CN114547586A - Vehicle-mounted bus message authentication key learning method and system and readable storage medium - Google Patents
Vehicle-mounted bus message authentication key learning method and system and readable storage medium Download PDFInfo
- Publication number
- CN114547586A CN114547586A CN202210044953.2A CN202210044953A CN114547586A CN 114547586 A CN114547586 A CN 114547586A CN 202210044953 A CN202210044953 A CN 202210044953A CN 114547586 A CN114547586 A CN 114547586A
- Authority
- CN
- China
- Prior art keywords
- random number
- key
- hash value
- message authentication
- learnt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention particularly relates to a vehicle-mounted bus message authentication key learning method, a system and a readable storage medium. The method comprises the following steps: generating a first random number; generating a first hash value based on the first random number, the corresponding vehicle identification number and the default secret key, and sending the first random number and the first hash value to the learnt piece; the learnt piece verifies the first hash value based on the first random number; after the verification is passed, the learnt generates a communication key based on the random number, the corresponding vehicle identification number and the default key, then generates a second random number with equal length based on the first random number, and generates a corresponding second hash value based on the communication key and the second random number; and verifying the second hash value based on the second random number and the communication key to complete the key learning of the learnt piece. The invention also correspondingly discloses a key learning system and a readable storage medium. The vehicle-mounted bus message authentication key learning method can solve the problem that a plaintext transmission communication key is easy to leak.
Description
Technical Field
The invention relates to the technical field of key learning, in particular to a vehicle-mounted bus message authentication key learning method, a vehicle-mounted bus message authentication key learning system and a readable storage medium.
Background
With the increasing popularity of the internet of vehicles, information security is being emphasized on the entire vehicle level. The whole vehicle information security includes Electronic Control Unit (ECU) internal communication security and vehicle external information security. In order to prevent the occurrence of driving danger or theft caused by an attacker or a user replacing the ECU alone, vehicle-mounted bus message authentication for internal ECU communication security is required.
However, the sealing performance of the CAN network used in the vehicle is no longer safe with the development of the internet of vehicles, so that encryption measures such as symmetric encryption and asymmetric encryption are required to authenticate the device. For example, chinese patent publication No. CN109150514A discloses "a key writing method and device", which introduces a method for writing a key into a keyless start system and a working system controller, and the method uses a diagnostic device to directly send a key to the system, and authenticates the received key through calculation of the working system controller.
Part of the secret keys of the secret key writing method in the existing scheme are sent in a plaintext form, the process depends on the diagnostic apparatus, and the difficulty of software development and secret key management of the diagnostic apparatus is increased. At present, the message authentication key learning is to directly write the authentication key of the ECU in plain text through an upper computer or an electrical inspection device, or to learn the vehicle-mounted bus message authentication key through a server and the ECU in an asymmetric encryption and decryption manner. However, the existing key learning method needs to manage the plaintext and encrypted value of the key to verify the learned key, which results in poor effectiveness of key learning. Meanwhile, in the process of key transmission, the communication key transmitted in plaintext is at risk of being monitored and leaked, so that the security of key learning is poor. Therefore, how to design a key learning party capable of improving the effectiveness and security of key learning is an urgent technical problem to be solved.
Disclosure of Invention
Aiming at the defects of the prior art, the technical problems to be solved by the invention are as follows: how to provide a vehicle-mounted bus message authentication key learning method to solve the problem that a plaintext transmission communication key is easy to leak, so that the security and the effectiveness of key learning are improved.
In order to solve the technical problems, the invention adopts the following technical scheme:
a vehicle-mounted bus message authentication key learning method comprises the following steps:
s1: generating a first random number;
s2: generating a first hash value based on the first random number, the corresponding vehicle identification number and the default secret key, and sending the first random number and the first hash value to the learnt piece;
s3: the learnt piece verifies the first hash value based on the first random number;
s4: after the first hash value is verified, the learnt generates a communication key based on the random number, the corresponding vehicle identification number and the default key, then generates a second random number with equal length based on the first random number, and generates a corresponding second hash value based on the communication key and the second random number;
s5: and verifying the second hash value based on the second random number and the communication key to finish the key learning of the learnt piece.
Preferably, in steps S2 and S4, the corresponding first hash value and communication key are generated based on the first random number and the corresponding vehicle identification number and default key, respectively, in combination with different encryption algorithms.
Preferably, the encryption algorithm includes, but is not limited to, the AES algorithm, the DES algorithm, the RSA algorithm, and the elliptic curve algorithm.
Preferably, in step S4, the second random numbers with equal length are obtained by converting the first random numbers.
Preferably, the conversion method includes, but is not limited to, row-column conversion, hash algorithm, exclusive-or operation, and dot-product operation.
Preferably, in step S5, if the second hash value is verified, a command indicating that the key learning is successful is generated; otherwise, generating an instruction of key learning failure.
The invention also discloses a vehicle-mounted bus message authentication key learning system, which is implemented based on the key learning method of the invention and specifically comprises the following steps:
a gateway module for generating a first random number and capable of generating a first hash value based on the first random number and a corresponding vehicle identification number and a default key;
the learnt part is used for verifying the first hash value based on the first random number, generating a communication key based on the random number, the corresponding vehicle identification number and a default key, then generating a second random number with equal length based on the first random number, and finally generating a corresponding second hash value based on the communication key and the second random number;
the gateway module is further configured to verify the second hash value based on the second random number and the communication key.
Preferably, the gateway module and the learnt piece generate corresponding first hash values and communication keys based on the first random numbers and corresponding vehicle identification numbers and default keys, respectively, in combination with different encryption algorithms.
Preferably, the learnt object obtains the second random numbers with equal length by converting the first random numbers.
The invention also discloses a readable storage medium, on which a computer management program is stored, wherein the computer management program realizes the steps of the vehicle bus message authentication key learning method when being executed by a processor.
Compared with the prior art, the vehicle-mounted bus message authentication key learning method has the following beneficial effects:
the method comprises the steps that a first random number is generated through a gateway, a first hashed value is generated by combining a default secret key and a vehicle identification number, and the first random number and the first hashed value are sent to a bus; the learnt unit (ECU) verifies the first hash value through the received first random number, the known vehicle identification number and the default secret key; after the verification is passed, generating a second random number with equal length based on the first random number, simultaneously calculating a communication key, and generating a second hash value through the communication key and the second random number; the gateway checks the received second hash value to complete the key learning of the learnt piece. The learnt piece can realize key learning without complex operation, thereby improving the effectiveness of key learning, saving hardware cost and reducing the cost of key learning. Meanwhile, the invention avoids plaintext transmission of the communication key during key learning, solves the problem that the communication key is easy to leak, and can improve the security of key learning.
Drawings
For purposes of promoting a better understanding of the objects, aspects and advantages of the invention, reference will now be made in detail to the present invention as illustrated in the accompanying drawings, in which:
fig. 1 is a logic block diagram of a vehicle bus message authentication key learning method.
Detailed Description
The following is further detailed by the specific embodiments:
the first embodiment is as follows:
the embodiment discloses a vehicle-mounted bus message authentication key learning method.
As shown in fig. 1, the vehicle bus message authentication key learning method includes the following steps:
s1: generating a first random number R (by a gateway or other component integrating gateway functionality);
s2: generating a first hash value MAC1 based on the first random number R, the corresponding vehicle identification number VIN and the default key MK, and sending the first random number R and the first hash value MAC1 to the learnt piece;
s3: the learnt (ECU) verifies the first hash value MAC1 based on the first random number R;
s4: after the first hash value check MAC1 passes, the learnt generates a communication key CK based on the random number R and the corresponding vehicle identification number VIN and the default key MK, then generates a second random number R1 of equal length based on the first random number R, and generates a corresponding second hash value MAC2 based on the communication key CK and the second random number R1;
s5: the second hash value MAC2 is verified (by the gateway or other component integrating the gateway functionality) based on the second random number R1 and the communication key CK to complete the key learning of the piece under study. If the second hash value passes the verification, generating a command that the key learning is successful; otherwise, generating an instruction of key learning failure.
It should be noted that the vehicle-mounted bus message authentication key learning method of the present invention can generate corresponding software codes or software services in a program programming manner, and further can be run and implemented on a server and a computer.
Specifically, a key learning instruction is triggered by a diagnostic apparatus or other electric testing equipment, and the learnt is authenticated 27 (i.e., iso27701 authentication, a conventional authentication method) before the first random number and the first hash value are sent to the learnt. The gateway or other parts integrating gateway functions and learnt parts are integrated with an encryption module capable of generating a key through an encryption algorithm. The gateway or other parts integrating the gateway function and the learnt part are preset with a default key MK, and the ECU of the whole vehicle has the same vehicle identification number VIN.
Where MAC1= cryptionn (VIN, MK, R);
CK=Cryption(VIN,MK,R);
R1=Transform(R);
MAC2=CryptionFunction(CK,R1)。
the method comprises the steps that a first random number is generated through a gateway, a first hash value is generated by combining a default secret key and a vehicle identification number, and the first random number and the first hash value are sent to a bus; the learnt unit (ECU) verifies the first hash value through the received first random number, the known vehicle identification number and the default secret key; after the verification is passed, generating a second random number with equal length based on the first random number, simultaneously calculating a communication key, and generating a second hash value through the communication key and the second random number; the gateway checks the received second hash value to complete the key learning of the learnt piece. The learnt piece can realize key learning without complex operation, thereby improving the effectiveness of key learning, saving hardware cost and reducing the cost of key learning. Meanwhile, the invention avoids plaintext transmission of the communication key during key learning, solves the problem that the communication key is easy to leak, and can improve the security of key learning.
In a specific implementation process, different encryption algorithms are combined to generate corresponding first hash values and communication keys respectively based on the first random numbers, the corresponding vehicle identification numbers and the default keys. Encryption algorithms include, but are not limited to, the AES algorithm, the DES algorithm, the RSA algorithm, and the elliptic curve algorithm.
According to the invention, through different encryption algorithms, the corresponding first hash value and the communication key can be generated based on the first random number, the vehicle identification number and the default key, so that the verification of the second hash value can be effectively assisted, and the key learning effect can be improved.
In a specific implementation process, the second random numbers with equal length are obtained by converting the first random numbers. The manner of conversion includes, but is not limited to, row-by-row columnar conversion, hash algorithms, exclusive-or operations, and dot-product operations.
According to the invention, the second random number with the same length as the first random number can be obtained through a conversion mode, so that the verification of the second hash value can be effectively assisted, and the effect of key learning can be improved.
The second embodiment:
the embodiment discloses a vehicle-mounted bus message authentication key learning system.
The vehicle-mounted bus message authentication key learning system is implemented based on the key learning method of the invention and specifically comprises the following steps:
a gateway module (or other gateway function integrated component) for generating a first random number and capable of generating a first hash value based on the first random number and a corresponding vehicle identification number and a default key;
the learnt part is used for verifying the first hash value based on the first random number, generating a communication key based on the random number, the corresponding vehicle identification number and a default key, then generating a second random number with equal length based on the first random number, and finally generating a corresponding second hash value based on the communication key and the second random number;
the gateway module is further configured to verify the second hash value based on the second random number and the communication key.
The gateway module or other gateway function integrated parts and learnt parts are integrated with an encryption module which can generate a key through an encryption algorithm.
The method comprises the steps that a gateway module generates a first random number, a default secret key and a vehicle identification number are combined to generate a first hash value, and the first random number and the first hash value are sent to a bus; the learnt unit (ECU) verifies the first hash value through the received first random number, the known vehicle identification number and the default secret key; after the verification is passed, generating a second random number with equal length based on the first random number, simultaneously calculating a communication key, and generating a second hash value through the communication key and the second random number; and the gateway module verifies the received second hash value to complete the key learning of the learnt piece. The learnt piece can realize key learning without complex operation, thereby improving the effectiveness of key learning, saving hardware cost and reducing the cost of key learning. Meanwhile, the invention avoids plaintext transmission of the communication key during key learning, solves the problem that the communication key is easy to leak, and can improve the security of key learning.
In a specific implementation process, the gateway module and the learnt piece respectively generate corresponding first hash values and communication keys based on the first random number, the corresponding vehicle identification number and the default key and different encryption algorithms. Encryption algorithms include, but are not limited to, the AES algorithm, the DES algorithm, the RSA algorithm, and the elliptic curve algorithm.
In the specific implementation process, the learnt obtains the second random numbers with equal length by converting the first random numbers. The manner of conversion includes, but is not limited to, row-by-row columnar conversion, hash algorithms, exclusive-or operations, and dot-product operations.
Example three:
the embodiment discloses a readable storage medium, on which a computer management program is stored, wherein the computer management program realizes the steps of the vehicle bus message authentication key learning method when being executed by a processor. The readable storage medium can be a device with readable storage function such as a U disk or a computer.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention and not for limiting the technical solutions, and those skilled in the art should understand that modifications or equivalent substitutions can be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all that should be covered by the claims of the present invention.
Claims (10)
1. The vehicle-mounted bus message authentication key learning method is characterized by comprising the following steps of:
s1: generating a first random number;
s2: generating a first hash value based on the first random number, the corresponding vehicle identification number and the default key, and sending the first random number and the first hash value to the learnt piece;
s3: the learnt piece verifies the first hash value based on the first random number;
s4: after the first hash value is verified, the learnt generates a communication key based on the random number, the corresponding vehicle identification number and the default key, then generates a second random number with equal length based on the first random number, and generates a corresponding second hash value based on the communication key and the second random number;
s5: and verifying the second hash value based on the second random number and the communication key to finish the key learning of the learnt piece.
2. The in-vehicle bus message authentication key learning method according to claim 1, characterized in that: in steps S2 and S4, different encryption algorithms are combined based on the first random number and the corresponding vehicle identification number and default key to generate a corresponding first hash value and communication key, respectively.
3. The in-vehicle bus message authentication key learning method according to claim 2, characterized in that: encryption algorithms include, but are not limited to, the AES algorithm, the DES algorithm, the RSA algorithm, and the elliptic curve algorithm.
4. The in-vehicle bus message authentication key learning method according to claim 1, characterized in that: in step S4, the first random number is converted to obtain a second random number with equal length.
5. The in-vehicle bus message authentication key learning method according to claim 4, characterized in that: the manner of conversion includes, but is not limited to, row-by-row columnar conversion, hash algorithms, exclusive-or operations, and dot-product operations.
6. The in-vehicle bus message authentication key learning method according to claim 1, characterized in that: in step S5, if the second hash value passes the verification, a command for successful key learning is generated; otherwise, generating an instruction of key learning failure.
7. The vehicle-mounted bus message authentication key learning system is implemented based on the key learning method in claim 1, and specifically comprises the following steps:
a gateway module for generating a first random number and capable of generating a first hash value based on the first random number and a corresponding vehicle identification number and a default key;
the learnt part is used for verifying the first hash value based on the first random number, generating a communication key based on the random number, the corresponding vehicle identification number and a default key, then generating a second random number with equal length based on the first random number, and finally generating a corresponding second hash value based on the communication key and the second random number;
the gateway module is further configured to verify the second hash value based on the second random number and the communication key.
8. The vehicle bus message authentication key learning system of claim 7, wherein: the gateway module and the learnt piece respectively generate a corresponding first hash value and a corresponding communication key based on the first random number, the corresponding vehicle identification number and the default key and different encryption algorithms.
9. The vehicle bus message authentication key learning system of claim 8, wherein: the learnt piece obtains a second random number with equal length by converting the first random number.
10. A readable storage medium, characterized in that a computer management class program is stored thereon, which when executed by a processor implements the steps of the in-vehicle bus message authentication key learning method according to any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210044953.2A CN114547586A (en) | 2022-01-14 | 2022-01-14 | Vehicle-mounted bus message authentication key learning method and system and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210044953.2A CN114547586A (en) | 2022-01-14 | 2022-01-14 | Vehicle-mounted bus message authentication key learning method and system and readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114547586A true CN114547586A (en) | 2022-05-27 |
Family
ID=81670992
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210044953.2A Pending CN114547586A (en) | 2022-01-14 | 2022-01-14 | Vehicle-mounted bus message authentication key learning method and system and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114547586A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115107701A (en) * | 2022-07-26 | 2022-09-27 | 合众新能源汽车有限公司 | Automobile anti-theft authentication method and system |
CN116708031A (en) * | 2023-08-04 | 2023-09-05 | 晟安信息技术有限公司 | CAN bus data communication security configuration method and system |
-
2022
- 2022-01-14 CN CN202210044953.2A patent/CN114547586A/en active Pending
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115107701A (en) * | 2022-07-26 | 2022-09-27 | 合众新能源汽车有限公司 | Automobile anti-theft authentication method and system |
CN115107701B (en) * | 2022-07-26 | 2024-02-23 | 合众新能源汽车股份有限公司 | Automobile anti-theft authentication method and system |
CN116708031A (en) * | 2023-08-04 | 2023-09-05 | 晟安信息技术有限公司 | CAN bus data communication security configuration method and system |
CN116708031B (en) * | 2023-08-04 | 2023-11-03 | 晟安信息技术有限公司 | CAN bus data communication security configuration method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111131313B (en) | Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile | |
US9992178B2 (en) | Method, apparatus and system for dynamically controlling secure vehicle communication based on ignition | |
RU2462827C2 (en) | Data transfer method and tachograph system | |
CN105635147A (en) | Vehicle-mounted-special-equipment-system-based secure data transmission method and system | |
CN111651748B (en) | Safety access processing system and method for ECU in vehicle | |
JP2014204444A (en) | Method and device for detecting manipulation of sensor and/or sensor data of the sensor | |
CN114547586A (en) | Vehicle-mounted bus message authentication key learning method and system and readable storage medium | |
CN113781678B (en) | Vehicle Bluetooth key generation and authentication method and system in networking-free environment | |
JP2010011400A (en) | Cipher communication system of common key system | |
CN112448941B (en) | Authentication system and method for authenticating a microcontroller | |
CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
CN111508110B (en) | Method and device for realizing remote locking of vehicle | |
CN111565182B (en) | Vehicle diagnosis method and device and storage medium | |
CN113872770A (en) | Security verification method, system, electronic device and storage medium | |
CN113138775A (en) | Firmware protection method and system for vehicle-mounted diagnosis system | |
CN111813078B (en) | Safety diagnosis method, device, equipment and medium for vehicle | |
CN106953731B (en) | Authentication method and system for terminal administrator | |
CN111884814A (en) | Method and system for preventing counterfeiting of intelligent terminal | |
CN111510448A (en) | Communication encryption method, device and system in OTA (over the air) upgrade of automobile | |
CN115442064A (en) | Vehicle controller diagnosis method, device, equipment and medium | |
CN112182551B (en) | PLC equipment identity authentication system and PLC equipment identity authentication method | |
CN112702304A (en) | Vehicle information verification method and device and automobile | |
CN103281188A (en) | Method and system for backing up private key in electronic signature token | |
CN113346989B (en) | External device access authentication method and device, gateway and electric vehicle | |
Khan | ADvanced Encryption STAndard (ADESTA) for diagnostics over CAN |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |