CN111651748A - Safety access processing system and method for ECU in vehicle - Google Patents
Safety access processing system and method for ECU in vehicle Download PDFInfo
- Publication number
- CN111651748A CN111651748A CN202010473369.XA CN202010473369A CN111651748A CN 111651748 A CN111651748 A CN 111651748A CN 202010473369 A CN202010473369 A CN 202010473369A CN 111651748 A CN111651748 A CN 111651748A
- Authority
- CN
- China
- Prior art keywords
- access
- authentication
- security
- control unit
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a safe access processing system of an ECU (electronic control unit) in a vehicle, which comprises a safe access control unit, a vehicle-mounted diagnosis module and an authentication and authorization server; the vehicle-mounted diagnosis module comprises an ECU (electronic control Unit), an in-vehicle network, a vehicle-mounted OBD (on-board diagnostics) interface and an authentication unit, wherein the authentication unit is connected with the security access control unit through the vehicle-mounted OBD interface, the ECU is connected with the authentication unit, the authentication authorization server is connected with the security access control unit, and the authentication authorization server is in communication connection with the authentication unit. The invention also discloses a safe access processing method of the ECU in the vehicle. By the system and the method thereof, the access security of the external access equipment is effectively improved.
Description
Technical Field
The invention relates to the technical field of vehicle-mounted equipment safety, in particular to a system and a method for processing safe access of an ECU (electronic control unit) in a vehicle.
Background
In recent years, with the rapid development of automobile intelligent technology, more and more functions of intellectualization and configuration are provided, and a whole automobile factory provides different levels of user experience for customers by using configuration difference, has different configuration prices, but has some black industries, accesses illegal diagnosis equipment through an OBD interface, cracks the differentiated configuration provided by the automobile factory, illegally extracts the use authority of the user, further obtains benefits, and damages the benefits of the whole automobile factory.
Disclosure of Invention
The invention aims to provide a safe access processing system and a method of an in-vehicle ECU, which effectively improve the access safety of external access equipment.
In order to achieve the above object, the present invention provides a system for processing a secure access of an ECU in a vehicle, comprising:
the safety access control unit is used for being connected with external access equipment and is provided with a safety operation environment;
the vehicle-mounted diagnosis module comprises an ECU, an in-vehicle network, a vehicle-mounted OBD interface and an authentication unit; the authentication unit is connected with the security access control unit through a vehicle-mounted OBD interface, and the ECU is connected with the authentication unit;
the authentication and authorization server is used for initializing the security access control unit to obtain signature information; the authentication and authorization server is connected with the security access control unit and is in communication connection with the authentication unit;
the security access control unit receives an access instruction of external access equipment, judges the security level of the access instruction, and directly transmits the access instruction to the authentication unit through a standard communication protocol if the security level of the access instruction is a non-authentication level; otherwise, signing the access instruction to obtain an instruction signature value, and then forwarding the access instruction, the instruction signature value and the signature information to an authentication unit; the authentication unit judges the security level of the access instruction from the security access control unit, if the security level of the access instruction is a non-authentication level, the security level is directly transmitted to the ECU through a standard communication protocol, and the ECU executes a command of external access equipment; otherwise, the authentication unit authenticates the identity, identity validity, access authority, authorization time limit and signature value of the security access control unit, if the authentication is passed, the access instruction is forwarded to the ECU according to the protocol, and the ECU executes the command of the external access device; otherwise, directly quitting the current working process; and completing the service request until all the access instructions pass through the authentication unit for security authentication.
Further, the security level is divided into four levels; the non-authentication level is a first level and is used for realizing non-sensitive data reading and data reading required by regulations; the remaining three grades are in order:
the second level is a read data level and is used for realizing sensitive data reading;
the third level is a write configuration level and is used for realizing configuration writing and changing of the ECU;
the fourth level is a flash level and is used for realizing the flash of the software.
Further, the authentication and authorization server is also used for initializing the authentication unit, the authentication and authorization server sends the root public key certificate to the authentication unit in an off-line manner, and the authentication unit safely encrypts and stores the root public key certificate in a tamper-proof storage area to complete the initialization of the authentication unit.
Further, the authentication unit authenticates the identity, identity validity, access authority, authorization time limit and signature value of the security access control unit, and specifically comprises the following steps:
(S31) the authentication unit verifies and signs the signature information, and the verification and signature method comprises the following steps: decrypting the signature information through a root public key certificate of the authentication authorization server to obtain first digest information, then calling a hash algorithm to calculate a digest of the access instruction to obtain second digest information, comparing whether the first digest information and the second digest information are the same, if so, passing the identity authentication, storing the public key information of the security access control unit, and then executing the step (S32); if not, the identity authentication fails, and the current working process is directly exited;
(S32) the authentication unit generates a section of random number, the random number is encrypted by using public key information in the signature information, the encryption result is forwarded to the security access control unit, the security access control unit obtains a plaintext random number after decrypting through private key information, the plaintext random number is returned to the authentication unit, the authentication unit compares whether the random number is consistent, if so, the identity validity verification is passed, and then the step (S33) is executed; if not, the identity validity verification fails, and the current working process is directly exited;
(S33) the authentication unit judges the access authority in the signature information passing the verification, verifies whether the access authority of the security access control unit meets the requirement, if the access authority passes the verification, then the step (S34) is executed; if the access right verification is not passed, the current working process is directly exited for unauthorized access;
(S34) the authentication unit judges the authorization time limit in the signature information passing the verification, verifies whether the authorization time limit of the security access control unit meets the requirement, if the verification passes, then executes the step (S35); if the verification fails, the authorization is overdue, and the current working process is directly quitted;
(S35) the authentication unit calls the public key value in the signature information to verify the signature value of the access instruction, if the verification is passed, the access instruction is legal, and the service instruction is forwarded to the accessed ECU according to the protocol; and if the verification fails, directly exiting the current working process.
Further, the safe operation environment comprises the steps of closing the debugging interface, safely starting and safely storing.
The invention also provides a safe access processing method of the ECU in the vehicle, and the safe access processing system of the ECU in the vehicle, which is utilized by the invention, comprises the following steps:
(S0) initializing a security access control unit to obtain signature information;
(S1) the external access device transmitting an access instruction to the secure access control unit;
(S2) the security access control unit judges the security level of the access instruction, if the security level of the access instruction is a non-authentication level, the security level is directly transmitted to the authentication unit through a standard communication protocol; otherwise, signing the access instruction to obtain an instruction signature value, and then forwarding the access instruction, the instruction signature value and the signature information to an authentication unit;
(S3) the authentication unit determines the security level of the access command from the security access control unit, and if the security level of the access command is a non-authentication level, the security level is directly transmitted to the ECU through a standard communication protocol, and the ECU executes a command of the external access device; otherwise, the authentication unit authenticates the identity, identity validity, access authority, authorization time limit and signature value of the security access control unit, if the authentication is passed, the access instruction is forwarded to the ECU according to the protocol, and the ECU executes the command of the external access device; otherwise, directly quitting the current working process;
and (S4) the service request is completed until all the access instructions pass the authentication unit for security authentication.
Further, the security level is divided into four levels; the non-authentication level is a first level and is used for realizing non-sensitive data reading and data reading required by regulations; the remaining three grades are in order:
the second level is a read data level and is used for realizing sensitive data reading;
the third level is a write configuration level and is used for realizing configuration writing and changing of the ECU;
the fourth level is a flash level and is used for realizing the flash of the software.
Further, in the step (S0), the method further includes the steps of:
initializing an authentication unit, comprising the following steps: the authentication authorization server sends the root public key certificate to the authentication unit in an off-line manner, and the authentication unit safely encrypts and stores the root public key certificate in a tamper-proof storage area.
Further, initializing a security access control unit, specifically comprising: the security access control unit generates a public and private key pair, after a key is generated, the private key is encrypted and stored in the security access control unit, and an application program is ensured not to read out the private key information; reading out the public key information, combining the information including the applicant, the application unit, the equipment ID, the public key information, the authority request and the deadline request, and sending the combined information to an authentication and authorization server, calling a root private key by the authentication and authorization server through a signature interface to sign the audit request, and generating signature information including the identity ID, the equipment ID, the public key information, the access authority, the authorization deadline and a signature value; and writing the signature information into the security access control unit and encrypting and storing the signature information.
Further, the authentication unit authenticates the identity, identity validity, access authority, authorization time limit and signature value of the security access control unit, and specifically comprises the following steps:
(S31) the authentication unit verifies the signature of the signature information, and the signature verification algorithm is as follows: decrypting the signature information through a root public key certificate of the authentication authorization server to obtain first digest information, then calling a hash algorithm to calculate a digest of the access instruction to obtain second digest information, comparing whether the first digest information and the second digest information are the same, if so, passing the identity authentication, storing the public key information of the security access control unit, and then executing the step (S32); if not, the identity authentication fails, and the current working process is directly exited;
(S32) the authentication unit generates a section of random number, the random number is encrypted by using public key information in the signature information, the encryption result is forwarded to the security access control unit, the security access control unit obtains a plaintext random number after decrypting through private key information, the plaintext random number is returned to the authentication unit, the authentication unit compares whether the random number is consistent, if so, the identity validity verification is passed, and then the step (S33) is executed; if not, the identity validity verification fails, and the current working process is directly exited;
(S33) the authentication unit judges the access authority in the signature information passing the verification, verifies whether the access authority of the security access control unit meets the requirement, if the access authority passes the verification, then the step (S34) is executed; if the access right verification is not passed, the current working process is directly exited for unauthorized access;
(S34) the authentication unit judges the authorization time limit in the signature information passing the verification, verifies whether the authorization time limit of the security access control unit meets the requirement, if the verification passes, then executes the step (S35); if the verification fails, the authorization is overdue, and the current working process is directly quitted;
(S35) the authentication unit calls the public key value in the signature information to verify the signature value of the access instruction, if the verification is passed, the access instruction is legal, and the service instruction is forwarded to the accessed ECU according to the protocol; and if the verification fails, directly exiting the current working process.
Compared with the prior art, the invention has the following advantages:
the system and the method for processing the safe access of the ECU in the vehicle represent the identity of the external access equipment, provide a credible and authenticable identity identification mechanism, have the advantages of high safety, easy realization, convenient management and high universality, have no influence on the existing standard external access equipment, have low transformation rate, and greatly reduce the transformation cost of the system and the external equipment while effectively improving the access safety of the external equipment.
Drawings
FIG. 1 is a schematic structural diagram of a security access processing system of an in-vehicle ECU according to the present invention;
fig. 2 is a flowchart of a secure access processing method of the in-vehicle ECU of the present invention.
In the figure:
1-a secure access control unit; 2-an external access device; 3-an authentication unit; 4-an authentication authorization server; 5-ECU.
Detailed Description
The following further describes embodiments of the present invention with reference to the drawings.
Referring to fig. 1, the present embodiment discloses a system for processing a secure access of an ECU in a vehicle, including:
a secure access control unit 1 connected to an external access device 2 and having a secure operating environment;
the vehicle-mounted diagnosis module comprises an ECU5, an in-vehicle network, a vehicle-mounted OBD interface and an authentication unit 3; the authentication unit 3 is connected with the security access control unit 1 through a vehicle-mounted OBD interface, and the ECU5 is connected with the authentication unit 3;
an authentication and authorization server 4 for initializing the security access control unit 1 to obtain signature information; the authentication and authorization server 4 is connected with the security access control unit 1, and the authentication and authorization server 4 is in communication connection with the authentication unit 3;
the security access control unit 1 receives an access instruction of the external access device 2, judges the security level of the access instruction, and directly transmits the access instruction to the authentication unit 3 through a standard communication protocol if the security level of the access instruction is a non-authentication level; otherwise, the access instruction needs to be signed to obtain an instruction signature value, and then the access instruction, the instruction signature value and the signature information are forwarded to the authentication unit 3; the authentication unit 3 judges the security level of the access instruction from the security access control unit 1, and if the security level of the access instruction is a non-authentication level, the security level is directly transmitted to the ECU5 through a standard communication protocol, and the ECU executes a command of the external access device 2; otherwise, the authentication unit 3 authenticates the identity, identity validity, access authority, authorization time limit and signature value of the security access control unit 1, if the authentication is passed, the access instruction is forwarded to the ECU5 according to the protocol, and the ECU executes the command of the external access device 2; otherwise, directly quitting the current working process; and the service request is completed until all the access instructions pass through the authentication unit 3 for security authentication.
In the present embodiment, the security level is divided into four levels; the non-authentication level is a first level and is used for realizing non-sensitive data reading and data reading required by regulations; the remaining three grades are in order:
the second level is a read data level and is used for realizing sensitive data reading;
the third level is a write configuration level for implementing configuration writing and modification to the ECU 5;
the fourth level is a flash level and is used for realizing the flash of the software.
In this embodiment, the authentication and authorization server 4 is further configured to initialize the authentication unit 2, the authentication and authorization server 4 sends the root public key certificate to the authentication unit 3 in an off-line manner, and the authentication unit 3 securely encrypts and stores the root public key certificate in a tamper-resistant storage area to complete initialization of the authentication unit 2.
In the present embodiment, the secure execution environment 11 includes a shutdown debugging interface, a secure boot, and a secure storage.
And (3) turning off the debugging interface: after the security access control unit 1 is shipped, the debugging interface needs to input no less than 8 bits of legal password for authentication, and read-write operation can be carried out through the back, so that illegal external access is avoided.
And (4) safe starting: the safety access control unit 1 needs to have a software validity checking function in the power-on process to ensure that programs in the running process are all legal programs, and when the checking program fails, the safety access control unit 1 needs to be prohibited from being started to enter a safety mode.
And (4) safe storage: the private key stored in the security access control unit 1 is stored in an encryption mode, the security strength of an encryption algorithm is not lower than AES128, and the security access control unit has a hardware-based tamper-proof function.
In the present embodiment, the security access control unit 1 is powered by 12V from the OBD interface, is interposed between the external access device (2) and the OBD interface, and complies with the standard communication protocol of the external device access ECU 5.
In this embodiment, the authentication unit 3 authenticates the identity, identity validity, access right, authorization deadline and signature value of the security access control unit 1, and specifically includes the following steps:
(S31) the authentication unit 3 verifies the signature of the signature information, and the method for verifying the signature comprises the following steps: decrypting the signature information through a root public key certificate of the authentication authorization server 4 to obtain first digest information, then calling a hash algorithm to calculate a digest of the access instruction to obtain second digest information, comparing whether the first digest information and the second digest information are the same, if so, passing the identity authentication, storing the public key information of the security access control unit 1, and then executing the step (S32); if not, the identity authentication fails and the current working process is directly exited.
(S32) the authentication unit 3 generates a random number, encrypts the random number by using public key information in the signature information, forwards the encrypted result to the security access control unit 1, the security access control unit 1 decrypts the random number by using private key information to obtain a plaintext random number, and returns the plaintext random number to the authentication unit 3, the authentication unit 3 compares whether the random numbers are consistent, if so, the identity validity verification is passed, and then the step (S33) is executed; if not, the identity validity verification fails, and the current working process is directly exited.
(S33) the authentication unit 3 judges the access authority in the signature information passing the verification, verifies whether the access authority of the security access control unit 1 meets the requirement, if the access authority passes the verification, then executes the step (S34); and if the access right verification is not passed, directly exiting the current working process for unauthorized access.
(S34) the authentication unit 3 determines the authorization deadline in the verified signature information, verifies whether the authorization deadline of the security access control unit 1 meets the requirement, and if the verification is passed, then executes the step (S35); if the verification fails, the authorization is overdue, and the current work flow is directly exited.
(S35) the authentication unit 3 calls the public key value in the signature information to verify the signature value of the access instruction, if the signature value passes the verification, the access instruction is legal, and the service instruction is forwarded to the accessed ECU5 according to the protocol; and if the verification fails, directly exiting the current working process.
Referring to fig. 2, the present embodiment discloses a method for processing a security access of an in-vehicle ECU, and the system for processing a security access of an in-vehicle ECU using the above method includes the following steps:
(S0) the secure access control unit 1 is initialized to obtain the signature information.
(S1) the external access device 2 sends an access instruction to the secure access control unit 1.
(S2) the security access control unit 1 determines the security level of the access command, and if the security level of the access command is a non-authentication level, directly transmits the security level to the authentication unit 3 through a standard communication protocol; otherwise, the access instruction needs to be signed to obtain an instruction signature value, and then the access instruction, the instruction signature value and the signature information are forwarded to the authentication unit 3. The way of signing here is: and carrying out Hash operation on the access instruction, calling a private key to encrypt the Hash value, and obtaining an instruction signature value. The hash algorithm may be the secure digest algorithm disclosed by sha256 and the like.
(S3) the authentication unit 3 determines the security level of the access command from the security access control unit 1, and if the security level of the access command is a non-authentication level, the security level is directly transmitted to the ECU5 through a standard communication protocol, and the ECU executes the command of the external access device 2; otherwise, the authentication unit 3 authenticates the identity, identity validity, access authority, authorization time limit and signature value of the security access control unit 1, if the authentication is passed, the access instruction is forwarded to the ECU5 according to the protocol, and the ECU executes the command of the external access device 2; otherwise, directly exiting the current working process.
(S4) the service request is completed until all the access commands pass the authentication unit 3 for security authentication.
In this embodiment, the security level is divided into four levels; the non-authentication level is a first level and is used for realizing non-sensitive data reading and data reading required by regulations; the remaining three grades are in order:
the second level is a read data level and is used for realizing sensitive data reading;
the third level is a write configuration level for implementing configuration writing and modification to the ECU 5;
the fourth level is a flash level and is used for realizing the flash of the software.
In the present embodiment, in the step (S0), the method further includes the steps of:
initializing an authentication unit 3, comprising the following steps: the authentication authorization server 4 sends the root public key certificate to the authentication unit 3 in an off-line manner, and the authentication unit 3 stores the root public key certificate in a tamper-proof storage area in a secure encryption manner.
In this embodiment, the secure access control unit 1 is initialized, and the specific steps are as follows: the security access control unit 1 generates a public and private key pair, after a key is generated, the private key is encrypted and stored in the security access control unit 1, and an application program is ensured not to read out the private key information; reading out the public key information, combining the information including the applicant, the application unit, the equipment ID, the public key information, the authority request and the deadline request, and sending the combined information to the authentication and authorization server 4, calling the root private key by the authentication and authorization server 4 through a signature interface to sign the audit request, and generating signature information including the identity ID, the equipment ID, the public key information, the access authority, the authorization deadline and the signature value; and writing the signature information into the security access control unit 1 and encrypting and storing the signature information. The signature information is written into the security access control unit 1 and stored in an encrypted manner by the AES128 algorithm. The security access control unit 1 calls a random number generator before leaving a factory to generate a public and private key pair, and applies public security algorithms such as RSA and ECC, wherein the RSA key length is not less than 2048 bits, and the ECC key length is not less than 256 bits. After the key pair is generated, the private key is directly encrypted by a security algorithm and then stored in the security access control unit 1, where the security algorithm is an AES128 algorithm, which is not limited herein and may be other public security algorithms.
In this embodiment, the authentication unit 3 authenticates the identity, identity validity, access right, authorization deadline and signature value of the security access control unit 1, and specifically includes the following steps:
(S31) the authentication unit 3 verifies the signature of the signature information, and the signature verification algorithm is as follows: decrypting the signature information through a root public key certificate of the authentication authorization server 4 to obtain first digest information, then calling a hash algorithm to calculate a digest of the access instruction to obtain second digest information, comparing whether the first digest information and the second digest information are the same, if so, passing the identity authentication, storing the public key information of the security access control unit 1, and then executing the step (S32); if not, the identity authentication fails and the current working process is directly exited.
(S32) the authentication unit 3 generates a random number, encrypts the random number by using public key information in the signature information, forwards the encrypted result to the security access control unit 1, the security access control unit 1 decrypts the random number by using private key information to obtain a plaintext random number, and returns the plaintext random number to the authentication unit 3, the authentication unit 3 compares whether the random numbers are consistent, if so, the identity validity verification is passed, and then the step (S33) is executed; if not, the identity validity verification fails, and the current working process is directly exited. The encryption algorithm is not limited, and may be RSA2048 or ECC256, or other public security algorithms.
(S33) the authentication unit 3 judges the access authority in the signature information passing the verification, verifies whether the access authority of the security access control unit 1 meets the requirement, if the access authority passes the verification, then executes the step (S34); and if the access right verification is not passed, directly exiting the current working process for unauthorized access.
(S34) the authentication unit 3 determines the authorization deadline in the verified signature information, verifies whether the authorization deadline of the security access control unit 1 meets the requirement, and if the verification is passed, then executes the step (S35); if the verification fails, the authorization is overdue, and the current work flow is directly exited.
(S35) the authentication unit 3 calls the public key value in the signature information to verify the signature value of the access instruction, if the signature value passes the verification, the access instruction is legal, and the service instruction is forwarded to the accessed ECU5 according to the protocol; and if the verification fails, directly exiting the current working process.
In this embodiment, the standard external access device 2 itself can only realize the first level of security authentication level, that is, the reading of the non-sensitive data and the regulatory data is realized; if the second-level to fourth-level access rights need to be realized, before the factory leaves, the security access control unit 1 needs to be applied to the authentication and authorization server 4, and the authentication and authorization server 4 allocates different access rights to the applicant according to the unit and the role of the applicant, so that the right control of the external access device 2 to access the in-vehicle ECU5 is realized.
In the present embodiment, the authentication unit 3 is, for example, a trusted ECU. The in-vehicle network includes a gateway, and the trusted ECU is, for example, the gateway.
The system and the method for processing the safe access of the ECU in the vehicle represent the identity of the external access equipment, provide a credible and authenticable identity identification mechanism, have the advantages of high safety, easy realization, convenient management and high universality, have no influence on the existing standard external access equipment, have low transformation rate, and greatly reduce the transformation cost of the system and the external equipment while effectively improving the access safety of the external equipment.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (10)
1. A secure access processing system of an in-vehicle ECU, characterized by comprising:
a secure access control unit (1) which is connected to an external access device (2) and has a secure operating environment;
the vehicle-mounted diagnosis module comprises an ECU (5), an in-vehicle network, a vehicle-mounted OBD interface and an authentication unit (3); the authentication unit (3) is connected with the security access control unit (1) through a vehicle-mounted OBD interface, and the ECU (5) is connected with the authentication unit (3);
an authentication and authorization server (4) for initializing the secure access control unit (1) to obtain signature information; the authentication and authorization server (4) is connected with the security access control unit (1), and the authentication and authorization server (4) is in communication connection with the authentication unit (3);
the security access control unit (1) receives an access instruction of the external access device (2), judges the security level of the access instruction, and directly transmits the access instruction to the authentication unit (3) through a standard communication protocol if the security level of the access instruction is a non-authentication level; otherwise, the access instruction needs to be signed to obtain an instruction signature value, and then the access instruction, the instruction signature value and the signature information are forwarded to the authentication unit (3); the authentication unit (3) judges the security level of the access instruction from the security access control unit (1), if the security level of the access instruction is a non-authentication level, the security level is directly transmitted to the ECU (5) through a standard communication protocol, and the ECU executes a command of the external access device (2); otherwise, the authentication unit (3) authenticates the identity, identity validity, access authority, authorization time limit and signature value of the security access control unit (1), if the authentication is passed, the access instruction is forwarded to the ECU (5) according to the protocol, and the ECU executes the command of the external access device (2); otherwise, directly quitting the current working process; and the service request is completed until all the access instructions pass through the authentication unit (3) for security authentication.
2. The in-vehicle ECU security access processing system according to claim 1, characterized in that the security level is divided into four levels; the non-authentication level is a first level and is used for realizing non-sensitive data reading and data reading required by regulations; the remaining three grades are in order:
the second level is a read data level and is used for realizing sensitive data reading;
the third level is a write configuration level and is used for realizing configuration writing and changing of the ECU (5);
the fourth level is a flash level and is used for realizing the flash of the software.
3. The system for processing the safe access of the ECU in the vehicle according to claim 1 or 2, wherein the authentication and authorization server (4) is further configured to initialize the authentication unit (2), the authentication and authorization server (4) sends the root public key certificate to the authentication unit (3) offline, and the authentication unit (3) stores the root public key certificate in a tamper-proof storage area in a secure encryption manner so as to complete the initialization of the authentication unit (2).
4. The system for processing the safe access of the ECU in the vehicle according to claim 1 or 2, wherein the authentication unit (3) authenticates the identity, identity validity, access authority, authorization duration and signature value of the security access control unit (1), and specifically comprises the following steps:
(S31) the authentication unit (3) verifies and signs the signature information, and the signature verification method comprises the following steps: decrypting the signature information through a root public key certificate of the authentication authorization server (4) to obtain first abstract information, then calling a hash algorithm to calculate an abstract of an access instruction to obtain second abstract information, comparing whether the first abstract information and the second abstract information are the same, if so, passing the identity authentication, storing the public key information of the security access control unit (1), and then executing the step (S32); if not, the identity authentication fails, and the current working process is directly exited;
(S32) the authentication unit (3) generates a random number, the random number is encrypted by using public key information in the signature information, the encryption result is forwarded to the security access control unit (1), the security access control unit (1) decrypts the random number through private key information to obtain a plaintext random number, the plaintext random number is returned to the authentication unit (3), the authentication unit (3) compares whether the random numbers are consistent, if so, the identity validity verification is passed, and then the step (S33) is executed; if not, the identity validity verification fails, and the current working process is directly exited;
(S33) the authentication unit (3) judges the access authority in the signature information passing the verification, verifies whether the access authority of the security access control unit (1) meets the requirement, if the access authority passes the verification, then the step (S34) is executed; if the access right verification is not passed, the current working process is directly exited for unauthorized access;
(S34) the authentication unit (3) judges the authorization deadline in the signature information passing the verification, verifies whether the authorization deadline of the security access control unit (1) meets the requirement, and if the verification passes, then executes the step (S35); if the verification fails, the authorization is overdue, and the current working process is directly quitted;
(S35) the authentication unit (3) calls the public key value in the signature information to verify the signature value of the access instruction, if the signature value passes the verification, the access instruction is legal, and the service instruction is forwarded to the accessed ECU (5) according to the protocol; and if the verification fails, directly exiting the current working process.
5. The system according to claim 1 or 2, wherein the safe operation environment (11) includes a shutdown debugging interface, a safe start-up, and a safe storage.
6. A security access processing method of an in-vehicle ECU using the security access processing system of the in-vehicle ECU according to claim 1, characterized by comprising the steps of:
(S0) initializing the security access control unit (1) to obtain signature information;
(S1) the external access device (2) sending an access instruction to the secure access control unit (1);
(S2) the security access control unit (1) judges the security level of the access instruction, if the security level of the access instruction is a non-authentication level, the security level is directly transmitted to the authentication unit (3) through a standard communication protocol; otherwise, the access instruction needs to be signed to obtain an instruction signature value, and then the access instruction, the instruction signature value and the signature information are forwarded to the authentication unit (3);
(S3) the authentication unit (3) judges the security level of the access instruction from the security access control unit (1), if the security level of the access instruction is a non-authentication level, the security level is directly transmitted to the ECU (5) through a standard communication protocol, and the ECU executes the command of the external access device (2); otherwise, the authentication unit (3) authenticates the identity, identity validity, access authority, authorization time limit and signature value of the security access control unit (1), if the authentication is passed, the access instruction is forwarded to the ECU (5) according to the protocol, and the ECU executes the command of the external access device (2); otherwise, directly quitting the current working process;
(S4) the service request is completed until all the access instructions pass the authentication unit (3) for security authentication.
7. The in-vehicle ECU safe access processing method according to claim 6, characterized in that the safety level is divided into four levels; the non-authentication level is a first level and is used for realizing non-sensitive data reading and data reading required by regulations; the remaining three grades are in order:
the second level is a read data level and is used for realizing sensitive data reading;
the third level is a write configuration level and is used for realizing configuration writing and changing of the ECU (5);
the fourth level is a flash level and is used for realizing the flash of the software.
8. The in-vehicle ECU safe access processing method according to claim 6 or 7, characterized by further comprising, in step (S0), the steps of:
initializing an authentication unit (3), comprising the specific steps of: the authentication authorization server (4) sends the root public key certificate to the authentication unit (3) in an off-line manner, and the authentication unit (3) safely encrypts and stores the root public key certificate in a tamper-proof storage area.
9. The method for processing the safe access of the in-vehicle ECU according to claim 8, wherein the method for processing the safe access of the in-vehicle ECU (1) comprises the following steps: the security access control unit (1) generates a public and private key pair, after a key is generated, the private key is encrypted and stored in the security access control unit (1), and an application program is ensured not to read out the private key information; reading out the public key information, combining the information including the applicant, the application unit, the equipment ID, the public key information, the authority request and the deadline request, and sending the combined information to the authentication and authorization server (4), wherein the authentication and authorization server (4) calls a root private key through a signature interface to sign the audit request, and generates signature information including the identity ID, the equipment ID, the public key information, the access authority, the authorization deadline and a signature value; and writing the signature information into the security access control unit (1) and encrypting and storing the signature information.
10. The in-vehicle ECU security access processing method according to claim 6 or 7, wherein the authentication unit (3) authenticates the identity, identity validity, access authority, authorization deadline and signature value of the security access control unit (1), and specifically comprises the following steps:
(S31) the authentication unit (3) verifies the signature of the signature information, and the signature verification algorithm is as follows: decrypting the signature information through a root public key certificate of the authentication authorization server (4) to obtain first abstract information, then calling a hash algorithm to calculate an abstract of an access instruction to obtain second abstract information, comparing whether the first abstract information and the second abstract information are the same, if so, passing the identity authentication, storing the public key information of the security access control unit (1), and then executing the step (S32); if not, the identity authentication fails, and the current working process is directly exited;
(S32) the authentication unit (3) generates a random number, the random number is encrypted by using public key information in the signature information, the encryption result is forwarded to the security access control unit (1), the security access control unit (1) decrypts the random number through private key information to obtain a plaintext random number, the plaintext random number is returned to the authentication unit (3), the authentication unit (3) compares whether the random numbers are consistent, if so, the identity validity verification is passed, and then the step (S33) is executed; if not, the identity validity verification fails, and the current working process is directly exited;
(S33) the authentication unit (3) judges the access authority in the signature information passing the verification, verifies whether the access authority of the security access control unit (1) meets the requirement, if the access authority passes the verification, then the step (S34) is executed; if the access right verification is not passed, the current working process is directly exited for unauthorized access;
(S34) the authentication unit (3) judges the authorization deadline in the signature information passing the verification, verifies whether the authorization deadline of the security access control unit (1) meets the requirement, and if the verification passes, then executes the step (S35); if the verification fails, the authorization is overdue, and the current working process is directly quitted;
(S35) the authentication unit (3) calls the public key value in the signature information to verify the signature value of the access instruction, if the signature value passes the verification, the access instruction is legal, and the service instruction is forwarded to the accessed ECU (5) according to the protocol; and if the verification fails, directly exiting the current working process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010473369.XA CN111651748B (en) | 2020-05-29 | 2020-05-29 | Safety access processing system and method for ECU in vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010473369.XA CN111651748B (en) | 2020-05-29 | 2020-05-29 | Safety access processing system and method for ECU in vehicle |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111651748A true CN111651748A (en) | 2020-09-11 |
| CN111651748B CN111651748B (en) | 2023-03-14 |
Family
ID=72346927
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010473369.XA Active CN111651748B (en) | 2020-05-29 | 2020-05-29 | Safety access processing system and method for ECU in vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111651748B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112738222A (en) * | 2020-12-28 | 2021-04-30 | 嬴彻科技(浙江)有限公司 | Vehicle diagnosis system and method, vehicle and gateway thereof, and storage medium |
| CN113204226A (en) * | 2021-04-25 | 2021-08-03 | 重庆长安汽车股份有限公司 | Vehicle diagnosis system and method |
| CN113411311A (en) * | 2021-05-20 | 2021-09-17 | 联合汽车电子有限公司 | ECU (electronic control Unit) diagnosis authorization verification method, storage medium and system |
| CN114785557A (en) * | 2022-03-28 | 2022-07-22 | 重庆长安汽车股份有限公司 | Vehicle symmetric key distribution system, method and storage medium |
| CN114866982A (en) * | 2021-02-04 | 2022-08-05 | 广州汽车集团股份有限公司 | Method and system for data interaction by accessing public network through vehicle-end ECU |
| CN115134146A (en) * | 2022-06-27 | 2022-09-30 | 中国第一汽车股份有限公司 | Vehicle-mounted entertainment system and vehicle |
| CN115189923A (en) * | 2022-06-20 | 2022-10-14 | 零束科技有限公司 | Access control method, device and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130111582A1 (en) * | 2011-10-28 | 2013-05-02 | GM Global Technology Operations LLC | Security access method for automotive electronic control units |
| JP2013171378A (en) * | 2012-02-20 | 2013-09-02 | Denso Corp | Data communication authentication system for vehicle, and gateway apparatus for vehicle |
| JP2014180937A (en) * | 2013-03-19 | 2014-09-29 | Aisin Aw Co Ltd | Vehicle operation authority authentication system, vehicle operation authority authentication device, vehicle operation authority authentication method, and vehicle operation authority authentication program |
| CN104092725A (en) * | 2014-06-05 | 2014-10-08 | 潍柴动力股份有限公司 | ECU flushing method and client |
| CN107426187A (en) * | 2017-06-27 | 2017-12-01 | 江苏大学 | A kind of in-vehicle network fine granularity mandate access method based on ECU identity attributes |
| CN110708388A (en) * | 2019-10-15 | 2020-01-17 | 大陆投资(中国)有限公司 | Vehicle body safety anchor node device, method and network system for providing safety service |
| CN111431901A (en) * | 2020-03-23 | 2020-07-17 | 重庆长安汽车股份有限公司 | System and method for safely accessing ECU (electronic control Unit) in vehicle by external equipment |
-
2020
- 2020-05-29 CN CN202010473369.XA patent/CN111651748B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130111582A1 (en) * | 2011-10-28 | 2013-05-02 | GM Global Technology Operations LLC | Security access method for automotive electronic control units |
| JP2013171378A (en) * | 2012-02-20 | 2013-09-02 | Denso Corp | Data communication authentication system for vehicle, and gateway apparatus for vehicle |
| JP2014180937A (en) * | 2013-03-19 | 2014-09-29 | Aisin Aw Co Ltd | Vehicle operation authority authentication system, vehicle operation authority authentication device, vehicle operation authority authentication method, and vehicle operation authority authentication program |
| CN104092725A (en) * | 2014-06-05 | 2014-10-08 | 潍柴动力股份有限公司 | ECU flushing method and client |
| CN107426187A (en) * | 2017-06-27 | 2017-12-01 | 江苏大学 | A kind of in-vehicle network fine granularity mandate access method based on ECU identity attributes |
| CN110708388A (en) * | 2019-10-15 | 2020-01-17 | 大陆投资(中国)有限公司 | Vehicle body safety anchor node device, method and network system for providing safety service |
| CN111431901A (en) * | 2020-03-23 | 2020-07-17 | 重庆长安汽车股份有限公司 | System and method for safely accessing ECU (electronic control Unit) in vehicle by external equipment |
Non-Patent Citations (2)
| Title |
|---|
| MD SWAWIBE UL ALAM等: ""Securing Vehicle ECU Communications and Stored Data"", 《IEEE》 * |
| 胡星: "《车载终端系统漏洞检测技术的研究与实现》", 《中国硕士学位论文全文数据库 信息科技辑》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112738222A (en) * | 2020-12-28 | 2021-04-30 | 嬴彻科技(浙江)有限公司 | Vehicle diagnosis system and method, vehicle and gateway thereof, and storage medium |
| CN114866982A (en) * | 2021-02-04 | 2022-08-05 | 广州汽车集团股份有限公司 | Method and system for data interaction by accessing public network through vehicle-end ECU |
| CN113204226A (en) * | 2021-04-25 | 2021-08-03 | 重庆长安汽车股份有限公司 | Vehicle diagnosis system and method |
| CN113411311A (en) * | 2021-05-20 | 2021-09-17 | 联合汽车电子有限公司 | ECU (electronic control Unit) diagnosis authorization verification method, storage medium and system |
| CN114785557A (en) * | 2022-03-28 | 2022-07-22 | 重庆长安汽车股份有限公司 | Vehicle symmetric key distribution system, method and storage medium |
| CN114785557B (en) * | 2022-03-28 | 2023-06-06 | 重庆长安汽车股份有限公司 | Whole vehicle symmetric key distribution system, method and storage medium |
| CN115189923A (en) * | 2022-06-20 | 2022-10-14 | 零束科技有限公司 | Access control method, device and storage medium |
| CN115134146A (en) * | 2022-06-27 | 2022-09-30 | 中国第一汽车股份有限公司 | Vehicle-mounted entertainment system and vehicle |
| CN115134146B (en) * | 2022-06-27 | 2023-11-21 | 中国第一汽车股份有限公司 | Vehicle-mounted entertainment system and vehicle |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111651748B (en) | 2023-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111651748B (en) | Safety access processing system and method for ECU in vehicle | |
| JP4091744B2 (en) | Computer apparatus and operation method thereof | |
| KR100670005B1 (en) | Apparatus for verifying memory integrity remotely for mobile platform and system thereof and method for verifying integrity | |
| CN108122311B (en) | Vehicle virtual key implementation method and system | |
| US11330432B2 (en) | Maintenance system and maintenance method | |
| CN102262599B (en) | Trusted root-based portable hard disk fingerprint identification method | |
| CN102456111B (en) | Method and system for license control of Linux operating system | |
| US20040128523A1 (en) | Information security microcomputer having an information securtiy function and authenticating an external device | |
| JP2015065495A (en) | Encryption key supply method, semiconductor integrated circuit and encryption key management device | |
| JP4469892B2 (en) | Certification of control equipment in the vehicle | |
| US8035494B2 (en) | Motor vehicle control device data transfer system and process | |
| EP2484564B1 (en) | Method and apparatus for vehicle security | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN109714171B (en) | Safety protection method, device, equipment and medium | |
| US7213267B2 (en) | Method of protecting a microcomputer system against manipulation of data stored in a storage assembly of the microcomputer system | |
| JP6387908B2 (en) | Authentication system | |
| CN111159656A (en) | Method, device, equipment and storage medium for preventing software from being used without authorization | |
| CN106156607B (en) | SElinux secure access method and POS terminal | |
| CN111508110B (en) | Method and device for realizing remote locking of vehicle | |
| JP5183517B2 (en) | Information processing apparatus and program | |
| CN109495269A (en) | Vehicle-mounted end is to the trust authentication method and its system of access device, vehicle-mounted end | |
| CN114547586A (en) | Vehicle-mounted bus message authentication key learning method and system and readable storage medium | |
| CN103838997A (en) | Single-chip microcomputer password verification method and device | |
| CN103281188A (en) | Method and system for backing up private key in electronic signature token | |
| JP2007535250A (en) | Authentication of equipment outside the vehicle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |