CN116232662B - Counter master-slave turnover processing method for safety communication in vehicle - Google Patents
Counter master-slave turnover processing method for safety communication in vehicle Download PDFInfo
- Publication number
- CN116232662B CN116232662B CN202211680203.0A CN202211680203A CN116232662B CN 116232662 B CN116232662 B CN 116232662B CN 202211680203 A CN202211680203 A CN 202211680203A CN 116232662 B CN116232662 B CN 116232662B
- Authority
- CN
- China
- Prior art keywords
- value
- mac
- pdu
- fresh
- sending
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 17
- 238000003672 processing method Methods 0.000 title claims abstract description 7
- 230000007306 turnover Effects 0.000 title description 4
- 230000002265 prevention Effects 0.000 claims abstract description 3
- 238000012795 verification Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000000034 method Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 3
- 230000001360 synchronised effect Effects 0.000 abstract description 9
- 230000007246 mechanism Effects 0.000 description 5
- 230000006872 improvement Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Communication Control (AREA)
- Electric Propulsion And Braking For Vehicles (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a master-slave overturn processing method of a counter for safety communication in a vehicle, which comprises the steps that after a sending end authenticates, a load Payload, a fresh value FV and intercepted MAC are spliced into a safety protocol data unit PDU and sent to a receiving end, the receiving end disassembles the PDU and calculates the MAC ', if the MAC ' is the same as the MAC, the MAC ' is passed, if the MAC ' is different from the MAC, the MAC ' is discarded, and a SecOC performs replay attack prevention through the fresh value FV; the invention does not depend on synchronous messages, and the fresh value does not need to be intercepted.
Description
Technical Field
The invention relates to the technical field of in-vehicle communication safety, in particular to a master-slave turnover processing method of a counter for in-vehicle safety communication.
Background
SecOC (Security Onboard Communication) is a component added in the AutoSAR software package, and the information security component comprises a cryptographic service, fresh value management and distribution and the like which are applied to the security message authentication and verification functions in combination. The SecOC module provides an efficient and viable authentication mechanism for critical data at the PDU (protocol data unit) level.
SecOC ensures the integrity, authenticity, and uniqueness of the communication data, where uniqueness refers to the fact that the freshness value of each communication message has a characteristic that is not repeatable or reproducible from the entire life cycle. Thus, the communication message marked by the freshness value is also unique (even if the communication message of the same Payload) so as to prevent an attacker from implementing replay attack by stealing the normal communication message.
Replay attack refers to an attack means by which an attacker records normal communication data between a legitimate data source and a receiving node and re-transmits the acquired data to the receiving node when necessary, thereby spoofing the receiving node.
In order to avoid replay attacks, the SecOC also needs to add a fresh value when specifying the computation in encrypting the original data, and also needs to include the fresh value in the secure message.
The FV (fresh value) is a value which is continuously updated according to a certain logic, and the update method of the fresh value is various, such as a mode of using a message counter, a unified clock of all nodes of the whole vehicle as an update source and the like. If the fresh value is taken as the calculation object together with the valid data and the secret key, the message will also change due to the change of the fresh value for each data transmission. After the attacker monitors the message, the attacker cannot match the message with the corresponding effective data, and if the message with the error freshness value is repeatedly sent, the receiving node discards the message, so that an effective replay attack cannot be formed.
The traditional multi-counter fresh value scheme needs a synchronous message to synchronize master and slave nodes, the synchronous message can carry a travel counter, a reset counter and a message verification code, the traditional multi-counter fresh value scheme can synchronize in a mode that the master node sends the synchronous message and the slave node receives the synchronous message, verification of the message verification code can be carried out after the slave node receives the synchronous message sent by the master node, and each counter can be synchronized after verification is passed.
Disclosure of Invention
In order to solve the problems in the prior art, the invention aims to provide a master-slave turnover processing method of a counter for safety communication in a vehicle, which does not depend on synchronous messages and does not need interception of fresh values.
In order to achieve the above purpose, the invention adopts the following technical scheme: a counter master-slave overturn processing method for safety communication in a vehicle comprises the following steps:
after the authentication of the transmitting end, the load Payload, the fresh value FV and the intercepted MAC are spliced into a safety protocol data unit PDU and transmitted to the receiving end, the receiving end disassembles the PDU and calculates the MAC ', if the MAC' is the same as the MAC, the MAC 'is passed, if the MAC' is different from the MAC, the MAC is discarded, and the SecOC performs replay attack prevention through the fresh value FV.
As a further improvement of the present invention, at the transmitting end, the transmitting end reads the accessed FV from the nonvolatile memory NVM during initialization, and if the FV is read in error, the error information is reported; the sending end sends all the fresh value counters to the receiving end, the FV in the safety PDU is the complete and effective FV value, and after sending, the FV value of the sending end is added with 1; after FV of the sending node reaches the maximum value, until the sending node receives the synchronization request of the receiving node, sending the FV by the maximum value, triggering the synchronization operation when the sending node receives the synchronization request and the fresh value of the sending end is the maximum value, and resetting the fresh value to 1; before powering down or before ending the program, a fresh value ending interface is called to write the fresh value into the NVM, and the interface is also required to be called when the fresh value is reversely initialized.
As a further improvement of the invention, at the receiving end, the receiving end reads the accessed FV from the NVM during initialization, and if the FV is read in error, the error information is reported; after receiving the safety PDU, the receiving end obtains the FV value in the safety PDU; comparing with the local FV value, if the local FV value is large, the security PDU check is not passed, otherwise, continuing to execute; calculating an MAC value by using the Payload and the FV, comparing with the MAC value in the safety PDU, and checking to pass if the MAC value is consistent with the MAC value in the safety PDU, or else, checking to fail; if the verification is passed, setting the local FV value as the FV value in the security PDU; before powering down or before ending the program, a fresh value ending interface is called to write the fresh value into the NVM, and the interface is also required to be called when the fresh value is reversely initialized.
As a further improvement of the invention, when the NVM at the transmitting end fails to read the FV, the FV is set as the maximum value of the effective range, and the maximum value is maintained for transmission, and the receiving end also needs to maintain the maximum value after receiving the maximum value; when the receiving side NVM fails to read FV, FV is set to 0.
The beneficial effects of the invention are as follows:
the invention can effectively prevent replay attack and remove the mechanism of synchronous messages, each message has a single counter, the length of the single counter can be changed according to actual conditions, interception is not needed, and the message transmits the counter value completely, thereby having an effective maximum value turning mechanism.
Drawings
FIG. 1 is a flow chart of a SecOC implementation in an embodiment of the present invention;
FIG. 2 is a diagram of a format of a security PDU according to an embodiment of the present invention;
FIG. 3 is a flow chart of a process of a transmitting end in an embodiment of the present invention;
fig. 4 is a process flow diagram of a receiving end in an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Examples
Fig. 1 is a flowchart of an embodiment of SecOC. As shown in fig. 1, after authentication, the transmitting end splices the Payload, FV and intercepted MAC into a secure PDU and sends the secure PDU to the receiving end, which disassembles the secure PDU and calculates the MAC ', if the MAC ' is the same as the MAC, the secure PDU passes through and if the MAC ' is different from the MAC, the secure PDU is discarded, and the SecOC performs replay attack through the freshness value FV.
S101:
As shown in fig. 2, which shows a security PDU format, the security PDU is composed of Payload, FV () and MAC, wherein FV is 8 bytes at maximum.
S102: processing at the transmitting end
When initializing, the sending end will read the accessed FV from the NVM, if the read is wrong, the error information will be reported, such as NVM error;
as shown in fig. 3, the transmitting end transmits all the fresh value counters to the receiving end, the FV in the security PDU is the complete and valid FV value, and after transmission, the FV value of the transmitting end is added by 1;
after FV of the sending node reaches the maximum value, until the sending node receives the synchronization request of the receiving node, sending the FV by the maximum value, triggering the synchronization operation when the sending node receives the synchronization request and the fresh value of the sending end is the maximum value, and resetting the fresh value to 1;
before powering down or before ending the program, a fresh value ending interface needs to be called, a fresh value is written into the NVM, and the interface also needs to be called when the fresh value is reversely initialized.
S103: processing at the receiving end
The receiving end can read the accessed FV from the NVM during initialization, and if the FV is read incorrectly, error information can be reported, such as NVM error;
after receiving the safety PDU, the receiving end obtains the FV value in the safety PDU;
as shown in fig. 4, compared with the local FV value, if the local FV value is large, the secure PDU check is not passed, otherwise execution continues;
calculating an MAC value by using the Payload and the FV, comparing with the MAC value in the safety PDU, and checking to pass if the MAC value is consistent with the MAC value in the safety PDU, or else, checking to fail;
if the verification is passed, setting the local FV value as the FV value in the security PDU;
before powering down or before ending the program, a fresh value ending interface needs to be called, a fresh value is written into the NVM, and the interface also needs to be called when the fresh value is reversely initialized.
S104: transmitting-side NVM read failure
When the sending end NVM fails to read the FV, the FV is set to be the maximum value of the effective range, the maximum value is maintained for sending, and the receiving end needs to maintain the maximum value after receiving the maximum value;
description: if the situation occurs, the counter is communicated with the initial value recovery through a reverse notification mechanism of the fresh value management module;
s105: receiving end read failure
When the receiving NVM fails to read FV, FV is set to 0.
S106: sender storage failure
If the message sending end fails to store FV, the error record needs to be reported and the failure DTC is stored.
S107: storage failure at receiving end
If the message receiving end fails to store FV, the failure record is needed to be stored and the failure DTC is needed to be stored.
S108: storage scheme
In this case of full-power, successful read-write of the NVM is critical, so this part needs to be managed by adopting corresponding logic, and requires the system to perform power management, etc., so as to ensure normal read-write of the NVM. Storing the fresh value requires adding a CRC check to ensure that access coherency, i.e., memory failure, must not be read successfully.
In this embodiment, regarding the fresh value design: the fresh value counter is a maximum 8-byte counter, and a minimum of one byte can be allocated, but one byte can only represent 256, namely, 256 times later can be circulated; according to the frequency of one millisecond and one frame, the service life of the automobile for 35 years can be met by a single counter mode of 5 bytes, the length of a fresh value can be selected according to an actual communication mode, and each message has a fresh value;
fresh value access: reading the freshness value in the initialization interface, and if the reading is wrong, reporting error information, such as NVM reading error; before power-down or before program end, a fresh value end interface is required to be called to write a fresh value into the NVM, and the interface is also required to be called when the fresh value is reversely initialized;
the reverse notification function is added when the freshness value reaches the maximum value: after receiving a message with a maximum fresh value, a receiving node sets the local fresh value as 0, triggers a reverse notification mechanism, sends a synchronization request to a sending node, sends three frames continuously every 50ms, and sends the message with the maximum value until the counter of the sending node reaches the maximum value before receiving the synchronization request of the receiving node, the sending node receives the synchronization request, and the message with the maximum fresh value triggers a synchronization operation, and the fresh value is reset to 1.
The foregoing examples merely illustrate specific embodiments of the invention, which are described in greater detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention.
Claims (2)
1. A counter master-slave overturn processing method for safety communication in a vehicle is characterized by comprising the following steps:
after authentication, the sending end splices the Payload, the fresh value FV and the intercepted MAC into a safety protocol data unit PDU and sends the PDU to the receiving end, the receiving end disassembles the PDU and calculates the MAC ', if the MAC ' is the same as the MAC, the MAC ' is passed, if the MAC ' is different from the MAC, the MAC ' is discarded, and the SecOC performs replay attack prevention through the fresh value FV;
at the transmitting end, the transmitting end reads the accessed FV from the nonvolatile memory NVM during initialization, and if the FV is read in error, the error information is reported; the sending end sends all the fresh value counters to the receiving end, the FV in the safety PDU is the complete and effective FV value, and after sending, the FV value of the sending end is added with 1; after FV of the sending node reaches the maximum value, until the sending node receives the synchronization request of the receiving node, sending the FV by the maximum value, triggering the synchronization operation when the sending node receives the synchronization request and the fresh value of the sending end is the maximum value, and resetting the fresh value to 1; before powering down or before ending a program, a fresh value ending interface is called, a fresh value is written into the NVM, and the interface is also required to be called when the fresh value is reversely initialized;
at the receiving end, the receiving end reads the accessed FV from the NVM during initialization, and if the FV is read in error, the error information is reported; after receiving the safety PDU, the receiving end obtains the FV value in the safety PDU; comparing with the local FV value, if the local FV value is large, the security PDU check is not passed, otherwise, continuing to execute; calculating an MAC value by using the Payload and the FV, comparing with the MAC value in the safety PDU, and checking to pass if the MAC value is consistent with the MAC value in the safety PDU, or else, checking to fail; if the verification is passed, setting the local FV value as the FV value in the security PDU; before powering down or before ending the program, a fresh value ending interface is called to write the fresh value into the NVM, and the interface is also required to be called when the fresh value is reversely initialized.
2. The method for processing the master-slave rollover of the counter for the in-car safety communication according to claim 1, wherein when the transmitting end NVM fails to read the FV, the FV is set as the maximum value of the effective range and the maximum value is maintained for transmission, and the receiving end also needs to maintain the maximum value after receiving the maximum value; when the receiving side NVM fails to read FV, FV is set to 0.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211680203.0A CN116232662B (en) | 2022-12-26 | 2022-12-26 | Counter master-slave turnover processing method for safety communication in vehicle |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211680203.0A CN116232662B (en) | 2022-12-26 | 2022-12-26 | Counter master-slave turnover processing method for safety communication in vehicle |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116232662A CN116232662A (en) | 2023-06-06 |
CN116232662B true CN116232662B (en) | 2024-03-29 |
Family
ID=86573964
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211680203.0A Active CN116232662B (en) | 2022-12-26 | 2022-12-26 | Counter master-slave turnover processing method for safety communication in vehicle |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116232662B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101794227A (en) * | 2010-03-08 | 2010-08-04 | 浙江大学 | Method for converting UML (Unified Modeling Language) model into AUTOSAR software assembly model |
CN104767618A (en) * | 2015-04-03 | 2015-07-08 | 清华大学 | CAN bus authentication method and system based on broadcasting |
CN110933110A (en) * | 2019-12-17 | 2020-03-27 | 东软集团股份有限公司 | Communication method, sending end, receiving end and vehicle of vehicle-mounted network |
CN113037759A (en) * | 2021-03-15 | 2021-06-25 | 北京邮电大学 | Freshness value management method and device adaptive to automotive electronic architecture (AUTOSAR) |
CN113132082A (en) * | 2020-01-10 | 2021-07-16 | 华为技术有限公司 | Communication method and device based on vehicle intranet |
CN113472620A (en) * | 2021-06-23 | 2021-10-01 | 重庆长安汽车股份有限公司 | Management method and system for in-vehicle message authentication fresh value |
CN114866250A (en) * | 2022-04-25 | 2022-08-05 | 中国第一汽车股份有限公司 | Method and device for constructing in-vehicle CAN network fresh value, vehicle and storage medium |
CN115459973A (en) * | 2022-08-30 | 2022-12-09 | 重庆长安汽车股份有限公司 | Secure communication authentication method, device, system and storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6555209B2 (en) * | 2015-08-07 | 2019-08-07 | 株式会社デンソー | Communication system, management node, communication node, counter synchronization method, count value distribution method, count value initialization method, program, recording medium |
-
2022
- 2022-12-26 CN CN202211680203.0A patent/CN116232662B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101794227A (en) * | 2010-03-08 | 2010-08-04 | 浙江大学 | Method for converting UML (Unified Modeling Language) model into AUTOSAR software assembly model |
CN104767618A (en) * | 2015-04-03 | 2015-07-08 | 清华大学 | CAN bus authentication method and system based on broadcasting |
CN110933110A (en) * | 2019-12-17 | 2020-03-27 | 东软集团股份有限公司 | Communication method, sending end, receiving end and vehicle of vehicle-mounted network |
CN113132082A (en) * | 2020-01-10 | 2021-07-16 | 华为技术有限公司 | Communication method and device based on vehicle intranet |
CN113037759A (en) * | 2021-03-15 | 2021-06-25 | 北京邮电大学 | Freshness value management method and device adaptive to automotive electronic architecture (AUTOSAR) |
CN113472620A (en) * | 2021-06-23 | 2021-10-01 | 重庆长安汽车股份有限公司 | Management method and system for in-vehicle message authentication fresh value |
CN114866250A (en) * | 2022-04-25 | 2022-08-05 | 中国第一汽车股份有限公司 | Method and device for constructing in-vehicle CAN network fresh value, vehicle and storage medium |
CN115459973A (en) * | 2022-08-30 | 2022-12-09 | 重庆长安汽车股份有限公司 | Secure communication authentication method, device, system and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN116232662A (en) | 2023-06-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9288048B2 (en) | Real-time frame authentication using ID anonymization in automotive networks | |
CN108494725B (en) | Encrypted communication method for vehicle-mounted CAN bus message | |
US7386725B2 (en) | Node device and communication control method for improving security of packet communications | |
CN111917619B (en) | Communication method, communication device, electronic equipment and readable storage medium | |
KR102450811B1 (en) | System for key control for in-vehicle network | |
US20190123908A1 (en) | Arithmetic Device, Authentication System, and Authentication Method | |
CN112688845B (en) | Communication method and device of vehicle-mounted CAN network | |
CN113613214B (en) | In-vehicle message authentication key management method and readable storage medium | |
KR20190013018A (en) | In-vehicle apparatus for efficient reprogramming and method for controlling there of | |
CN112100697B (en) | Memory device with cipher stop switch | |
CN113632419A (en) | Device and method for generating and authenticating at least one data packet to be transmitted in a BUs system (BU), in particular of a motor vehicle | |
US10581609B2 (en) | Log message authentication with replay protection | |
CN116232662B (en) | Counter master-slave turnover processing method for safety communication in vehicle | |
US20230318823A1 (en) | Vehicle Diagnostic System, Method, and Apparatus | |
JP2023519059A (en) | Methods and systems for exchanging data over networks to enhance network security measures and vehicles including such systems | |
CN111194033A (en) | In-vehicle secure communication method, system and computer storage medium | |
CN111917618A (en) | Vehicle-mounted CAN bus communication method, device and system and vehicle | |
CN115190578B (en) | Information updating method and device in vehicle-mounted communication | |
CN109194490B (en) | Power distribution network communication security authentication system and method | |
CN117597688A (en) | Key verification method and related device | |
CN115729123A (en) | Control method and device for Electronic Control Unit (ECU) | |
WO2022246760A1 (en) | In-vehicle communication method and apparatus | |
WO2023187896A1 (en) | Communication system, transmitter, and receiver | |
CN220359171U (en) | Safety encryption system for Internet of vehicles | |
US20230345239A1 (en) | Data transmission method and apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |