CN113595717B - ECB mode packet encryption method and decryption method, control device and vehicle - Google Patents

ECB mode packet encryption method and decryption method, control device and vehicle Download PDF

Info

Publication number
CN113595717B
CN113595717B CN202010366905.6A CN202010366905A CN113595717B CN 113595717 B CN113595717 B CN 113595717B CN 202010366905 A CN202010366905 A CN 202010366905A CN 113595717 B CN113595717 B CN 113595717B
Authority
CN
China
Prior art keywords
replacement
vector
encryption
decryption
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010366905.6A
Other languages
Chinese (zh)
Other versions
CN113595717A (en
Inventor
张清亮
秦帅
熊洪斌
彭邦煌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BYD Co Ltd
Original Assignee
BYD Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BYD Co Ltd filed Critical BYD Co Ltd
Priority to CN202010366905.6A priority Critical patent/CN113595717B/en
Publication of CN113595717A publication Critical patent/CN113595717A/en
Application granted granted Critical
Publication of CN113595717B publication Critical patent/CN113595717B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms

Abstract

The invention discloses an ECB mode packet encryption method and a decryption method, a control device and a vehicle, wherein the ECB mode packet encryption method comprises the following steps: replacing the initialization vector according to a vector replacement table to obtain a first block encryption replacement vector, wherein the vector replacement table is a table for storing the corresponding replacement relation between the original vector and the replacement vector; and (3) performing iteration: replacing the N-th block encryption replacement vector according to the vector replacement table to obtain an n+1-th block encryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of plaintext blocks of plaintext to be encrypted; and performing exclusive-or operation according to each plaintext block and the corresponding block encryption substitution vector, and encrypting the exclusive-or operation result to obtain each ciphertext block. The ECB mode encryption and decryption method is simple to realize, has high encryption and decryption speed, can resist replay attack and can not solve the problem of repeated ciphertext caused by repeated plaintext.

Description

ECB mode packet encryption method and decryption method, control device and vehicle
Technical Field
The present invention relates to the field of vehicles, and in particular, to an ECB mode packet encryption method, and ECB mode packet decryption method, control device, and vehicle.
Background
With the development of advanced driving assistance, domain controllers and automatic driving, the vehicle is more and more intelligent, networked and integrated. The amount of data on the bus is increasing, and some networks use a maximum of 64 bytes of CAN FD (CAN with Flexible Data-Rate) for communication. The vehicle control devices communicate with each other through the bus, and any node accessing the bus can receive messages on the bus and send the messages to the bus according to the mechanism of the bus. If no encryption measures are provided, an attacker can even simulate sending messages for controlling functions of vehicle torque, steering, starting and stopping, and the like, and the running of the vehicle is influenced and even traffic accidents are caused. Encryption of the on-board bus is therefore becoming increasingly important.
The encryption methods commonly used at present are mainly classified into symmetric encryption and asymmetric encryption, and the symmetric encryption can be classified into two kinds of packet encryption and stream encryption. Packet encryption is a type of encryption algorithm that can only process a block of data of a specific length at a time, where a block is called a packet and the number of bits of a packet is called the packet length. If the length of plaintext to be encrypted exceeds the packet length of the packet encryption, then the packet encryption algorithm needs to be iterated in a particular pattern to encrypt a long length of plaintext in its entirety. The modes of the block encryption iteration mainly include five modes, namely an ECB (Electronic Codebook, codebook) mode, a CBC (Cipher Block Chaining ) mode, a CFB (Cipher text feedback) mode, an OFB (Output Feed Back) mode and a CTR (Counter) mode. Each of these modes has various characteristics. The ECB mode cannot resist replay attack and repeated plaintext can lead to repeated ciphertext, so that the ECB mode is easy to attack and decipher, and data security risks exist.
An improved block encryption ECB scheme is disclosed in the related art that uses an input cipher, a random number, a series of SHA encryption to generate encryption keys for each block and delete the input cipher and random number, while generating keys for the next round of encryption based on these keys. However, according to the disclosure, the input password and the random number for generating the two rounds of encryption keys are deleted immediately after being used up, so that the receiver is not aware of how to decrypt, and the scheme needs to perform multiple SHA (Secure Hash Algorithm ) encryption when generating the encryption keys, which is too large in calculation amount and low in encryption efficiency.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems existing in the prior art. Therefore, a first object of the present invention is to provide an ECB mode block encryption method, which is simple to implement, has a high encryption/decryption speed, can resist replay attack, and does not have the problem of repeated ciphertext caused by repeated plaintext.
A second object of the present invention is to propose a method for ECB mode packet decryption.
A third object of the present invention is to propose a non-transitory computer storage medium.
A fourth object of the present invention is to provide a control device.
A fifth object of the present invention is to propose a vehicle.
To achieve the above object, an ECB mode packet encryption method according to an embodiment of the first aspect of the present invention includes: replacing the initialization vector according to a vector replacement table to obtain a first block encryption replacement vector, wherein the vector replacement table is a table for storing the corresponding replacement relation between the original vector and the replacement vector; and (3) performing iteration: replacing the N-th block encryption replacement vector according to the vector replacement table to obtain an n+1-th block encryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of plaintext blocks of plaintext to be encrypted; and carrying out logic operation according to each plaintext block and the corresponding block encryption substitution vector, and encrypting the logic operation result to obtain each ciphertext block.
According to the ECB mode block encryption method provided by the embodiment of the invention, the block encryption replacement vector is replaced by the vector replacement table to obtain the next block encryption replacement vector, and the block encryption replacement vector corresponding to each plaintext block is different, so that different ciphertext blocks can be obtained even if plaintext blocks are the same, the decoding difficulty of transmission data is reduced, the data security is improved, the vector replacement table is simple, the encryption operation is carried out by the vector replacement table, compared with the process of carrying out multiple SHA encryption, the block encryption speed is greatly increased, and the vector replacement is simpler and faster in combination with ECM mode data encryption.
To achieve the above object, an ECB mode packet decryption method according to an embodiment of the second aspect of the present invention includes: acquiring an initialization vector and a ciphertext group; replacing the initialization vector according to a vector replacement table to obtain a first grouping decryption replacement vector, wherein the vector replacement table is a table for storing the corresponding replacement relation between an original vector and a replacement vector; and (3) performing iteration: replacing the nth group decryption replacement vector according to the vector replacement table to obtain an n+1th group decryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the ciphertext group number of ciphertext to be decrypted; and decrypting each ciphertext group, and carrying out logic operation on a decryption result and a corresponding group decryption substitution vector to obtain each plaintext group.
According to the packet decryption method provided by the embodiment of the invention, the parallel operation is supported by adopting the vector replacement table shared with encryption, and the decryption of the vector replacement combined with the ECM mode is simpler and faster.
An embodiment of the third aspect of the present invention further proposes a non-transitory computer storage medium having stored thereon a computer program, wherein the computer program, when executed, implements the ECB mode packet encryption method or the computer instructions, when executed by the processor, implement the ECB mode packet decryption method.
In order to achieve the above object, a fourth aspect of the present invention provides a control device, comprising: a processor; a memory communicatively coupled to the processor; the memory stores computer instructions executable by the processor, which when executed by the processor implement the ECB mode packet encryption method, or which when executed by the processor implement the ECB mode packet decryption method.
According to the control device provided by the embodiment of the invention, the ECB mode grouping encryption and decryption method is adopted, so that the safety and the transmission efficiency of data transmission can be improved.
In order to achieve the above object, a fifth aspect of the present invention provides a vehicle including a CAN (Controller Area Network ) bus and a plurality of the control devices, the plurality of the control devices communicating through the CAN bus.
According to the vehicle provided by the embodiment of the invention, the ECB mode packet encryption and decryption method of the embodiment is executed by the control device, so that the safety of CAN bus data transmission CAN be provided, the vehicle is prevented from being attacked, and the driving safety is improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the invention will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
fig. 1 (a) and (b) are schematic diagrams of an ECB mode encryption and decryption method in the related art;
FIG. 2 is a flow chart of an ECB mode packet encryption method in accordance with one embodiment of the present invention;
FIG. 3 is a schematic diagram of an ECB mode packet encryption process in accordance with one embodiment of the invention;
FIG. 4 is a flow chart of a method of ECB mode decryption according to one embodiment of the present invention;
FIG. 5 is a schematic diagram of an ECB mode decryption process according to one embodiment of the invention;
FIG. 6 is a schematic diagram of an ECB mode encryption and decryption application process in accordance with one embodiment of the present invention;
FIGS. 7 (a) and (b) are schematic diagrams of a CBC mode encryption and decryption process in the related art;
fig. 8 (a) and (b) are schematic diagrams of a CTR mode encryption and decryption process in the related art;
FIG. 9 is a block diagram of a control device according to one embodiment of the invention;
fig. 10 is a block diagram of a vehicle according to one embodiment of the invention.
Detailed Description
Embodiments of the present invention will be described in detail below, by way of example with reference to the accompanying drawings.
The ECB mode will be briefly described. Fig. 1 (a) and (b) are schematic diagrams of an ECB mode encryption and decryption process in the related art.
In the ECB mode, as shown in fig. 1 (a), the result after encryption of the plaintext block directly becomes the ciphertext block, and, as shown in fig. 1 (b), the ciphertext block is decrypted and then directly obtained as shown in fig. 1 (b). Therefore, if there are multiple identical plaintext packets in the plaintext, these plaintext packets will be converted into identical ciphertext packets, so it is easy to know what kind of repeated combinations exist in the plaintext, and this can be taken as a clue to decipher, so that the ECB mode has a data security risk.
And each plaintext block in the ECB mode is encrypted and decrypted independently of the other, which can change the order of the ciphertext blocks if an attacker is present. When the receiver decrypts the ciphertext, the order of the ciphertext blocks is changed, so is the order of the corresponding plaintext blocks obtained by the receiver, that is, the attacker can operate the plaintext without cracking.
In order to improve ECB mode and data security, the embodiment of the invention provides an encryption and decryption method based on combination of alternative encryption and ECB. An ECB mode packet encryption method according to an embodiment of the present invention is described below with reference to fig. 2 and 3.
Fig. 2 is an ECB mode packet encryption method according to an embodiment of the present invention, and as shown in fig. 2, the ECB mode packet encryption method according to an embodiment of the present invention includes at least steps S1 to S3, specifically as follows.
Step S1, replacing the initialization vector according to a vector replacement table to obtain a first block encryption replacement vector.
Specifically, each frame of plaintext to be transmitted is divided into a plurality of plaintext packets, and the number of bits of one packet is referred to as a packet length. The plaintext packet may refer to plaintext as an encryption object in a packet encryption algorithm, whose length is equal to the packet length of the packet encryption algorithm; ciphertext block refers to ciphertext generated after encrypting a plaintext block using a block encryption algorithm.
In an embodiment, each time encryption is performed, a bit sequence with a packet length is randomly generated and called an initialization vector, and the initialization vector corresponding to each frame of data is different, so that ciphertext obtained when plaintext is the same is also different.
The vector replacement table may be understood as a table for storing correspondence between the original vector and the replacement vector, for example, the vector replacement table may be a table of correspondence between characters before and after replacement, that is, a character replacement table, a correspondence table of vector position replacement within a group, that is, a position replacement table, or a table of classical passwords such as a Vigene password. The vector substitution tables are randomly generated and respectively provided for the sender and the receiver to be shared, and for vehicles, different vector substitution tables can be written in different vehicles so as to improve the safety.
The purpose of using the vector replacement table is that a plurality of different packet replacement vectors can be generated from the initialization vector, and if the vector replacement table is not known, the replacement vector of each packet cannot be obtained from the initialization vector, so that the data security can be improved.
As shown in fig. 3, when encryption is performed, the initialization vector is replaced according to a vector replacement table shared by a sender and a receiver to obtain a first packet encryption replacement vector, for example, the packet 1 encryption replacement vector in fig. 3.
Step S2, iteratively executing: replacing the N-th block encryption replacement vector according to a vector replacement table to obtain an n+1-th block encryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of plaintext blocks of plaintext to be encrypted;
when the length of plaintext to be encrypted exceeds the packet length of the packet encryption, the packet encryption algorithm needs to be iterated by adopting a specific mode so as to encrypt all the plaintext with a longer frame.
In the embodiment of the present invention, the former block encryption replacement vector is replaced according to the vector replacement table to obtain a block encryption replacement vector, as shown in fig. 3, the block 1 encryption replacement vector is replaced according to the vector replacement table to obtain a block 2 encryption replacement vector, and the block 2 encryption replacement vector is replaced according to the vector replacement table to obtain a block 3 encryption replacement vector, so that each plaintext block is iterated to obtain a respective block encryption replacement vector.
The former block encryption replacement vector is taken as output to obtain a block encryption replacement vector, and the block encryption replacement vector of each plaintext block is different, so that even the same plaintext block is not generated, the transmission data rule is not easy to find, the data decoding difficulty is improved, and the data transmission is safer.
And step S3, carrying out logic operation according to each plaintext block and the corresponding block encryption substitution vector, and encrypting the logic operation result to obtain each ciphertext block.
As shown in fig. 3, when encryption is performed, the plaintext block is xored with the block encryption replacement vector of the plaintext block, and the ciphertext block is obtained as the encryption input as a result of the xored operation.
According to the ECB mode block encryption method provided by the embodiment of the invention, the block encryption replacement vector is replaced by the vector replacement table to obtain the next block encryption replacement vector, and the block encryption replacement vector corresponding to each plaintext block is different, so that different ciphertext blocks can be obtained even if plaintext blocks are the same, the decoding difficulty of transmission data is reduced, the data security is improved, and the vector replacement table is adopted for encryption operation, so that compared with the process of carrying out SHA encryption for a plurality of times, the block encryption speed is greatly increased, and the combination of vector replacement and ECM mode encryption is simpler and faster.
In some embodiments, where the vector replacement table includes a character replacement table for storing replacement relations between original characters and replacement characters, the process of obtaining the block encrypted replacement vector may include: inquiring a character replacement table according to each original character in the nth group encryption replacement vector to obtain a replacement character corresponding to each original character in the nth group encryption replacement vector; and replacing each original character in the n-th block encryption replacement vector with a corresponding replacement character to obtain an n+1-th block encryption replacement vector.
The character substitution table may be a vector substitution table of a substitution relationship between original characters with preset lengths and substitution characters, which are randomly generated. For example, table 1 below is a 4-bit character substitution table for one embodiment, for example, when the packet length is 128 bits (16 bytes), the initialization vector is: 66 1F 98 CD 37 A3 8B 4B 00 00 00 00 00 00 00 01, the packet 1 encryption replacement vector is: FF AC 47 E9 86 B8 71 D1 22 22 22 22 22 22 22 2A; lease 2 encryption substitution vector is: CC BE D6 54 7F 17 6A 9A 00 00 00 00 00 00 00 0B; with this iteration, a block encryption replacement vector corresponding to each plaintext block is obtained.
TABLE 1
Replacing a pre-character Character after replacement Replacing a pre-character Character after replacement
0 2 8 7
1 A 9 4
2 0 A B
3 8 B 1
4 D C E
5 3 D 9
6 F E 5
7 6 F C
Further, when the substitution is performed in units of 4 bits, the value of each 4 bits of the initialization vector becomes its initial value after at most 16 times of substitution, and different cycles are formed according to table 1. Assuming that the initial value is 0, the 1 st replacement becomes 2, and the 2 nd replacement becomes 0 again, that is, the replacement twice becomes the initial value; assuming that the initial value is 1, the 1 st replacement becomes a, the 2 nd replacement becomes B, and the 3 rd replacement becomes 1 again, that is, the three replacements become initial values. Whenever the number of substitutions is a common multiple of all the cycles, the obtained substitution vector will be equal to its initial value. Therefore, when the number of groups is too large, the character substitution table may be generated in units of bytes to avoid the same plaintext from generating the same ciphertext due to the occurrence of the same group substitution vector.
In other embodiments, the vector replacement table may be a location replacement table for storing a replacement relationship between an original location of the unit vector and a replacement location, and the process of obtaining the block encryption replacement vector may include: inquiring a position replacement table according to the original position of each unit vector in the nth group encryption replacement vector to determine a replacement position corresponding to each unit vector in the nth group encryption replacement vector; and exchanging the unit vector of each original position in the n-th block encryption replacement vector to a corresponding replacement position to obtain an n+1-th block encryption replacement vector.
The position replacement table may be a vector replacement table of a corresponding replacement relationship between an original position and a replacement position of a unit vector with a preset length, which is randomly generated. For example, table 2 below is a random position replacement table for one embodiment, for example, when the packet length is 128 bits (16 bytes), for convenience of description, the replacement is performed in bytes, and as shown in table 2, the initialization vector is set as: 66 1F 98 CD 37 A3 8B 4B 00 00 00 00 00 00 00 01, the packet 1 encryption replacement vector is CD 00 98 A3 00 66 00 00 8B 00 4B 37 00 1F 01 00, and the packet 2 encryption replacement vector is: a3 8B 98 66 1F CD 37 01 00 00 00 00 00 00 00 4B, with this iteration, the block encryption replacement vector corresponding to each plaintext block is obtained.
TABLE 2
Further, when the replacement is performed a certain number of times, the obtained replacement vector is equal to the initialization vector. For example, the replacement table of table 2 obtains a replacement vector equal to the initialization vector after 12 times of replacement. Therefore, when the number of packets is too large, the place-shifting table may be generated in units of bytes to avoid the same plaintext from generating the same ciphertext due to the occurrence of the same packet-shifting vector.
In some embodiments, a key management device, such as an on-board control unit or a separately provided management module, randomly scrambles the correspondence between the original vector and the replacement vector in the original vector replacement table, generates a new vector replacement table, and distributes the scrambled vector replacement table to the sender and the receiver.
For example, table 1 is used as the original vector replacement table, the character before replacement is the original vector, the character after replacement is the replacement vector, the key management module randomly breaks up the arrangement sequence of the character after replacement, or the key management module randomly breaks up the arrangement sequence of the character after replacement in table 2 as the original vector replacement table, then the vector replacement relation between the original vector and the replacement vector in the original vector replacement table is randomly adjusted, a new vector replacement table is generated, the vector replacement table is sent to the sender, and each block encryption replacement vector can be obtained based on the vector replacement table when the sender encrypts.
Because the vector replacement table is obtained by randomly adjusting the corresponding relation between the original vector and the replacement vector, an attacker cannot easily decode the vector replacement table, the difficulty of obtaining the vector replacement table can be further improved, and the safety of data transmission is improved.
In some embodiments, the vector replacement table may be updated periodically, for example, a management terminal such as a key management module may again randomly generate a new vector replacement table and key every week or every month and share it to both the sender and receiver of the communication after asymmetric encryption. The receiving side and the transmitting side receive the vector replacement table generated after the corresponding replacement relation between the original vector and the replacement vector is randomly adjusted, and update the existing vector replacement table according to the new vector replacement table. By updating the vector replacement table periodically or untimely, the difficulty of obtaining the vector replacement table can be further improved, and the safety of data transmission can be improved.
In the embodiment of the invention, the sender and the receiver share the vector substitution table, the sender encrypts the data to be sent in the above manner, then sends the initialization vector and the ciphertext, and the receiver decrypts the ciphertext after receiving the ciphertext to obtain the final plaintext. An ECB mode packet decryption method according to an embodiment of the present invention is described below with reference to fig. 4 and 5.
The packet decryption method in the embodiment of the invention corresponds to the encryption method, and is an ECB mode for replacing based on a vector replacement table. Fig. 4 is a flowchart of an ECB mode packet decryption method according to an embodiment of the present invention, and as shown in fig. 4, the ECB mode packet decryption method according to an embodiment of the present invention includes at least steps S100 to S130.
S100, obtaining an initialization vector and a ciphertext block.
Specifically, after encrypting plaintext data to be transmitted, a sender transmits a corresponding initialization vector and an encrypted ciphertext to a receiver. For example, the control unit of the vehicle may obtain the initialization vector and the encrypted ciphertext transmitted by the sender through the CAN bus of the vehicle.
S110, replacing the initialization vector according to the vector replacement table to obtain a first packet decryption replacement vector.
The vector replacement table is a table for storing the corresponding replacement relation between the original vector and the replacement vector. The sender and the receiver share the vector substitution table, so that the same vector substitution table is used as the encryption at the time of decryption, for example, the vector substitution table may be a character substitution table as shown in table 1 or a position substitution table as shown in table 2, and the substitution rule is the same as the encryption. Fig. 5 is a schematic diagram of an ECB mode packet decryption method according to an embodiment of the present invention, and as shown in fig. 5, the initialization vector is replaced according to a vector replacement table to obtain a packet 1 decryption replacement vector.
S120, performing iteration: the nth packet decryption replacement vector is replaced according to the vector replacement table to obtain an n+1th packet decryption replacement vector.
The ciphertext grouping corresponds to the plaintext grouping, and the grouping number and the grouping length of the ciphertext grouping and the plaintext grouping are the same. For example, the number of plaintext blocks and ciphertext blocks is set to N, 1.ltoreq.n.ltoreq.N, and the block decryption replacement vector for each ciphertext block is obtained by iteration of vector replacement, and each block decryption replacement vector is different. For example, as shown in fig. 5, the packet 1 replacement vector is a vector before the replacement of the packet 2 decryption replacement vector, and the packet 2 decryption replacement vector is a vector before the replacement of the packet 3 decryption replacement vector, so that each replacement vector is different.
S130, decrypting each ciphertext block, and carrying out logic operation on the decryption result and the corresponding block decryption replacement vector to obtain each plaintext block.
For example, as shown in fig. 5, the result of decrypting the ciphertext block is exclusive-ored with the replacement vector of the block, thereby obtaining a plaintext block.
According to the packet decryption method provided by the embodiment of the invention, the parallel operation is supported by adopting the vector replacement table shared with encryption, and the decryption of the vector replacement combined with the ECM mode is simpler and faster.
As with the vector replacement procedure in the block encryption method, in some embodiments, the vector replacement table includes a character replacement table, such as table 1, for storing the correspondence between original characters and replacement characters, and the character replacement table is queried according to each original character in the nth block decryption replacement vector to obtain a replacement character corresponding to each original character in the nth block encryption replacement vector; each original character in the n-th packet decryption replacement vector is replaced with a corresponding replacement character to obtain an n+1-th packet decryption replacement vector, and an example of an encryption process using a character replacement table may be referred to. For example, the vector replacement table may be a randomly generated vector replacement table with a replacement relationship between original characters and replacement characters of a preset length, for example, table 1 above is a character replacement table with 4 bits as a unit.
In other embodiments, the vector replacement table includes a location replacement table for storing a replacement relationship between an original location of the unit vector and a replacement location, and the location replacement table is queried according to the original location of the unit vector in the nth packet decryption replacement vector to determine a replacement location corresponding to each unit vector in the nth packet decryption replacement vector; the unit vector of each original position in the nth packet decryption replacement vector is switched to the corresponding replacement position to obtain the (n+1) th packet decryption replacement vector, and an example of the encryption process using the position replacement table may be referred to. For example, the vector replacement table may be a vector replacement table in which the original position and the replacement position are obtained by randomly generating unit vectors of a predetermined length, and the above table 2 is a random position replacement table.
In other embodiments, a key management device, such as an onboard control unit or an independently configured management module, randomly randomizes the correspondence between the original vector and the replacement vector in the original vector replacement table, generates a new vector replacement table, and distributes the shuffled vector replacement table to the sender and the receiver. Because the vector replacement table is obtained by randomly adjusting the corresponding relation between the original vector and the replacement vector, an attacker cannot easily decode the vector replacement table, the difficulty of obtaining the vector replacement table can be further improved, and the safety of data transmission is improved.
Similarly, the sender and the receiver share the vector replacement table, the receiver can update the vector replacement table, the receiver receives a new vector replacement table generated after randomly adjusting the corresponding replacement relation between the original vector and the replacement vector, and updates the vector replacement table according to the new vector replacement table, and the safety of data transmission can be further improved by updating the vector replacement table periodically or irregularly.
Fig. 6 is a schematic diagram of an ECB mode packet encryption and decryption application according to one embodiment of the present invention, as shown in fig. 6, where the key management module uses asymmetric encryption to transmit a random vector replacement table and a key to the sender and receiver of the communication. Since the writing of the random vector replacement table and the secret key does not need to ensure the real-time performance, the security of the random vector replacement table and the secret key can be ensured by using a non-heap encryption method such as RAS and the like. In order to further ensure the security of the key, the key management module may perform authentication with both parties of the communication before writing the random vector replacement table and the key. Alternatively, the key management module may be used to generate the vector replacement table and the key again every week or every month, and then the vector replacement table and the key may be asymmetrically encrypted and shared with both parties in communication. During normal communication, the sender replaces plaintext with ciphertext according to the shared vector replacement table and the secret key by using the block encryption method of the embodiment, and sends the ciphertext, and the receiver restores the plaintext by combining the shared vector replacement table and the secret key after receiving the ciphertext and the block decryption method according to the embodiment, so that safe transmission of data is realized.
The ECB mode group encryption or decryption method of the embodiment of the invention can avoid the problem that the ciphertext groups are the same when the plaintext groups are the same in the conventional ECB mode because the group replacement vectors are different, so that the data transmission is not easy to attack and safer, and is also superior to the CBC mode and the CTR mode.
Fig. 7 (a) and (b) are schematic diagrams of a CBC mode packet encryption and decryption process in the related art, and as shown in fig. 7, ciphertext packets in the CBC mode are connected to each other like a chain. In CBC mode, a plaintext block is first xored with a previous ciphertext block and then encrypted. As shown in fig. 7 (a), in the encryption, a ciphertext block is obtained as an input of encryption by xoring a plaintext block with a previous ciphertext block; as shown in fig. 7 (b), in decryption, the result after decryption of the ciphertext block is exclusive-ored with the previous ciphertext block to obtain a plaintext block. In the CBC mode, since the ciphertext block obtained by the previous encryption is to be used as an input for the next encryption, a plurality of block encryptions cannot be performed at the same time, and the encryption speed is slow.
However, the ECB mode packet encryption method and the ECB mode packet decryption method according to the embodiments of the present invention support parallel computation because each packet replacement vector is very simple, and the operation speed is much faster than that of the CBC mode.
Fig. 8 (a) and (b) are schematic diagrams of encryption and decryption processes in CRT mode in the related art, as shown in fig. 8, in CTR mode, as shown in fig. 8 (a), when encrypting, the result of encrypting the counter value of each packet is xored with a plaintext packet to obtain a ciphertext packet; as shown in fig. 8 (b), in decryption, the result of the encryption of the counter value of each block is exclusive-ored with the ciphertext block to obtain a plaintext block. The counter value length is the same as the packet length and consists of an initial value and a packet sequence number. Each encryption randomly generates a different initial value and the packet sequence numbers are gradually accumulated with the packets. However, when an attacker inverts some bits in the ciphertext block, the corresponding bits in the plaintext block are also inverted and are easily manipulated, which is not particularly secure.
However, in the ECB mode packet encryption and decryption method of the embodiment of the present invention, since the output is the result of packet encryption, the defect that the ciphertext is flipped and the corresponding plaintext is flipped is avoided, and the data transmission is safe.
In summary, the ECB mode packet encryption and decryption method of the embodiment of the present invention has the advantages of simplicity, rapidness, and parallel operation support for encryption and decryption of the common ECB mode, and can avoid the disadvantages that the common ECB mode cannot withstand replay attack and the repeated plaintext causes the repeated ciphertext, and can greatly accelerate the packet encryption speed while ensuring the data security. Therefore, the ECB mode grouping encryption and decryption method provided by the embodiment of the invention is superior to the existing ECB mode, CBC mode and CTR mode, and has great significance.
The embodiment of the present invention also proposes a non-transitory computer storage medium having stored thereon a computer program, characterized in that the computer program, when executed, implements the ECB mode packet encryption method of the above embodiment, or the computer instructions, when executed by the processor, implement the ECB mode packet decryption method of the above embodiment.
Based on the ECB-mode packet encryption method and the ECB-mode packet decryption method of the above embodiments, a control apparatus according to an embodiment of the present invention is described below.
Fig. 9 is a block diagram of a control apparatus according to an embodiment of the present invention, and as shown in fig. 9, a control apparatus 10 of an embodiment of the present invention includes a processor 11 and a memory 12 communicatively connected to the processor 11; the memory 12 stores therein computer instructions executable by the processor 11, which when executed by the processor 11 implement the ECB mode packet encryption method of the above embodiment, or which when executed by the processor 11 implement the ECB mode packet decryption method of the above embodiment.
According to the control device 10 of the embodiment of the present invention, by adopting the ECB mode packet encryption and decryption method of the above embodiment, the security and transmission efficiency of data transmission can be improved.
The embodiment of the present invention also proposes a vehicle, as shown in fig. 10, in which a vehicle 100 of the embodiment of the present invention includes a CAN bus 20 and a plurality of the control devices 10 of the above embodiments, the plurality of control devices 10 communicating through the CAN bus 20.
In an embodiment, the control device 10 may be a receiving party in the communication network or a transmitting party, for example, a plurality of control devices 10 are connected to a node of the vehicle CAN bus 20, each control device 10 may send or receive related data through the CAN bus 20, and if no encryption measures are provided, an attacker may even send a message for controlling functions of vehicle torque, steering, start-stop, etc., so as to affect the operation of the vehicle 100 or even cause a traffic accident. The control device 10 according to the embodiment of the present invention encrypts the transmission data by using the encryption and decryption method according to the above embodiment, so as to improve the security and transmission speed of data transmission, prevent the attacker from controlling the vehicle, and improve the driving security.
According to the vehicle 100 of the embodiment of the present invention, the control device 10 executes the ECB mode packet encryption and decryption method of the above embodiment, so as to provide the safety of the CAN bus data transmission, prevent the vehicle 100 from being attacked, and improve the driving safety.
In the description of the present specification, reference to the terms "one embodiment," "some embodiments," "illustrative embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: many changes, modifications, substitutions and variations may be made to the embodiments without departing from the spirit and principles of the invention, the scope of which is defined by the claims and their equivalents.

Claims (13)

1. An ECB mode packet encryption method, comprising:
replacing an initialization vector according to a vector replacement table to obtain a first block encryption replacement vector, wherein each encryption is performed, a bit sequence with a block length is randomly generated to serve as the initialization vector, the initialization vector corresponding to each frame of data is different, the vector replacement table is a table for storing a replacement relation corresponding to an original vector and a replacement vector, and the vector replacement table is randomly generated;
and (3) performing iteration: replacing the N-th block encryption replacement vector according to the vector replacement table to obtain an n+1-th block encryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of plaintext blocks of plaintext to be encrypted;
and carrying out logic operation according to each plaintext block and the corresponding block encryption substitution vector, and encrypting the logic operation result to obtain each ciphertext block.
2. The ECB-mode packet encryption method according to claim 1, characterized in that the vector replacement table includes a character replacement table for storing a replacement relationship of original characters and replacement characters, the replacing the nth packet encryption replacement vector according to the vector replacement table to obtain the (n+1) th packet encryption replacement vector includes:
inquiring the character replacement table according to each original character in the nth group encryption replacement vector to obtain a replacement character corresponding to each original character in the nth group encryption replacement vector;
and replacing each original character in the n-th block encryption replacement vector with the corresponding replacement character to obtain the n+1-th block encryption replacement vector.
3. The ECB-mode packet encryption method according to claim 1, characterized in that the vector replacement table includes a position replacement table for storing a replacement relationship of an original position of a unit vector and a replacement position, the replacing the nth packet encryption replacement vector according to the vector replacement table to obtain the (n+1) th packet encryption replacement vector includes:
inquiring the position replacement table according to the original position of each unit vector in the nth block encryption replacement vector to determine the replacement position corresponding to each unit vector in the nth block encryption replacement vector;
and exchanging the unit vector of each original position in the n-th block encryption replacement vector to a corresponding replacement position to obtain the n+1-th block encryption replacement vector.
4. An ECB mode packet encryption method as claimed in claim 2 or 3, characterized in that,
the character replacement table is a vector replacement table of a corresponding replacement relation between original characters with preset lengths and replacement characters which are randomly generated;
the position replacement table is a vector replacement table of a corresponding replacement relation between the original position and the replacement position of the unit vector with the preset length which is randomly generated.
5. An ECB mode packet encryption method according to any one of claims 1 to 3, characterized in that the packet encryption method further comprises:
receiving a new vector replacement table generated after randomly adjusting the corresponding replacement relation between the original vector and the replacement vector;
and updating the vector replacement table according to the new vector replacement table.
6. An ECB mode packet decryption method, comprising:
acquiring an initialization vector and a ciphertext group, wherein each time of encryption, a bit sequence with a group length is randomly generated to be used as the initialization vector, and the initialization vector corresponding to each frame of data is different;
replacing the initialization vector according to a vector replacement table to obtain a first grouping decryption replacement vector, wherein the vector replacement table is a table for storing the corresponding replacement relation between an original vector and a replacement vector, and the vector replacement table is randomly generated;
and (3) performing iteration: replacing the nth group decryption replacement vector according to the vector replacement table to obtain an n+1th group decryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the ciphertext group number of ciphertext to be decrypted;
and decrypting each ciphertext group, and carrying out logic operation on a decryption result and a corresponding group decryption substitution vector to obtain each plaintext group.
7. The ECB-mode packet decryption method according to claim 6, wherein the vector replacement table includes a character replacement table for storing a correspondence between original characters and replacement characters, the replacing the nth packet decryption replacement vector according to the vector replacement table to obtain the (n+1) th packet decryption replacement vector, comprising:
inquiring the character replacement table according to each original character in the nth group decryption replacement vector to obtain a replacement character corresponding to each original character in the nth group encryption replacement vector;
and replacing each original character in the nth packet decryption replacement vector with the corresponding replacement character to obtain the (n+1) th packet decryption replacement vector.
8. The ECB-mode packet decryption method according to claim 6, wherein the vector replacement table includes a position replacement table for storing a replacement relationship of an original position of a unit vector and a replacement position, and the replacing the nth packet decryption replacement vector according to the vector replacement table to obtain the (n+1) th packet decryption replacement vector includes:
inquiring the position replacement table according to the original position of each unit vector in the nth group decryption replacement vector so as to determine the replacement position corresponding to each unit vector in the nth group decryption replacement vector;
and exchanging the unit vector of each original position in the nth packet decryption replacement vector to a corresponding replacement position to obtain the (n+1) th packet decryption replacement vector.
9. The ECB mode packet decryption method according to claim 7 or 8, wherein,
the character replacement table is a vector replacement table of a corresponding replacement relation between original characters with preset lengths and replacement characters which are randomly generated;
the position replacement table is a vector replacement table of a corresponding replacement relation between the original position and the replacement position of the unit vector with the preset length which is randomly generated.
10. The ECB-mode packet decryption method according to any one of claims 6 to 8, characterized in that the packet decryption method further comprises:
receiving a new vector replacement table generated after randomly adjusting the corresponding replacement relation between the original vector and the replacement vector;
and updating the vector replacement table according to the new vector replacement table.
11. A non-transitory computer storage medium having stored thereon a computer program, wherein the computer program, when executed, implements the ECB mode packet encryption method of any one of claims 1-5, or wherein the computer program, when executed by a processor, implements the ECB mode packet decryption method of any one of claims 6-10.
12. A control apparatus, characterized by comprising:
a processor;
a memory communicatively coupled to the processor;
computer instructions executable by the processor to implement the ECB mode packet encryption method of any one of claims 1-5 or the ECB mode packet decryption method of any one of claims 6-10 when executed by the processor are stored in the memory.
13. A vehicle comprising a CAN bus and a plurality of the control devices of claim 12, a plurality of the control devices communicating via the CAN bus.
CN202010366905.6A 2020-04-30 2020-04-30 ECB mode packet encryption method and decryption method, control device and vehicle Active CN113595717B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010366905.6A CN113595717B (en) 2020-04-30 2020-04-30 ECB mode packet encryption method and decryption method, control device and vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010366905.6A CN113595717B (en) 2020-04-30 2020-04-30 ECB mode packet encryption method and decryption method, control device and vehicle

Publications (2)

Publication Number Publication Date
CN113595717A CN113595717A (en) 2021-11-02
CN113595717B true CN113595717B (en) 2023-10-17

Family

ID=78237584

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010366905.6A Active CN113595717B (en) 2020-04-30 2020-04-30 ECB mode packet encryption method and decryption method, control device and vehicle

Country Status (1)

Country Link
CN (1) CN113595717B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499978B (en) * 2021-12-28 2023-07-21 安徽航天信息科技有限公司 Encryption and decryption method, device and system based on cryptographic replacement exchange
WO2024036435A1 (en) * 2022-08-15 2024-02-22 华为技术有限公司 Communication method, apparatus and system
CN117411727B (en) * 2023-12-14 2024-02-20 山东省大数据中心 Encryption method, device and storage medium for symmetric encryption of communication transmission

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1286077C (en) * 2004-02-19 2006-11-22 李春林 Data encipher and decipher system based on dynamic variable-length code
WO2007141256A1 (en) * 2006-06-09 2007-12-13 Robert Bosch Gmbh Method, transmitter and receiver for transmitting text information
CN102223228A (en) * 2011-05-11 2011-10-19 北京航空航天大学 Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system
CN101571873B (en) * 2009-06-16 2012-02-08 北京联合智华微电子科技有限公司 Database data encryption system and method thereof
CN103825723A (en) * 2014-01-24 2014-05-28 深圳市太和物联信息技术有限公司 Encryption method and device
CN102484581B (en) * 2009-06-19 2015-07-01 耶德托公司 White-box Cryptographic System With Configurable Key Using Intermediate Data Modification
CN105490802A (en) * 2015-11-27 2016-04-13 桂林电子科技大学 Improved SM4 parallel encryption and decryption communication method based on GPU (Graphics Processing Unit)
US9635011B1 (en) * 2014-08-27 2017-04-25 Jonetix Corporation Encryption and decryption techniques using shuffle function
CN104065472B (en) * 2014-06-25 2017-04-26 上海协霖电子有限公司 Meter encryption method
CN107547193A (en) * 2016-06-28 2018-01-05 埃沙尔公司 Make replacement operation from the method for side Multiple Channel Analysis
CN108345581A (en) * 2017-01-24 2018-07-31 北京搜狗科技发展有限公司 A kind of information identifying method, device and terminal device
CN108377183A (en) * 2017-12-20 2018-08-07 中国移动通信集团福建有限公司 XDR data informations encryption method, device, equipment and medium
CN108463968A (en) * 2016-01-11 2018-08-28 维萨国际服务协会 The quick format of variable length data retains encryption
CN108494546A (en) * 2018-02-13 2018-09-04 北京梆梆安全科技有限公司 A kind of whitepack encryption method, device and storage medium
CN108768617A (en) * 2018-06-06 2018-11-06 贵州大学 A kind of holding format encryption method based on legacy packets password
CN109617680A (en) * 2018-12-06 2019-04-12 中国移动通信集团福建有限公司 Encryption method, device, equipment and medium
CN110879894A (en) * 2019-11-11 2020-03-13 陕西师范大学 Image encryption and decryption method based on lazy scale transformation and random layered fusion
CN110995433A (en) * 2019-10-28 2020-04-10 北京三快在线科技有限公司 Data encryption method and device, electronic equipment and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2820577B1 (en) * 2001-02-08 2003-06-13 St Microelectronics Sa SECURE SECRET KEY CRYPTOGRAPHIC CALCULATION METHOD AND COMPONENT USING SUCH A METHOD
US20090125994A1 (en) * 2007-11-14 2009-05-14 Igor Fischer Communication between a human user and a computer resistant to automated eavesdropping
US10389688B2 (en) * 2016-08-23 2019-08-20 NXT-Security, LLC Vaultless tokenization engine

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1286077C (en) * 2004-02-19 2006-11-22 李春林 Data encipher and decipher system based on dynamic variable-length code
WO2007141256A1 (en) * 2006-06-09 2007-12-13 Robert Bosch Gmbh Method, transmitter and receiver for transmitting text information
CN101571873B (en) * 2009-06-16 2012-02-08 北京联合智华微电子科技有限公司 Database data encryption system and method thereof
CN102484581B (en) * 2009-06-19 2015-07-01 耶德托公司 White-box Cryptographic System With Configurable Key Using Intermediate Data Modification
CN102223228A (en) * 2011-05-11 2011-10-19 北京航空航天大学 Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system
CN103825723A (en) * 2014-01-24 2014-05-28 深圳市太和物联信息技术有限公司 Encryption method and device
CN104065472B (en) * 2014-06-25 2017-04-26 上海协霖电子有限公司 Meter encryption method
US9635011B1 (en) * 2014-08-27 2017-04-25 Jonetix Corporation Encryption and decryption techniques using shuffle function
CN105490802A (en) * 2015-11-27 2016-04-13 桂林电子科技大学 Improved SM4 parallel encryption and decryption communication method based on GPU (Graphics Processing Unit)
CN108463968A (en) * 2016-01-11 2018-08-28 维萨国际服务协会 The quick format of variable length data retains encryption
CN107547193A (en) * 2016-06-28 2018-01-05 埃沙尔公司 Make replacement operation from the method for side Multiple Channel Analysis
CN108345581A (en) * 2017-01-24 2018-07-31 北京搜狗科技发展有限公司 A kind of information identifying method, device and terminal device
CN108377183A (en) * 2017-12-20 2018-08-07 中国移动通信集团福建有限公司 XDR data informations encryption method, device, equipment and medium
CN108494546A (en) * 2018-02-13 2018-09-04 北京梆梆安全科技有限公司 A kind of whitepack encryption method, device and storage medium
CN108768617A (en) * 2018-06-06 2018-11-06 贵州大学 A kind of holding format encryption method based on legacy packets password
CN109617680A (en) * 2018-12-06 2019-04-12 中国移动通信集团福建有限公司 Encryption method, device, equipment and medium
CN110995433A (en) * 2019-10-28 2020-04-10 北京三快在线科技有限公司 Data encryption method and device, electronic equipment and computer readable storage medium
CN110879894A (en) * 2019-11-11 2020-03-13 陕西师范大学 Image encryption and decryption method based on lazy scale transformation and random layered fusion

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
A new diffusion mechanism for data encryption in the ECB mode;Ibrahim F. Elashry ect.;《2009 International Conference on Computer Engineering & Systems》;全文 *
分组密码算法FESH;贾珂婷等;《密码学报》;20191215(第06期);全文 *
基于AES数据加密的网关通信设计;付春燕;宋英雄;郭鹏程;曹炳尧;;电子测量技术(02);全文 *
基于字母频率的单表替换密码破译算法;吴俊斌; 吴晟; 吴兴蛟;《计算机与数字工程》;全文 *
基于改进广义Arnold映射的多混沌图像加密算法;胡春杰;陈晓;陈霞;;包装工程(第03期) *

Also Published As

Publication number Publication date
CN113595717A (en) 2021-11-02

Similar Documents

Publication Publication Date Title
CN113595717B (en) ECB mode packet encryption method and decryption method, control device and vehicle
CN101753292B (en) Methods and devices for a chained encryption mode
EP0681768B1 (en) A method and apparatus for generating a cipher stream
JP7008725B2 (en) Methods and systems for improved authenticated encryption in counter-based cryptosystems
CN105049401B (en) A kind of safety communicating method based on intelligent vehicle
EP3563512A1 (en) Equivocation augmentation dynamic secrecy system
JP7353375B2 (en) End-to-end double ratchet encryption with epoch key exchange
KR101608815B1 (en) Method and system for providing service encryption in closed type network
JPH09127868A (en) Encryption device with double feed-forward hash function
CN116321129B (en) Lightweight dynamic key-based power transaction private network communication encryption method
CN117318941B (en) Method, system, terminal and storage medium for distributing preset secret key based on in-car network
CN114065249A (en) Authentication encryption method
CN114362928A (en) Quantum key distribution and reconstruction method for multi-node encryption
CN112866288B (en) Data symmetric encryption method for double-plaintext transmission
WO2021152212A1 (en) Method and device for encrypting data
WO2003049363A1 (en) System and method for symmetrical cryptography
CN113595721A (en) Key management method, key management apparatus, vehicle, and computer storage medium
CN112350823A (en) CAN FD communication method between vehicle-mounted controllers
CN114342315B (en) Symmetric key generation, authentication and communication between multiple entities in a network
CN112615718B (en) Hash function-based key updating method for sequence cipher encryption system
EP4123957A1 (en) A method and system for performing a secure key relay of an encryption key
Hasan et al. Variable Rounds Block Cipher Algorithm Design
KR100542042B1 (en) Technique of cipher authentication of satellite telemetry/telecommand to protect from replay attack
CN112333700A (en) Session encryption transmission method, device and system
TWI407746B (en) Data transmission security system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant