CN114547586A - Vehicle-mounted bus message authentication key learning method and system and readable storage medium - Google Patents

Vehicle-mounted bus message authentication key learning method and system and readable storage medium Download PDF

Info

Publication number
CN114547586A
CN114547586A CN202210044953.2A CN202210044953A CN114547586A CN 114547586 A CN114547586 A CN 114547586A CN 202210044953 A CN202210044953 A CN 202210044953A CN 114547586 A CN114547586 A CN 114547586A
Authority
CN
China
Prior art keywords
random number
key
hash value
message authentication
learnt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210044953.2A
Other languages
Chinese (zh)
Inventor
汪向阳
阙菲
张贤
谭成宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Changan Automobile Co Ltd
Original Assignee
Chongqing Changan Automobile Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Changan Automobile Co Ltd filed Critical Chongqing Changan Automobile Co Ltd
Priority to CN202210044953.2A priority Critical patent/CN114547586A/en
Publication of CN114547586A publication Critical patent/CN114547586A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The invention particularly relates to a vehicle-mounted bus message authentication key learning method, a system and a readable storage medium. The method comprises the following steps: generating a first random number; generating a first hash value based on the first random number, the corresponding vehicle identification number and the default secret key, and sending the first random number and the first hash value to the learnt piece; the learnt piece verifies the first hash value based on the first random number; after the verification is passed, the learnt generates a communication key based on the random number, the corresponding vehicle identification number and the default key, then generates a second random number with equal length based on the first random number, and generates a corresponding second hash value based on the communication key and the second random number; and verifying the second hash value based on the second random number and the communication key to complete the key learning of the learnt piece. The invention also correspondingly discloses a key learning system and a readable storage medium. The vehicle-mounted bus message authentication key learning method can solve the problem that a plaintext transmission communication key is easy to leak.

Description

Vehicle-mounted bus message authentication key learning method and system and readable storage medium
Technical Field
The invention relates to the technical field of key learning, in particular to a vehicle-mounted bus message authentication key learning method, a vehicle-mounted bus message authentication key learning system and a readable storage medium.
Background
With the increasing popularity of the internet of vehicles, information security is being emphasized on the entire vehicle level. The whole vehicle information security includes Electronic Control Unit (ECU) internal communication security and vehicle external information security. In order to prevent the occurrence of driving danger or theft caused by an attacker or a user replacing the ECU alone, vehicle-mounted bus message authentication for internal ECU communication security is required.
However, the sealing performance of the CAN network used in the vehicle is no longer safe with the development of the internet of vehicles, so that encryption measures such as symmetric encryption and asymmetric encryption are required to authenticate the device. For example, chinese patent publication No. CN109150514A discloses "a key writing method and device", which introduces a method for writing a key into a keyless start system and a working system controller, and the method uses a diagnostic device to directly send a key to the system, and authenticates the received key through calculation of the working system controller.
Part of the secret keys of the secret key writing method in the existing scheme are sent in a plaintext form, the process depends on the diagnostic apparatus, and the difficulty of software development and secret key management of the diagnostic apparatus is increased. At present, the message authentication key learning is to directly write the authentication key of the ECU in plain text through an upper computer or an electrical inspection device, or to learn the vehicle-mounted bus message authentication key through a server and the ECU in an asymmetric encryption and decryption manner. However, the existing key learning method needs to manage the plaintext and encrypted value of the key to verify the learned key, which results in poor effectiveness of key learning. Meanwhile, in the process of key transmission, the communication key transmitted in plaintext is at risk of being monitored and leaked, so that the security of key learning is poor. Therefore, how to design a key learning party capable of improving the effectiveness and security of key learning is an urgent technical problem to be solved.
Disclosure of Invention
Aiming at the defects of the prior art, the technical problems to be solved by the invention are as follows: how to provide a vehicle-mounted bus message authentication key learning method to solve the problem that a plaintext transmission communication key is easy to leak, so that the security and the effectiveness of key learning are improved.
In order to solve the technical problems, the invention adopts the following technical scheme:
a vehicle-mounted bus message authentication key learning method comprises the following steps:
s1: generating a first random number;
s2: generating a first hash value based on the first random number, the corresponding vehicle identification number and the default secret key, and sending the first random number and the first hash value to the learnt piece;
s3: the learnt piece verifies the first hash value based on the first random number;
s4: after the first hash value is verified, the learnt generates a communication key based on the random number, the corresponding vehicle identification number and the default key, then generates a second random number with equal length based on the first random number, and generates a corresponding second hash value based on the communication key and the second random number;
s5: and verifying the second hash value based on the second random number and the communication key to finish the key learning of the learnt piece.
Preferably, in steps S2 and S4, the corresponding first hash value and communication key are generated based on the first random number and the corresponding vehicle identification number and default key, respectively, in combination with different encryption algorithms.
Preferably, the encryption algorithm includes, but is not limited to, the AES algorithm, the DES algorithm, the RSA algorithm, and the elliptic curve algorithm.
Preferably, in step S4, the second random numbers with equal length are obtained by converting the first random numbers.
Preferably, the conversion method includes, but is not limited to, row-column conversion, hash algorithm, exclusive-or operation, and dot-product operation.
Preferably, in step S5, if the second hash value is verified, a command indicating that the key learning is successful is generated; otherwise, generating an instruction of key learning failure.
The invention also discloses a vehicle-mounted bus message authentication key learning system, which is implemented based on the key learning method of the invention and specifically comprises the following steps:
a gateway module for generating a first random number and capable of generating a first hash value based on the first random number and a corresponding vehicle identification number and a default key;
the learnt part is used for verifying the first hash value based on the first random number, generating a communication key based on the random number, the corresponding vehicle identification number and a default key, then generating a second random number with equal length based on the first random number, and finally generating a corresponding second hash value based on the communication key and the second random number;
the gateway module is further configured to verify the second hash value based on the second random number and the communication key.
Preferably, the gateway module and the learnt piece generate corresponding first hash values and communication keys based on the first random numbers and corresponding vehicle identification numbers and default keys, respectively, in combination with different encryption algorithms.
Preferably, the learnt object obtains the second random numbers with equal length by converting the first random numbers.
The invention also discloses a readable storage medium, on which a computer management program is stored, wherein the computer management program realizes the steps of the vehicle bus message authentication key learning method when being executed by a processor.
Compared with the prior art, the vehicle-mounted bus message authentication key learning method has the following beneficial effects:
the method comprises the steps that a first random number is generated through a gateway, a first hashed value is generated by combining a default secret key and a vehicle identification number, and the first random number and the first hashed value are sent to a bus; the learnt unit (ECU) verifies the first hash value through the received first random number, the known vehicle identification number and the default secret key; after the verification is passed, generating a second random number with equal length based on the first random number, simultaneously calculating a communication key, and generating a second hash value through the communication key and the second random number; the gateway checks the received second hash value to complete the key learning of the learnt piece. The learnt piece can realize key learning without complex operation, thereby improving the effectiveness of key learning, saving hardware cost and reducing the cost of key learning. Meanwhile, the invention avoids plaintext transmission of the communication key during key learning, solves the problem that the communication key is easy to leak, and can improve the security of key learning.
Drawings
For purposes of promoting a better understanding of the objects, aspects and advantages of the invention, reference will now be made in detail to the present invention as illustrated in the accompanying drawings, in which:
fig. 1 is a logic block diagram of a vehicle bus message authentication key learning method.
Detailed Description
The following is further detailed by the specific embodiments:
the first embodiment is as follows:
the embodiment discloses a vehicle-mounted bus message authentication key learning method.
As shown in fig. 1, the vehicle bus message authentication key learning method includes the following steps:
s1: generating a first random number R (by a gateway or other component integrating gateway functionality);
s2: generating a first hash value MAC1 based on the first random number R, the corresponding vehicle identification number VIN and the default key MK, and sending the first random number R and the first hash value MAC1 to the learnt piece;
s3: the learnt (ECU) verifies the first hash value MAC1 based on the first random number R;
s4: after the first hash value check MAC1 passes, the learnt generates a communication key CK based on the random number R and the corresponding vehicle identification number VIN and the default key MK, then generates a second random number R1 of equal length based on the first random number R, and generates a corresponding second hash value MAC2 based on the communication key CK and the second random number R1;
s5: the second hash value MAC2 is verified (by the gateway or other component integrating the gateway functionality) based on the second random number R1 and the communication key CK to complete the key learning of the piece under study. If the second hash value passes the verification, generating a command that the key learning is successful; otherwise, generating an instruction of key learning failure.
It should be noted that the vehicle-mounted bus message authentication key learning method of the present invention can generate corresponding software codes or software services in a program programming manner, and further can be run and implemented on a server and a computer.
Specifically, a key learning instruction is triggered by a diagnostic apparatus or other electric testing equipment, and the learnt is authenticated 27 (i.e., iso27701 authentication, a conventional authentication method) before the first random number and the first hash value are sent to the learnt. The gateway or other parts integrating gateway functions and learnt parts are integrated with an encryption module capable of generating a key through an encryption algorithm. The gateway or other parts integrating the gateway function and the learnt part are preset with a default key MK, and the ECU of the whole vehicle has the same vehicle identification number VIN.
Where MAC1= cryptionn (VIN, MK, R);
CK=Cryption(VIN,MK,R);
R1=Transform(R);
MAC2=CryptionFunction(CK,R1)。
the method comprises the steps that a first random number is generated through a gateway, a first hash value is generated by combining a default secret key and a vehicle identification number, and the first random number and the first hash value are sent to a bus; the learnt unit (ECU) verifies the first hash value through the received first random number, the known vehicle identification number and the default secret key; after the verification is passed, generating a second random number with equal length based on the first random number, simultaneously calculating a communication key, and generating a second hash value through the communication key and the second random number; the gateway checks the received second hash value to complete the key learning of the learnt piece. The learnt piece can realize key learning without complex operation, thereby improving the effectiveness of key learning, saving hardware cost and reducing the cost of key learning. Meanwhile, the invention avoids plaintext transmission of the communication key during key learning, solves the problem that the communication key is easy to leak, and can improve the security of key learning.
In a specific implementation process, different encryption algorithms are combined to generate corresponding first hash values and communication keys respectively based on the first random numbers, the corresponding vehicle identification numbers and the default keys. Encryption algorithms include, but are not limited to, the AES algorithm, the DES algorithm, the RSA algorithm, and the elliptic curve algorithm.
According to the invention, through different encryption algorithms, the corresponding first hash value and the communication key can be generated based on the first random number, the vehicle identification number and the default key, so that the verification of the second hash value can be effectively assisted, and the key learning effect can be improved.
In a specific implementation process, the second random numbers with equal length are obtained by converting the first random numbers. The manner of conversion includes, but is not limited to, row-by-row columnar conversion, hash algorithms, exclusive-or operations, and dot-product operations.
According to the invention, the second random number with the same length as the first random number can be obtained through a conversion mode, so that the verification of the second hash value can be effectively assisted, and the effect of key learning can be improved.
The second embodiment:
the embodiment discloses a vehicle-mounted bus message authentication key learning system.
The vehicle-mounted bus message authentication key learning system is implemented based on the key learning method of the invention and specifically comprises the following steps:
a gateway module (or other gateway function integrated component) for generating a first random number and capable of generating a first hash value based on the first random number and a corresponding vehicle identification number and a default key;
the learnt part is used for verifying the first hash value based on the first random number, generating a communication key based on the random number, the corresponding vehicle identification number and a default key, then generating a second random number with equal length based on the first random number, and finally generating a corresponding second hash value based on the communication key and the second random number;
the gateway module is further configured to verify the second hash value based on the second random number and the communication key.
The gateway module or other gateway function integrated parts and learnt parts are integrated with an encryption module which can generate a key through an encryption algorithm.
The method comprises the steps that a gateway module generates a first random number, a default secret key and a vehicle identification number are combined to generate a first hash value, and the first random number and the first hash value are sent to a bus; the learnt unit (ECU) verifies the first hash value through the received first random number, the known vehicle identification number and the default secret key; after the verification is passed, generating a second random number with equal length based on the first random number, simultaneously calculating a communication key, and generating a second hash value through the communication key and the second random number; and the gateway module verifies the received second hash value to complete the key learning of the learnt piece. The learnt piece can realize key learning without complex operation, thereby improving the effectiveness of key learning, saving hardware cost and reducing the cost of key learning. Meanwhile, the invention avoids plaintext transmission of the communication key during key learning, solves the problem that the communication key is easy to leak, and can improve the security of key learning.
In a specific implementation process, the gateway module and the learnt piece respectively generate corresponding first hash values and communication keys based on the first random number, the corresponding vehicle identification number and the default key and different encryption algorithms. Encryption algorithms include, but are not limited to, the AES algorithm, the DES algorithm, the RSA algorithm, and the elliptic curve algorithm.
In the specific implementation process, the learnt obtains the second random numbers with equal length by converting the first random numbers. The manner of conversion includes, but is not limited to, row-by-row columnar conversion, hash algorithms, exclusive-or operations, and dot-product operations.
Example three:
the embodiment discloses a readable storage medium, on which a computer management program is stored, wherein the computer management program realizes the steps of the vehicle bus message authentication key learning method when being executed by a processor. The readable storage medium can be a device with readable storage function such as a U disk or a computer.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention and not for limiting the technical solutions, and those skilled in the art should understand that modifications or equivalent substitutions can be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all that should be covered by the claims of the present invention.

Claims (10)

1. The vehicle-mounted bus message authentication key learning method is characterized by comprising the following steps of:
s1: generating a first random number;
s2: generating a first hash value based on the first random number, the corresponding vehicle identification number and the default key, and sending the first random number and the first hash value to the learnt piece;
s3: the learnt piece verifies the first hash value based on the first random number;
s4: after the first hash value is verified, the learnt generates a communication key based on the random number, the corresponding vehicle identification number and the default key, then generates a second random number with equal length based on the first random number, and generates a corresponding second hash value based on the communication key and the second random number;
s5: and verifying the second hash value based on the second random number and the communication key to finish the key learning of the learnt piece.
2. The in-vehicle bus message authentication key learning method according to claim 1, characterized in that: in steps S2 and S4, different encryption algorithms are combined based on the first random number and the corresponding vehicle identification number and default key to generate a corresponding first hash value and communication key, respectively.
3. The in-vehicle bus message authentication key learning method according to claim 2, characterized in that: encryption algorithms include, but are not limited to, the AES algorithm, the DES algorithm, the RSA algorithm, and the elliptic curve algorithm.
4. The in-vehicle bus message authentication key learning method according to claim 1, characterized in that: in step S4, the first random number is converted to obtain a second random number with equal length.
5. The in-vehicle bus message authentication key learning method according to claim 4, characterized in that: the manner of conversion includes, but is not limited to, row-by-row columnar conversion, hash algorithms, exclusive-or operations, and dot-product operations.
6. The in-vehicle bus message authentication key learning method according to claim 1, characterized in that: in step S5, if the second hash value passes the verification, a command for successful key learning is generated; otherwise, generating an instruction of key learning failure.
7. The vehicle-mounted bus message authentication key learning system is implemented based on the key learning method in claim 1, and specifically comprises the following steps:
a gateway module for generating a first random number and capable of generating a first hash value based on the first random number and a corresponding vehicle identification number and a default key;
the learnt part is used for verifying the first hash value based on the first random number, generating a communication key based on the random number, the corresponding vehicle identification number and a default key, then generating a second random number with equal length based on the first random number, and finally generating a corresponding second hash value based on the communication key and the second random number;
the gateway module is further configured to verify the second hash value based on the second random number and the communication key.
8. The vehicle bus message authentication key learning system of claim 7, wherein: the gateway module and the learnt piece respectively generate a corresponding first hash value and a corresponding communication key based on the first random number, the corresponding vehicle identification number and the default key and different encryption algorithms.
9. The vehicle bus message authentication key learning system of claim 8, wherein: the learnt piece obtains a second random number with equal length by converting the first random number.
10. A readable storage medium, characterized in that a computer management class program is stored thereon, which when executed by a processor implements the steps of the in-vehicle bus message authentication key learning method according to any one of claims 1 to 6.
CN202210044953.2A 2022-01-14 2022-01-14 Vehicle-mounted bus message authentication key learning method and system and readable storage medium Pending CN114547586A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210044953.2A CN114547586A (en) 2022-01-14 2022-01-14 Vehicle-mounted bus message authentication key learning method and system and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210044953.2A CN114547586A (en) 2022-01-14 2022-01-14 Vehicle-mounted bus message authentication key learning method and system and readable storage medium

Publications (1)

Publication Number Publication Date
CN114547586A true CN114547586A (en) 2022-05-27

Family

ID=81670992

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210044953.2A Pending CN114547586A (en) 2022-01-14 2022-01-14 Vehicle-mounted bus message authentication key learning method and system and readable storage medium

Country Status (1)

Country Link
CN (1) CN114547586A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115107701A (en) * 2022-07-26 2022-09-27 合众新能源汽车有限公司 Automobile anti-theft authentication method and system
CN116708031A (en) * 2023-08-04 2023-09-05 晟安信息技术有限公司 CAN bus data communication security configuration method and system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115107701A (en) * 2022-07-26 2022-09-27 合众新能源汽车有限公司 Automobile anti-theft authentication method and system
CN115107701B (en) * 2022-07-26 2024-02-23 合众新能源汽车股份有限公司 Automobile anti-theft authentication method and system
CN116708031A (en) * 2023-08-04 2023-09-05 晟安信息技术有限公司 CAN bus data communication security configuration method and system
CN116708031B (en) * 2023-08-04 2023-11-03 晟安信息技术有限公司 CAN bus data communication security configuration method and system

Similar Documents

Publication Publication Date Title
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
US9992178B2 (en) Method, apparatus and system for dynamically controlling secure vehicle communication based on ignition
RU2462827C2 (en) Data transfer method and tachograph system
CN105635147A (en) Vehicle-mounted-special-equipment-system-based secure data transmission method and system
CN111651748B (en) Safety access processing system and method for ECU in vehicle
JP2014204444A (en) Method and device for detecting manipulation of sensor and/or sensor data of the sensor
CN114547586A (en) Vehicle-mounted bus message authentication key learning method and system and readable storage medium
CN113781678B (en) Vehicle Bluetooth key generation and authentication method and system in networking-free environment
JP2010011400A (en) Cipher communication system of common key system
CN112448941B (en) Authentication system and method for authenticating a microcontroller
CN112396735B (en) Internet automobile digital key safety authentication method and device
CN111508110B (en) Method and device for realizing remote locking of vehicle
CN111565182B (en) Vehicle diagnosis method and device and storage medium
CN113872770A (en) Security verification method, system, electronic device and storage medium
CN113138775A (en) Firmware protection method and system for vehicle-mounted diagnosis system
CN111813078B (en) Safety diagnosis method, device, equipment and medium for vehicle
CN106953731B (en) Authentication method and system for terminal administrator
CN111884814A (en) Method and system for preventing counterfeiting of intelligent terminal
CN111510448A (en) Communication encryption method, device and system in OTA (over the air) upgrade of automobile
CN115442064A (en) Vehicle controller diagnosis method, device, equipment and medium
CN112182551B (en) PLC equipment identity authentication system and PLC equipment identity authentication method
CN112702304A (en) Vehicle information verification method and device and automobile
CN103281188A (en) Method and system for backing up private key in electronic signature token
CN113346989B (en) External device access authentication method and device, gateway and electric vehicle
Khan ADvanced Encryption STAndard (ADESTA) for diagnostics over CAN

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination