CN114978475A - Automobile instrument encryption and decryption processing method and system based on AES-128 algorithm - Google Patents

Abstract

The invention provides an automobile instrument encryption and decryption processing method and system based on an AES-128 algorithm, which comprises the following steps: a byte substitution step: carrying out byte mapping through a transformation function S-box to obtain a corresponding start byte; a line shifting step: permuting the inner bytes of the 4x4 matrix; a column obfuscation step: the value corresponding to each byte is only related to 4 values of the column, and the value corresponding to a certain byte is multiplied by 2, and the result is that the binary bit of the value is shifted to the left by one bit; round key adding step: in the encryption process, the input of each round is XOR-ed with the round key once; a key writing step: and obtaining a group of secret keys after the steps are completed, and writing and storing the secret keys in a character string format. The invention uses simple matrix operation to encrypt data, and has high encryption/decryption rate.

Description

Encryption and decryption processing method and system for automobile instrumentation based on AES-128 algorithm

technical field

The invention relates to the technical field of instrument encryption and decryption, in particular to an encryption and decryption processing method and system for automobile instruments based on the AES-128 algorithm.

Background technique

With the rise of new energy vehicles and the popularization of the concept of "Internet +", today's cars are no longer limited to driving functions. Smart cockpits provide people with richer functions and higher requirements for car safety. Such as OTA online upgrade, and local storage data security.

Therefore, more and more OEMs begin to encrypt data. Currently, the more mature ones on the market are GM's PEPU encryption, Volkswagen's FAZITID and Mazda's DaVinci. Although each manufacturer handles data differently, the algorithm The principle is basically the same. The present invention describes the encryption and decryption algorithm processing of automobile instrumentation based on the principle of AES-128 algorithm, which has been used in many electric vehicles of Mazda and has achieved good results.

Patent document CN109104278A (application number: CN201811071752.1) discloses an encryption and decryption method, comprising: (1) selecting plaintext to be encrypted, and reading plaintext data through a processor; (2) using AES algorithm to perform step (1) (3), use RSA algorithm to encrypt the AES password obtained through step (2), use SSL to send connection request simultaneously; (4), accept after authentication The SSL connection request is made, and the AES password and the RSA key are obtained through the SSL connection; (5), the encrypted plaintext is decrypted using the AES password and the RSA key obtained through step (4).

AES is a symmetric block cipher algorithm. According to the length of the cipher used, AES has three most common schemes to adapt to different scene requirements, namely AES-128, AES-192 and AES-256. The present invention is based on Mazda customers. AES-128 is selected based on the length of cybersecurity to meet the design requirements, and the generated seed&key is written to the product through CAN, thereby realizing data protection inside the chip.

SUMMARY OF THE INVENTION

In view of the defects in the prior art, the purpose of the present invention is to provide an encryption and decryption processing method and system for automobile meters based on the AES-128 algorithm.

According to the method for encrypting and decrypting automobile meters based on the AES-128 algorithm provided by the present invention, the method includes:

Byte substitution step: perform byte mapping through the transformation function S-box to obtain the corresponding start byte;

Row shift step: permutation of the internal bytes of the 4x4 matrix;

Column obfuscation step: the value corresponding to each byte is only related to the 4 values of the column, multiply the value corresponding to a certain byte by 2, and the result is that the binary bit of the value is shifted one bit to the left;

Round key addition step: in the encryption process, the input of each round is XORed with the round key once;

Secret key writing step: After completing the above steps, a set of secret keys are obtained, written and saved, and the format is a string.

Preferably, the row shifting step includes: the first row remains unchanged, the second row is shifted to the left by 1 byte, the third row is shifted to the left by 2 bytes, the fourth row is shifted to the left by 3 bytes, Then the expression of matrix S is:

S'[i][j]=S[i][(j+i)%4], where i, j belong to [0, 3].

Preferably, the column obfuscation includes forward obfuscation and reverse obfuscation. In the process of column obfuscation, if the highest bit of the value corresponding to a certain byte is 1, the shifted result needs to be XORed by 00011011, The individual values are added using modulo-2 addition.

Preferably, the step of adding the round secret key includes: the XOR result of any number and itself is 0, and then XOR the password of the round for input recovery during decryption.

Preferably, the secret key of each round is obtained by expanding the initial secret key, the initial row is used as the seed, the remaining rows are generated from the seed secret key, the variable Nk represents the length of the seed secret key in 32-bit words, and the secret key expansion process is:

Convert the initial key to a column-based word, and convert it into a word of 4*32bits, which is written as w[0...(Nk-1)];

Solve w[j] in turn, where j is an integer and belongs to [4, K]; where, K=Nb*(Nr+1), Nb=4, Nr is the number of rounds, and Nr=10 corresponding to the 128-bit key;

If j%4=0, then w[j]=w[j-4]⊕g(w[j-1]); otherwise, w[j]=w[j-4]⊕w[j-1].

The car instrument encryption and decryption processing system based on AES-128 algorithm provided according to the present invention includes:

Byte replacement module: perform byte mapping through the transformation function S-box to obtain the corresponding start byte;

Row shift module: permutes the internal bytes of the 4x4 matrix;

Column confusion module: the value corresponding to each byte is only related to the 4 values of the column, multiply the value corresponding to a byte by 2, and the result is to shift the binary bit of the value one bit to the left;

Round key addition module: In the encryption process, the input of each round is XORed with the round key once;

Secret key writing module: After completing the above steps, a set of secret keys are obtained, written and saved, and the format is a string.

Preferably, the row shift module includes: the first row remains unchanged, the second row is shifted to the left by 1 byte, the third row is shifted to the left by 2 bytes, and the fourth row is shifted to the left by 3 bytes. Then the expression of matrix S is:

S'[i][j]=S[i][(j+i)%4], where i, j belong to [0, 3].

Preferably, the column obfuscation includes forward obfuscation and reverse obfuscation. In the process of column obfuscation, if the highest bit of the value corresponding to a certain byte is 1, the shifted result needs to be XORed by 00011011, The individual values are added using modulo-2 addition.

Preferably, the round key adding module includes: the XOR result of any number and itself is 0, and then XOR the password of the round for input recovery during decryption.

Preferably, the secret key of each round is obtained by expanding the initial secret key, the initial row is used as the seed, the remaining rows are generated from the seed secret key, the variable Nk represents the length of the seed secret key in 32-bit words, and the secret key expansion process is:

Convert the initial key to a column-based word, and convert it into a word of 4*32bits, which is written as w[0...(Nk-1)];

Solve w[j] in turn, where j is an integer and belongs to [4, K]; where, K=Nb*(Nr+1), Nb=4, Nr is the number of rounds, and Nr=10 corresponding to the 128-bit key;

If j%4=0, then w[j]=w[j-4]⊕g(w[j-1]); otherwise, w[j]=w[j-4]⊕w[j-1].

Compared with the prior art, the present invention has the following beneficial effects:

The invention analyzes the encryption process layer by layer, such as key pre-expansion, byte substitution, row shift, column confusion and round key addition, finally generates the final key, and then writes the generated key into the product through DID To achieve the final encryption target, the present invention uses simple matrix operation to encrypt data, and the encryption/decryption rate is high.

Description of drawings

Other features, objects and advantages of the present invention will become more apparent by reading the detailed description of non-limiting embodiments with reference to the following drawings:

Fig. 1 is the encryption flow chart;

Fig. 2 is the key expansion flow chart;

Figure 3 is the S-box correspondence table;

4 is a schematic diagram of row shift;

Fig. 5 is a schematic diagram of actual displacement;

Figure 6 is a schematic diagram of column confusion;

Figure 7 is a schematic diagram of column confusion.

Detailed ways

The present invention will be described in detail below with reference to specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that, for those skilled in the art, several changes and improvements can be made without departing from the inventive concept. These all belong to the protection scope of the present invention.

Example:

As shown in Figure 1, the encryption process mainly involves 4 blocks: byte substitution, row shift, column confusion and round key addition. At the same time, the decryption process is the corresponding inverse operation. Since each operation is reversible, decryption in reverse order can restore the plaintext. The key for each round of encryption and decryption is obtained by extending the initial key. The 16-byte plaintext, ciphertext and round key in the algorithm are all represented by a 4x4 matrix (4*4).

The key of each round is obtained by extending the initial key, as shown in Figure 2, where the initial Nk row of w[i, j] is used as the seed seed, using the original key value; the remaining rows are generated from the seed key. The variable Nk represents the length of the seed key in 32-bit words. The new keys are called roundkeys to distinguish them from the original seed keys, and the key expansion process is as follows:

1) Convert the initial key to a column-based word, and convert it into a 4*32bits word, which is written as w[0...(Nk-1)];

2) Solve w[j] in turn as follows, where j is an integer and belongs to [4, K]; (K=Nb*(Nr+1), Nb=4, Nr is the number of rounds, and the 128-bit key corresponds to of Nr=10);

3) If j%4=0, then w[j]=w[j-4]⊕g(w[j-1]); otherwise w[j]=w[j-4]⊕w[j-1 ].

The AES encryption routine starts by copying the 16-byte input array into a 4x4-byte matrix named State. The AES encryption algorithm is named Cipher, which operates on State[];

Example:

Cipher Key=2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c

When Nk=4, w0=2b7e1516, w1=28aed2a6, w2=abf71588, w3=09cf4f3c.

Byte substitution: The mapping of one byte to another byte is completed through the S-box, and the corresponding start byte can be found according to aij, as shown in Figure 3 for the S-box correspondence table.

Row shift: As shown in Figure 4, the function of row shift is to realize the permutation between the internal bytes of a 4x4 matrix.

As shown in Figure 5, the actual shift operation is: the first row is kept unchanged, the second row is shifted to the left by 1 byte, the third row is shifted to the left by 2 bytes, and the fourth row is shifted to the left by 3 words. Festival. Suppose the name of the matrix is state, abbreviated as S, and the formula is expressed as follows:

state'[i][j]=state[i][(j+i)%4], where i, j belong to [0, 3].

Column confusion: It is divided into forward confusion and reverse confusion, as shown in Figure 6 and Figure 7. According to the multiplication of the matrix, in the process of column confusion, the value corresponding to each byte is only related to the 4 values of the column. Multiply the value corresponding to a byte by 2, and the result is to shift the binary bit of the value by one bit to the left. If the highest bit of the value is 1 (indicating that the value is not less than 128), you also need to shift The result after XOR is 00011011 (0x1b), but it should be noted that the above matrix multiplication is different from the matrix multiplication in the general sense. Each value is added using modulo 2 addition (equivalent to an XOR operation).

in:

01·46=01000110 _B

01·A6＝10100110 _B

but:

Round cipher plus: the XOR of any number and itself is 0. During the encryption process, the input of each round is XORed with the round key once; therefore, the input can be recovered by XORing the password of the round during decryption.

Key writing: After the above four processes are completed, a set of keys can be obtained, which is called DIAG, and the format is a string. For example, the following is a set of encrypted data randomly generated by the production line:

DIAG=3031323334353637383900000010C9FA819F3ACB0062E7A6AA9241B0DC2DB412875A2D2FA100765927A6ED903AE6A41D7944

then send

2EFEF3+DIAG(3031323334353637383900000010C9FA819F3ACB0062E7A6AA9241B0DC2DB412875A2D2FA100765927A6ED903AE6A41D7944), where 2E stands for write, and FEF3 calls it DID.

If 6E FE F3+Positive Feedback is received, it means that the currently generated keys have all been written in. If the actual product needs to be decrypted, the same is true. Just reverse the above seed&key, such as the inverse operation of the matrix, you will get A new set of keys can be decrypted through the third step of "secret key writing", so that the encryption and decryption processing of the car instrument can be realized.

The car instrument encryption and decryption processing system based on the AES-128 algorithm provided according to the present invention includes: a byte replacement module: performing byte mapping through the transformation function S-box to obtain the corresponding start byte; a line shift module: for 4x4 The internal bytes of the matrix are replaced; column confusion module: the value corresponding to each byte is only related to the 4 values of the column, multiply the value corresponding to a byte by 2, and the result is the value of the value. The binary bit is shifted to the left by one; the round key addition module: in the encryption process, the input of each round is XORed with the round key once; the key writing module: after completing the above steps, a set of keys is obtained and written Save it in the format of a string.

The row displacement module includes: the first row remains unchanged, the second row is shifted to the left by 1 byte, the third row is shifted to the left by 2 bytes, and the fourth row is shifted to the left by 3 bytes. The expression of is: S'[i][j]=S[i][(j+i)%4], where i, j belong to [0, 3]. The column obfuscation includes forward obfuscation and reverse obfuscation. In the process of column obfuscation, if the highest bit of the value corresponding to a certain byte is 1, the shifted result needs to be XORed by 00011011, and each value is in Use modulo-2 addition when adding. The round secret key adding module includes: the XOR result of any number and itself is 0, and then XOR the password of the round for input recovery during decryption. The secret key of each round is obtained by expanding the initial secret key. The initial row is used as the seed, and the remaining rows are generated from the seed secret key. The variable Nk represents the length of the seed secret key in 32-bit words. The secret key expansion process is: The key is column-based, converted into a word of 4*32bits, and recorded as w[0...(Nk-1)]; solve w[j] in turn, where j is an integer and belongs to [4, K]; among them, K =Nb*(Nr+1), Nb=4, Nr is the number of rounds, and Nr=10 corresponding to the 128-bit key; if j%4=0, then w[j]=w[j-4]⊕g( w[j-1]); otherwise w[j]=w[j-4]⊕w[j-1].

Those skilled in the art know that, in addition to implementing the system, device and each module provided by the present invention in the form of pure computer readable program code, the system, device and each module provided by the present invention can be completely implemented by logically programming the method steps. The same program is implemented in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, and embedded microcontrollers, among others. Therefore, the system, device and each module provided by the present invention can be regarded as a kind of hardware component, and the modules used for realizing various programs included in it can also be regarded as the structure in the hardware component; A module for realizing various functions can be regarded as either a software program for realizing a method or a structure within a hardware component.

Specific embodiments of the present invention have been described above. It should be understood that the present invention is not limited to the above-mentioned specific embodiments, and those skilled in the art can make various changes or modifications within the scope of the claims, which do not affect the essential content of the present invention. The embodiments of the present application and features in the embodiments may be combined with each other arbitrarily, provided that there is no conflict.

Claims (10)

1. a car instrument encryption and decryption processing method based on AES-128 algorithm, is characterized in that, comprises: Byte substitution step: perform byte mapping through the transformation function S-box to obtain the corresponding start byte; Row shift step: permutation of the internal bytes of the 4x4 matrix; Column obfuscation step: the value corresponding to each byte is only related to the 4 values of the column, multiply the value corresponding to a certain byte by 2, and the result is that the binary bit of the value is shifted one bit to the left; Round key addition step: in the encryption process, the input of each round is XORed with the round key once; Secret key writing step: After completing the above steps, a set of secret keys are obtained, written and saved, and the format is a string. 2. The car meter encryption and decryption processing method based on AES-128 algorithm according to claim 1, wherein the row displacement step comprises: the first row remains unchanged, and the second row is cyclically shifted to the left by 1 byte , the third row is shifted to the left by 2 bytes, and the fourth row is shifted to the left by 3 bytes, then the expression of the matrix S is: S'[i][j]=S[i][(j+i)%4], where i, j belong to [0, 3]. 3. The car instrument encryption and decryption processing method based on AES-128 algorithm according to claim 1, is characterized in that, described column confusion comprises forward confusion and reverse confusion, in the process of column confusion, if a certain byte If the highest bit of the corresponding value is 1, then the shifted result needs to be XORed by 00011011, and each value is added using modulo 2 addition. 4. the car instrument encryption and decryption processing method based on AES-128 algorithm according to claim 1, is characterized in that, described round secret key adding step comprises: the XOR result of any number and self is 0, and then different during decryption Or enter the password on the round to recover. 5. the car instrument encryption and decryption processing method based on AES-128 algorithm according to claim 1, is characterized in that, the secret key of every round is obtained by initial secret key expansion respectively, and initially row is as seed, and remaining row is from seed secret key Generated, the variable Nk represents the length of the seed key in 32-bit words, and the key expansion process is: Convert the initial key to a column-based word, and convert it into a word of 4*32bits, which is written as w[0...(Nk-1)]; Solve w[j] in turn, where j is an integer and belongs to [4, K]; where, K=Nb*(Nr+1), Nb=4, Nr is the number of rounds, and Nr=10 corresponding to the 128-bit key; If j%4=0, then w[j]=w[j-4]⊕g(w[j-1]); otherwise, w[j]=w[j-4]⊕w[j-1]. 6. a car instrument encryption and decryption processing system based on AES-128 algorithm, is characterized in that, comprises: Byte replacement module: perform byte mapping through the transformation function S-box to obtain the corresponding start byte; Row shift module: permutes the internal bytes of the 4x4 matrix; Column confusion module: the value corresponding to each byte is only related to the 4 values of the column, multiply the value corresponding to a byte by 2, and the result is to shift the binary bit of the value one bit to the left; Round key addition module: In the encryption process, the input of each round is XORed with the round key once; Secret key writing module: After completing the above steps, a set of secret keys are obtained, written and saved, and the format is a string. 7. The car instrument encryption and decryption processing system based on the AES-128 algorithm according to claim 6, wherein the row displacement module comprises: the first row remains unchanged, and the second row is cyclically shifted to the left by 1 byte , the third row is shifted to the left by 2 bytes, and the fourth row is shifted to the left by 3 bytes, then the expression of the matrix S is: S'[i][j]=S[i][(j+i)%4], where i, j belong to [0, 3]. 8. The car meter encryption and decryption processing system based on AES-128 algorithm according to claim 6, wherein the column confusion includes forward confusion and reverse confusion. In the process of column confusion, if a certain byte If the highest bit of the corresponding value is 1, then the shifted result needs to be XORed by 00011011, and each value is added using modulo 2 addition. 9. the car instrument encryption and decryption processing system based on AES-128 algorithm according to claim 6, is characterized in that, described round secret key adding module comprises: the XOR result of any number and self is 0, and then different during decryption Or enter the password on the round to recover. 10. the car instrument encryption and decryption processing system based on AES-128 algorithm according to claim 6, is characterized in that, the secret key of each round is obtained by the initial secret key expansion respectively, and the first row is used as a seed, and the remaining rows are obtained from the seed secret key. Generated, the variable Nk represents the length of the seed key in 32-bit words, and the key expansion process is: Convert the initial key to a column-based word, and convert it into a word of 4*32bits, which is written as w[0...(Nk-1)]; Solve w[j] in turn, where j is an integer and belongs to [4, K]; where, K=Nb*(Nr+1), Nb=4, Nr is the number of rounds, and Nr=10 corresponding to the 128-bit key; If j%4=0, then w[j]=w[j-4]⊕g(w[j-1]); otherwise, w[j]=w[j-4]⊕w[j-1].

Images