CN113472620A - Management method and system for in-vehicle message authentication fresh value - Google Patents
Management method and system for in-vehicle message authentication fresh value Download PDFInfo
- Publication number
- CN113472620A CN113472620A CN202110697538.2A CN202110697538A CN113472620A CN 113472620 A CN113472620 A CN 113472620A CN 202110697538 A CN202110697538 A CN 202110697538A CN 113472620 A CN113472620 A CN 113472620A
- Authority
- CN
- China
- Prior art keywords
- fresh value
- node
- master node
- bus
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 18
- 230000001360 synchronised effect Effects 0.000 claims abstract description 21
- 238000004891 communication Methods 0.000 abstract description 26
- 238000010586 diagram Methods 0.000 description 9
- 238000000034 method Methods 0.000 description 7
- 238000013475 authorization Methods 0.000 description 4
- 238000010276 construction Methods 0.000 description 4
- 230000006855 networking Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000011076 safety test Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40006—Architecture of a communication node
- H04L12/40019—Details regarding a bus master
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0659—Management of faults, events, alarms or notifications using network fault recovery by isolating or reconfiguring faulty entities
- H04L41/0661—Management of faults, events, alarms or notifications using network fault recovery by isolating or reconfiguring faulty entities by reconfiguring faulty entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to a management method and a system for a message authentication fresh value in a vehicle, which are applied to a main node and comprise the following steps: step A: the main node periodically sends a fresh value synchronization message to each bus; and B: the main node immediately updates a corresponding fresh value after finding that the bus BusOff is recovered; and C: when the master node updates the fresh value of the bus in the step B, the latest fresh value is synchronously sent to other buses connected with the master node; applied to a slave node, comprising: step a: the slave node receives a fresh value synchronization message sent by the master node; step b: when the slave node is abnormally restarted or BussOff is recovered, the slave node sends a synchronous message request message to the master node; step c: and the slave node receives the updated fresh value synchronization message sent by the master node. The invention can maximally lighten the bus load; in the invention, the ECU can immediately participate in normal communication work after the ECU is abnormally restarted and the bus BusOff is recovered.
Description
Technical Field
The invention relates to the field of bus communication in a vehicle, in particular to a method and a system for managing a message authentication fresh value in the vehicle.
Background
With the rapid development of intelligent networking and automatic driving of automobiles, many cracking and attacking events of intelligent networking automobiles have occurred at home and abroad, and vehicle-mounted communication is taken as an important defense line for vehicle communication safety and faces severe safety examination.
In order to solve the safety problem of vehicle-mounted communication, SecOC technical means is mostly adopted in the industry at present to integrate and deploy communication safety function software for an ECU with safety risk, so that the safety risk that a communication message is falsified and replayed in the transmission process can be effectively prevented.
Chinese patent publication No. CN110933110A discloses a patent entitled "a communication method, a transmitting end, a receiving end, and a vehicle of a vehicle-mounted network", which relates to the technical field of vehicle-mounted networks. The communication method of the vehicle-mounted network can improve the confidentiality of message data transmitted by the vehicle-mounted network and further improve the safety of the vehicle-mounted network, but the method does not make clear the specific mode of fresh value management, how to maximally reduce the bus load and if normal communication can not be influenced when an ECU in a vehicle is abnormally restarted or the bus has BusOff.
Disclosure of Invention
The invention aims to provide a method and a system for managing a message authentication fresh value in a vehicle, which solve the technical problems that: the bus load is increased due to the synchronization of the fresh values, and the controller cannot immediately recover communication after the ECU is abnormally restarted and the bus BusOff is recovered.
In order to solve the technical problems, the invention adopts the following technical scheme: a management method of a message authentication fresh value in a vehicle is applied to a main node and comprises the following steps:
step A: the main node periodically sends a fresh value synchronous message to each bus;
and B: the main node immediately updates a corresponding fresh value after finding that the bus BusOff is recovered;
and C: and B, when the master node updates the fresh value of the bus in the step B, synchronously sending the latest fresh value to other buses connected with the master node.
The invention also provides a management method of the in-vehicle message authentication fresh value, which is applied to the slave node and comprises the following steps:
step a: the slave node receives a fresh value synchronization message sent by the master node;
step b: when the slave node is abnormally restarted or BussOff is recovered, the slave node sends a synchronous message request message to the master node;
step c: and the slave node receives the updated fresh value synchronization message sent by the master node.
The present invention also provides a system for managing a message authentication fresh value in a vehicle, including:
the master node fresh value sending module is used for periodically sending fresh value synchronous messages to each bus;
the main node fresh value updating module is used for immediately updating a corresponding fresh value after the bus BussOff is found to be recovered;
the master node fresh value synchronous updating module is used for synchronously sending the latest fresh value to other buses which are connected with the master node and do not update the fresh value;
the slave node fresh value receiving module is used for receiving a fresh value synchronization message sent by the master node;
the slave node request module is used for sending a synchronous message request message to the master node when the slave node is abnormally restarted or the BusOff is recovered;
and the slave node update fresh value receiving module is used for receiving the updated fresh value synchronization message sent by the master node when the master node receives the synchronization message request of the slave node.
Preferably, the first and second electrodes are formed of a metal,
the master node is CGW, and the slave node is ECU.
By adopting the technical scheme, the beneficial technical effects of the invention are as follows: the invention sends the fresh value synchronization message to all buses through the master node, thereby maximally reducing the bus load; the invention immediately sends the request information of the fresh value synchronous message after the program of the slave node ECU is initialized or the bus off is recovered, the master node immediately updates the fresh value synchronous message, and the ECU can immediately participate in normal communication work after the slave node ECU is abnormally restarted and the bus off is recovered.
Drawings
FIG. 1 is a schematic diagram of a SecOC-master multi-slave fresh value management communication mode;
FIG. 2 is a schematic diagram of an in-vehicle communication architecture;
FIG. 3 is a diagram illustrating a security message construction;
fig. 4 is a schematic diagram of security message authentication.
Detailed Description
The invention will be further explained with reference to the drawings.
In order to make the objects, technical solutions and technical effects of the present invention more clearly apparent, the present invention is further described in detail below with reference to the embodiments and the accompanying drawings.
With the development of automobile intelligent networking and automatic driving, many intelligent networking automobile cracking and attacking events occur at home and abroad, and vehicle-mounted communication is taken as an important risk of vehicle communication safety and faces a severe safety test. The AUTOSAR organization provides a safety communication framework, in order to ensure the safety of vehicle-mounted communication data, a SecOC mechanism is introduced into the AUTOSAR specification, and the anti-replay performance and the integrity of data messages are ensured by adding a fresh value and a message authentication code into the data messages transmitted by a vehicle-mounted network.
The prior art does not specify the specific way of fresh value management, how to maximally reduce the bus load, and how to not influence normal communication when the ECU in the vehicle is abnormally restarted or bus is BusOff.
The invention provides a management method and a management system for a message authentication fresh value in a vehicle, aiming at solving the problems that the bus load is increased due to the synchronization of the fresh value, and the communication of a controller cannot be immediately recovered after the ECU is abnormally restarted and the BusOff is recovered.
SecOC is used mainly to authenticate sensitive information in the vehicle.
The data structure is shown as the following structural diagram: an authetic I-PDU is data that needs to be protected; the Authenticator is Authentication information (usually using a Message Authentication Code, MAC for short); secured I-PDU Header is an optional Header; freshness Value is an optional fresh Value.
In actual use, the fresh value and the MAC may use more length data to improve data security, but consume a large amount of resources such as bandwidth, and therefore, an interception manner is often used for balancing. Both the fresh value and the MAC are generated as full values, but only a portion is intercepted at the time of transmission and authentication.
Referring to fig. 1, a schematic diagram of a SecOC-master multiple-slave fresh value management communication mode, a method for managing in-vehicle message authentication fresh values, applied to a master node, includes:
step A: the main node periodically sends a fresh value synchronization message to each bus;
and B: the main node immediately updates a corresponding fresh value after finding that the bus BusOff is recovered;
and C: and B, when the master node updates the fresh value of the bus in the step B, synchronously sending the latest fresh value to other buses connected with the master node.
The invention also provides a management method of the in-vehicle message authentication fresh value, which is applied to the slave node and comprises the following steps:
step a: the slave node receives a fresh value synchronization message sent by the master node;
step b: when the slave node is abnormally restarted or BussOff is recovered, the slave node sends a synchronous message request message to the master node;
step c: and the slave node receives the updated fresh value synchronization message sent by the master node.
The invention also provides a management system for the in-vehicle message authentication fresh value, which comprises the following steps:
the master node fresh value sending module is used for periodically sending fresh value synchronous messages to each bus;
the main node fresh value updating module is used for immediately updating a corresponding fresh value after the bus BussOff is found to be recovered;
the master node fresh value synchronous updating module is used for synchronously sending the latest fresh value to other buses which are connected with the master node and do not update the fresh value;
the slave node fresh value receiving module is used for receiving a fresh value synchronization message sent by the master node;
the slave node request module is used for sending a synchronous message request message to the master node when the slave node is abnormally restarted or the BusOff is recovered;
and the slave node updating fresh value receiving module is used for receiving the updating fresh value synchronization message sent by the master node when the master node receives the synchronization message request of the slave node.
In the present embodiment, it is preferred that,
the master node is CGW, and the slave node is ECU.
Referring to fig. 2, a schematic diagram of an in-vehicle communication architecture is shown, in which a plurality of ECUs, which may be a transmitting node and a receiving node, are located in a vehicle, and are both considered as slave nodes, and a CGW is a master node.
Normally, the CGW (central gateway) 211 transmits the sync message syncsg 231 immediately after the initialization is completed, and thereafter, transmits the sync message syncsg 231 at a fixed period, which may be several seconds or several tens of seconds, and increments a reset counter. The whole vehicle can share one synchronous message SynMsg or a plurality of synchronous messages SynMsg divided according to functional domains, and the quantity is flexibly distributed.
In an abnormal situation, when the CGW (central gateway) 221 detects that bus off occurs on a certain bus or receives a synchronization message request message SynReqMsg232 sent from a node, the reset counter of the corresponding synchronization message should be immediately incremented by 1, and the incremented value is used to construct a synchronization message SynMsg231 for immediate sending.
After the initialization is completed or the bus is restored, the slave node should immediately and actively send a synchronization message request message 232 to the master node to request the master node to send a corresponding synchronization message syncsg 231.
The invention is suitable for SecOC communication of the whole vehicle, reduces bus load as much as possible, can process abnormal recovery in time and can ensure that the ECU can recover normal communication quickly.
As shown in fig. 1, the fresh value synchronization management implements sync message transmission and reception in a one-master-multi-slave communication mode, and the sending node 221 and the receiving node 222 serve as slave nodes 22 to receive the sync message 23 sent by the master node 21, thereby implementing fresh value synchronization. The detailed working principle of SecOC should be clearly understood for a clearer understanding of the present invention.
Referring to fig. 3, for a schematic diagram of a security packet construction, when the sending node 221 sends a security PDU109, the PDU101 is submitted to the SecOC to complete the security packet construction, and then the security PDU109 is sent out. Constructing a SecOC safety message, firstly splicing a DataID102, a PDU101 and a fresh value 103 in sequence, and transmitting the spliced DataID, PDU and fresh value into a MAC generator 105 to generate a Message Authorization Code (MAC) 106; intercepting the fresh value 103 and the Message Authorization Code (MAC)106 according to the configured interception length to obtain a fresh value (interception) 107 and a MAC (interception) 108; finally, a fresh value (intercept) 107 and a MAC (intercept) 108 are sequentially added to the tail of the PDU101, the construction of a secure PDU109 is completed, and PduR is notified to transmit.
Referring to fig. 4, as a schematic diagram of security message authentication, when the receiving node 222 receives the security PDU109, it submits the security PDU109 to the SecOC to complete authentication, and then submits the PDU101 that passes the authentication to the upper layer (e.g., PduR). The SecOC safety message verification firstly extracts PDU101, a fresh value (interception) 107 and MAC (interception) 108 from a received safety PDU 109; then, a fresh value 103 of the security PDU109 is constructed, retrieved. Sequentially splicing the DataID102, the PDU101 and the fresh value 103, and transmitting the spliced DataID, the PDU and the fresh value into a MAC generator 105 to generate an authorization code (MAC') 110; then, intercepting (MAC ') according to the configured interception length to obtain an authorization code MAC' (interception) 111; and finally, comparing the MAC '(intercept) 111 with the MAC (intercept) 108, if the MAC' (intercept) and the MAC (intercept) are the same, the authentication is passed, and the PDU101 is used for informing the Pdu, otherwise, the authentication is regarded as failed, and an invalid message is discarded.
The invention has the advantages that: the invention sends the fresh value synchronization message to all buses through the master node, thereby maximally reducing the bus load; the invention immediately sends the request information of the fresh value synchronous message after the program of the slave node ECU is initialized or the bus off is recovered, the master node immediately updates the fresh value synchronous message, and the ECU can immediately participate in normal communication work after the slave node ECU is abnormally restarted and the bus off is recovered.
Claims (4)
1. The in-vehicle message authentication fresh value management method is applied to a main node and comprises the following steps:
step A: the main node periodically sends a fresh value synchronous message to each bus;
and B: the main node immediately updates a corresponding fresh value after finding that the bus BusOff is recovered;
and C: and B, when the master node updates the fresh value of the bus in the step B, synchronously sending the latest fresh value to other buses connected with the master node.
2. The in-vehicle message authentication fresh value management method is applied to a slave node and comprises the following steps:
step a: the slave node receives a fresh value synchronization message sent by the master node;
step b: when the slave node is abnormally restarted or BussOff is recovered, the slave node sends a synchronous message request message to the master node;
step c: and the slave node receives the updated fresh value synchronization message sent by the master node.
3. An in-vehicle message authentication freshness value management system, comprising:
the master node fresh value sending module is used for periodically sending fresh value synchronous messages to each bus;
the main node fresh value updating module is used for immediately updating a corresponding fresh value after the bus BussOff is found to be recovered;
the master node fresh value synchronous updating module is used for synchronously sending the latest fresh value to other buses which are connected with the master node and do not update the fresh value;
the slave node fresh value receiving module is used for receiving a fresh value synchronization message sent by the master node;
the slave node request module is used for sending a synchronous message request message to the master node when the slave node is abnormally restarted or the BusOff is recovered;
and the slave node update fresh value receiving module is used for receiving the updated fresh value synchronization message sent by the master node when the master node receives the synchronization message request of the slave node.
4. The in-vehicle message authentication freshness value management system according to claim 3,
the master node is CGW, and the slave node is ECU.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110697538.2A CN113472620A (en) | 2021-06-23 | 2021-06-23 | Management method and system for in-vehicle message authentication fresh value |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110697538.2A CN113472620A (en) | 2021-06-23 | 2021-06-23 | Management method and system for in-vehicle message authentication fresh value |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113472620A true CN113472620A (en) | 2021-10-01 |
Family
ID=77869277
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110697538.2A Pending CN113472620A (en) | 2021-06-23 | 2021-06-23 | Management method and system for in-vehicle message authentication fresh value |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113472620A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115190578A (en) * | 2022-07-19 | 2022-10-14 | 北京汽车研究总院有限公司 | Information updating method and device in vehicle-mounted communication |
| CN116232662A (en) * | 2022-12-26 | 2023-06-06 | 广东为辰信息科技有限公司 | Counter master-slave turnover processing method for safety communication in vehicle |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150082096A1 (en) * | 2013-09-16 | 2015-03-19 | GM Global Technology Operations LLC | Method and apparatus for fault detection n a controller area network |
| US20170026198A1 (en) * | 2014-03-10 | 2017-01-26 | Toyota Jidosha Kabushiki Kaisha | Communication device, communication method, and communication system |
| CN111273636A (en) * | 2020-01-19 | 2020-06-12 | 湖北三江航天红峰控制有限公司 | Method for processing power-on error frame of CAN bus |
| CN111917619A (en) * | 2020-07-29 | 2020-11-10 | 华人运通(江苏)技术有限公司 | Communication method, communication device, electronic equipment and readable storage medium |
| CN112673656A (en) * | 2020-08-13 | 2021-04-16 | 华为技术有限公司 | Vehicle-mounted network secure communication method, device and equipment |
| CN112688845A (en) * | 2020-12-23 | 2021-04-20 | 北京天融信网络安全技术有限公司 | Communication method and device of vehicle-mounted CAN network |
| CN112994898A (en) * | 2021-04-08 | 2021-06-18 | 北京邮电大学 | Vehicle intranet communication safety authentication method and device |
-
2021
- 2021-06-23 CN CN202110697538.2A patent/CN113472620A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150082096A1 (en) * | 2013-09-16 | 2015-03-19 | GM Global Technology Operations LLC | Method and apparatus for fault detection n a controller area network |
| US20170026198A1 (en) * | 2014-03-10 | 2017-01-26 | Toyota Jidosha Kabushiki Kaisha | Communication device, communication method, and communication system |
| CN111273636A (en) * | 2020-01-19 | 2020-06-12 | 湖北三江航天红峰控制有限公司 | Method for processing power-on error frame of CAN bus |
| CN111917619A (en) * | 2020-07-29 | 2020-11-10 | 华人运通(江苏)技术有限公司 | Communication method, communication device, electronic equipment and readable storage medium |
| CN112673656A (en) * | 2020-08-13 | 2021-04-16 | 华为技术有限公司 | Vehicle-mounted network secure communication method, device and equipment |
| CN112688845A (en) * | 2020-12-23 | 2021-04-20 | 北京天融信网络安全技术有限公司 | Communication method and device of vehicle-mounted CAN network |
| CN112994898A (en) * | 2021-04-08 | 2021-06-18 | 北京邮电大学 | Vehicle intranet communication safety authentication method and device |
Non-Patent Citations (1)
| Title |
|---|
| 吴志红等: ""AUTOSAR规范下安全车载通信技术的研究与实现"", 《通信技术》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115190578A (en) * | 2022-07-19 | 2022-10-14 | 北京汽车研究总院有限公司 | Information updating method and device in vehicle-mounted communication |
| CN115190578B (en) * | 2022-07-19 | 2023-10-24 | 北京汽车研究总院有限公司 | Information updating method and device in vehicle-mounted communication |
| CN116232662A (en) * | 2022-12-26 | 2023-06-06 | 广东为辰信息科技有限公司 | Counter master-slave turnover processing method for safety communication in vehicle |
| CN116232662B (en) * | 2022-12-26 | 2024-03-29 | 广东为辰信息科技有限公司 | Counter master-slave turnover processing method for safety communication in vehicle |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10965450B2 (en) | In-vehicle networking | |
| US10735435B2 (en) | Communication system, management node, normal node, counter synchronization method, and storage medium | |
| US20180091525A1 (en) | On-vehicle communication system | |
| US11245535B2 (en) | Hash-chain based sender identification scheme | |
| Wolf et al. | Security in automotive bus systems | |
| EP3618361B1 (en) | Vehicle system and key distribution method | |
| US10735206B2 (en) | Securing information exchanged between internal and external entities of connected vehicles | |
| CN113472620A (en) | Management method and system for in-vehicle message authentication fresh value | |
| CN108023730B (en) | Communication system and communication method | |
| US20110188654A1 (en) | Communication terminal using a temporary network key for assembling a secure communication frame | |
| US20010054158A1 (en) | Computer systems, in particular virtual private networks | |
| KR102450811B1 (en) | System for key control for in-vehicle network | |
| CN111049803A (en) | Data encryption and platform security access method based on vehicle-mounted CAN bus communication system | |
| CN111077883A (en) | Vehicle-mounted network safety protection method and device based on CAN bus | |
| CN112688845A (en) | Communication method and device of vehicle-mounted CAN network | |
| CN112347023A (en) | Security module for CAN node | |
| US20240179137A1 (en) | Control apparatus, in-vehicle communication system, communication control method and program | |
| WO2021122778A1 (en) | Method for securing the time synchronization of an ethernet on-board network | |
| CN113037759B (en) | Freshness value management method and device adaptive to automotive electronic architecture (AUTOSAR) | |
| US20180219873A1 (en) | Communication system, count value synchronization method, and count value synchronization program product | |
| US11438192B2 (en) | Managed switch with physically distributed ports | |
| Khemissa et al. | Centralized architecture for ECU security management in connected and autonomous vehicles | |
| JP7016783B2 (en) | Information processing equipment, management equipment | |
| Wang et al. | Anomaly information detection and fault tolerance control method for CAN-FD bus network | |
| JP2020137009A (en) | Network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211001 |
|
| RJ01 | Rejection of invention patent application after publication |