CN115242411B - Vehicle-interior network secure communication method based on quantum random number generator - Google Patents
Vehicle-interior network secure communication method based on quantum random number generator Download PDFInfo
- Publication number
- CN115242411B CN115242411B CN202211161654.3A CN202211161654A CN115242411B CN 115242411 B CN115242411 B CN 115242411B CN 202211161654 A CN202211161654 A CN 202211161654A CN 115242411 B CN115242411 B CN 115242411B
- Authority
- CN
- China
- Prior art keywords
- random number
- abstract
- communication information
- mac
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Power Engineering (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a car intranet safety communication method based on a quantum random number generator, which relates to the technical field of car intranets and comprises the following steps: setting a quantum random number generator on a vehicle, generating a true random number, storing the true random number in a register of an intelligent gateway, and acquiring a key by the intelligent gateway and storing the key in the register; after receiving the communication request of the ECU1, the intelligent gateway grants the authority of the ECU1 to read the random number and the secret key in the register; the ECU1 reads and generates MAC information, PDU ciphertext, MAC abstract and random number abstract by using the random number and the secret key, and obtains and sends communication information of the PDU ciphertext | MAC abstract | random number abstract to the intelligent gateway; the intelligent gateway performs primary verification on the communication information by using the random number, forwards the communication information to the ECU2 after the communication information is successfully verified, and grants the authority of the ECU2 to read the random number and the secret key in the register; the ECU2 reads and performs secondary authentication of the communication information using the random number and the key pair. The invention improves the safety of information communication in the vehicle intranet.
Description
Technical Field
The invention relates to the technical field of vehicle intranets, in particular to a vehicle intranet safety communication method based on a quantum random number generator.
Background
The vehicle inner network is a basic technology for realizing the intelligent network connection of the single vehicle. The vehicle intranet establishes a standardized whole vehicle network (CAN network) based on a mature CAN bus technology, so that transmission of state information and Control signals among Electronic Control Units (ECU) in the vehicle on the vehicle intranet is realized, and the vehicle CAN realize functions of state sensing, fault diagnosis, intelligent Control and the like.
The technical core of the vehicle internal network is a CAN bus technology. The CAN bus sends various driving data of the automobile to the bus through the sensors distributed all over the automobile body, so that the receiving end needing the data CAN read the required information from the bus, the communication among the units of an automobile engine, an automatic gearbox, an ABS, an airbag and the like is realized, the information of the whole automobile is shared in time, and the safe driving, the comfort and the reliability of the automobile are finally promoted.
At present, plaintext Communication is realized between each ECU in a vehicle through a CAN network, in order to improve the safety of a CAN protocol, a component which is fully called Secure on Communication (SecOC) is supplemented in an AutoSAR (open System architecture) of the vehicle, and a set of Communication authentication method is introduced for a traditional CAN bus: a sender slices original data of a message, adds a secret key and a fresh value, and generates 128-bit identity authentication information through an algorithm; then, slicing the identity authentication information and the fresh value, and inserting the sliced identity authentication information and the fresh value into the designated byte of the CAN message load; and the receiver correspondingly carries out reverse process processing, and the information is thrown away when the verification fails. After being held by the SecOC, the communication between the CAN networks has communication authentication. The fresh value may be generated by both a timestamp check and a frame counter check.
However, the fresh value is obtained according to a certain logic, so a hacker can obtain the fresh value in the next communication by analyzing the intercepted information, forge the information and send the information to an ECU in the vehicle, realize the control of the vehicle and further generate a larger potential safety hazard on the driving safety.
Through retrieval, chinese patent publication No. CN107547572A discloses a CAN bus communication method based on pseudo random numbers: the CAN message sending end is used for generating random seeds; generating a first random number by using a first random function according to the random seed; and storing the random seed and the first random number into the CAN message to update the CAN message, and sending the updated CAN message to a CAN message receiving end. The CAN message receiving end is used for receiving a CAN message sent by the CAN message sending end; analyzing the CAN message to obtain a random seed and a first random number, and generating the first random number by using a first random function according to the random seed; and judging whether the generated first random number is the same as the first random number obtained by analysis, and responding to the CAN message if the generated first random number is the same as the first random number obtained by analysis. The patent stores the random seed and the first random number by adding verification at the end of the CAN message, and the receiving end judges whether the information of the sending end is legal or not by comparison. However, the following disadvantages still exist:
1. can only prevent forgery attack, the content of the message is still in the plaintext, the third party can still obtain the content of the message through the OBD interface,
2. in an actual CAN network, the bytes of the message are strictly limited, and the message encryption strength is weak under the condition of not occupying the bytes of the message;
3. the random number used is a pseudo-random number and the random seed and the random number are present in the message in a complete form. The random seed and the random number have a functional relationship, and the mapping relationship is analyzed in a large quantity through the OBD interface, so that the possibility of function relationship cracking exists;
4. CAN buses with different speeds exist in the CAN network, and the CAN buses with different speeds CAN communicate only through the intelligent gateway, so that the protection of the intelligent gateway under the condition of the communication of the CAN buses with different speeds is not considered;
5. the cracking difficulty is increased by overlapping functions and random numbers, but the requirement of message encryption and decryption time on the timeliness of the CAN network is not considered.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides the safe communication method for the vehicle intranet based on the quantum random number generator, which improves the safety of information communication in the vehicle intranet, can prevent not only hackers from replaying the attack of communication information, but also prevent hackers from obtaining PDU messages in the communication information.
In order to achieve the purpose, the invention adopts the following technical scheme that:
a secure communication method for an internal vehicle network based on a quantum random number generator comprises the following steps:
s1, arranging a random number generator on a vehicle, wherein the random number generator is used for generating random numbers and storing the generated random numbers in a register of an intelligent gateway on the vehicle;
s2, the intelligent gateway acquires a key and stores the key in a register;
s3, the ECU1 sends the communication request to the intelligent gateway, and after the intelligent gateway receives the communication request, the ECU1 is granted the authority to read the random number and the secret key in the register of the intelligent gateway;
the communication request comprises identity information of a sender, namely ECU1, and identity information of a receiver, namely ECU2;
s4, after the ECU1 obtains the random number and the secret key in the authority reading register, the following operations are carried out by using the read random number and the read secret key:
s41, the ECU1 adds a random number into the PDU message, encrypts the PDU message added with the random number by using a key, and generates MAC information;
s42, the ECU1 encrypts the PDU message by using the key to generate a PDU ciphertext;
s43, the ECU1 respectively slices the MAC information and the random number to generate an MAC abstract and a random number abstract;
s44, the ECU integrates the generated PDU cipher text, the MAC abstract and the random number abstract to obtain communication information of the PDU cipher text | MAC abstract | random number abstract ', and sends the communication information of the PDU cipher text | MAC abstract | random number abstract' to the intelligent gateway;
s5, after receiving the communication information of the PDU cipher text | MAC abstract | random number abstract 'sent by the ECU1, the intelligent gateway intercepts the random number abstract in the communication information, verifies the random number abstract in the communication information by using the random number in the register, forwards the received communication information of the PDU cipher text | MAC abstract | random number abstract' to a corresponding receiver, namely the ECU2 according to the identity information of the receiver, namely the ECU2 if the verification is successful, and grants the authority of the ECU2 for reading the random number and the secret key in the register of the intelligent gateway; if the verification is unsuccessful, the communication information is judged to be sent by a third party, namely a pseudo sender, and the intelligent gateway does not forward the information;
s6, after acquiring the authority, the ECU2 reads the random number and the secret key in the register, receives the communication information of the PDU ciphertext | MAC abstract | random number abstract' sent by the intelligent gateway, intercepts the PDU ciphertext, the MAC abstract and the random number abstract in the communication information, and verifies the received communication information through the read random number and the secret key, wherein the verification mode is as follows:
s61, the ECU2 slices the read random number to obtain a random number abstract, the ECU2 compares the random number abstract obtained by slicing with a random number abstract in the communication information, if the random number abstract is consistent with the random number abstract, the step S62 is carried out, otherwise, the communication information is judged to be sent by a third party, namely a pseudo-sender;
s62, the ECU2 decrypts the PDU cipher text in the communication information by using the read key to obtain a decrypted PDU message; the ECU2 adds the read random number into the decryption PDU message, encrypts the decryption PDU message added with the random number by using the read key, and generates MAC information;
s63, the ECU2 slices the MAC information generated in the step S62 to generate an MAC abstract;
s64, the ECU2 compares the MAC abstract generated in the step S63 with the MAC abstract in the communication information, and if the MAC abstract is consistent with the MAC abstract in the communication information, the communication information of the PDU cryptograph | MAC abstract | random number abstract' is judged to be a true receiver, namely the communication information is sent by the ECU 1; otherwise, the communication information is judged to be sent by a third party, namely a fake sending party.
Preferably, in step S6, after the ECU2 obtains the authority to read the random number and the key in the register, the intelligent gateway destroys the random number and the key in the register.
Preferably, in step S5, the intelligent gateway first determines whether the random number in the register is used for verification, and if the random number in the register is used for verification, the intelligent gateway does not verify the random number digest in the communication information any more, and determines that the communication information is sent by a third party, i.e., a pseudo-sender, and the intelligent gateway does not forward the information; and if the intelligent gateway does not use the random number in the register for verification, the random number in the register is used for verifying the random number abstract in the communication information.
Preferably, in step S5, the random number digest in the communication information is verified by using the random number in the register, and the specific method is as follows:
the intelligent gateway reads the content of the specific byte position in the random number according to the characteristic that the ECU1 processes the random number slice, compares the content of the specific byte position with the content of the random number abstract in the communication information, if the contents are the same, the verification of the random number abstract in the communication information is successful, otherwise, the verification is unsuccessful.
Preferably, in step S42, the ECU1 symmetrically encrypts the PDU message by using the key; in step S62, the ECU2 symmetrically decrypts the PDU cipher text in the communication information using the secret key.
Preferably, the slicing processing method of the MAC information by the ECU1 in step S43 is identical to the slicing processing method of the MAC information by the ECU2 in step S63; the slicing processing method of the random number by the ECU1 in step S43 matches the slicing processing method of the random number by the ECU2 in step S61.
Preferably, in step S41, the ECU1 adds a random number to the end of the PDU message; in step S62, the ECU2 adds a random number to the end of the decrypted PDU message.
Preferably, in step S1, the random number generator is a quantum random number generator for generating true random numbers.
Preferably, in step S1, the intelligent gateway communicates with a cloud, and obtains the quantum key from the cloud.
The invention has the advantages that:
(1) Aiming at the defects of limited communication information bearing bytes, unencrypted messages, unauthenticated communication information, weak authentication strength and the like of the existing CAN network, the random number generator is additionally arranged at the vehicle end, so that the intelligent gateway is endowed with the capability of checking the message security and confidentiality to realize the encryption of the messages and the multiple authentication of the communication information, the safety of the whole process of communication information transmission in the CAN network is realized, and the safety of information communication in the vehicle intranet is improved on the premise of ensuring the bearing capability of the CAN network.
(2) Aiming at the difficult problems that a SecOC component has weak authentication strength on the CAN network in the vehicle and a hacker cracks in the prior art, the invention is used for information communication between the CAN networks by additionally arranging a random number generator at the vehicle end, and simultaneously, aiming at the difficult problem that a used private key is easy to crack, the authentication and encryption on the CAN network are realized by using a quantum-based key, so that the safety of the communication information of the vehicle intranet is improved on the premise of ensuring the bandwidth of the CAN network of the vehicle.
(3) The invention carries out slicing processing on MAC information and random number, the slicing processing aims at reducing the byte occupation of verification information, namely MAC abstract and random number abstract, on PDU message, the byte number of effective information in communication information can be reduced if the verification information occupies too many bytes, and the byte number of each PDU message is strictly limited; the slicing processing aims at destroying the integrity of the random number and the MAC information, in addition, unidirectionality exists between the MAC information and the MAC abstract, and between the random number and the random number abstract, namely, the unique MAC abstract can be obtained through the MAC information, but the MAC information cannot be obtained through the MAC abstract, and the unique random number abstract can be obtained through the random number, but the random number cannot be obtained through the random number abstract, so that all information in a communication link is guaranteed to be ciphertext.
(4) Although the verification message is added to the message in the form of the invention, the verification processes are different, a third party cannot decode the communication message by intercepting, the random number generator generates a true random number and symmetrically encrypts the message, and provides support for the intelligent gateway, so that the intelligent gateway performs primary verification on the confidentiality and the safety of the communication message, whether the communication message is sent by a true sender is judged by verifying the random number abstract in the communication message, if the random number abstract is not successfully verified, the intelligent gateway stops forwarding the communication message, replay attack can be effectively prevented, meanwhile, occupation of a channel is avoided, and the condition that the false communication message of a third party, namely a false sender, cannot be forwarded to a receiver is ensured. The intelligent gateway checks the random number abstract in the communication information to ensure the safety of the communication link between the ECU1 and the intelligent gateway.
(5) According to the invention, the ECU2 carries out secondary verification on the communication information, the verification of the ECU2 on the random number abstract in the communication information is the first layer verification in the secondary verification, the verification of the ECU2 on the MAC abstract in the communication information is the second layer verification in the secondary verification, and the comparison results of the two layers of verification are consistent, so that the fact that the communication information is not forged by a third party in the transmission process is judged. The verification of the ECU2 on the random number abstract in the communication information is different from the verification of the intelligent gateway on the random number abstract in the communication information, the verification of the intelligent gateway is to ensure the safety of a communication link between the ECU1 and the intelligent gateway, and the verification of the ECU2 is to ensure the safety of the communication link between the intelligent gateway and the ECU2.
(6) The invention arranges a quantum random number generator at the vehicle end for generating a true random number, the random number used in the prior art is a pseudo random number, and a random seed and the random number exist in a message in a complete form. The random seed and the random number have a functional relationship, and the mapping relationship is analyzed in a large quantity through the OBD interface, so that the possibility of function relationship cracking exists. However, quantum random number generators generate true random numbers physically, which cannot be known in advance.
Drawings
Fig. 1 is a flowchart of a secure communication method for an in-vehicle network based on a quantum random number generator.
Fig. 2 is a schematic diagram illustrating the communication process of the intranet according to the present invention.
FIG. 3 is a schematic diagram of a process for generating random numbers by a quantum random number generator.
Fig. 4 is a schematic diagram of a process of generating MAC information.
Fig. 5 is a process diagram of the MAC information slicing process.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1 and 2, a secure communication method for an intranet based on a quantum random number generator includes the following steps:
s1, a quantum random number generator is arranged on a vehicle and used for generating true random numbers, sending the generated true random numbers to an intelligent gateway on the vehicle and storing the true random numbers in a register of the intelligent gateway.
The quantum random number generator is prior art, and as shown in fig. 3, the process of generating random numbers by the quantum random number generator includes four steps of random source selection, digital sampling, data post-processing, and randomness test. Based on different random sources, different random number generation schemes need to be adopted, and in the embodiment, a physical system is selected as a random source and a measurement result is obtained after the physical system passes through a measurement device; the measurement result is converted into a binary random bit string through digital sampling, and the binary random bit string is used as an original random number; because the original random sequence may contain some classical noises and some deviations still exist in the statistical distribution of the original random sequence, the original random sequence also needs to be subjected to randomness post-processing, namely data post-processing, and further converted into a smaller and more ideal random sequence without deviations; finally, to verify the quality of the generated random numbers, the generated random numbers are typically tested for randomness using standard randomness test software packages.
The invention is arranged at the vehicle end on a quantum random number generator and used for generating true random numbers, the random numbers used in the prior art are pseudo random numbers, and random seeds and the random numbers exist in messages in a complete form. The random seed and the random number have a functional relationship, and the mapping relationship is analyzed in a large quantity through the OBD interface, so that the possibility of function relationship cracking exists. However, quantum random number generators obtain true random numbers based on physical phenomena, which cannot be known in advance.
And S2, the intelligent gateway is communicated with the cloud end, the quantum key is obtained from the cloud end, and the obtained quantum key is stored in a register of the intelligent gateway.
And S3, when the ECU1 in the vehicle needs to communicate with the ECU2, the communication request is sent to the intelligent gateway, and after the intelligent gateway receives the communication request, the authority for reading the random number and the secret key in the register of the intelligent gateway is granted to the ECU 1.
When the ECU1 needs to communicate, the ECU1 sends a communication request to the intelligent gateway, wherein the communication request comprises identity information of a sender, namely the ECU1, and identity information of a receiver, namely the ECU2. Through the identity information in the communication request, the intelligent gateway can obtain the identity information of the receiver, and preparation is made for subsequent communication information forwarding of the intelligent gateway. And after receiving the communication request, the intelligent gateway grants the authority of the ECU1 to read the random number and the secret key in the register, and binds the communication request with the random number and the secret key read by the authority.
S4, the ECU1 reads the random number and the secret key in the register after obtaining the authority, and performs the following operations by using the read random number and the read secret key:
s41, the ECU1 adds a random number into the PDU message, encrypts the PDU message added with the random number by using a key, and generates MAC information;
as shown in fig. 4, in this embodiment, the ECU1 adds a random number to the end of the PDU message, and symmetrically encrypts the PDU message added with the random number using a secret key to generate MAC information.
S42, the ECU1 symmetrically encrypts the PDU message by using the secret key to generate a PDU ciphertext;
s43, the ECU1 respectively slices the MAC information and the random number to generate an MAC abstract and a random number abstract;
in the present embodiment, the ECU1 slices the MAC information and the random number as shown in fig. 5, and may obtain the MAC digest and the random number digest using a hash algorithm or a national commercial algorithm sm2, respectively.
S44, the ECU integrates the generated PDU cipher text, the MAC abstract and the random number abstract to obtain communication information of the PDU cipher text | MAC abstract | random number abstract ', and the communication information of the PDU cipher text | MAC abstract | random number abstract' is sent to the intelligent gateway through the CAN;
the invention carries out slicing processing on MAC information and random number, the slicing processing aims at reducing the byte occupation of verification information, namely MAC abstract and random number abstract, on PDU message, the byte number of effective information in communication information can be reduced if the verification information occupies too many bytes, and the byte number of each PDU message is strictly limited; the slicing process also aims to break the integrity of the random number and MAC information. In addition, unidirectionality exists between the MAC information and the MAC abstract and between the random number and the random number abstract, namely, the unique MAC abstract can be obtained through the MAC information, but the MAC information cannot be obtained through the MAC abstract, the unique random number abstract can be obtained through the random number, but the random number cannot be obtained through the random number abstract, and therefore all information in a communication link is guaranteed to be ciphertext.
In this embodiment, each communication message has only eight bytes, that is, all the original eight bytes are used to represent the PDU message, and now eight bytes are used to represent the PDU ciphertext | random number digest | MAC digest, thereby reducing the bytes of the MAC digest and the random number digest.
S5, after receiving the communication information of the PDU cipher text | MAC abstract | random number abstract' sent by the ECU1, the intelligent gateway intercepts the random number abstract in the communication information, firstly judges whether the random number in the register is used for verification, if the random number in the register is used for verification, the intelligent gateway does not verify the random number abstract in the communication information, judges that the communication information is sent by a third party, namely a pseudo-sender, and does not forward the information; if the random number in the register is not used for verification, the random number in the register is used for verifying the random number abstract in the communication information, if the verification is successful, the intelligent gateway forwards the received communication information of the PDU (protocol data Unit) ciphertext | MAC abstract | random number abstract to a corresponding receiver, namely the ECU2 according to the identity information of the receiver, namely the ECU2, and the authority for the ECU2 to read the random number and the secret key in the register of the intelligent gateway is granted; if the verification is unsuccessful, the communication information is judged to be sent by a third party, namely a pseudo sender, and the intelligent gateway does not forward the information.
In this embodiment, the intelligent gateway reads the content at the specific byte position in the random number according to the characteristics of the ECU1 for processing the random number slice, compares the content at the specific byte position with the content of the random number abstract in the communication information, and if the contents are the same, indicates that the verification of the random number abstract in the communication information is successful, otherwise indicates that the verification is unsuccessful.
In the invention, the intelligent gateway realizes the primary authentication of the communication information, judges whether the communication information is sent by a real sender, namely the ECU1, by checking the random number abstract in the communication information, and stops forwarding the communication information if the random number abstract is not successfully checked, thereby effectively protecting replay attack, avoiding the occupation of a channel and ensuring that the false communication information of a third party, namely a false sender cannot be forwarded to the ECU2. The intelligent gateway checks the random number abstract in the communication information to ensure the safety of the communication link between the ECU1 and the intelligent gateway.
S6, the ECU2 reads the random number and the secret key in the register after acquiring the authority, receives communication information of 'PDU ciphertext | MAC abstract | random number abstract' sent by the intelligent gateway, and then intercepts the PDU ciphertext, the MAC abstract and the random number abstract in the communication information; after the ECU2 acquires the authority to read the random number and the key in the register, the intelligent gateway destroys the random number and the key in the register; the ECU2 verifies the received communication information by the read random number and the key in the following manner:
s61, the ECU2 slices the read random number to obtain a random number abstract, the ECU2 compares the random number abstract obtained by slicing with a random number abstract in the communication information, if the random number abstract is consistent with the random number abstract in the communication information, the step S62 is carried out, otherwise, the communication information is judged to be sent by a third party, namely a pseudo-sender;
wherein the slicing processing mode of the random number by the ECU2 in the step S61 is consistent with the slicing processing mode of the random number by the ECU1 in the step S43;
s62, the ECU2 decrypts the PDU cipher text in the communication information by using the read key to obtain a decrypted PDU message; the ECU2 adds the read random number into the decryption PDU message, encrypts the decryption PDU message added with the random number by using the read key, and generates MAC information;
the ECU2 symmetrically decrypts the PDU ciphertext in the communication information by using the key to obtain a decrypted PDU message; the ECU2 adds the read random number to the end of the decrypted PDU message;
s63, the ECU2 slices the MAC information generated in the step S62 to generate an MAC abstract;
wherein, the slicing processing mode of the MAC information by the ECU2 in the step S63 is consistent with the slicing processing mode of the MAC information by the ECU1 in the step S43;
s64, the ECU2 compares the MAC abstract generated in the step S63 with the MAC abstract in the communication information, and if the MAC abstract is consistent with the MAC abstract in the communication information, the communication information of the PDU cryptograph | MAC abstract | random number abstract' is judged to be a true receiver, namely the communication information is sent by the ECU 1; otherwise, the communication information is judged to be sent by a third party, namely a fake sending party.
In the invention, the verification of the ECU2 on the random number abstract in the communication information in the step S61 is different from the verification of the intelligent gateway on the random number abstract in the communication information in the step S5, the verification of the intelligent gateway in the step S5 is to ensure the safety of a communication link between the ECU1 and the intelligent gateway, and the verification of the ECU2 in the step S61 is to ensure the safety of the communication link between the intelligent gateway and the ECU2.
In the invention, the whole step S6 is the second-level verification of the ECU2 on the communication information, the step S61 is the first-layer verification in the second-level verification of the ECU2 on the communication information, and the steps S62 to S64 are the second-layer verification in the second-level verification of the ECU2 on the communication information, and if the comparison results of the two layers of verifications are consistent, the communication information is judged to have no third-party forgery in the transmission process.
In the transmission link, all contents in the communication information are ciphertext, so that the communication information cannot be acquired by a third party.
In this embodiment, the effectiveness of the in-vehicle network secure communication method of the present invention is analyzed in the following five scenarios:
in a first scene, a hacker invades a CAN network, intercepts and captures communication information sent to an intelligent gateway by an ECU1, replays the communication information and repeatedly sends the communication information to the intelligent gateway;
because only one communication information is transmitted in the CAN bus every time, the next communication information is sent only after the transmission of one communication information is finished, the time that a hacker CAN intercept the complete communication information sent to the intelligent gateway by the ECU1 is always after the ECU1 sends the communication information to the intelligent gateway, namely the hacker carries out replay attack and is always after the intelligent gateway receives the communication information, the intelligent gateway firstly receives the communication information, checks the abstract of the random number in the communication information, and after the check is successful, the intelligent gateway needs to forward the received communication information to the ECU2 and needs to grant the ECU2 the authority of reading the random number and the secret key;
if the hacker repeatedly sends the communication information to the intelligent gateway after the ECU2 reads the random number and the secret key, namely the random number and the secret key are destroyed, the intelligent gateway can not check the random number abstract in the communication information repeatedly sent by the hacker any more because the random number is destroyed, and the intelligent gateway can not forward the communication information repeatedly sent by the hacker to the ECU2;
if the hacker repeatedly sends the communication information to the intelligent gateway before the ECU2 reads the random number and the secret key, that is, before the random number and the secret key are destroyed, but the intelligent gateway uses the random number once to check the communication information sent by the ECU1, so that the intelligent gateway cannot use the random number to check the random number abstract in the communication information repeatedly sent by the hacker, and the intelligent gateway cannot forward the communication information repeatedly sent by the hacker to the ECU2.
A second scenario is that a hacker invades the CAN network, intercepts and captures communication information sent to the ECU2 by the intelligent gateway, replays the communication information and repeatedly sends the communication information to the ECU2;
because only one communication information is transmitted in the CAN bus every time, the next communication information is sent only after one communication information is transmitted, so that the time that a hacker CAN intercept the complete communication information sent to the ECU2 by the intelligent gateway is certain after the intelligent gateway sends the communication information to the ECU2, namely the hacker carries out replay attack and is certain after the ECU2 receives the communication information, the ECU2 receives the communication information first, the intelligent gateway CAN grant the ECU2 the authority of reading the random number and the secret key, the ECU2 receives the communication information and reads the random number and the secret key and then executes corresponding operation to finish the verification of the communication information, and the random number and the secret key used by the communicated information are destroyed;
however, since the ECU2 cannot acquire the right granted by the intelligent gateway to read the random number and the secret key, after receiving the communication information repeatedly sent by the hacker, the ECU2 cannot generate a random number digest, or even cannot compare the random number digest with the random number digest in the communication message, and in step S61, it is determined that the communication information is sent by the third party, i.e., the false sender.
A third scenario is that a hacker invades the CAN network, intercepts and captures communication information sent to the intelligent gateway by the ECU1, replays the communication information, and repeatedly sends the communication information to the ECU2;
because of the communication mechanism of the CAN bus, the ECU1 and the ECU2 are not always on the same CAN bus, when the intelligent gateway verifies the random number abstract in the communication information sent by the ECU1, the ECU2 already receives the communication information repeatedly sent by a hacker, but the ECU2 does not receive the authority granted by the intelligent gateway to read the random number and the secret key, so that the communication information repeatedly sent by the hacker cannot be verified, and the replay attack of the hacker is invalid.
And fourthly, a hacker invades the CAN network, intercepts the communication message sent by the ECU1 to the intelligent gateway, replays the communication message, changes the random number abstract in the communication message, and sends the changed communication message to the intelligent gateway.
And (5) sending the changed communication information to the intelligent gateway by a hacker, verifying the random number abstract in the changed communication information by the intelligent gateway after receiving the changed communication information, and checking to find that the random number abstract in the communication information does not correspond to the true random number, namely, judging that the communication information is sent by a third party, namely a pseudo-sender in step S5, so that the intelligent gateway does not forward the communication information and further does not generate any safety problem.
A fifth scenario is that a hacker invades the CAN network and intercepts communication information;
the content format of the communication information in the communication link is 'PDU cipher text | random number abstract | MAC abstract', in the communication information, the PDU message content is encrypted through a quantum key, the random number content is subjected to slicing processing, the random number abstract is incomplete content, so that the random number cannot be complemented, and the MAC abstract content is a message body plaintext spliced random number, then encrypted and subjected to slicing processing, so that the PDU message content is also incomplete content. Therefore, the functional relationship can not be analyzed through the content of the communication information, and the PDU message can not be cracked.
Wherein, the first scene to the fourth scene verify that the invention CAN prevent the attack of the communication information replayed by the hacker to the CAN network; scene five verifies that the invention can prevent hackers from obtaining PDU messages in communication information;
the present invention is not limited to the above embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (7)
1. A secure communication method for an internal vehicle network based on a quantum random number generator is characterized by comprising the following steps:
s1, arranging a random number generator on a vehicle, wherein the random number generator is used for generating random numbers and storing the generated random numbers in a register of an intelligent gateway on the vehicle;
s2, the intelligent gateway acquires a key and stores the key in a register;
s3, the sender, namely the ECU1 sends the communication request to the intelligent gateway, and after the intelligent gateway receives the communication request, the ECU1 is granted the authority to read the random number and the secret key in the register of the intelligent gateway;
the communication request comprises identity information of the ECU1 and identity information of a receiver, namely the ECU2;
s4, after the ECU1 obtains the random number and the secret key in the authority reading register, the following operations are carried out by using the read random number and the read secret key:
s41, the ECU1 adds a random number into the PDU message, encrypts the PDU message added with the random number by using a key, and generates MAC information;
s42, the ECU1 encrypts the PDU message by using the key to generate a PDU ciphertext;
s43, the ECU1 respectively slices the MAC information and the random number to generate an MAC abstract and a random number abstract;
s44, the ECU integrates the generated PDU cipher text, the MAC abstract and the random number abstract to obtain communication information of the PDU cipher text | MAC abstract | random number abstract ', and sends the communication information of the PDU cipher text | MAC abstract | random number abstract' to the intelligent gateway;
s5, after receiving the communication information of the PDU cipher text | MAC abstract | random number abstract 'sent by the ECU1, the intelligent gateway intercepts the random number abstract in the communication information, verifies the random number abstract in the communication information by using the random number in the register, forwards the received communication information of the PDU cipher text | MAC abstract | random number abstract' to a corresponding receiver, namely the ECU2 according to the identity information of the receiver, namely the ECU2 if the verification is successful, and grants the authority of the ECU2 to read the random number and the secret key in the register of the intelligent gateway; if the verification is unsuccessful, the communication information is judged to be sent by a third party, namely a pseudo sender, and the intelligent gateway does not forward the information;
s6, after the ECU2 obtains the authority, the random number and the secret key in the register are read, after the communication information of 'PDU cryptograph | MAC abstract | random number abstract' sent by the intelligent gateway is received, the PDU cryptograph, the MAC abstract and the random number abstract in the communication information are intercepted, the received communication information is verified through the read random number and the secret key, and the verification mode is as follows:
s61, the ECU2 slices the read random number to obtain a random number abstract, the ECU2 compares the random number abstract obtained by slicing with a random number abstract in the communication information, if the random number abstract is consistent with the random number abstract in the communication information, the step S62 is carried out, otherwise, the communication information is judged to be sent by a third party, namely a pseudo-sender;
s62, the ECU2 decrypts the PDU cipher text in the communication information by using the read key to obtain a decrypted PDU message; the ECU2 adds the read random number to the decrypted PDU message, encrypts the decrypted PDU message added with the random number by using the read key, and generates MAC information;
s63, the ECU2 slices the MAC information generated in the step S62 to generate an MAC abstract;
s64, the ECU2 compares the MAC abstract generated in the step S63 with the MAC abstract in the communication information, and if the MAC abstract is consistent with the MAC abstract in the communication information, the communication information of the PDU cryptograph | MAC abstract | random number abstract' is judged to be a true receiver, namely the communication information is sent by the ECU 1; otherwise, judging that the communication information is sent by a third party, namely a pseudo sender;
in the step S1, the random number generator is a quantum random number generator and is used for generating true random numbers;
in step S2, the intelligent gateway is communicated with a cloud end, and a quantum key is obtained from the cloud end.
2. The secure communication method for the internal vehicle network based on the quantum random number generator according to claim 1, wherein in step S6, after the ECU2 obtains the authority to read the random number and the key in the register, the smart gateway destroys the random number and the key in the register.
3. The secure communication method for the internal vehicle network based on the quantum random number generator according to claim 1, wherein in step S5, the intelligent gateway first determines whether the random number in the register is used for verification, and if the intelligent gateway has used the random number in the register for verification, the intelligent gateway does not verify the random number digest in the communication information any more, and determines that the communication information is sent by a third party, i.e., a pseudo-sender, and the intelligent gateway does not forward the information; and if the intelligent gateway does not use the random number in the register for verification, the random number in the register is used for verifying the random number abstract in the communication information.
4. The secure communication method for the vehicle interior network based on the quantum random number generator according to claim 1, wherein in step S5, the random number in the register is used to check the digest of the random number in the communication information, and the specific method is as follows:
the intelligent gateway reads the content of the specific byte position in the random number according to the characteristics of the ECU1 for processing the random number slice, compares the content of the specific byte position with the content of the random number abstract in the communication information, if the content of the specific byte position is the same as the content of the random number abstract in the communication information, the verification of the random number abstract in the communication information is successful, and otherwise, the verification is unsuccessful.
5. The secure communication method for the vehicle interior network based on the quantum random number generator according to the claim 1, wherein in the step S42, the ECU1 symmetrically encrypts the PDU message by using the secret key; in step S62, the ECU2 symmetrically decrypts the PDU cipher text in the communication information using the secret key.
6. The method for secure communication in an automobile interior network based on the quantum random number generator according to claim 1, wherein the slicing processing mode of the ECU1 to the MAC information in step S43 is the same as the slicing processing mode of the ECU2 to the MAC information in step S63; the slicing processing method of the random number by the ECU1 in step S43 matches the slicing processing method of the random number by the ECU2 in step S61.
7. The secure communication method for the car intranet based on the quantum random number generator according to the claim 1, wherein the step S41 is that the ECU1 adds the random number to the end of the PDU message; in step S62, the ECU2 adds a random number to the end of the decrypted PDU message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211161654.3A CN115242411B (en) | 2022-09-23 | 2022-09-23 | Vehicle-interior network secure communication method based on quantum random number generator |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211161654.3A CN115242411B (en) | 2022-09-23 | 2022-09-23 | Vehicle-interior network secure communication method based on quantum random number generator |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115242411A CN115242411A (en) | 2022-10-25 |
| CN115242411B true CN115242411B (en) | 2022-12-02 |
Family
ID=83667011
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211161654.3A Active CN115242411B (en) | 2022-09-23 | 2022-09-23 | Vehicle-interior network secure communication method based on quantum random number generator |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115242411B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115865350B (en) * | 2023-02-27 | 2023-05-05 | 合肥工业大学 | Vehicle cloud service system based on quantum security |
| CN117714055B (en) * | 2024-02-05 | 2024-04-12 | 合肥工业大学 | In-vehicle network communication method based on identity information |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533655A (en) * | 2016-10-27 | 2017-03-22 | 江苏大学 | Method for secure communication of ECUs (Electronic control unit) in a vehicle network |
| CN106790053A (en) * | 2016-12-20 | 2017-05-31 | 江苏大学 | A kind of method of ECU secure communications in CAN |
| CN107104791A (en) * | 2017-03-29 | 2017-08-29 | 江苏大学 | A kind of in-vehicle network one-time pad communication means hidden based on ECU identity |
| CN108494725A (en) * | 2018-01-30 | 2018-09-04 | 惠州市德赛西威汽车电子股份有限公司 | A kind of encryption communication method of vehicle-mounted CAN bus message |
| WO2018214487A1 (en) * | 2017-05-25 | 2018-11-29 | 华为技术有限公司 | Secure communication method, apparatus and system for controller area network bus |
| CN109495251A (en) * | 2018-12-03 | 2019-03-19 | 如般量子科技有限公司 | Anti- quantum calculation wired home cloud storage method and system based on key card |
| CN110069931A (en) * | 2019-05-05 | 2019-07-30 | 济南浪潮高新科技投资发展有限公司 | A kind of UEFI BIOS system security upgrading method based on quantum cryptography |
| CN110086622A (en) * | 2018-01-25 | 2019-08-02 | 南京汽车集团有限公司 | In-vehicle network security architecture designs under a kind of intelligent network connection environment |
| CN112994898A (en) * | 2021-04-08 | 2021-06-18 | 北京邮电大学 | Vehicle intranet communication safety authentication method and device |
| WO2021139190A1 (en) * | 2020-01-10 | 2021-07-15 | 华为技术有限公司 | Intra-vehicle network-based communication method and apparatus |
| WO2021147100A1 (en) * | 2020-01-23 | 2021-07-29 | 华为技术有限公司 | Message transmission method and apparatus |
| CN113346995A (en) * | 2021-06-24 | 2021-09-03 | 中电信量子科技有限公司 | Quantum security key-based method and system for preventing mail from being tampered in transmission process |
| CN114040356A (en) * | 2021-10-20 | 2022-02-11 | 合肥炀熵量子科技有限责任公司 | Intelligent networking automobile data safety protection method integrating quantum safety |
| CN114419928A (en) * | 2022-01-27 | 2022-04-29 | 合肥工业大学 | Vehicle road cloud cooperative control system and method based on quantum communication |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11108542B2 (en) * | 2017-07-07 | 2021-08-31 | Board Of Regents Of The Nevada System Of Higher Education, On Behalf Of The University Of Nevada, Reno | Multi-processor automotive electronic control unit |
| US20190068361A1 (en) * | 2017-08-30 | 2019-02-28 | Ford Global Technologies, Llc | In-vehicle group key distribution |
-
2022
- 2022-09-23 CN CN202211161654.3A patent/CN115242411B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533655A (en) * | 2016-10-27 | 2017-03-22 | 江苏大学 | Method for secure communication of ECUs (Electronic control unit) in a vehicle network |
| CN106790053A (en) * | 2016-12-20 | 2017-05-31 | 江苏大学 | A kind of method of ECU secure communications in CAN |
| CN107104791A (en) * | 2017-03-29 | 2017-08-29 | 江苏大学 | A kind of in-vehicle network one-time pad communication means hidden based on ECU identity |
| WO2018214487A1 (en) * | 2017-05-25 | 2018-11-29 | 华为技术有限公司 | Secure communication method, apparatus and system for controller area network bus |
| CN110086622A (en) * | 2018-01-25 | 2019-08-02 | 南京汽车集团有限公司 | In-vehicle network security architecture designs under a kind of intelligent network connection environment |
| CN108494725A (en) * | 2018-01-30 | 2018-09-04 | 惠州市德赛西威汽车电子股份有限公司 | A kind of encryption communication method of vehicle-mounted CAN bus message |
| CN109495251A (en) * | 2018-12-03 | 2019-03-19 | 如般量子科技有限公司 | Anti- quantum calculation wired home cloud storage method and system based on key card |
| CN110069931A (en) * | 2019-05-05 | 2019-07-30 | 济南浪潮高新科技投资发展有限公司 | A kind of UEFI BIOS system security upgrading method based on quantum cryptography |
| WO2021139190A1 (en) * | 2020-01-10 | 2021-07-15 | 华为技术有限公司 | Intra-vehicle network-based communication method and apparatus |
| WO2021147100A1 (en) * | 2020-01-23 | 2021-07-29 | 华为技术有限公司 | Message transmission method and apparatus |
| CN112994898A (en) * | 2021-04-08 | 2021-06-18 | 北京邮电大学 | Vehicle intranet communication safety authentication method and device |
| CN113346995A (en) * | 2021-06-24 | 2021-09-03 | 中电信量子科技有限公司 | Quantum security key-based method and system for preventing mail from being tampered in transmission process |
| CN114040356A (en) * | 2021-10-20 | 2022-02-11 | 合肥炀熵量子科技有限责任公司 | Intelligent networking automobile data safety protection method integrating quantum safety |
| CN114419928A (en) * | 2022-01-27 | 2022-04-29 | 合肥工业大学 | Vehicle road cloud cooperative control system and method based on quantum communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115242411A (en) | 2022-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110635893B (en) | Vehicle-mounted Ethernet information security protection method | |
| CN115242411B (en) | Vehicle-interior network secure communication method based on quantum random number generator | |
| EP3297247B1 (en) | In-vehicle encrypted networking | |
| US8520839B2 (en) | Data transmitter with a secure and efficient signature | |
| US9992178B2 (en) | Method, apparatus and system for dynamically controlling secure vehicle communication based on ignition | |
| US20140301550A1 (en) | Method for recognizing a manipulation of a sensor and/or sensor data of the sensor | |
| US9923722B2 (en) | Message authentication library | |
| US11516191B2 (en) | Method of and system for secure data export from an automotive engine control unit | |
| WO2000049764A1 (en) | Data authentication system employing encrypted integrity blocks | |
| CN110933110A (en) | Communication method, sending end, receiving end and vehicle of vehicle-mounted network | |
| CN106506149B (en) | Key generation method and system between a kind of TBOX terminal and TSP platform | |
| CN116405302B (en) | System and method for in-vehicle safety communication | |
| CN113612617A (en) | CAN-based in-vehicle communication protocol security improvement method | |
| KR101269086B1 (en) | Data certification and acquisition method and system for vehicle | |
| CN111865922A (en) | Communication method, device, equipment and storage medium | |
| CN109714171A (en) | Safety protecting method, device, equipment and medium | |
| CN115242410A (en) | Vehicle-interior network identity authentication method based on quantum random number generator | |
| CN111869160B (en) | Method and apparatus for secure transmission of a message from a transmitting device to a receiving device | |
| CN115361230B (en) | In-vehicle safety information communication method, system and medium of vehicle-mounted Ethernet | |
| CN116456336A (en) | External equipment access security authentication method, system, automobile, equipment and storage medium | |
| Zhao et al. | A scalable security protocol for Intravehicular Controller Area Network | |
| US20230308260A1 (en) | Apparatus for Receiving Cryptographically Protected Communication Data and Method for Receiving Cryptographically Protected Communication Data | |
| Zhang et al. | A Controller Area Network Bus Identity Authentication Method Based on Hash Algorithm | |
| Lin et al. | AnchorCAN: Anchor-Based Secure CAN Communications System | |
| JP2017208731A (en) | Management system, management device, on-vehicle computer, management method, and computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230925 Address after: Building B4, 5th Floor v3, Zhongguancun Collaborative Innovation Industrial Park, Intersection of Lanzhou Road and Chongqing Road, Baohe Economic Development Zone, Hefei City, Anhui Province, 230000 yuan Patentee after: Anhui Guandun Technology Co.,Ltd. Address before: 230009 No. 193, Tunxi Road, Hefei, Anhui Patentee before: HeFei University of Technology Asset Management Co.,Ltd. Effective date of registration: 20230925 Address after: 230009 No. 193, Tunxi Road, Hefei, Anhui Patentee after: HeFei University of Technology Asset Management Co.,Ltd. Address before: Tunxi road in Baohe District of Hefei city of Anhui Province, No. 193 230009 Patentee before: Hefei University of Technology |
|
| TR01 | Transfer of patent right |