CN112118095A - Engineering machinery CAN bus random number generation method and system and identity authentication system - Google Patents

Engineering machinery CAN bus random number generation method and system and identity authentication system Download PDF

Info

Publication number
CN112118095A
CN112118095A CN202010878584.8A CN202010878584A CN112118095A CN 112118095 A CN112118095 A CN 112118095A CN 202010878584 A CN202010878584 A CN 202010878584A CN 112118095 A CN112118095 A CN 112118095A
Authority
CN
China
Prior art keywords
data
bus
random number
ciphertext
ecus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010878584.8A
Other languages
Chinese (zh)
Inventor
李寒霜
王斌
刘会娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Xugong Construction Machinery Research Institute Co ltd
Original Assignee
Jiangsu Xugong Construction Machinery Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Xugong Construction Machinery Research Institute Co ltd filed Critical Jiangsu Xugong Construction Machinery Research Institute Co ltd
Priority to CN202010878584.8A priority Critical patent/CN112118095A/en
Publication of CN112118095A publication Critical patent/CN112118095A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Computer Security & Cryptography (AREA)

Abstract

The invention discloses a method and a system for generating a CAN bus random number of engineering machinery and an identity authentication system, which are suitable for identity authentication of CAN bus communication nodes. The system comprises a plurality of ECUs, wherein each ECU broadcasts data frames to the CAN bus network and receives data of other ECUs on the CAN bus network; the ECU extracts the data frame characteristics by randomly acquiring a plurality of data on the CAN bus, so that random numbers are formed by combination; according to the characteristics of a plurality of CAN bus data frames, the characteristics of each part of parameters and transmission data are extracted to form random numbers, and the generated random numbers CAN be used for identity authentication among ECUs in a bus network.

Description

Engineering machinery CAN bus random number generation method and system and identity authentication system
Technical Field
The invention belongs to the technical field of engineering machinery, and relates to a method and a system for generating a CAN bus random number of engineering machinery and an identity authentication system.
Background
CAN- -Controller Area Network;
ECU- -Electronic Control Unit Electronic Control Unit;
MCU- -Micro Control Unit, also known as a singlechip.
The nodes CAN be hung on the CAN bus, and CAN realize communication among all the nodes through the CAN bus so as to realize a complex control process.
The CAN bus is one of the mainstream field buses, is a serial communication network which effectively supports distributed control or real-time control, has the advantages of low cost, strong real-time performance, high flexibility and the like, and is widely applied to the field of engineering machinery. At present, functions of engineering machinery host products are more and more complex, the number of bus ECUs is gradually increased, and if an effective ECU identity authentication method is not available, an attacker can send forged data packets to the ECUs, so that vehicles are out of control, or a simulated product is adopted to replace an original factory ECU, and great potential safety hazards are caused. Therefore, the safety of the CAN bus ECU directly determines the safety of the whole vehicle-mounted communication system, which is the necessity for the bus to perform identity authentication.
In the field of communication security, the quality of the random number generation method determines whether the identity authentication process is safe and reliable. In the field of engineering machinery, software is mostly realized by a C language or a CoDesys platform in a CAN bus node ECU, at present, random number functions provided by software programs in the two platforms CAN only realize generation of pseudo random numbers, the two platforms have certain periodicity and predictability, generated data cannot be truly random, and the requirements on the random numbers in identity authentication cannot be met. Therefore, how to design a safe and reliable random number generation method and system has great significance for CAN bus communication and part safety certification of the engineering machinery host.
The prior art has the following defects: the patent CN200910109146.9 realizes a random number generator circuit based on real-time data stream and pseudo random number, and adopts a hardware method to generate random numbers, so the realization process is complex, and the portability is poor, and in a bus communication system, generally, the number of bus communication related parts is large, and adopting the scheme needs to modify hardware circuits one by one, which has large workload, high cost and can not meet the requirements, so the method is not suitable for a bus communication network.
The random number generation method provided by the patent CN201911038686.2 can realize generation of true random numbers, but in the generation process of random numbers, client data and a random number generator of a target client under a distributed network are required, so the method is only applicable to the distributed network, and the network has the random number generator, so that the condition requirements are more, the application range is small, and the method is not applicable to a bus communication network; the method requires a series of operations on the process data using a predetermined algorithm, such as the SM3 digest algorithm. Due to the fact that the preset algorithm is complex to achieve, the generation rate of the random numbers is low, and the CAN bus has high requirements for real-time performance, the method CAN have certain influence on timeliness of data transmission, and is not suitable for the field of engineering machinery with high requirements for communication real-time performance.
Disclosure of Invention
The purpose is as follows: in order to overcome the defects in the prior art, the invention provides a method and a system for generating a random number of a CAN bus of an engineering machine and an identity authentication system.
In order to ensure the stable operation of the engineering machinery vehicle, a safety mechanism of identity authentication needs to be provided for the bus. Meanwhile, in the field of engineering machinery, software is mostly realized by a C language or a CoDesys platform through a CAN bus node ECU, at present, random number functions provided by software programs in the two platforms only CAN realize generation of pseudo random numbers and CAN not realize true randomness, and in order to improve the reliability of an identity authentication process, the invention provides the method for completing generation and updating of the random numbers by utilizing data transmitted on a bus in real time. When the communication ECU needs identity authentication, the ECU can randomly collect a plurality of data frames, and the generation of random numbers is completed by extracting data frame information. The process does not need to be externally connected with a random number generator, and the cost of a hardware circuit is not increased; secondly, the data transmitted on the bus changes in real time, is unpredictable, and is a random number generation source which is easy to obtain and high in quality.
The technical scheme is as follows: in order to solve the technical problems, the technical scheme adopted by the invention is as follows:
the first aspect provides a random number generation method in engineering machinery CAN bus communication, wherein an ECU extracts data frame characteristics by randomly acquiring a plurality of data on a CAN bus so as to form a random number in a combined manner; the method comprises the following steps:
acquiring a CAN bus data frame, wherein the CAN bus data frame comprises 7 parts, namely a frame start part, an arbitration part, a control part, a data part, a CRC part, an ACK part and a frame end part;
and extracting data characteristics of one or more segments of the arbitration segment, the control segment, the data segment and the CRC segment in the CAN bus data frame, and combining to obtain the random number.
In some embodiments, the combinations are randomly arranged or regularly arranged.
In some embodiments, in the random number generation method, the extracted data frame features are expanded and combined to obtain the random number.
In a second aspect, a random number generation system in CAN bus communication of an engineering machine is provided, which includes a plurality of ECUs, each ECU broadcasting a data frame to a CAN bus network and receiving data of other ECUs on the CAN bus network, and each ECU includes: an MCU control module, a CAN transceiving module and a data acquisition module,
the data acquisition module is used for acquiring data of the ECU and uploading the data to the MCU control module;
the MCU control module is used for integrating the data of the ECU into a format required by a CAN bus communication network communication protocol; the MCU control module is internally provided with a buffer area used for storing and dynamically updating the received data of other ECUs and extracting corresponding sections in the data of the buffer area when random numbers are needed;
the CAN transceiver module is used for receiving data of other ECUs from a CAN bus and uploading the data to the MCU control module; and sending the data of the ECU to the CAN bus.
In a third aspect, an engineering machinery CAN bus identity authentication system is provided, which comprises a plurality of ECUs, wherein one of the ECUs is set as an authentication initiating node and is called as a master device; the other ECUs are authenticated nodes called slave devices;
the bus identity authentication comprises the following steps:
the master device generates a group of random numbers by adopting the random number generation method of claim 1 and sends the random numbers to the slave device by adopting an agreed CAN-ID;
the main equipment encrypts the random number by adopting a data encryption algorithm to generate a ciphertext 1;
after receiving the random number, the slave equipment encrypts the random number by adopting a data encryption algorithm the same as that of the master equipment to generate a ciphertext 2 and sends the ciphertext 2 to the master equipment;
the master compares ciphertext 2 with ciphertext 1,
if the ciphertext 2 is the same as the ciphertext 1, the authentication is successful;
if the ciphertext 2 is different from the ciphertext 1, the authentication fails;
if the slave device is overtime and does not return the ciphertext 2, the authentication fails.
Has the advantages that: according to the engineering machinery CAN bus random number generation method, system and identity authentication system, an ECU extracts data frame characteristics by randomly acquiring a plurality of data on a bus, so that a random number is formed. The random number is directly analyzed and extracted by the bus data, a complex operation transformation process is not needed, the generation speed is high, and the real-time requirement of bus communication data transmission is met; the configuration of hardware equipment is not required to be additionally added, the cost is low, and the feasibility is high; meanwhile, as the data transmitted on the bus is continuously updated, the generated random number CAN be continuously changed along with the data, and the method is unpredictable, is a high-quality random number generation method, and CAN provide powerful guarantee for the communication safety of the CAN bus network.
Drawings
FIG. 1 is a diagram illustrating a CAN data frame structure usable by a random number generation method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a hardware structure of a single ECU in the random number generation system according to the embodiment of the present invention;
FIG. 3 is a schematic flow chart illustrating identity authentication between every two ECUs in the random number generation system according to the embodiment of the present invention;
fig. 4 is a schematic diagram of a CAN bus communication network of the random number generation system according to the embodiment of the present invention.
Detailed Description
The present invention will be further described with reference to the following examples. The relevant terms are defined as follows:
CAN- -Controller Area Network;
ECU- -Electronic Control Unit Electronic Control Unit;
MCU- - -Micro Control Unit, also called SCM;
the nodes CAN be hung on the CAN bus, and CAN realize communication among all the nodes through the CAN bus so as to realize a complex control process.
The invention provides a method for generating random numbers by using real-time transmitted data on a bus and an identity authentication system. The authentication node randomly collects a plurality of data on the bus and extracts the data frame characteristics, so that a random number is formed, and the generated random number can be used for identity authentication among ECUs in the bus network. The invention does not need to change or add hardware equipment of the system, and does not have the operation process of a complex algorithm, and simultaneously, because the message types, the message periods and the data contents transmitted and received by each ECU in the bus network are irregular and difficult to predict, the invention is a random number generation method and an identity authentication system with low cost, high quality and high authentication speed.
Example 1
A method for generating random numbers in engineering machinery CAN bus communication is disclosed, wherein an ECU extracts data frame characteristics by randomly collecting a plurality of data on a CAN bus, thereby forming random numbers; the method comprises the following steps:
acquiring a CAN bus data frame, wherein the CAN bus data frame comprises 7 parts, namely a frame start part, an arbitration part, a control part, a data part, a CRC part, an ACK part and a frame end part,
and extracting data characteristics of one or more segments of the arbitration segment, the control segment, the data segment and the CRC segment in the CAN bus data frame, and combining to obtain the random number.
The combination is randomly arranged or regularly arranged.
The random number generation method is based on data of each part of a CAN bus data frame structure. The CAN bus is a masterless network which adopts a broadcasting mode to transmit data, in the network, information takes a data frame as a transmission carrier, each ECU in the engineering machinery host has a specific ID and sends the data frame of the specific CAN-ID, all ECUs connected to the CAN bus receive the data frames sent by other ECUs on the bus, and then corresponding data output or action is executed according to the data.
According to the constitution of CAN bus data frame, the data frame contains 7 parts, namely frame start, arbitration section, control section, data section, CRC section, ACK section and frame end, wherein 4 sections including arbitration section, control section, data section and CRC section which CAN be used to extract random number, 4 sections which CAN be used in each data frame transmitted on the network may be the same or different, have complete randomness and are unpredictable; the MCU control module in the ECU may directly adopt some segment combinations as random numbers, or form random numbers by analyzing and extracting data characteristics of one or more segments of multi-frame data, for example, a group of random numbers of 8 bytes can be obtained by combining and expanding CRC segments of 4-frame data frames, but the present invention is not limited thereto, and only describes the implementation method by taking CRC segments as an example.
The random number method implemented by taking the CRC section as an example comprises the following steps: the CAN bus ECU is internally provided with a buffer area, the buffer area is stored into the buffer area after a data frame message is received each time, the buffer area is set to be a fixed size, for example, 4 frames are sequenced according to time sequence, an old message with the earliest frame time is deleted when a new message is stored, the purpose of dynamic updating is achieved, when a random number is needed, CRC sections of 4 frame data frames in the current buffer area are extracted, each CRC section is 15 bits and needs to be respectively expanded to 16 bits, namely 2 bytes, the 4 sections of CRC are combined to obtain an 8-byte random number, the maximum data length of the CAN bus is 8 bytes, and therefore the generated random number CAN be sent to other ECUs on the network by adopting one frame of CAN data frame; meanwhile, CRC section data is a check code generated by the CAN transceiver according to frame data, and is generated by hardware of a sender before data is sent, so that software processing time is not occupied.
Fig. 1 is a schematic diagram of a CAN data frame structure usable by the random number generation method of the present invention, and the method of the present invention is applicable to CAN2.0a (11-bit ID) and CAN2.0b (29-bit ID), and the data frame is composed of a frame start, an arbitration segment, a control segment, a data segment, a CRC segment, an ACK segment, and a frame end, where the arbitration segment, the control segment, the data segment, and the CRC segment CAN be used as a feature extraction source of the data frame to form a random number.
In the random number generation method, an ECU in a bus acquires data frames transmitted in real time in a network, and random numbers are formed by analyzing and extracting certain characteristics or certain characteristics of the data frames. The structural data of each part of the data frame can be the same or different, has complete randomness and unpredictability, and is a high-quality random number generation source.
The whole random number generation process does not comprise a complex operation processing process, the processing speed is high, and the requirement of the real-time data transmission of a communication system is met.
The random number generation process does not need to modify or additionally add hardware equipment configuration, and the method is low in cost and high in feasibility.
The random number generation method is applicable to bus communication including, but not limited to, can2.0a (11-bit ID) and can2.0b (29-bit ID). The random number generation method is suitable for upper application protocols based on CAN bus technology, such as CANopen and J1939 protocols.
Example 2
A random number generation system in engineering machinery CAN bus communication comprises a plurality of ECUs, each ECU broadcasts data frames to a CAN bus network and receives data of other ECUs on the CAN bus network, and each ECU comprises: an MCU control module, a CAN transceiving module and a data acquisition module,
the data acquisition module is used for acquiring data of the ECU and uploading the data to the MCU control module;
the MCU control module is used for integrating the data of the ECU into a format required by a CAN bus communication network communication protocol; the MCU control module is internally provided with a buffer area used for storing and dynamically updating the received data of other ECUs and extracting corresponding sections in the data of the buffer area when random numbers are needed;
the CAN transceiver module is used for receiving data of other ECUs from a CAN bus and uploading the data to the MCU control module; sending the data of the ECU to a CAN bus;
fig. 2 is a schematic diagram of a hardware structure of a single ECU in the random number generation system of the present invention, which mainly includes an MCU control module, a data acquisition module, a CAN transceiver module, a data output module, a power supply module, and the like.
The random number generation system is a complete CAN bus communication network and comprises a plurality of ECUs, each ECU broadcasts data frames to the network and receives data of other ECUs on the network, and each ECU is composed of a power supply module, an MCU control module, a CAN transceiving module, a data acquisition module, a data output module and the like. Usually, a CAN bus communication network is designed with a communication protocol, each ECU acquires self data such as current data, voltage data and the like through a data acquisition module, and an MCU control module integrates the acquired data into a format required by the communication protocol and sends the data through a CAN transceiver module; meanwhile, each ECU receives data sent to the bus network by other ECUs through the CAN transceiver module, a buffer area is arranged in the MCU control module of the ECU and used for storing and dynamically updating the received data, and corresponding sections in the data of the buffer area are extracted when random numbers are needed. Because each ECU data comprises multiple types such as periodic messages, event messages and the like, the types of messages sent by each ECU are various, and the sending time and the data content are irregular, the data transmitted in real time in the CAN network is difficult to predict, and the randomness of data generation is ensured.
Example 3
An engineering machinery CAN bus identity authentication system comprises a plurality of ECUs, wherein one of the ECUs is set as an authentication initiating node and is called as a master device; the other ECUs are authenticated nodes called slave devices;
because the CAN bus is a masterless network, any node CAN be used as a master device and a slave device without limitation, the authentication process CAN be respectively initiated by different nodes and mutually authenticated, and the initiator is the master device. The bus identity authentication process is carried out in multiple steps, and the bus identity authentication comprises the following steps:
the master device generates a group of random numbers by adopting the random number generation method in the embodiment 1 and sends the random numbers to the slave device by adopting the appointed CAN-ID;
the main equipment encrypts the random number by adopting a specific data encryption algorithm to generate a ciphertext 1;
after receiving the random number, the slave equipment encrypts the random number by adopting a data encryption algorithm the same as that of the master equipment to generate a ciphertext 2 and sends the ciphertext 2 to the master equipment;
and the master device compares the ciphertext 2 with the ciphertext 1, if the ciphertext 2 and the ciphertext 1 are the same, the authentication is successful, and if the slave device does not return the ciphertext 2 after overtime or the ciphertext 2 is different from the ciphertext 1, the authentication is failed.
Every two ECUs which are communicated with each other in the system can complete identity authentication as required, and a timing authentication mechanism or an idle authentication mechanism can be adopted to continuously provide safety protection for the engineering machinery vehicle. Fig. 3 is a schematic flow chart of the identity authentication between every two ECUs in the random number generation system of the present invention, and the whole process is executed according to the following steps:
1. after the system is powered on, firstly, initializing the system;
2. the master equipment judges whether the slave equipment needs identity authentication or not;
3. if the slave equipment needs identity authentication, the master equipment enters a random number generation program to obtain a group of random numbers, and then encrypts the random numbers by adopting a specific data encryption algorithm to obtain a ciphertext 1;
4. synchronously, the master equipment sends the random number to the slave equipment, and the slave equipment receives the data and encrypts the data by adopting the same encryption algorithm to obtain a ciphertext 2;
5. and the master equipment compares the ciphertext 1 with the ciphertext 2, if the ciphertext 1 and the ciphertext 2 are the same, the authentication is successful, and if the ciphertext 2 is not received within overtime or the ciphertext 1 is different from the ciphertext 2, the authentication is failed.
Fig. 4 is a schematic diagram of a CAN bus communication network of the random number generation system of the present invention, where the CAN bus communication network includes 2 ECUs (the number of ECUs in the network is not limited in specific implementation) and 2 120 ohm terminal resistors, and every two ECUs in communication with each other in the network CAN execute an identity authentication operation according to the flow shown in fig. 3, so as to ensure the security and reliability of the entire CAN network communication system node.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only of the preferred embodiments of the present invention, and it should be noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention and these are intended to be within the scope of the invention.

Claims (7)

1. A random number generation method in engineering machinery CAN bus communication is characterized in that an ECU extracts data frame characteristics by randomly collecting a plurality of data on a CAN bus, so that random numbers are formed by combination; the method comprises the following steps:
acquiring a CAN bus data frame, wherein the CAN bus data frame comprises 7 parts, namely a frame start part, an arbitration part, a control part, a data part, a CRC part, an ACK part and a frame end part;
and extracting data characteristics of one or more segments of the arbitration segment, the control segment, the data segment and the CRC segment in the CAN bus data frame, and combining to obtain the random number.
2. The method of claim 1, wherein the combining is a random permutation combination or a regular permutation combination.
3. The method of claim 1, wherein the extracted data frame features are expanded and combined to obtain the random number.
4. A random number generation system in engineering machinery CAN bus communication is characterized by comprising a plurality of ECUs, wherein each ECU broadcasts data frames to a CAN bus network and receives data of other ECUs on the CAN bus network, and each ECU comprises: an MCU control module, a CAN transceiving module and a data acquisition module,
the data acquisition module is used for acquiring data of the ECU and uploading the data to the MCU control module;
the MCU control module is used for integrating the data of the ECU into a format required by a CAN bus communication network communication protocol; the MCU control module is internally provided with a buffer area used for storing and dynamically updating the received data of other ECUs and extracting corresponding sections in the data of the buffer area when random numbers are needed;
the CAN transceiver module is used for receiving data of other ECUs from a CAN bus and uploading the data to the MCU control module; and sending the data of the ECU to the CAN bus.
5. An engineering machinery CAN bus identity authentication system is characterized by comprising a plurality of ECUs, wherein one of the ECUs is set as an authentication initiating node and is called as a master device; the other ECUs are authenticated nodes called slave devices;
the bus identity authentication comprises the following steps:
the master device generates a group of random numbers by adopting the random number generation method of claim 1 and sends the random numbers to the slave device by adopting an agreed CAN-ID;
the main equipment encrypts the random number by adopting a data encryption algorithm to generate a ciphertext 1;
after receiving the random number, the slave equipment encrypts the random number by adopting a data encryption algorithm the same as that of the master equipment to generate a ciphertext 2 and sends the ciphertext 2 to the master equipment;
the master device compares the ciphertext 2 with the ciphertext 1, and if the ciphertext 2 is the same as the ciphertext 1, the authentication is successful.
6. An engineering machinery CAN bus identity authentication system is characterized by comprising a plurality of ECUs, wherein one of the ECUs is set as an authentication initiating node and is called as a master device; the other ECUs are authenticated nodes called slave devices;
the bus identity authentication comprises the following steps:
the master device generates a group of random numbers by adopting the random number generation method of claim 1 and sends the random numbers to the slave device by adopting an agreed CAN-ID;
the main equipment encrypts the random number by adopting a data encryption algorithm to generate a ciphertext 1;
after receiving the random number, the slave equipment encrypts the random number by adopting a data encryption algorithm the same as that of the master equipment to generate a ciphertext 2 and sends the ciphertext 2 to the master equipment;
the master device compares the ciphertext 2 with the ciphertext 1, and if the ciphertext 2 is different from the ciphertext 1, the authentication fails.
7. An engineering machinery CAN bus identity authentication system is characterized by comprising a plurality of ECUs, wherein one of the ECUs is set as an authentication initiating node and is called as a master device; the other ECUs are authenticated nodes called slave devices;
the bus identity authentication comprises the following steps:
the master device generates a group of random numbers by adopting the random number generation method of claim 1 and sends the random numbers to the slave device by adopting an agreed CAN-ID;
the main equipment encrypts the random number by adopting a data encryption algorithm to generate a ciphertext 1;
after receiving the random number, the slave equipment encrypts the random number by adopting a data encryption algorithm the same as that of the master equipment to generate a ciphertext 2 and sends the ciphertext 2 to the master equipment;
if the slave device is overtime and does not return the ciphertext 2, the authentication fails.
CN202010878584.8A 2020-08-27 2020-08-27 Engineering machinery CAN bus random number generation method and system and identity authentication system Pending CN112118095A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010878584.8A CN112118095A (en) 2020-08-27 2020-08-27 Engineering machinery CAN bus random number generation method and system and identity authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010878584.8A CN112118095A (en) 2020-08-27 2020-08-27 Engineering machinery CAN bus random number generation method and system and identity authentication system

Publications (1)

Publication Number Publication Date
CN112118095A true CN112118095A (en) 2020-12-22

Family

ID=73803812

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010878584.8A Pending CN112118095A (en) 2020-08-27 2020-08-27 Engineering machinery CAN bus random number generation method and system and identity authentication system

Country Status (1)

Country Link
CN (1) CN112118095A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112636923A (en) * 2020-12-23 2021-04-09 江苏徐工工程机械研究院有限公司 Engineering machinery CAN equipment identity authentication method and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8375074B2 (en) * 2005-10-27 2013-02-12 Hitachi, Ltd. Device and program for ciphering data
CN104636404A (en) * 2013-11-14 2015-05-20 华为技术有限公司 Method and device for generating large-scale data used for testing
CN105745862A (en) * 2013-09-24 2016-07-06 密执安州立大学董事会 Real-time frame authentication using ID anonymization in automotive networks
US20170026373A1 (en) * 2015-07-24 2017-01-26 Fujitsu Limited Communication relay device, communication network, and communication relay method
CN108965218A (en) * 2017-05-25 2018-12-07 华为技术有限公司 A kind of perturbed controller safety communicating method, apparatus and system
US20190020717A1 (en) * 2017-07-11 2019-01-17 GM Global Technology Operations LLC Vehicle network implementing xcp protocol policy and method
US20190028500A1 (en) * 2017-07-24 2019-01-24 Korea University Research And Business Foundation Ecu identifying apparatus and controlling method thereof
CN109921908A (en) * 2019-02-13 2019-06-21 北京仁信证科技有限公司 A kind of CAN bus identity identifying method and identity authorization system
CN111464386A (en) * 2020-03-30 2020-07-28 江苏徐工工程机械研究院有限公司 Communication conversion method and device for data transmission and communication system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8375074B2 (en) * 2005-10-27 2013-02-12 Hitachi, Ltd. Device and program for ciphering data
CN105745862A (en) * 2013-09-24 2016-07-06 密执安州立大学董事会 Real-time frame authentication using ID anonymization in automotive networks
CN104636404A (en) * 2013-11-14 2015-05-20 华为技术有限公司 Method and device for generating large-scale data used for testing
US20170026373A1 (en) * 2015-07-24 2017-01-26 Fujitsu Limited Communication relay device, communication network, and communication relay method
CN108965218A (en) * 2017-05-25 2018-12-07 华为技术有限公司 A kind of perturbed controller safety communicating method, apparatus and system
US20190020717A1 (en) * 2017-07-11 2019-01-17 GM Global Technology Operations LLC Vehicle network implementing xcp protocol policy and method
US20190028500A1 (en) * 2017-07-24 2019-01-24 Korea University Research And Business Foundation Ecu identifying apparatus and controlling method thereof
CN109921908A (en) * 2019-02-13 2019-06-21 北京仁信证科技有限公司 A kind of CAN bus identity identifying method and identity authorization system
CN111464386A (en) * 2020-03-30 2020-07-28 江苏徐工工程机械研究院有限公司 Communication conversion method and device for data transmission and communication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
朱立民;李仁发;: "一种基于AES-CCM算法的安全车载CAN网络协议" *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112636923A (en) * 2020-12-23 2021-04-09 江苏徐工工程机械研究院有限公司 Engineering machinery CAN equipment identity authentication method and system
CN112636923B (en) * 2020-12-23 2024-04-05 江苏徐工工程机械研究院有限公司 Engineering machinery CAN equipment identity authentication method and system

Similar Documents

Publication Publication Date Title
CN111356114B (en) In-vehicle electronic control unit upgrading method, device, equipment and vehicle system
US20220276855A1 (en) Method and apparatus for processing upgrade package of vehicle
CN109168150B (en) Bluetooth rapid networking method
CN106899404A (en) Vehicle-mounted CAN FD bus communication systems and method based on wildcard
CN112865977A (en) Communication system and communication method
CN105391681A (en) Communication system, communication device, vehicle, and communication method
CN109257133B (en) Whole-network clock synchronization method and device applied to LTE (Long term evolution) rail transit network
CN110380842B (en) CAN bus message signature method, device and system suitable for intelligent network-connected automobile
CN104219298A (en) Cluster system and data backup method thereof
CN112118095A (en) Engineering machinery CAN bus random number generation method and system and identity authentication system
CN113259901B (en) Message protection method and device for Internet of vehicles
CN105446910A (en) Data transmission methods and apparatus
CN115361669A (en) Vehicle-mounted data encryption method and device, computer equipment and communication system
KR101704300B1 (en) Method for transmitting/receiving can message and system performing the same
CN115967790A (en) Monitoring system and monitoring data encryption transmission method
CN113541991B (en) Train network control system and communication control method based on time sensitive network
Shin A framework for fragmenting/reconstituting data frame in Controller Area Network (CAN)
CN110881176B (en) Method for improving utilization rate of vehicle-to-X communication device and vehicle-to-X communication device
CN105493452A (en) Method and device for controlling the transmission of response frames, originating from slave devices belonging to a lin network, to another type of network
CN112395647A (en) Block chain light node data acquisition system
EP3363146B1 (en) Method for generating a key in a circuit assembly
CN106792664B (en) Method for generating dynamic GTP tunnel
CN116318727B (en) ECU access method, device, equipment and storage medium
CN114221814B (en) System, method, device, processor and computer readable storage medium for realizing terminal equipment safety starting special service
KR102398762B1 (en) Method and apparatus of securing message in network for vehicle according to condition of vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201222