Background
The vehicle inner network is a basic technology for realizing the intelligent network connection of the single vehicle. The vehicle intranet establishes a standardized whole vehicle network (CAN network) based on a mature CAN bus technology, so that transmission of state information and Control signals among Electronic Control Units (ECU) in the vehicle on the vehicle intranet is realized, and the vehicle CAN realize functions of state sensing, fault diagnosis, intelligent Control and the like.
The technical core of the vehicle internal network is a CAN bus technology. The CAN bus sends various driving data of the automobile to the bus through the sensors distributed all over the automobile body, so that the receiving end needing the data CAN read the required information from the bus, the communication among the units of an automobile engine, an automatic gearbox, an ABS, an airbag and the like is realized, the information of the whole automobile is shared in time, and the safe driving, the comfort and the reliability of the automobile are finally promoted.
At present, plaintext Communication is realized between each ECU in a vehicle through a CAN network, in order to improve the safety of a CAN protocol, a component which is fully called Secure on Communication (SecOC) is supplemented in an AutoSAR (open System architecture) of the vehicle, and a set of Communication authentication method is introduced for a traditional CAN bus: a sender slices original data of a message, adds a secret key and a fresh value, and generates 128-bit identity authentication information through an algorithm; then, slicing the identity authentication information and the fresh value, and inserting the sliced identity authentication information and the fresh value into the designated byte of the CAN message load; and the receiver correspondingly carries out reverse process processing, and the information is thrown away when the verification fails. After being held by the SecOC, the communication between the CAN networks has communication authentication. The fresh value may be generated by both a timestamp check and a frame counter check.
However, the fresh value is obtained according to a certain logic, so a hacker can obtain the fresh value in the next communication by analyzing the intercepted information, forge the information and send the information to an ECU in the vehicle, realize the control of the vehicle and further generate a larger potential safety hazard on the driving safety.
Through retrieval, chinese patent publication No. CN107547572A discloses a CAN bus communication method based on pseudo random numbers: the CAN message sending end is used for generating random seeds; generating a first random number by using a first random function according to the random seed; and storing the random seed and the first random number into the CAN message to update the CAN message, and sending the updated CAN message to a CAN message receiving end. The CAN message receiving end is used for receiving a CAN message sent by the CAN message sending end; analyzing the CAN message to obtain a random seed and a first random number, and generating the first random number by using a first random function according to the random seed; and judging whether the generated first random number is the same as the first random number obtained by analysis, and responding to the CAN message if the generated first random number is the same as the first random number obtained by analysis. The patent stores the random seed and the first random number by adding verification at the end of the CAN message, and the receiving end judges whether the information of the sending end is legal or not by comparison. However, the following disadvantages still exist:
1. can only prevent forgery attack, the content of the message is still in the plaintext, the third party can still obtain the content of the message through the OBD interface,
2. in an actual CAN network, the bytes of the message are strictly limited, and the message encryption strength is weak under the condition of not occupying the bytes of the message;
3. the random number used is a pseudo-random number and the random seed and the random number are present in the message in a complete form. The random seed and the random number have a functional relationship, and the mapping relationship is analyzed in a large quantity through the OBD interface, so that the possibility of function relationship cracking exists;
4. CAN buses with different speeds exist in the CAN network, and the CAN buses with different speeds CAN communicate only through the intelligent gateway, so that the protection of the intelligent gateway under the condition of the communication of the CAN buses with different speeds is not considered;
5. the cracking difficulty is increased by overlapping functions and random numbers, but the requirement of message encryption and decryption time on the timeliness of the CAN network is not considered.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides the safe communication method for the vehicle intranet based on the quantum random number generator, which improves the safety of information communication in the vehicle intranet, can prevent not only hackers from replaying the attack of communication information, but also prevent hackers from obtaining PDU messages in the communication information.
In order to achieve the purpose, the invention adopts the following technical scheme that:
a secure communication method for an internal vehicle network based on a quantum random number generator comprises the following steps:
s1, arranging a random number generator on a vehicle, wherein the random number generator is used for generating random numbers and storing the generated random numbers in a register of an intelligent gateway on the vehicle;
s2, the intelligent gateway acquires a key and stores the key in a register;
s3, the ECU1 sends the communication request to the intelligent gateway, and after the intelligent gateway receives the communication request, the ECU1 is granted the authority to read the random number and the secret key in the register of the intelligent gateway;
the communication request comprises identity information of a sender, namely ECU1, and identity information of a receiver, namely ECU2;
s4, after the ECU1 obtains the random number and the secret key in the authority reading register, the following operations are carried out by using the read random number and the read secret key:
s41, the ECU1 adds a random number into the PDU message, encrypts the PDU message added with the random number by using a key, and generates MAC information;
s42, the ECU1 encrypts the PDU message by using the key to generate a PDU ciphertext;
s43, the ECU1 respectively slices the MAC information and the random number to generate an MAC abstract and a random number abstract;
s44, the ECU integrates the generated PDU cipher text, the MAC abstract and the random number abstract to obtain communication information of the PDU cipher text | MAC abstract | random number abstract ', and sends the communication information of the PDU cipher text | MAC abstract | random number abstract' to the intelligent gateway;
s5, after receiving the communication information of the PDU cipher text | MAC abstract | random number abstract 'sent by the ECU1, the intelligent gateway intercepts the random number abstract in the communication information, verifies the random number abstract in the communication information by using the random number in the register, forwards the received communication information of the PDU cipher text | MAC abstract | random number abstract' to a corresponding receiver, namely the ECU2 according to the identity information of the receiver, namely the ECU2 if the verification is successful, and grants the authority of the ECU2 for reading the random number and the secret key in the register of the intelligent gateway; if the verification is unsuccessful, the communication information is judged to be sent by a third party, namely a pseudo sender, and the intelligent gateway does not forward the information;
s6, after acquiring the authority, the ECU2 reads the random number and the secret key in the register, receives the communication information of the PDU ciphertext | MAC abstract | random number abstract' sent by the intelligent gateway, intercepts the PDU ciphertext, the MAC abstract and the random number abstract in the communication information, and verifies the received communication information through the read random number and the secret key, wherein the verification mode is as follows:
s61, the ECU2 slices the read random number to obtain a random number abstract, the ECU2 compares the random number abstract obtained by slicing with a random number abstract in the communication information, if the random number abstract is consistent with the random number abstract, the step S62 is carried out, otherwise, the communication information is judged to be sent by a third party, namely a pseudo-sender;
s62, the ECU2 decrypts the PDU cipher text in the communication information by using the read key to obtain a decrypted PDU message; the ECU2 adds the read random number into the decryption PDU message, encrypts the decryption PDU message added with the random number by using the read key, and generates MAC information;
s63, the ECU2 slices the MAC information generated in the step S62 to generate an MAC abstract;
s64, the ECU2 compares the MAC abstract generated in the step S63 with the MAC abstract in the communication information, and if the MAC abstract is consistent with the MAC abstract in the communication information, the communication information of the PDU cryptograph | MAC abstract | random number abstract' is judged to be a true receiver, namely the communication information is sent by the ECU 1; otherwise, the communication information is judged to be sent by a third party, namely a fake sending party.
Preferably, in step S6, after the ECU2 obtains the authority to read the random number and the key in the register, the intelligent gateway destroys the random number and the key in the register.
Preferably, in step S5, the intelligent gateway first determines whether the random number in the register is used for verification, and if the random number in the register is used for verification, the intelligent gateway does not verify the random number digest in the communication information any more, and determines that the communication information is sent by a third party, i.e., a pseudo-sender, and the intelligent gateway does not forward the information; and if the intelligent gateway does not use the random number in the register for verification, the random number in the register is used for verifying the random number abstract in the communication information.
Preferably, in step S5, the random number digest in the communication information is verified by using the random number in the register, and the specific method is as follows:
the intelligent gateway reads the content of the specific byte position in the random number according to the characteristic that the ECU1 processes the random number slice, compares the content of the specific byte position with the content of the random number abstract in the communication information, if the contents are the same, the verification of the random number abstract in the communication information is successful, otherwise, the verification is unsuccessful.
Preferably, in step S42, the ECU1 symmetrically encrypts the PDU message by using the key; in step S62, the ECU2 symmetrically decrypts the PDU cipher text in the communication information using the secret key.
Preferably, the slicing processing method of the MAC information by the ECU1 in step S43 is identical to the slicing processing method of the MAC information by the ECU2 in step S63; the slicing processing method of the random number by the ECU1 in step S43 matches the slicing processing method of the random number by the ECU2 in step S61.
Preferably, in step S41, the ECU1 adds a random number to the end of the PDU message; in step S62, the ECU2 adds a random number to the end of the decrypted PDU message.
Preferably, in step S1, the random number generator is a quantum random number generator for generating true random numbers.
Preferably, in step S1, the intelligent gateway communicates with a cloud, and obtains the quantum key from the cloud.
The invention has the advantages that:
(1) Aiming at the defects of limited communication information bearing bytes, unencrypted messages, unauthenticated communication information, weak authentication strength and the like of the existing CAN network, the random number generator is additionally arranged at the vehicle end, so that the intelligent gateway is endowed with the capability of checking the message security and confidentiality to realize the encryption of the messages and the multiple authentication of the communication information, the safety of the whole process of communication information transmission in the CAN network is realized, and the safety of information communication in the vehicle intranet is improved on the premise of ensuring the bearing capability of the CAN network.
(2) Aiming at the difficult problems that a SecOC component has weak authentication strength on the CAN network in the vehicle and a hacker cracks in the prior art, the invention is used for information communication between the CAN networks by additionally arranging a random number generator at the vehicle end, and simultaneously, aiming at the difficult problem that a used private key is easy to crack, the authentication and encryption on the CAN network are realized by using a quantum-based key, so that the safety of the communication information of the vehicle intranet is improved on the premise of ensuring the bandwidth of the CAN network of the vehicle.
(3) The invention carries out slicing processing on MAC information and random number, the slicing processing aims at reducing the byte occupation of verification information, namely MAC abstract and random number abstract, on PDU message, the byte number of effective information in communication information can be reduced if the verification information occupies too many bytes, and the byte number of each PDU message is strictly limited; the slicing processing aims at destroying the integrity of the random number and the MAC information, in addition, unidirectionality exists between the MAC information and the MAC abstract, and between the random number and the random number abstract, namely, the unique MAC abstract can be obtained through the MAC information, but the MAC information cannot be obtained through the MAC abstract, and the unique random number abstract can be obtained through the random number, but the random number cannot be obtained through the random number abstract, so that all information in a communication link is guaranteed to be ciphertext.
(4) Although the verification message is added to the message in the form of the invention, the verification processes are different, a third party cannot decode the communication message by intercepting, the random number generator generates a true random number and symmetrically encrypts the message, and provides support for the intelligent gateway, so that the intelligent gateway performs primary verification on the confidentiality and the safety of the communication message, whether the communication message is sent by a true sender is judged by verifying the random number abstract in the communication message, if the random number abstract is not successfully verified, the intelligent gateway stops forwarding the communication message, replay attack can be effectively prevented, meanwhile, occupation of a channel is avoided, and the condition that the false communication message of a third party, namely a false sender, cannot be forwarded to a receiver is ensured. The intelligent gateway checks the random number abstract in the communication information to ensure the safety of the communication link between the ECU1 and the intelligent gateway.
(5) According to the invention, the ECU2 carries out secondary verification on the communication information, the verification of the ECU2 on the random number abstract in the communication information is the first layer verification in the secondary verification, the verification of the ECU2 on the MAC abstract in the communication information is the second layer verification in the secondary verification, and the comparison results of the two layers of verification are consistent, so that the fact that the communication information is not forged by a third party in the transmission process is judged. The verification of the ECU2 on the random number abstract in the communication information is different from the verification of the intelligent gateway on the random number abstract in the communication information, the verification of the intelligent gateway is to ensure the safety of a communication link between the ECU1 and the intelligent gateway, and the verification of the ECU2 is to ensure the safety of the communication link between the intelligent gateway and the ECU2.
(6) The invention arranges a quantum random number generator at the vehicle end for generating a true random number, the random number used in the prior art is a pseudo random number, and a random seed and the random number exist in a message in a complete form. The random seed and the random number have a functional relationship, and the mapping relationship is analyzed in a large quantity through the OBD interface, so that the possibility of function relationship cracking exists. However, quantum random number generators generate true random numbers physically, which cannot be known in advance.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1 and 2, a secure communication method for an intranet based on a quantum random number generator includes the following steps:
s1, a quantum random number generator is arranged on a vehicle and used for generating true random numbers, sending the generated true random numbers to an intelligent gateway on the vehicle and storing the true random numbers in a register of the intelligent gateway.
The quantum random number generator is prior art, and as shown in fig. 3, the process of generating random numbers by the quantum random number generator includes four steps of random source selection, digital sampling, data post-processing, and randomness test. Based on different random sources, different random number generation schemes need to be adopted, and in the embodiment, a physical system is selected as a random source and a measurement result is obtained after the physical system passes through a measurement device; the measurement result is converted into a binary random bit string through digital sampling, and the binary random bit string is used as an original random number; because the original random sequence may contain some classical noises and some deviations still exist in the statistical distribution of the original random sequence, the original random sequence also needs to be subjected to randomness post-processing, namely data post-processing, and further converted into a smaller and more ideal random sequence without deviations; finally, to verify the quality of the generated random numbers, the generated random numbers are typically tested for randomness using standard randomness test software packages.
The invention is arranged at the vehicle end on a quantum random number generator and used for generating true random numbers, the random numbers used in the prior art are pseudo random numbers, and random seeds and the random numbers exist in messages in a complete form. The random seed and the random number have a functional relationship, and the mapping relationship is analyzed in a large quantity through the OBD interface, so that the possibility of function relationship cracking exists. However, quantum random number generators obtain true random numbers based on physical phenomena, which cannot be known in advance.
And S2, the intelligent gateway is communicated with the cloud end, the quantum key is obtained from the cloud end, and the obtained quantum key is stored in a register of the intelligent gateway.
And S3, when the ECU1 in the vehicle needs to communicate with the ECU2, the communication request is sent to the intelligent gateway, and after the intelligent gateway receives the communication request, the authority for reading the random number and the secret key in the register of the intelligent gateway is granted to the ECU 1.
When the ECU1 needs to communicate, the ECU1 sends a communication request to the intelligent gateway, wherein the communication request comprises identity information of a sender, namely the ECU1, and identity information of a receiver, namely the ECU2. Through the identity information in the communication request, the intelligent gateway can obtain the identity information of the receiver, and preparation is made for subsequent communication information forwarding of the intelligent gateway. And after receiving the communication request, the intelligent gateway grants the authority of the ECU1 to read the random number and the secret key in the register, and binds the communication request with the random number and the secret key read by the authority.
S4, the ECU1 reads the random number and the secret key in the register after obtaining the authority, and performs the following operations by using the read random number and the read secret key:
s41, the ECU1 adds a random number into the PDU message, encrypts the PDU message added with the random number by using a key, and generates MAC information;
as shown in fig. 4, in this embodiment, the ECU1 adds a random number to the end of the PDU message, and symmetrically encrypts the PDU message added with the random number using a secret key to generate MAC information.
S42, the ECU1 symmetrically encrypts the PDU message by using the secret key to generate a PDU ciphertext;
s43, the ECU1 respectively slices the MAC information and the random number to generate an MAC abstract and a random number abstract;
in the present embodiment, the ECU1 slices the MAC information and the random number as shown in fig. 5, and may obtain the MAC digest and the random number digest using a hash algorithm or a national commercial algorithm sm2, respectively.
S44, the ECU integrates the generated PDU cipher text, the MAC abstract and the random number abstract to obtain communication information of the PDU cipher text | MAC abstract | random number abstract ', and the communication information of the PDU cipher text | MAC abstract | random number abstract' is sent to the intelligent gateway through the CAN;
the invention carries out slicing processing on MAC information and random number, the slicing processing aims at reducing the byte occupation of verification information, namely MAC abstract and random number abstract, on PDU message, the byte number of effective information in communication information can be reduced if the verification information occupies too many bytes, and the byte number of each PDU message is strictly limited; the slicing process also aims to break the integrity of the random number and MAC information. In addition, unidirectionality exists between the MAC information and the MAC abstract and between the random number and the random number abstract, namely, the unique MAC abstract can be obtained through the MAC information, but the MAC information cannot be obtained through the MAC abstract, the unique random number abstract can be obtained through the random number, but the random number cannot be obtained through the random number abstract, and therefore all information in a communication link is guaranteed to be ciphertext.
In this embodiment, each communication message has only eight bytes, that is, all the original eight bytes are used to represent the PDU message, and now eight bytes are used to represent the PDU ciphertext | random number digest | MAC digest, thereby reducing the bytes of the MAC digest and the random number digest.
S5, after receiving the communication information of the PDU cipher text | MAC abstract | random number abstract' sent by the ECU1, the intelligent gateway intercepts the random number abstract in the communication information, firstly judges whether the random number in the register is used for verification, if the random number in the register is used for verification, the intelligent gateway does not verify the random number abstract in the communication information, judges that the communication information is sent by a third party, namely a pseudo-sender, and does not forward the information; if the random number in the register is not used for verification, the random number in the register is used for verifying the random number abstract in the communication information, if the verification is successful, the intelligent gateway forwards the received communication information of the PDU (protocol data Unit) ciphertext | MAC abstract | random number abstract to a corresponding receiver, namely the ECU2 according to the identity information of the receiver, namely the ECU2, and the authority for the ECU2 to read the random number and the secret key in the register of the intelligent gateway is granted; if the verification is unsuccessful, the communication information is judged to be sent by a third party, namely a pseudo sender, and the intelligent gateway does not forward the information.
In this embodiment, the intelligent gateway reads the content at the specific byte position in the random number according to the characteristics of the ECU1 for processing the random number slice, compares the content at the specific byte position with the content of the random number abstract in the communication information, and if the contents are the same, indicates that the verification of the random number abstract in the communication information is successful, otherwise indicates that the verification is unsuccessful.
In the invention, the intelligent gateway realizes the primary authentication of the communication information, judges whether the communication information is sent by a real sender, namely the ECU1, by checking the random number abstract in the communication information, and stops forwarding the communication information if the random number abstract is not successfully checked, thereby effectively protecting replay attack, avoiding the occupation of a channel and ensuring that the false communication information of a third party, namely a false sender cannot be forwarded to the ECU2. The intelligent gateway checks the random number abstract in the communication information to ensure the safety of the communication link between the ECU1 and the intelligent gateway.
S6, the ECU2 reads the random number and the secret key in the register after acquiring the authority, receives communication information of 'PDU ciphertext | MAC abstract | random number abstract' sent by the intelligent gateway, and then intercepts the PDU ciphertext, the MAC abstract and the random number abstract in the communication information; after the ECU2 acquires the authority to read the random number and the key in the register, the intelligent gateway destroys the random number and the key in the register; the ECU2 verifies the received communication information by the read random number and the key in the following manner:
s61, the ECU2 slices the read random number to obtain a random number abstract, the ECU2 compares the random number abstract obtained by slicing with a random number abstract in the communication information, if the random number abstract is consistent with the random number abstract in the communication information, the step S62 is carried out, otherwise, the communication information is judged to be sent by a third party, namely a pseudo-sender;
wherein the slicing processing mode of the random number by the ECU2 in the step S61 is consistent with the slicing processing mode of the random number by the ECU1 in the step S43;
s62, the ECU2 decrypts the PDU cipher text in the communication information by using the read key to obtain a decrypted PDU message; the ECU2 adds the read random number into the decryption PDU message, encrypts the decryption PDU message added with the random number by using the read key, and generates MAC information;
the ECU2 symmetrically decrypts the PDU ciphertext in the communication information by using the key to obtain a decrypted PDU message; the ECU2 adds the read random number to the end of the decrypted PDU message;
s63, the ECU2 slices the MAC information generated in the step S62 to generate an MAC abstract;
wherein, the slicing processing mode of the MAC information by the ECU2 in the step S63 is consistent with the slicing processing mode of the MAC information by the ECU1 in the step S43;
s64, the ECU2 compares the MAC abstract generated in the step S63 with the MAC abstract in the communication information, and if the MAC abstract is consistent with the MAC abstract in the communication information, the communication information of the PDU cryptograph | MAC abstract | random number abstract' is judged to be a true receiver, namely the communication information is sent by the ECU 1; otherwise, the communication information is judged to be sent by a third party, namely a fake sending party.
In the invention, the verification of the ECU2 on the random number abstract in the communication information in the step S61 is different from the verification of the intelligent gateway on the random number abstract in the communication information in the step S5, the verification of the intelligent gateway in the step S5 is to ensure the safety of a communication link between the ECU1 and the intelligent gateway, and the verification of the ECU2 in the step S61 is to ensure the safety of the communication link between the intelligent gateway and the ECU2.
In the invention, the whole step S6 is the second-level verification of the ECU2 on the communication information, the step S61 is the first-layer verification in the second-level verification of the ECU2 on the communication information, and the steps S62 to S64 are the second-layer verification in the second-level verification of the ECU2 on the communication information, and if the comparison results of the two layers of verifications are consistent, the communication information is judged to have no third-party forgery in the transmission process.
In the transmission link, all contents in the communication information are ciphertext, so that the communication information cannot be acquired by a third party.
In this embodiment, the effectiveness of the in-vehicle network secure communication method of the present invention is analyzed in the following five scenarios:
in a first scene, a hacker invades a CAN network, intercepts and captures communication information sent to an intelligent gateway by an ECU1, replays the communication information and repeatedly sends the communication information to the intelligent gateway;
because only one communication information is transmitted in the CAN bus every time, the next communication information is sent only after the transmission of one communication information is finished, the time that a hacker CAN intercept the complete communication information sent to the intelligent gateway by the ECU1 is always after the ECU1 sends the communication information to the intelligent gateway, namely the hacker carries out replay attack and is always after the intelligent gateway receives the communication information, the intelligent gateway firstly receives the communication information, checks the abstract of the random number in the communication information, and after the check is successful, the intelligent gateway needs to forward the received communication information to the ECU2 and needs to grant the ECU2 the authority of reading the random number and the secret key;
if the hacker repeatedly sends the communication information to the intelligent gateway after the ECU2 reads the random number and the secret key, namely the random number and the secret key are destroyed, the intelligent gateway can not check the random number abstract in the communication information repeatedly sent by the hacker any more because the random number is destroyed, and the intelligent gateway can not forward the communication information repeatedly sent by the hacker to the ECU2;
if the hacker repeatedly sends the communication information to the intelligent gateway before the ECU2 reads the random number and the secret key, that is, before the random number and the secret key are destroyed, but the intelligent gateway uses the random number once to check the communication information sent by the ECU1, so that the intelligent gateway cannot use the random number to check the random number abstract in the communication information repeatedly sent by the hacker, and the intelligent gateway cannot forward the communication information repeatedly sent by the hacker to the ECU2.
A second scenario is that a hacker invades the CAN network, intercepts and captures communication information sent to the ECU2 by the intelligent gateway, replays the communication information and repeatedly sends the communication information to the ECU2;
because only one communication information is transmitted in the CAN bus every time, the next communication information is sent only after one communication information is transmitted, so that the time that a hacker CAN intercept the complete communication information sent to the ECU2 by the intelligent gateway is certain after the intelligent gateway sends the communication information to the ECU2, namely the hacker carries out replay attack and is certain after the ECU2 receives the communication information, the ECU2 receives the communication information first, the intelligent gateway CAN grant the ECU2 the authority of reading the random number and the secret key, the ECU2 receives the communication information and reads the random number and the secret key and then executes corresponding operation to finish the verification of the communication information, and the random number and the secret key used by the communicated information are destroyed;
however, since the ECU2 cannot acquire the right granted by the intelligent gateway to read the random number and the secret key, after receiving the communication information repeatedly sent by the hacker, the ECU2 cannot generate a random number digest, or even cannot compare the random number digest with the random number digest in the communication message, and in step S61, it is determined that the communication information is sent by the third party, i.e., the false sender.
A third scenario is that a hacker invades the CAN network, intercepts and captures communication information sent to the intelligent gateway by the ECU1, replays the communication information, and repeatedly sends the communication information to the ECU2;
because of the communication mechanism of the CAN bus, the ECU1 and the ECU2 are not always on the same CAN bus, when the intelligent gateway verifies the random number abstract in the communication information sent by the ECU1, the ECU2 already receives the communication information repeatedly sent by a hacker, but the ECU2 does not receive the authority granted by the intelligent gateway to read the random number and the secret key, so that the communication information repeatedly sent by the hacker cannot be verified, and the replay attack of the hacker is invalid.
And fourthly, a hacker invades the CAN network, intercepts the communication message sent by the ECU1 to the intelligent gateway, replays the communication message, changes the random number abstract in the communication message, and sends the changed communication message to the intelligent gateway.
And (5) sending the changed communication information to the intelligent gateway by a hacker, verifying the random number abstract in the changed communication information by the intelligent gateway after receiving the changed communication information, and checking to find that the random number abstract in the communication information does not correspond to the true random number, namely, judging that the communication information is sent by a third party, namely a pseudo-sender in step S5, so that the intelligent gateway does not forward the communication information and further does not generate any safety problem.
A fifth scenario is that a hacker invades the CAN network and intercepts communication information;
the content format of the communication information in the communication link is 'PDU cipher text | random number abstract | MAC abstract', in the communication information, the PDU message content is encrypted through a quantum key, the random number content is subjected to slicing processing, the random number abstract is incomplete content, so that the random number cannot be complemented, and the MAC abstract content is a message body plaintext spliced random number, then encrypted and subjected to slicing processing, so that the PDU message content is also incomplete content. Therefore, the functional relationship can not be analyzed through the content of the communication information, and the PDU message can not be cracked.
Wherein, the first scene to the fourth scene verify that the invention CAN prevent the attack of the communication information replayed by the hacker to the CAN network; scene five verifies that the invention can prevent hackers from obtaining PDU messages in communication information;
the present invention is not limited to the above embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention.