehicles safety communication method, vehicle-mounted terminal, server and system
Schweppe et al. Car2x communication: securing the last meter-a cost-effective approach for ensuring trust in car2x applications using in-vehicle symmetric cryptography
US9489544B2 (en) Data communication authentication system for vehicle gateway apparatus for vehicle data communication system for vehicle and data communication apparatus for vehicle
KR101740957B1 (en) Data certification and acquisition method for vehicle
CN108023730B (en) Communication system and communication method
JP2013048374A (en) Protection communication method
US11418328B2 (en) System for key control for in-vehicle network
CN105897819A (en) Data communication method and system and gateway applied to in-vehicle network comprising multiple sub-networks
CN113613214B (en) In-vehicle message authentication key management method and readable storage medium
US20220311751A1 (en) Secure Communications Method and Apparatus
KR20180049523A (en) Method and system for transceiving can message including mac
US12021999B2 (en) Devices and methods for the generating and authentication of at least one data packet to be transmitted in a bus system (BU), in particular of a motor vehicle
CN113448299A (en) Vehicle gateway controller, information processing method and vehicle
CN114945169A (en) Information safety communication method and device based on automobile CAN-FD network and computer equipment
CN107104868B (en) Vehicle-mounted network encrypted communication method and device
CN111294771A (en) In-vehicle device, system for implementing in-vehicle communication and related method
JP2023519059A (en) Methods and systems for exchanging data over networks to enhance network security measures and vehicles including such systems
EP3713190B1 (en) Secure bridging of controller area network buses
Tashiro et al. A secure protocol consisting of two different security-level message authentications over CAN
Murvay et al. Accommodating time-triggered authentication to FlexRay demands
US20190364022A1 (en) Electronic device for secure communications with an automobile

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant