CN114978726A - Backbone network safety communication method based on vehicle-mounted Ethernet - Google Patents
Backbone network safety communication method based on vehicle-mounted Ethernet Download PDFInfo
- Publication number
- CN114978726A CN114978726A CN202210584777.1A CN202210584777A CN114978726A CN 114978726 A CN114978726 A CN 114978726A CN 202210584777 A CN202210584777 A CN 202210584777A CN 114978726 A CN114978726 A CN 114978726A
- Authority
- CN
- China
- Prior art keywords
- domain controller
- controller
- encryption
- domain
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 63
- 238000004891 communication Methods 0.000 title claims abstract description 62
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012795 verification Methods 0.000 claims description 24
- 238000013475 authorization Methods 0.000 claims description 11
- 239000000284 extract Substances 0.000 claims description 2
- 238000007726 management method Methods 0.000 description 17
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 239000000446 fuel Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000003208 petroleum Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a safe communication method of a backbone network based on a vehicle-mounted Ethernet, which at least comprises the following steps: the method comprises the steps that a domain controller connected based on a vehicle-mounted Ethernet bus needs to communicate, mutual authentication is carried out between an encryption controller arranged on a time-sensitive network gateway and the domain controller needing to communicate, and a temporary session secret key is generated; the temporary session key is randomly generated or kept not to be generated in a preset time period or randomly generated in each session period; and the first domain controller serving as an information sending party encrypts the sending data packet through the temporary session key and sends the encrypted sending data packet to the second domain controller. According to the technical scheme provided by the invention, the control stream data is encrypted by using the temporary session key, so that the safe communication between the domain controllers is ensured.
Description
Technical Field
The invention relates to the field of communication of vehicle networks, in particular to a safe communication method of a backbone network based on a vehicle-mounted Ethernet.
Background
With the development of each generation of automotive technology, vehicles are becoming more and more intelligent and are becoming more and more Information and Communication Technology (ICT) oriented. Modern automobiles feature dozens of different Electronic Control Units (ECUs), each carrying one or more applications dedicated to monitoring and managing various aspects of the vehicle itself. Advanced driving assistance systems are moving farther and transfer control of safety critical systems such as braking and steering to computers, algorithms and software. Different devices cannot operate completely isolated: communications and protocols are the basis for implementing in-vehicle information exchange. At the same time, on-board ethernet is becoming more and more important, supporting high bandwidth communications and replacing a large number of sophisticated proprietary technologies. On top of the in-vehicle ethernet, Service Oriented Architecture (SOA) is becoming increasingly popular as a high-level abstraction that supports complex applications and allows maximum flexibility. To date, one of the most promising SOA middleware for in-vehicle communications is SOME/IP, which has been designed specifically for automotive use cases by the automotive open systems architecture (AUTOSAR) alliance. With the increasing prominence of computer-based systems, new challenges are threatening the lives of millions of unknowingly drivers. Recently, various researchers have successfully utilized specially tailored network messages to take over control of safety critical systems. Although the proposed attack requires physical access to the vehicle bus, isolation cannot be considered a sufficient precaution. On the one hand, many commercial vehicles have serious holes in network stack implementations, namely bluetooth, Wi-Fi and 4G, making it possible for potentially nefarious individuals to remotely access the car's internal structure. On the other hand, a possible attack may come from the vehicle itself. Therefore, how to ensure that the safe communication for the backbone network based on the vehicle-mounted Ethernet becomes a problem which needs to be solved by the development of a new EE architecture.
Disclosure of Invention
Based on the defects in the prior art, the invention provides a safe communication method of a backbone network based on a vehicle-mounted Ethernet, which at least comprises the following steps:
at least two domain controllers exist, wherein at least a first domain controller and a second domain controller need to communicate; the domain controller is electrically connected with the time sensitive network gateway through a vehicle-mounted Ethernet bus;
before exchanging information between the domain controllers, the encryption controller completes mutual authentication on the domain controllers needing to communicate with each other and generates a temporary session key for communication encryption between the exchanged domain controllers;
the first domain controller serving as an information sender encrypts a sending data packet through a temporary session key and sends the encrypted sending data packet to the second domain controller;
the temporary session key is kept unchanged for a fixed time period according to requirements or is randomly generated in each session period.
A secure communication method for a backbone network based on a vehicle-mounted ethernet network, further optionally, an encryption controller is provided with a first encryption management table, where the first encryption management table includes: each domain controller is provided with a corresponding identity ID and a first symmetric key, wherein the first symmetric key is shared between the belonging domain controller and the encryption controller.
A secure communication method for a backbone network based on a vehicle-mounted ethernet network, further optionally, each domain controller is provided with a second encryption management table, where the second encryption management table includes: an identity ID of a domain controller requiring communication and a first symmetric key shared with the encryption controller are set.
A secure communication method for a backbone network based on a vehicle-mounted ethernet network, further optionally, the obtaining a temporary session key includes:
the first domain controller transmits a first communication request message to the second domain controller, the first communication request message including: an identity ID and timestamp T12 and a first ciphertext belonging to the first domain controller;
after receiving the first communication request message from the first domain controller, the second domain controller generates a second ciphertext and sends a verification request message to the encryption controller if the identity ID of the first domain controller is legal, wherein the verification request message comprises: the identity ID of the first domain controller, the identity ID of the second domain controller, a timestamp T2S, a first ciphertext and a second ciphertext;
after receiving the verification request message of the second controller, the encryption controller judges whether the identity ID controlled by the first domain and the identity ID of the second domain controller are legal or not, and if the request is legal, the encryption controller decrypts the first ciphertext and the second ciphertext and extracts preset parameters;
and verifying the extracted preset parameters, if the verification is successful, generating a third random number by the encryption controller, and obtaining the first random number, the second random number and the third random number from the preset parameters by the encryption manager to perform hash operation to generate a temporary session key.
A secure communication method for a backbone network based on a vehicle-mounted ethernet network, further optionally, the obtaining of the first ciphertext includes:
the first domain controller generates a first random number, and encrypts the first random number and the identity ID of the second domain controller by using a first symmetric key belonging to the first domain controller.
A secure communication method for a backbone network based on a vehicle-mounted ethernet network, further optionally, the obtaining of the second ciphertext includes: the second domain controller generates a second random number, and encrypts the second random number and the identity ID belonging to the first domain controller with a first symmetric key belonging to itself.
A secure communication method for a backbone network based on a vehicle-mounted ethernet network, further optionally, the obtaining of the preset parameter includes: the encryption controller decrypts the first ciphertext and the second ciphertext by using the first symmetric key corresponding to the first domain controller and the first symmetric key corresponding to the second domain controller to respectively obtain the first random number, the identity ID of the first domain controller, the second random number and the identity ID of the second domain controller;
and extracting the first random number and the identity ID of the first domain controller, and forming preset parameters by the second random number and the identity ID of the second domain controller.
A secure communication method for a backbone network based on a vehicle-mounted ethernet network, further optionally, the encryption manager sends a first reply response message to the second domain controller, where the first reply response message includes: a timestamp T3, a third ciphertext, and a fourth ciphertext;
after receiving the first reply response message of the encryption manager, the second domain controller decrypts the fourth ciphertext by using the first symmetric secret key belonging to the second domain controller, and acquires and verifies a second random number, the identity ID of the first domain controller and the temporary session secret key;
if the verification is passed, the second domain controller generates a fifth ciphertext formed by encrypting the identity ID of the first domain controller, the identity ID of the second domain controller and the second random number by using the temporary session key pair to obtain the temporary session key;
the second domain controller transmits a second response request message to the first domain controller, the second response request message including: timestamp T4, a fifth ciphertext, and a third ciphertext.
A secure communication method for a backbone network based on a vehicle-mounted ethernet network, further optionally, after a first domain controller receives a second response request message sent from a second domain controller, decrypting a third ciphertext with a first symmetric key shared with an encryption manager, and obtaining an identity ID, a first random number, a second random number, and a temporary session key of the decrypted second domain controller;
and the first domain controller verifies the parameters acquired after the third ciphertext is decrypted, decrypts the fifth ciphertext by using the temporary session key if the verification is passed, and verifies whether the decrypted parameters are legal, and stores the temporary session key if the decrypted parameters are legal.
A safe communication method of a backbone network based on a vehicle-mounted Ethernet is further optional, wherein an encryption controller encrypts a first random number, a second random number, an identity ID of a second domain controller and a temporary session key by respectively using a first symmetric key corresponding to a first domain controller to obtain a third ciphertext;
and encrypting the second random number, the identity ID of the first domain controller and the temporary session key by using a first symmetric key corresponding to the second domain controller to obtain a fourth ciphertext.
A safe communication method of a backbone network based on a vehicle-mounted Ethernet is further optional, when a domain controller receives a request message or a response message from other domain controllers or encryptors, or the encryption controller receives the request message or the response message from the domain controller, whether the time delay is within an allowed range needs to be judged firstly, and if the time delay is not within the allowed range, the request message or the response message is directly lost.
Optionally, the domain controller or the encryption controller performs validity verification on the decrypted parameters, and if the verification is illegal, the request message or the response message is directly discarded.
A safe communication method of a backbone network based on a vehicle-mounted Ethernet is further optional, if a first domain controller is used as a data sending party, if a data packet needing to be sent conforms to an SOME/IP message format, the SOME/IP data packet needs to be modified and then encrypted to form a new encrypted SOME/IP format data packet.
A safe communication method of backbone network based on vehicle-mounted Ethernet is further selectable, and the SOME/IP data packet is modified by the method comprising the following steps:
dividing a payload field of the SOME/IP data frame into a first part, a second part and a third part, wherein the first part comprises a subheader, the second part comprises a subpayload and the third part comprises a message authorization code;
the sub-header at least comprises protocol version, encryption algorithm type, message authorization code length, sub-payload block number and sub-payload block length information, and the first part of the message is sent to a receiver in a plaintext form;
and encrypting the effective load data by using the encryption algorithm type specified by the subheader and the temporary session key, and taking the obtained ciphertext as the sub effective load.
A safe communication method based on backbone network of the vehicle carried Ethernet, further optional, the second domain controller is regarded as the take over party, the second domain controller carries on the unpacking to the SOME/IP message received, receive the payload;
and the second domain controller decrypts and analyzes the payload to obtain the payload of the plaintext.
Has the advantages that:
1. in the technical scheme provided by the invention, communication is carried out in a communication framework of a backbone network based on a vehicle-mounted Ethernet, and for the communication among domain controllers, a temporary session key really used for data communication is generated by encryption and decryption and stage-by-stage verification of random numbers generated among the domain controllers and among encryption controllers needing communication.
2. In the technical scheme provided by the invention, the sub-load data is encrypted after the message format of the SOME/IP protocol for transmitting the control data is modified, the data can be safely transmitted to the data receiving end by using the plaintext header and the encrypted sub-load data, and the data receiving end obtains the final plaintext data after decrypting by using the temporary session key.
Drawings
The following drawings are only schematic illustrations and explanations of the present invention, and do not limit the scope of the present invention.
Fig. 1 is a schematic diagram of a backbone network EE communication architecture based on a vehicle ethernet according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of secure communication between domain controllers of a backbone network of a vehicle ethernet according to an embodiment of the present invention.
Fig. 3 is a diagram illustrating a packet format according to the SOME/IP protocol in the prior art according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of a packet format data packet of the modified SOME/IP protocol according to an embodiment of the present invention.
Detailed Description
For a more clear understanding of the technical features, objects, and effects herein, embodiments of the present invention will now be described with reference to the accompanying drawings, in which like reference numerals refer to like parts throughout. For the sake of simplicity, the drawings are schematic representations of relevant parts of the invention and are not intended to represent actual structures as products. In addition, for simplicity and clarity of understanding, only one of the components having the same structure or function is schematically illustrated or labeled in some of the drawings.
As for the control system, the functional module, application program (APP), is well known to those skilled in the art, and may take any suitable form, either hardware or software, and may be a plurality of functional modules arranged discretely, or a plurality of functional units integrated into one piece of hardware. In its simplest form, the control system may be a controller, such as a combinational logic controller, a micro-programmed controller, or the like, so long as the operations described herein are enabled. Of course, the control system may also be integrated as a different module into one physical device without departing from the basic principle and scope of the invention.
The term "connected" in the present invention may include direct connection, indirect connection, communication connection, and electrical connection, unless otherwise specified.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, values, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, values, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items
It should be understood that the term "vehicle" or "vehicular" or other similar terms as used herein generally includes motor vehicles such as passenger automobiles including Sport Utility Vehicles (SUVs), buses, trucks, various commercial vehicles, watercraft including a variety of boats, ships, aircraft, and the like, and includes hybrid vehicles, electric vehicles, plug-in hybrid electric vehicles, hydrogen-powered vehicles, and other alternative fuel vehicles (e.g., fuels derived from non-petroleum sources). As referred to herein, a hybrid vehicle is a vehicle having two or more power sources, such as both gasoline-powered and electric-powered vehicles.
Further, the controller of the present disclosure may be embodied as a non-transitory computer readable medium on a computer readable medium containing executable program instructions executed by a processor, controller, or the like. Examples of computer readable media include, but are not limited to, ROM, RAM, Compact Disc (CD) -ROM, magnetic tape, floppy disk, flash drive, smart card, and optical data storage device. The computer readable recording medium CAN also be distributed over network coupled computer systems so that the computer readable medium is stored and executed in a distributed fashion, such as by a telematics server or Controller Area Network (CAN).
The present invention provides a number of different embodiments, including an EE architecture, a communication device, and a method of implementation.
The present embodiment provides a communication architecture based on a vehicle-mounted ethernet as a backbone network, as shown in fig. 1 to 4, specifically including: the time sensitive network gateway, the at least two domain controllers, the encryption controller and the time sensitive network gateway are respectively connected with the domain controllers through a vehicle-mounted Ethernet bus;
the ECU of the corresponding interface is connected under each domain controller, such as a vehicle-mounted Ethernet ECU, a CAN interface ECU and a LIN interface ECU;
specifically, the encryption controller may be disposed in the time-sensitive network gateway or may be separately disposed outside, and when disposed outside, the encryption controller is connected to the time-sensitive network gateway through the vehicle-mounted ethernet bus;
a mixed protocol stack is arranged in the time-sensitive network gateway and used for converting data packets of different transmission protocols, so that the communication requirement of an opposite terminal is met.
Specifically, the domain controller includes at least: one or more than two of a vehicle body domain controller, a power domain controller, a chassis domain controller and a high-grade auxiliary driving domain controller;
the advanced auxiliary driving area controller is connected with the laser radar, the millimeter wave radar and the camera through a vehicle-mounted Ethernet bus;
specifically, the domain controllers may need to communicate with each other due to different requirements, for example, a first domain controller needs to communicate with a second domain controller, or the first domain controller needs to communicate with the second domain controller and a third domain controller;
in particular, the encryption controller may be disposed within a time sensitive network gateway; the time sensitive network gateway does not encrypt again on the basis of mutual encryption communication of the domain controller, and provides data packet transfer below a network layer;
in order to ensure the security of the communication between the domain controllers, the present embodiment provides a secure communication method, which includes:
before exchanging information between the domain controllers, the encryption controller completes mutual authentication and generates a temporary session key for the domain controllers needing to communicate with each other;
the temporary session key is randomly generated or kept not to be generated in a preset time period or randomly generated in each session period;
security protection is provided for communications between the domain controllers based on the temporary session key.
Specifically, after joining the vehicle-mounted network, after first accessing the vehicle-mounted network, the present embodiment needs to configure a first encryption management table and a second encryption management table between the encryption controller and the domain controller, and between the encryption controller and the domain controller that need to communicate;
in particular, referring to fig. 2, fig. 2 shows secure communications between domain controllers of a backbone network of an in-vehicle ethernet network.
Specifically, the encryption controller is provided with a first encryption management table, and the first encryption management table includes: providing each domain controller with a corresponding identity ID and a first symmetric key, wherein the first symmetric key is shared between the belonging domain controller and the encryption controller;
each domain controller is provided with a second encryption management table, and the second encryption management table comprises: an Identity (ID) of a domain controller needing communication and a first symmetric secret key shared with an encryption controller;
specifically, suppose that there are 2 domain controllers that need to communicate, which are a first domain controller and a second domain controller, respectively, before communication, the first domain controller, the second domain controller, and the encryption controller need to be set, specifically: a first encryption management table in the encryption controller is provided with an identity ID and a first symmetric key of a first domain controller, and an identity ID and a first symmetric key of a second domain controller;
the second encryption management table of the first domain controller stores the identity ID of the first domain controller, the identity ID of a second domain controller needing to communicate and a first symmetric secret key shared by the encryption controller;
the same principle is that: the second encryption management table of the second domain controller stores the identity ID of the second domain controller, the identity ID of the first domain controller needing to communicate and a first symmetric secret key shared by the encryption controller;
and the encryption controller verifies the domain controller in the subsequent communication process according to the identity ID in the first encryption management table and judges whether the request is legal or not.
Specifically, the first domain controller communicating with the second domain controller includes:
a first stage, at least for obtaining a temporary session key;
and a second stage of encrypting or decrypting the communication data at least according to the temporary session key.
Specifically, the obtaining of the temporary session key includes:
the encryption controller shares the first symmetric secret keys with all the domain controllers respectively, and the first symmetric secret keys shared by the encryption controller and each domain controller are different;
the encryption controller selects a corresponding hash function to generate a temporary session key between the domain controls which communicate with each other;
the first domain controller generates a first random number, encrypts the first random number and the identity ID of the second domain controller by using a first symmetric secret key belonging to the first domain controller to obtain a first ciphertext;
the first domain controller transmits a first communication request message to the second domain controller, the first request message including: an identity ID and timestamp T12 and a first ciphertext belonging to the first domain controller;
after receiving the first communication request message from the first domain controller, the second domain controller judges whether the delay between the sending time and the receiving time is within an allowed range, and if the time delay is not within the allowed range, the second domain controller discards the first communication request message; if yes, executing the next step of processing;
judging whether the identity ID of the first domain controller is legal or not, and if the request message is illegal, discarding the first communication request message by the second domain controller;
if the request is legal, the second domain controller generates a second random number, and encrypts the identity ID belonging to the first domain controller and the second random number by using a first symmetric secret key belonging to the second domain controller to obtain a second ciphertext;
the second domain controller sends a verification request message to the encryption controller, wherein the verification request message comprises the identity ID controlled by the first domain, the identity ID of the second domain controller, a timestamp T2S, a first ciphertext and a second ciphertext;
after receiving the authentication request message of the second controller, the encryption controller executes the following steps:
judging whether the time delay between the sending time and the receiving time is within an allowable range, and if the time delay is unreasonable, discarding the verification request message;
if the request is in the allowable range, judging whether the ID controlled by the first domain and the ID controlled by the second domain are legal or not, and if the request is illegal, losing the verification request message;
if the request is legal, acquiring a first symmetric secret key corresponding to the first domain controller and a first symmetric secret key corresponding to the second domain controller from the first encryption management table according to the identity ID of the first domain controller and the identity ID of the second domain controller;
the encryption controller decrypts the first ciphertext and the second ciphertext respectively by using a first symmetric key corresponding to the first domain controller and a first symmetric key corresponding to the second domain controller, and respectively acquires a first random number, an identity ID of the first domain controller, a second random number and an identity ID of the second domain controller;
the identity ID of the first domain controller and the identity ID of the second domain controller stored in the first encryption management table are verified with the decrypted identity ID of the first domain controller and the decrypted identity ID of the second domain controller respectively, and if the identity IDs are different, the identity verification fails, and the message is discarded;
if the identity authentication is successful, generating a third random number, carrying out hash operation on the first random number, the second random number and the third random number by the encryption manager to generate a temporary session key of a fixed bit number, wherein the temporary session key is used for session communication between the first domain controller and the second domain controller;
encrypting the first random number, the second random number, the identity ID of the second domain controller and the temporary session key by using a first symmetric key corresponding to the first domain controller to obtain a third ciphertext;
encrypting the second random number, the identity ID of the first domain controller and the temporary session key by using a first symmetric key corresponding to the second domain controller to obtain a fourth ciphertext;
the cryptographic manager replies to the second domain controller a first reply response message comprising: a timestamp T3, a third ciphertext, and a fourth ciphertext.
After receiving the first response message of the encryption manager, the second domain controller executes the following steps:
judging whether the time delay between the sending time and the receiving time is within an allowable range, and if the time delay is not within the allowable range, discarding the response message;
if the time delay is within the allowable range, decrypting the fourth ciphertext by using the first symmetric secret key of the fourth ciphertext, and acquiring a second random number, the identity ID of the first domain controller and the temporary session secret key after decryption;
whether the identity ID and the second random number of the first domain controller acquired after decryption are respectively consistent with the identity ID of the first domain controller stored in the second domain controller and the second random number generated by the second domain controller, and if the verification fails, the request message is lost; if the verification is successful, storing the temporary session key;
encrypting the identity ID of the first domain controller, the identity ID of the second domain controller and the second random number by using the temporary session key to obtain a fifth ciphertext;
then the second domain controller sends a second response request message to the first domain controller, the second response request message including: timestamp T4, fifth ciphertext, third ciphertext;
specifically, after the first domain controller receives the response request message of the second domain controller, the following steps are executed:
judging whether the time delay between the sending time and the receiving time is within an allowable range, and if the time delay is not allowable, discarding the request;
if the third cipher text is in the allowable range, decrypting the third cipher text by using the first symmetric key shared with the encryption manager to obtain the identity ID, the first random number, the second random number and the temporary session key of the decrypted second domain controller;
verifying whether the decrypted identity ID and the decrypted first random number of the second domain controller are the same as the identity ID of the second domain controller in a second encryption management table in the first domain controller and the first random number generated by the first domain control, and discarding the response request message if the identity ID and the first random number are different;
if the first domain controller and the second domain controller are the same, decrypting the fifth ciphertext by using the temporary session key to obtain the decrypted identity ID of the first domain controller, the decrypted identity ID of the second domain controller and a second random number;
and comparing the second random number obtained by decrypting the temporary session key with the second random number obtained by the first symmetric key, judging whether the second random numbers are the same, if so, storing the temporary session key, and if not, discarding the response message.
Specifically, after the temporary session key is obtained in the first stage, the temporary session key may be used to perform encryption in a subsequent data transfer process, and specifically, the second stage specifically includes:
if the first domain controller is a data sender, the first domain controller judges whether a data format to be transmitted is an SOME/IP type data packet, if the data packet does not conform to the SOME/IP message format data packet, the first domain controller judges whether the data packet is a CAN message format data packet, and if the data packet is the CAN message format data packet, the CAN message format data packet is converted into the SOME/IP format data packet;
FIG. 3 is a conventional SOME/IP packet including: a header and a payload, and a header and a payload,
the header includes: service ID, method ID, client ID, session ID, version protocol, interface version, message type, return code;
if the data packet is a data packet in an SOME/IP message format, the data packet in the SOME/IP message needs to be encrypted and modified, and fig. 4 is a data packet in a modified SOME/IP format, which specifically includes:
dividing a payload field of the SOME/IP data frame into a first part, a second part and a third part, wherein the first part comprises a subheader, the second part comprises a subpayload and the third part comprises a message authorization code;
the sub-header comprises information such as protocol version, encryption algorithm type, sub-label length, sub-payload block number, sub-payload block length and the like, and the first part of information is sent to a receiving party in a plaintext form, such as a second domain controller;
the first domain controller encrypts the effective load data by using the encryption algorithm type and the temporary session key specified by the subheader, and the obtained ciphertext is used as the sub effective load;
the first domain controller calculates a message authorization code of the subheader and the subpayload using the specified encryption algorithm type and the temporary session key;
the first domain controller modifies the SOME/IP message and then sends the modified SOME/IP message to the second domain controller;
the second domain controller acts as a receiving side, specifically,
the second domain controller unpacks the received SOME/IP message to obtain an effective load;
and the second domain controller decrypts and analyzes the payload to obtain the payload of the plaintext.
The decryption and parsing process of the payload specifically includes:
the protocol version, the type of encryption algorithm, the length of the message authorization code, the number of sub-payload blocks, the length of the sub-payload blocks are read from the sub-header.
Calculating message authorization codes of the subheaders and the subpayloads by using an encryption algorithm and a temporary session key according to the type of the encryption algorithm, wherein the obtained message authorization codes need to be compared with the received subtags, and if the two character strings are inconsistent, discarding the SOME/IP message;
and if the two character strings are consistent, decrypting the sub-payload by using an encryption algorithm and the temporary session key to obtain plaintext payload data.
Specifically, if the message to be sent is not in the format of the SOME/IP message but in the format of the CAN message, the conversion method is as follows:
the CAN/CANFD to SOME/IP protocol converter is arranged in the domain controller,
the protocol converter comprises a SOME/IP receiving module, a CAN receiving module and a protocol conversion module
The logic method is executed as follows:
firstly, an ECU (electronic control unit) of a CAN (controller area network) interface connected with a domain controller through a CAN bus receives request information from the domain controller from the CAN bus;
the ECU of the CAN interface sends information to a CAN receiving module, acquires information required by a domain controller from a CAN bus through a CAN protocol, and converts the information into an SOME/IP message format through a protocol conversion module;
and (3) protocol conversion module analysis:
acquiring and collecting CAN information from a CAN protocol, and extracting effective information such as CAN ID, DLC (control field), data and the like;
constructing a subheader, a subload and a message authorization code in sequence, and then encapsulating the fields into a complete SOME/IP load;
the sub-header comprises information such as CAN protocol type, security level, encryption algorithm, message authorization code length and the like;
the sub-load comprises information such as CAN ID, DLC, data and the like;
what has been described above is only a preferred embodiment of the present invention, and the present invention is not limited to the above examples. It is clear to those skilled in the art that the form in this embodiment is not limited thereto, and the adjustable manner is not limited thereto. It is to be understood that other modifications and variations, which may be directly derived or suggested to one skilled in the art without departing from the basic concept of the invention, are to be considered as included within the scope of the invention.
Claims (15)
1. A safe communication method of backbone network based on vehicle-mounted Ethernet is characterized by at least comprising the following steps:
there are at least two domain controllers, wherein there is at least a first domain controller and a second domain controller that need to communicate; the domain controller is electrically connected with the time sensitive network gateway through a vehicle-mounted Ethernet bus;
before exchanging information between the domain controllers, the encryption controller completes mutual authentication on the domain controllers needing to communicate with each other and generates a temporary session key for communication encryption between the exchanged domain controllers;
the first domain controller serving as an information sender encrypts a sending data packet through a temporary session key and sends the encrypted sending data packet to the second domain controller;
the temporary session key is kept unchanged according to a fixed time period of the requirement or is randomly generated in each session period.
2. The method as claimed in claim 1, wherein the encryption controller is provided with a first encryption management table, and the first encryption management table comprises: each domain controller is provided with a corresponding identity ID and a first symmetric key, wherein the first symmetric key is shared between the belonging domain controller and the encryption controller.
3. The method as claimed in claim 1, wherein each domain controller is provided with a second encryption management table, the second encryption management table comprising: an identity ID of a domain controller requiring communication and a first symmetric key shared with an encryption controller are set.
4. The method of claim 1, wherein obtaining the temporary session key comprises:
the first domain controller transmits a first communication request message to the second domain controller, the first communication request message including: an identity ID and timestamp T12 and a first ciphertext belonging to the first domain controller;
after receiving the first communication request message from the first domain controller, the second domain controller generates a second ciphertext and sends a verification request message to the encryption controller if the identity ID of the first domain controller is legal, wherein the verification request message comprises: the identity ID of the first domain controller, the identity ID of the second domain controller, a timestamp T2S, a first ciphertext and a second ciphertext;
after receiving the verification request message of the second domain controller, the encryption controller judges whether the identity ID of the first domain controller and the identity ID of the second domain controller are legal or not, and if the request is legal, the encryption controller decrypts the first ciphertext and the second ciphertext and extracts preset parameters;
and verifying the extracted preset parameters, if the verification is successful, generating a third random number by the encryption controller, and performing hash operation on the first random number, the second random number and the third random number to generate a temporary session key by the encryption controller from the preset parameters.
5. The method of claim 1, wherein the obtaining of the first ciphertext comprises:
the first domain controller generates a first random number, and encrypts the first random number and the identity ID of the second domain controller by using a first symmetric key belonging to the first domain controller.
6. The method of claim 1, wherein the obtaining of the second ciphertext comprises: the second domain controller generates a second random number, and encrypts the second random number and the identity ID belonging to the first domain controller with a first symmetric key belonging to itself.
7. The method as claimed in claim 4, wherein the obtaining of the preset parameter comprises: the encryption controller decrypts the first ciphertext and the second ciphertext by using the first symmetric key corresponding to the first domain controller and the first symmetric key corresponding to the second domain controller to respectively obtain the first random number, the identity ID of the first domain controller, the second random number and the identity ID of the second domain controller;
and extracting the first random number and the identity ID of the first domain controller, and forming preset parameters by the second random number and the identity ID of the second domain controller.
8. The method of claim 4, wherein the encryption controller sends a first reply response message to the second domain controller, the first reply response message comprising: a timestamp T3, a third ciphertext, and a fourth ciphertext;
after receiving the first reply response message of the encryption controller, the second domain controller decrypts the fourth ciphertext by using the first symmetric secret key belonging to the second domain controller, and acquires and verifies a second random number, the identity ID of the first domain controller and the temporary session secret key;
if the verification is passed, the second domain controller encrypts the identity ID of the first domain controller, the identity ID of the second domain controller and the second random number by using the temporary session secret key to form a fifth ciphertext;
the second domain controller transmits a second response request message to the first domain controller, the second response request message including: timestamp T4, a fifth ciphertext, and a third ciphertext.
9. The safe communication method of the backbone network based on the vehicle-mounted ethernet according to claim 4, wherein after the first domain controller receives the second response request message sent from the second domain controller, the third ciphertext is decrypted by using the first symmetric key shared with the encryption controller, and the decrypted identity ID, the first random number, the second random number, and the temporary session key of the second domain controller are obtained;
and the first domain controller verifies the parameters acquired after the third ciphertext is decrypted, decrypts the fifth ciphertext by using the temporary session key if the verification is passed, and verifies whether the decrypted parameters are legal, and stores the temporary session key if the decrypted parameters are legal.
10. The method for the safe communication of the backbone network based on the vehicle-mounted ethernet according to claim 4, wherein the encryption controller encrypts the first random number, the second random number, the identity ID of the second domain controller and the temporary session key by using the first symmetric key corresponding to the first domain controller, respectively, to obtain a third ciphertext;
and encrypting the second random number, the identity ID of the first domain controller and the temporary session key by using a first symmetric key corresponding to the second domain controller to obtain a fourth ciphertext.
11. The method as claimed in any one of claims 1 to 10, wherein after the domain controller receives the request message or the response message from another domain controller or the encryption controller, or after the encryption controller receives the request message or the response message from the domain controller, it is first determined whether the time delay is within the allowable range, and if not, the request message or the response message is directly lost.
12. The method according to any one of claims 1 to 10, wherein the domain controller or the encryption controller performs validity verification on the decrypted parameters, and if the verification is illegal, directly discards the request message or the response message.
13. The method as claimed in claim 1, wherein if the first domain controller is used as a data sender, and if the data packet to be sent conforms to the format of the SOME/IP packet, the data packet of the SOME/IP is modified and encrypted to form a new encrypted SOME/IP format data packet.
14. The method of claim 13, wherein the SOME/IP packet is modified by a method comprising:
dividing a payload field of the SOME/IP data frame into a first part, a second part and a third part, wherein the first part comprises a subheader, the second part comprises a subpayload and the third part comprises a message authorization code;
the sub-header at least comprises protocol version, encryption algorithm type, message authorization code length, sub-payload block number and sub-payload block length information, and the first part of the message is sent to a receiver in a plaintext form;
and encrypting the effective load data by using the encryption algorithm type specified by the subheader and the temporary session key, and taking the obtained ciphertext as the sub effective load.
15. The method of claim 1, wherein the second domain controller is used as a receiver, and the second domain controller unpacks the received SOME/IP message to obtain a payload;
and the second domain controller decrypts and analyzes the payload to obtain the payload of the plaintext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210584777.1A CN114978726A (en) | 2022-05-26 | 2022-05-26 | Backbone network safety communication method based on vehicle-mounted Ethernet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210584777.1A CN114978726A (en) | 2022-05-26 | 2022-05-26 | Backbone network safety communication method based on vehicle-mounted Ethernet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114978726A true CN114978726A (en) | 2022-08-30 |
Family
ID=82954932
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210584777.1A Pending CN114978726A (en) | 2022-05-26 | 2022-05-26 | Backbone network safety communication method based on vehicle-mounted Ethernet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978726A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115303238A (en) * | 2022-09-30 | 2022-11-08 | 小米汽车科技有限公司 | Auxiliary braking and whistle method, device, vehicle, readable storage medium and chip |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100031042A1 (en) * | 2007-10-26 | 2010-02-04 | Telcordia Technologies, Inc. | Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS) |
| CN106533655A (en) * | 2016-10-27 | 2017-03-22 | 江苏大学 | Method for secure communication of ECUs (Electronic control unit) in a vehicle network |
| CN108400867A (en) * | 2017-02-07 | 2018-08-14 | 中国科学院沈阳计算技术研究所有限公司 | A kind of authentication method based on public encryption system |
| US10218499B1 (en) * | 2017-10-03 | 2019-02-26 | Lear Corporation | System and method for secure communications between controllers in a vehicle network |
| CN109842489A (en) * | 2018-12-24 | 2019-06-04 | 福建联迪商用设备有限公司 | A kind of method that realizing secure communication, terminal and system |
| CN110943957A (en) * | 2018-09-21 | 2020-03-31 | 郑州信大捷安信息技术股份有限公司 | Safety communication system and method for vehicle intranet |
| WO2021036292A1 (en) * | 2019-08-30 | 2021-03-04 | 华为技术有限公司 | Identity authentication method and apparatus |
| CN112753203A (en) * | 2020-10-30 | 2021-05-04 | 华为技术有限公司 | Secure communication method and device |
| CN113785549A (en) * | 2019-04-23 | 2021-12-10 | 意大利乔治亚罗设计公司 | Transmission of vehicle data or messages using SOME/IP communication protocol |
| CN114157489A (en) * | 2021-12-02 | 2022-03-08 | 安徽江淮汽车集团股份有限公司 | Communication domain controller safety communication method based on periodic authentication handshake mechanism |
-
2022
- 2022-05-26 CN CN202210584777.1A patent/CN114978726A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100031042A1 (en) * | 2007-10-26 | 2010-02-04 | Telcordia Technologies, Inc. | Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS) |
| CN106533655A (en) * | 2016-10-27 | 2017-03-22 | 江苏大学 | Method for secure communication of ECUs (Electronic control unit) in a vehicle network |
| CN108400867A (en) * | 2017-02-07 | 2018-08-14 | 中国科学院沈阳计算技术研究所有限公司 | A kind of authentication method based on public encryption system |
| US10218499B1 (en) * | 2017-10-03 | 2019-02-26 | Lear Corporation | System and method for secure communications between controllers in a vehicle network |
| CN110943957A (en) * | 2018-09-21 | 2020-03-31 | 郑州信大捷安信息技术股份有限公司 | Safety communication system and method for vehicle intranet |
| CN109842489A (en) * | 2018-12-24 | 2019-06-04 | 福建联迪商用设备有限公司 | A kind of method that realizing secure communication, terminal and system |
| CN113785549A (en) * | 2019-04-23 | 2021-12-10 | 意大利乔治亚罗设计公司 | Transmission of vehicle data or messages using SOME/IP communication protocol |
| WO2021036292A1 (en) * | 2019-08-30 | 2021-03-04 | 华为技术有限公司 | Identity authentication method and apparatus |
| CN112753203A (en) * | 2020-10-30 | 2021-05-04 | 华为技术有限公司 | Secure communication method and device |
| CN114157489A (en) * | 2021-12-02 | 2022-03-08 | 安徽江淮汽车集团股份有限公司 | Communication domain controller safety communication method based on periodic authentication handshake mechanism |
Non-Patent Citations (3)
| Title |
|---|
| NISHANT SHARMA等: "Security challenges in Internet of Vehicles (IoV) environment", 《2018 FIRST INTERNATIONAL CONFERENCE ON SECURE CYBER COMPUTING AND COMMUNICATION (ICSCCC)》, 2 May 2019 (2019-05-02) * |
| 王春东等: "车联网互信认证与安全通信综述", 《计算机科学》, vol. 47, no. 11, 31 December 2020 (2020-12-31) * |
| 章嘉彦等: "V2X通通信中基于椭圆曲线加密算法的身份认证研究", 《汽车工程 》, no. 1, 31 March 2020 (2020-03-31) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115303238A (en) * | 2022-09-30 | 2022-11-08 | 小米汽车科技有限公司 | Auxiliary braking and whistle method, device, vehicle, readable storage medium and chip |
| CN115303238B (en) * | 2022-09-30 | 2023-02-17 | 小米汽车科技有限公司 | Auxiliary braking and whistle method and device, vehicle, readable storage medium and chip |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10965450B2 (en) | In-vehicle networking | |
| US11985238B2 (en) | Vehicle-mounted device upgrade method and related device | |
| Schweppe et al. | Car2x communication: securing the last meter-a cost-effective approach for ensuring trust in car2x applications using in-vehicle symmetric cryptography | |
| US10735206B2 (en) | Securing information exchanged between internal and external entities of connected vehicles | |
| US20220276855A1 (en) | Method and apparatus for processing upgrade package of vehicle | |
| CN102624515B (en) | Data transmission method, system and terminals | |
| CN111031147B (en) | Remote vehicle-mounted control system and method based on MQTT framework | |
| KR20150074414A (en) | Firmware upgrade method and system thereof | |
| CN107483393B (en) | Communication method, server and communication system of Internet of vehicles | |
| CN110933110A (en) | Communication method, sending end, receiving end and vehicle of vehicle-mounted network | |
| CN111049803A (en) | Data encryption and platform security access method based on vehicle-mounted CAN bus communication system | |
| CN113900429B (en) | Gateway system design method for converting CAN bus into vehicle-mounted Ethernet bus | |
| CN113132098B (en) | Large-scale in-vehicle network-oriented extensible CAN bus safety communication method and device | |
| CN112584355A (en) | Key cooperation method, system and medium for inter-vehicle communication | |
| Bella et al. | CINNAMON: A module for AUTOSAR secure onboard communication | |
| EP4107713A1 (en) | Method and system for addition of assurance information to v2x messaging | |
| CN114978726A (en) | Backbone network safety communication method based on vehicle-mounted Ethernet | |
| KR20190078154A (en) | Apparatus and method for performing intergrated authentification for vehicles | |
| EP3713190B1 (en) | Secure bridging of controller area network buses | |
| Carsten et al. | A system to recognize intruders in controller area network (can) | |
| Mokhadder et al. | Evaluation of vehicle system performance of an SAE J1939-91C network security implementation | |
| CN113660271B (en) | Security authentication method and device for Internet of vehicles | |
| CN116155579A (en) | Secure communication method, system, storage medium and vehicle | |
| CN115065474A (en) | Identity certificateless intelligent vehicle networking heterogeneous signcryption system under block chain-cloud edge fusion | |
| CN113839775A (en) | New energy automobile remote start control method based on 5GTBOX encryption technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |