CN116055181B - Data tampering behavior identification method and device based on clock synchronization technology - Google Patents

Data tampering behavior identification method and device based on clock synchronization technology Download PDF

Info

Publication number
CN116055181B
CN116055181B CN202310042286.9A CN202310042286A CN116055181B CN 116055181 B CN116055181 B CN 116055181B CN 202310042286 A CN202310042286 A CN 202310042286A CN 116055181 B CN116055181 B CN 116055181B
Authority
CN
China
Prior art keywords
data
nitrogen
ecu
oxygen sensor
delay time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310042286.9A
Other languages
Chinese (zh)
Other versions
CN116055181A (en
Inventor
李长豫
刘卫林
吴春玲
景晓军
白晓鑫
李旭
周文瑾
庞国民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CATARC Automotive Test Center Tianjin Co Ltd
Original Assignee
CATARC Automotive Test Center Tianjin Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CATARC Automotive Test Center Tianjin Co Ltd filed Critical CATARC Automotive Test Center Tianjin Co Ltd
Priority to CN202310042286.9A priority Critical patent/CN116055181B/en
Publication of CN116055181A publication Critical patent/CN116055181A/en
Application granted granted Critical
Publication of CN116055181B publication Critical patent/CN116055181B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01NINVESTIGATING OR ANALYSING MATERIALS BY DETERMINING THEIR CHEMICAL OR PHYSICAL PROPERTIES
    • G01N33/00Investigating or analysing materials by specific methods not covered by groups G01N1/00 - G01N31/00
    • G01N33/0004Gaseous mixtures, e.g. polluted air
    • G01N33/0009General constructional details of gas analysers, e.g. portable test equipment
    • G01N33/007Arrangements to check the analyser
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0638Clock or time synchronisation among nodes; Internode synchronisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/10Internal combustion engine [ICE] based vehicles
    • Y02T10/40Engine management systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Chemical & Material Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Combustion & Propulsion (AREA)
  • Food Science & Technology (AREA)
  • Medicinal Chemistry (AREA)
  • Physics & Mathematics (AREA)
  • Analytical Chemistry (AREA)
  • Biochemistry (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Immunology (AREA)
  • Pathology (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a data tampering behavior identification method and device based on a clock synchronization technology. The identification method comprises the following steps: calculating the message transmission delay time between the ECU and the nitrogen-oxygen sensor by a clock synchronization technology; for delay time t D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; encrypting the plaintext data by using an encryption algorithm to obtain ciphertext data, and transmitting the ciphertext data to a CAN bus through a custom message; after receiving ciphertext data sent by a custom message from the CAN bus, decrypting the ciphertext data by using a decryption algorithm to restore the ciphertext data into plaintext data, and judging the tampering behavior of the data according to a comparison result. The method and the device CAN identify possible emission information tampering behaviors in the CAN bus of the six vehicles.

Description

Data tampering behavior identification method and device based on clock synchronization technology
Technical Field
The invention belongs to the technical field of automobile CAN bus technology and engine electronic control, and particularly relates to a data tampering behavior identification method and device based on a clock synchronization technology.
Background
In recent years, the problem of environmental pollution in the atmosphere has been raised as one of the important challenges for sustainable development of the automotive industry. In particular, the implementation of the national six-emission regulations puts higher demands on the vehicle pollution emission control technology, but new and higher-level emission information tampering measures are also grown on the market.
During implementation of national fourth and fifth emission standards, the manner in which a vehicle SCR upstream temperature sensor is raised and a nitrogen-oxygen simulator is installed has become a means of tamper emission information that is disclosed in the market. The measured temperature is reduced through the heightening exhaust temperature sensor, the nitrogen-oxygen simulator replaces the nitrogen-oxygen sensor to simulate and send a lower nitrogen-oxygen concentration value to the CAN bus, the urea consumption is reduced, the whole vehicle cannot report errors because of the open-loop control of urea injection, and the actual exhaust is greatly beyond the national fourth and fifth emission standards.
Along with implementation of the national sixth standard, an upstream and downstream nitrogen-oxygen sensor is installed on the vehicle aftertreatment, nitrogen-oxygen concentration rationality monitoring logic is integrated in the ECU, and urea injection adopts closed-loop control, so that urea consumption cannot be reduced only by means of heightening a temperature discharge sensor and installing a nitrogen-oxygen simulator, and the whole vehicle can report corresponding aftertreatment faults to cause torsion and speed limitation of the whole vehicle. But the market also breeds higher emission information tampering means, and the independent serial connection of the gateway and the CAN buses of the upstream and downstream nitrogen and oxygen sensors is adopted to realize the message information exchange between the nitrogen and oxygen sensors and the gateway, and the gateway modifies the nitrogen and oxygen concentration after analyzing the nitrogen and oxygen information message and packages and sends the modified nitrogen and oxygen concentration to the CAN buses for the ECU and the T-Box to take. The method can still realize the purpose of urea injection reduction and the whole vehicle cannot report errors.
Accordingly, in order to avoid the occurrence of the above phenomenon as much as possible, patent CN202011153112.2 discloses a technique for detecting the presence of a nitrogen-oxygen simulator by detecting the rationality of the law of nitrogen-oxygen emission on a vehicle. However, the technology is not without loopholes, the nitrogen-oxygen simulator CAN acquire information such as engine rotating speed, oil quantity and torque through a CAN bus, and the built-in map is consulted to output a dynamic nitrogen-oxygen value so as to avoid being detected by an ECU rationality detection logic, and the technology is more inexpedient on equipment such as a gateway which CAN tamper with emission information. Therefore, there is currently no technology in the industry that can accurately detect tampering behavior of emission information.
Disclosure of Invention
Aiming at the technical problems in the background technology, the invention aims to provide a data tampering behavior identification method and device based on a clock synchronization technology.
In order to achieve the above purpose, the technical scheme provided by the invention is as follows:
first aspect
The invention provides a data tampering behavior identification method based on a clock synchronization technology, which comprises the following steps:
step 1: the nitrogen-oxygen sensor calculates the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and defines the delay time as t D
Step 2: delay time t of nitrogen-oxygen sensor pair D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data;
step 3: the nitrogen-oxygen sensor encrypts plaintext data by using an encryption algorithm to obtain ciphertext data, and sends the ciphertext data to the CAN bus through a custom message;
step 4: after receiving ciphertext data sent by a custom message from a CAN bus, the ECU decrypts the ciphertext data by using a decryption algorithm and restores the ciphertext data into plaintext data;
step 5: ECU obtains delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD Comparing, and according to the comparison result, logarithmAnd judging according to the tampering behavior.
Second aspect
The invention provides a data tampering behavior recognition device based on a clock synchronization technology, which comprises a nitrogen-oxygen sensor and an ECU;
the nitrogen-oxygen sensor is used for calculating the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and the delay time is defined as t D The method comprises the steps of carrying out a first treatment on the surface of the For delay time t D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; encrypting the plaintext data by using an encryption algorithm to obtain ciphertext data, and transmitting the ciphertext data to a CAN bus through a custom message;
the ECU is used for decrypting the ciphertext data by using a decryption algorithm to restore the ciphertext data into plaintext data after receiving the ciphertext data sent by the custom message from the CAN bus; obtaining delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result.
Compared with the prior art, the invention has the beneficial effects that:
based on the CAN bus clock synchronization technology, the invention calculates the delay time of the emission information tampering device by utilizing the characteristics of message transmission delay caused by operations such as receiving, unpacking, processing, packing, sending a message and the like of the emission information tampering device, and sends the delay time to the ECU through the CAN bus by using an encryption algorithm, and the ECU judges whether the emission information tampering device exists on the CAN bus or not by comparing the delay time with the standard delay time, thereby realizing intelligent detection of the emission information tampering behavior of the CAN bus. Therefore, possible emission information tampering behaviors in the CAN bus of the six vehicles CAN be identified, and emission information is prevented from being tampered in the CAN bus transmission process.
Drawings
FIG. 1 is a schematic flow chart of a method according to an embodiment of the present application;
fig. 2 is a schematic diagram of a clock synchronization process in an embodiment of the present application.
Description of the embodiments
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that the invention provides a method and a device for identifying emission information tampering behavior based on a CAN bus clock synchronization technology, which are mainly applied to a whole vehicle meeting national six emission standards.
The CAN bus clock synchronization technology is a specific application of an IEEE 1588 protocol on an automobile CAN bus, so that each node on the CAN bus CAN realize high-precision time synchronization, the synchronization precision CAN reach us level, and the delay time of receiving, processing and transmitting data of a singlechip such as a gateway is ms level, therefore, whether emission information tampering equipment such as the gateway exists in the CAN bus or not CAN be judged based on the principle of CAN bus clock synchronization.
IEEE 1588 mainly defines four clock message types: 1, synchronizing messages, sync for short; 2 Follow the message, namely Follow-Up;3, delaying a request message, namely a Relay-Req;4 response message, called Relay-Resp for short.
As shown in fig. 2, the ECU acts as a master clock node, and the nitroxide sensor as a slave clock node realizes clock synchronization with the master clock node based on the CAN bus clock synchronization technology, and the calculation of the deviation time and the delay time of the master clock node is performed in the nitroxide sensor.
T2=time offset + delay time + T1,
t4=t3-time offset+delay time;
the time deviation = [ (T2-T1) + (T3-T4) ]/2, the time delay = [ (T2-T1) + (T4-T3) ]/2 can be derived.
In the scheme of the invention, the nitrogen-oxygen sensor acquires the message transmission delay time t between the ECU and the nitrogen-oxygen sensor in the mode D (ns level).
As shown in fig. 1, the method for identifying data tampering behavior based on clock synchronization technology provided in this embodiment includes the following steps:
step 1: the nitrogen-oxygen sensor directly calculates the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and the delay time is defined as t D The method comprises the steps of carrying out a first treatment on the surface of the Normally, the delay time is in ns level, occupies 6 bytes and has a unit of 1ns/bit.
Step 2: delay time t of nitrogen-oxygen sensor pair D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; based on the consideration that the CAN bus may be subjected to electromagnetic interference, the delay time t is set in the nitrogen-oxygen sensor D Checksum operations are performed to ensure the integrity and accuracy of the data. The first check operation result occupies 1 byte. The delay time and the first check operation result form 7 bytes of effective data, then 9 bytes of filling data with the content of 0x09 are filled by adopting a PKCS7 filling algorithm, at the moment, the effective data and the filling data jointly form 16 bytes of preprocessed data, namely each byte of preprocessed data is defined as follows: byte1-byte6 is the delay time t D The method comprises the steps of carrying out a first treatment on the surface of the byte7 is the checksum operation result; byte8-byte16 is consecutive 9 bytes 0x09.
Step 3: in order to prevent the plaintext data from being tampered by the emission fake-making equipment such as the gateway and the like in the CAN bus transmission process, the plaintext data needs to be encrypted. The nitrogen-oxygen sensor encrypts plaintext data by using an encryption algorithm to obtain ciphertext data, and sends the ciphertext data to the CAN bus through a custom message; for the encryption and decryption speed and the performance of the nitrogen-oxygen sensor chip, the symmetric encryption algorithm AES-128 is used for encrypting data, and the ECU and the nitrogen-oxygen sensor are both internally provided with the same secret key K. And after preprocessing, the data length accords with the minimum byte number requirement of an AES-128 encryption algorithm, the group of data is defined as plaintext data, the plaintext data is encrypted by a secret key K arranged in a nitrogen-oxygen sensor to obtain a group of 16-byte ciphertext data, and the 16-byte ciphertext data is split into byte1-byte 8-byte ciphertext data a and byte9-byte 16-byte ciphertext data b. Wherein 8-byte ciphertext data a passes the ID:0x1800E53 is sent to the CAN bus, only one frame is sent; 8-byte ciphertext data b passes the ID: the 0x1800E54 is sent to the CAN bus, sending only one frame.
Step 4: after receiving ciphertext data sent by a custom message from a CAN bus, the ECU decrypts the ciphertext data by using a decryption algorithm and restores the ciphertext data into plaintext data; step 4 and step 5 occur inside the ECU and are processed accordingly by the ECU chip. Specifically, the ECU receives the ID:0x1800E53 message and ID: after 0x1800E54 message, recombining ciphertext data a and ciphertext data b into 16-byte ciphertext data, and decrypting the 16-byte ciphertext data by using the built-in key K to obtain 16-byte plaintext data. Taking 16 bytes of plaintext data byte1-byte6 for checksum operation, comparing with byte7, and if the checksum operation result comparison is unequal, considering that the current frame data is invalid and not carrying out the next operation; if the check sum operation results are equal in comparison, the current frame data is considered to be accurate and effective, 16 bytes of plaintext data byte1-byte6 are taken for analysis, and delay time t is calculated D
Step 5: ECU obtains delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result. The method comprises the following steps:
if delay time t D And a standard delay time t SD The comparison result is within the allowable tolerance range, the counter C num Subtracting 1 from the value;
if delay time t D And a standard delay time t SD The counter C is used for comparing the result with the allowable tolerance range num The value is added with 1;
when the counter C num When the value reaches the maximum value, judging that the suspected emission fake-making equipment exists between the ECU and the nitrogen-oxygen sensor, reporting that the suspected emission information is tampered with faults, and triggering a driver alarm system and a speed limit torsion limiter according to the national sixth OBD monitoring rule;
wherein the allowable tolerance range is 0 < t D ≤2t SD The maximum value is 255.
Wherein, the counter C for the first power-on of the whole vehicle num The initial value of the value is set to 0, the minimum value is 0, and the counter C is used after the whole car is powered down num The value is automatically stored in the ECU cache and is continuously accumulated or subtracted after the next whole vehicle is powered on.
In addition, the embodiment further includes the following steps:
step 01: powering up the whole vehicle and waiting for the initialization of the nitrogen-oxygen sensor to finish;
step 02: at the time T1, the ECU sends a Sync message to the nitrogen-oxygen sensor, and the ECU records the sending time T1; the message can be sent after the whole vehicle is electrified for 10 s;
step 03: at the time T2, the nitrogen-oxygen sensor receives the Sync message and records the time T2;
step 04: the ECU then sends a Follow-Up message to the nitrogen-oxygen sensor, and marks a time stamp of T1 in the message; step 05: at the time T3, the nitrogen-oxygen sensor is used as a slave clock node to send a Relay-Req message to the master clock node ECU, and the time T3 is recorded; .
Step 06: at the time T4, the ECU responds to the Relay-Resp message and marks a time stamp of T4 in the message, and the nitrogen-oxygen sensor executes the steps 1-3;
step 07: judging whether a Relay-Resp message of the ECU is received by the nitrogen-oxygen sensor, if not, jumping to the step 08; if yes, the ECU executes the step 4;
step 08: the nitrogen-oxygen sensor repeatedly sends a Relay-Req message n times in a custom period (n is defined in a nitrogen-oxygen sensor program for a limited number of times and can be defined as 3); judging whether a Relay-Resp message is received within the n-time range by the nitrogen-oxygen sensor, if not, jumping to the step 09, and if so, executing the step 4 by the ECU;
step 09: judging whether the CAN bus or the nitrogen-oxygen sensor node reports a DSM error by the nitrogen-oxygen sensor, if so, jumping to the step 10, and if not, jumping to the step 11;
step 10: stopping sending a Relay-Req message by the nitrogen-oxygen sensor in the current driving cycle until the fault is eliminated;
step 11: the nitrogen-oxygen sensor judges that the suspected emission fake-making equipment or the Relay-Req and Relay-Resp messages are suspected to be intercepted by the emission fake-making equipment between the ECU and the nitrogen-oxygen sensor, and the nitrogen-oxygen sensor reports that the suspected emission information is tampered with faults and triggers a driver alarm system and a speed limit torsion limiter.
The checksum operation is to prevent errors in message analysis content caused by inaccurate bus differential voltage values when the CAN bus is subjected to electromagnetic interference, thereby affecting the judgment of the ECU. The ECU and the nitrogen-oxygen sensor use the same checksum algorithm to carry out comparison and verification on plaintext data byte1-byte6, so that the integrity and accuracy of transmitted data are improved.
The symmetric encryption algorithm AES128 is a widely applied encryption technology, and because of the symmetric encryption algorithm, the encryption and decryption used secret key K is the same, and the secret key K cannot be transmitted in a network in a public way for confidentiality, so that the secret key K is generated for the negotiation of the ECU and the nitrogen-oxygen sensor and is built in a chip in advance in the scheme of the invention.
t SD Before the whole vehicle leaves the factory (at this time, the CAN bus arrangement mode between the ECU and the nitrogen-oxygen sensor is determined), the engineer measures and writes the message transmission delay time between the ECU and the nitrogen-oxygen sensor under the standard state of the ECU program.
The counter C num The initial value is set to 0 when the whole vehicle is electrified for the first time, and the current driving cycle C is carried out after the whole vehicle is electrified every time num The accumulated values are automatically stored in an ECU cache, and the ECU reads the cache C after the power is on again num Cumulative value as current driving cycle C num An initial value. Counter C num Minimum value of 0, maximumWith a value of 255, when the counter C num C when the accumulated value is smaller than 0 num And then reset to 0.
Corresponding to the method, the embodiment also provides a data tampering behavior recognition device based on a clock synchronization technology, which comprises a nitrogen-oxygen sensor and an ECU;
the nitrogen-oxygen sensor is used for calculating the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and the delay time is defined as t D The method comprises the steps of carrying out a first treatment on the surface of the For delay time t D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; encrypting the plaintext data by using an encryption algorithm to obtain ciphertext data, and transmitting the ciphertext data to a CAN bus through a custom message;
the ECU is used for decrypting the ciphertext data by using a decryption algorithm to restore the ciphertext data into plaintext data after receiving the ciphertext data sent by the custom message from the CAN bus; obtaining delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result.
The ECU judges the data tampering behavior according to the comparison result, and specifically comprises the following steps:
if delay time t D And a standard delay time t SD The comparison result is within the allowable tolerance range, the counter C num Subtracting 1 from the value;
if delay time t D And a standard delay time t SD The counter C is used for comparing the result with the allowable tolerance range num The value is added with 1;
when the counter C num When the value reaches the maximum value, judging that the suspected emission fake equipment exists between the ECU and the nitrogen-oxygen sensorThe ECU reports the suspected emission information tampered fault and triggers a driver alarm system and a speed limit torsion limiter;
wherein, the counter C for the first power-on of the whole vehicle num The initial value of the value is set to 0, the minimum value is 0, and the counter C is used after the whole car is powered down num The value is automatically stored in the ECU cache and is continuously accumulated or subtracted after the next whole vehicle is powered on.
The method comprises the steps that a master clock node ECU receives a Relay-Req message, and if the Relay-Req message is received, the Relay-Req message is sent repeatedly for n times in a self-defined period, if the Relay-Req message is not received yet, whether a DSM error is reported by a CAN bus or a nitrogen-oxygen sensor node is judged, if the DSM error exists, the Relay-Req message is stopped being sent until the fault is eliminated; if the DSM error does not exist, judging that the suspected emission fake-making equipment or the Relay-Req and Relay-Resp messages between the ECU and the nitrogen-oxygen sensor are suspected to be intercepted by the emission fake-making equipment, reporting that the suspected emission information is tampered with the fault by the nitrogen-oxygen sensor, and triggering a driver alarm system and a speed limit torsion;
the ECU is also used for sending a Relay-Resp message;
wherein, each byte of the plaintext data is defined as follows: byte1-byte6 is the delay time t D The method comprises the steps of carrying out a first treatment on the surface of the byte7 is the result of the first check operation; byte8-byte16 is consecutive 9 bytes 0x09.
The method comprises the steps that a nitrogen-oxygen sensor encrypts plaintext data by utilizing a symmetric encryption algorithm AES-128, the same secret key K is built in each of an ECU and the nitrogen-oxygen sensor, the plaintext data is encrypted by the secret key K built in the nitrogen-oxygen sensor to obtain a group of 16-byte ciphertext data, the ciphertext data are split into byte1-byte 8-byte ciphertext data a and byte9-byte 16-byte ciphertext data b, and the 8-byte ciphertext data a are transmitted through an ID:0x1800E53 is sent to the CAN bus, only one frame is sent; 8-byte ciphertext data b passes the ID: the 0x1800E54 is sent to the CAN bus, sending only one frame.
It should be noted that other functions of the apparatus are described with reference to the method.
The foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the above-described embodiments, and that the above-described embodiments and descriptions are only preferred embodiments of the present invention, and are not intended to limit the invention, and that various changes and modifications may be made therein without departing from the spirit and scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (10)

1. The data tampering behavior identification method based on the clock synchronization technology is characterized by comprising the following steps of:
step 1: the nitrogen-oxygen sensor calculates the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and defines the delay time as t D
Step 2: delay time t of nitrogen-oxygen sensor pair D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data;
step 3: the nitrogen-oxygen sensor encrypts plaintext data by using an encryption algorithm to obtain ciphertext data, and sends the ciphertext data to the CAN bus through a custom message;
step 4: after receiving ciphertext data sent by a custom message from a CAN bus, the ECU decrypts the ciphertext data by using a decryption algorithm and restores the ciphertext data into plaintext data;
step 5: ECU obtains delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result.
2. The method for identifying data tampering behavior based on clock synchronization technology as defined in claim 1, wherein in step 5, the data tampering behavior is determined according to the comparison result, specifically as follows:
if delay time t D And a standard delay time t SD The comparison result is within the allowable tolerance range, the counter C num Subtracting 1 from the value;
if delay time t D And a standard delay time t SD The counter C is used for comparing the result with the allowable tolerance range num The value is added with 1;
when the counter C num When the value reaches the maximum value, judging that the suspected emission fake-making equipment exists between the ECU and the nitrogen-oxygen sensor, and the ECU reports that the suspected emission information is tampered with faults and triggers a driver alarm system and a speed limiting torque limiter;
wherein, the counter C for the first power-on of the whole vehicle num The initial value of the value is set to 0, the minimum value is 0, and the counter C is used after the whole car is powered down num The value is automatically stored in the ECU cache and is continuously accumulated or subtracted after the next whole vehicle is powered on.
3. The method for identifying data tampering behavior based on clock synchronization technology as defined in claim 1, further comprising the steps of:
step 01: powering up the whole vehicle and waiting for the initialization of the nitrogen-oxygen sensor to finish;
step 02: at the time T1, the ECU sends a Sync message to the nitrogen-oxygen sensor, and the ECU records the sending time T1;
step 03: at the time T2, the nitrogen-oxygen sensor receives the Sync message and records the time T2;
step 04: the ECU then sends a Follow-Up message to the nitrogen-oxygen sensor, and marks a time stamp of T1 in the message;
step 05: at the time T3, the nitrogen-oxygen sensor sends a Relay-Req message to the ECU, and the time T3 is recorded;
step 06: at the time of T4, the ECU responds to the Relay-Resp message and marks a time stamp of T4 in the message; the nitrogen-oxygen sensor executes the steps 1-3;
step 07: judging whether a Relay-Resp message of the ECU is received by the nitrogen-oxygen sensor, if not, jumping to the step 08; if yes, the ECU executes the step 4;
step 08: the nitrogen-oxygen sensor repeatedly sends a Relay-Req message n times in a self-defined period; judging whether a Relay-Resp message is received within the n-time range by the nitrogen-oxygen sensor, if not, jumping to the step 09, and if so, executing the step 4 by the ECU;
step 09: judging whether the CAN bus or the nitrogen-oxygen sensor node reports a DSM error by the nitrogen-oxygen sensor, if so, jumping to the step 10, and if not, jumping to the step 11;
step 10: stopping sending a Relay-Req message by the nitrogen-oxygen sensor until the fault is eliminated;
step 11: the nitrogen-oxygen sensor judges that the suspected emission fake-making equipment or the Relay-Req and Relay-Resp messages are suspected to be intercepted by the emission fake-making equipment between the ECU and the nitrogen-oxygen sensor, and the nitrogen-oxygen sensor reports that the suspected emission information is tampered with faults and triggers a driver alarm system and a speed limit torsion limiter.
4. The method for recognizing data tampering behavior based on clock synchronization technique as defined in claim 1, wherein in step 2, each byte of plaintext data is defined as follows: byte1-byte6 is the delay time t D The method comprises the steps of carrying out a first treatment on the surface of the byte7 is the result of the first check operation; byte8-byte16 is consecutive 9 bytes 0x09.
5. The method for recognizing data tampering behavior based on clock synchronization technology as claimed in claim 1, wherein in step 3, encryption processing is performed on plaintext data by using symmetric encryption algorithm AES-128, the same secret key K is built in both ECU and nitrogen-oxygen sensor, the plaintext data is encrypted by the secret key K built in the nitrogen-oxygen sensor to obtain a group of 16-byte ciphertext data, the ciphertext data is split into byte1-byte 8-byte ciphertext data a and byte9-byte 16-byte ciphertext data b, and the 8-byte ciphertext data a is obtained by ID:0x1800E53 is sent to the CAN bus, only one frame is sent; 8-byte ciphertext data b passes the ID: the 0x1800E54 is sent to the CAN bus, sending only one frame.
6. The data tampering behavior recognition device based on the clock synchronization technology is characterized by comprising a nitrogen-oxygen sensor and an ECU;
the nitrogen-oxygen sensor is used for calculating the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and the delay time is defined as t D The method comprises the steps of carrying out a first treatment on the surface of the For delay time t D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; encrypting the plaintext data by using an encryption algorithm to obtain ciphertext data, and transmitting the ciphertext data to a CAN bus through a custom message;
the ECU is used for decrypting the ciphertext data by using a decryption algorithm to restore the ciphertext data into plaintext data after receiving the ciphertext data sent by the custom message from the CAN bus; obtaining delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result.
7. The device for identifying data tampering behavior based on clock synchronization technology as defined in claim 6, wherein the ECU determines the data tampering behavior according to the comparison result, specifically as follows:
if delay time t D And a standard delay time t SD The comparison result is within the allowable tolerance range, the counter C num Subtracting 1 from the value;
if delay time t D And a standard delay time t SD The counter C is used for comparing the result with the allowable tolerance range num The value is added with 1;
when the counter C num When the value has reached the maximum value,judging that the suspected emission fake-making equipment exists between the ECU and the nitrogen-oxygen sensor, and the ECU reports that the suspected emission information is tampered with faults and triggers a driver alarm system and a speed limit torque limiter;
wherein, the counter C for the first power-on of the whole vehicle num The initial value of the value is set to 0, the minimum value is 0, and the counter C is used after the whole car is powered down num The value is automatically stored in the ECU cache and is continuously accumulated or subtracted after the next whole vehicle is powered on.
8. The device for recognizing data tampering behavior based on clock synchronization technology as claimed in claim 6, wherein the nitroxide sensor is further used for sending a Relay-Req message to the master clock node ECU as a slave clock node after the whole vehicle is powered on and waiting for the nitroxide sensor to be initialized, if the Relay-Resp message responded by the ECU is not received, repeatedly sending the Relay-Req message n times in a custom period, if the Relay-Resp message is not received yet, judging whether the CAN bus or the nitroxide sensor node reports a DSM error, if the DSM error exists, stopping sending the Relay-Req message until the fault is eliminated; if the DSM error does not exist, judging that the suspected emission fake-making equipment or the Relay-Req and Relay-Resp messages between the ECU and the nitrogen-oxygen sensor are suspected to be intercepted by the emission fake-making equipment, reporting that the suspected emission information is tampered with the fault by the nitrogen-oxygen sensor, and triggering a driver alarm system and a speed limit torsion;
the ECU is also used for sending a Relay-Resp message.
9. The apparatus for recognizing tampering behavior of data based on clock synchronization technique as defined in claim 6, wherein each byte of said plaintext data is defined as follows: byte1-byte6 is the delay time t D The method comprises the steps of carrying out a first treatment on the surface of the byte7 is the result of the first check operation; byte8-byte16 is consecutive 9 bytes 0x09.
10. The device for recognizing data tampering behavior based on clock synchronization technology as defined in claim 6, wherein the nitrogen-oxygen sensor encrypts plaintext data by symmetric encryption algorithm AES-128, the ECU and the nitrogen-oxygen sensor each have the same secret key K built therein, the plaintext data is encrypted by the secret key K built in the nitrogen-oxygen sensor to obtain a group of 16-byte ciphertext data, the ciphertext data is split into byte1-byte 8-byte ciphertext data a and byte9-byte 16-byte ciphertext data b, and the 8-byte ciphertext data a is obtained by ID:0x1800E53 is sent to the CAN bus, only one frame is sent; 8-byte ciphertext data b passes the ID: the 0x1800E54 is sent to the CAN bus, sending only one frame.
CN202310042286.9A 2023-01-28 2023-01-28 Data tampering behavior identification method and device based on clock synchronization technology Active CN116055181B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310042286.9A CN116055181B (en) 2023-01-28 2023-01-28 Data tampering behavior identification method and device based on clock synchronization technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310042286.9A CN116055181B (en) 2023-01-28 2023-01-28 Data tampering behavior identification method and device based on clock synchronization technology

Publications (2)

Publication Number Publication Date
CN116055181A CN116055181A (en) 2023-05-02
CN116055181B true CN116055181B (en) 2023-07-11

Family

ID=86117744

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310042286.9A Active CN116055181B (en) 2023-01-28 2023-01-28 Data tampering behavior identification method and device based on clock synchronization technology

Country Status (1)

Country Link
CN (1) CN116055181B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH053481A (en) * 1991-06-25 1993-01-08 Toyota Central Res & Dev Lab Inc Serial multiplex communication system
CN108924098A (en) * 2018-06-14 2018-11-30 北京汽车股份有限公司 Vehicle and the method and system for preventing vehicle data to be tampered
CN110427783A (en) * 2019-08-01 2019-11-08 南京信业能源科技有限公司 A method of the anti-data tampering of weighing system is measured for supervision
CN113794734A (en) * 2021-09-26 2021-12-14 上汽通用五菱汽车股份有限公司 Vehicle-mounted CAN bus encryption communication method, control device and readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190156600A1 (en) * 2006-11-16 2019-05-23 Ge Global Sourcing Llc Locomotive sensor system for monitoring engine and lubricant health
JP5789925B2 (en) * 2010-07-08 2015-10-07 いすゞ自動車株式会社 NOx sensor diagnostic device and SCR system
US20220119020A1 (en) * 2016-08-08 2022-04-21 Transportation Ip Holdings, Llc Vehicle Control System

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH053481A (en) * 1991-06-25 1993-01-08 Toyota Central Res & Dev Lab Inc Serial multiplex communication system
CN108924098A (en) * 2018-06-14 2018-11-30 北京汽车股份有限公司 Vehicle and the method and system for preventing vehicle data to be tampered
CN110427783A (en) * 2019-08-01 2019-11-08 南京信业能源科技有限公司 A method of the anti-data tampering of weighing system is measured for supervision
CN113794734A (en) * 2021-09-26 2021-12-14 上汽通用五菱汽车股份有限公司 Vehicle-mounted CAN bus encryption communication method, control device and readable storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
IEEE 1588-协议中时钟同步性能的影响因素以及时间戳的生成方式分析;陈永标;方兴其;岑宗浩;;微型电脑应用(第04期);全文 *
装配SCR系统的混合动力公交车排放特征研究;李孟良;聂彦鑫;;汽车技术(第03期);全文 *

Also Published As

Publication number Publication date
CN116055181A (en) 2023-05-02

Similar Documents

Publication Publication Date Title
US11595422B2 (en) Method for preventing electronic control unit from executing process based on malicious frame transmitted to bus
Ueda et al. Security authentication system for in-vehicle network
Nilsson et al. A first simulation of attacks in the automotive network communications protocol flexray
US11838303B2 (en) Log generation method, log generation device, and recording medium
CN109076001A (en) Frame transmission prevents device, frame transmission prevention method and vehicle netbios
EP3376360A1 (en) Data storage device
CN107454107A (en) A kind of controller LAN automobile bus alarm gateway for detecting injection attack
Otsuka et al. CAN security: Cost-effective intrusion detection for real-time control systems
US20190312895A1 (en) Fraud detection electronic control unit, electronic control unit, and non-transitory recording medium in which computer program is described
CN112953679B (en) Method, device, medium, terminal and system for controlling data transmission coprocessor in deterministic network
Lee et al. TTIDS: Transmission-resuming time-based intrusion detection system for controller area network (CAN)
US20230342468A1 (en) System and method for identifying compromised electronic controller using intentionally induced error
CN111614531B (en) Method, medium, and monitoring device for monitoring a LIN node
CN116055181B (en) Data tampering behavior identification method and device based on clock synchronization technology
CN115664691A (en) Communication security car networking system
CN113219210A (en) Vehicle speed sensor signal rationality diagnosis method and system
CN110572296A (en) Internet of things terminal equipment communication protocol consistency safety detection method
CN109831515A (en) The test method and test signal generation device of tire on-line detecting system
US10666671B2 (en) Data security inspection mechanism for serial networks
Sun et al. CCID-CAN: Cross-Chain Intrusion Detection on CAN Bus for Autonomous Vehicles
CN116540673A (en) Software processing system for communication between automobile ECU and monitoring and diagnosing equipment
CN115016426A (en) fail-safe system, method, storage and automobile
Lei et al. DeviceNet reliability assessment using physical and data link layer parameters
Liu et al. Source identification from in-vehicle can-fd signaling: what can we expect?
CN113423084B (en) LoRa gateway and equipment pairing arrangement method and application in bridge pier impact detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant