CN116846775A - Fault tolerance test method and device, electronic equipment and storage medium - Google Patents

Fault tolerance test method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116846775A
CN116846775A CN202310798937.7A CN202310798937A CN116846775A CN 116846775 A CN116846775 A CN 116846775A CN 202310798937 A CN202310798937 A CN 202310798937A CN 116846775 A CN116846775 A CN 116846775A
Authority
CN
China
Prior art keywords
message
counter value
value
tested
freshness
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310798937.7A
Other languages
Chinese (zh)
Inventor
张垒
纪建芳
范雪俭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202310798937.7A priority Critical patent/CN116846775A/en
Publication of CN116846775A publication Critical patent/CN116846775A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Maintenance And Management Of Digital Transmission (AREA)

Abstract

The application provides a fault tolerance test method, a fault tolerance test device, electronic equipment and a storage medium, wherein the fault tolerance test method comprises the following steps: calculating a message verification code according to the data to be processed and the freshness value corresponding to the data to be processed, wherein the freshness value is used for representing the degree of freshness of the data in network transmission; packaging the data to be processed, the freshness value and the message verification code into a safety data message; sending a safety data message to the part to be tested so that the part to be tested processes the safety data message; and determining a fault tolerance test result of the part to be tested according to the fault information corresponding to the safety data message. The fault tolerance test of the part to be tested is effectively realized by sending the safety data message encapsulated by the data to be processed, the freshness value and the message verification code to the part to be tested and determining the fault tolerance test result of the part to be tested according to the fault information corresponding to the safety data message, so that the safety is improved in the aspect of the fault tolerance test of the part to be tested.

Description

Fault tolerance test method and device, electronic equipment and storage medium
Technical Field
The application relates to the technical fields of Internet of vehicles, vehicle-mounted communication and data security, in particular to a fault tolerance test method, a fault tolerance test device, electronic equipment and a storage medium.
Background
Fault tolerance test (Fault Tolerance Testing), also referred to as fault tolerance test or robustness test (Robustness Testing), refers to simulating and testing various possible transmission value error conditions in data transmission and processing to evaluate the ability and fault tolerance performance of the system in processing such errors, and the degree of assurance of the system to the timeliness and credibility of the data.
At present, aiming at the safety problem of automobile parts in vehicle-mounted safety communication (Security Onboard Community, secOC), the safety of the SecOC message is usually improved in terms of message content verification and message time sequence verification, however, the safety of the SecOC message is not improved from the aspect of SecOC fault tolerance test of the automobile parts.
Disclosure of Invention
The embodiment of the application aims to provide a fault tolerance test method, a fault tolerance test device, electronic equipment and a storage medium, which are used for improving the safety of a SecOC message.
The embodiment of the application provides a fault tolerance test method, which comprises the following steps: calculating a message verification code according to the data to be processed and the freshness value corresponding to the data to be processed, wherein the freshness value is used for representing the degree of freshness of the data in network transmission; packaging the data to be processed, the freshness value and the message verification code into a safety data message; sending a safety data message to the part to be tested so that the part to be tested processes the safety data message; and determining a fault tolerance test result of the part to be tested according to the fault information corresponding to the safety data message. In the implementation process of the scheme, the fault-tolerant test result of the part to be tested is determined according to the fault information corresponding to the safety data message by sending the safety data message encapsulated by the data to be processed, the freshness value and the message verification code to the part to be tested, so that the fault-tolerant test of the part to be tested is effectively realized, and the safety of the safety data message is improved in the aspect of fault-tolerant test of the part to be tested.
Optionally, in an embodiment of the present application, before calculating the message authentication code according to the data to be processed and the freshness value corresponding to the data to be processed, the method further includes: acquiring a synchronous counter value and a reset counter value, and acquiring a message counter value corresponding to a safety data message; a reset flag setting value is determined from the reset counter value and a freshness value is constructed from the synchronization counter value, the reset counter value, the message counter value, and the reset flag setting value. In the implementation process of the scheme, the freshness value is constructed according to the synchronous counter value, the reset counter value, the message counter value and the reset flag setting value, so that the data receiving end can determine whether the data is the data intercepted and copied and retransmitted by an attacker according to the freshness value, and the probability of replay attack can be effectively reduced according to the freshness value.
Optionally, in an embodiment of the present application, acquiring the synchronization counter value and the reset counter value includes: acquiring a reset counter value and a synchronous counter value which are locally stored through an emulation master node; modifying the locally stored reset counter value to obtain a modified reset counter value; constructing a synchronous message according to the synchronous counter value and the modified reset counter value; and analyzing the synchronous counter value and the reset counter value in the synchronous message by the simulation slave node. In the implementation process of the scheme, the reset counter value stored locally is modified to obtain the modified reset counter value, and various fault-tolerant scenes of the safety data message are simulated according to the modified reset counter value, so that the tested part passing the test can resist more complex network environments, and the safety and reliability of the tested part are effectively improved.
Optionally, in an embodiment of the present application, after constructing the synchronization packet according to the synchronization counter value and the modified reset counter value, the method further includes: and sending a synchronous message to the part to be tested through the simulation main node so as to enable the part to be tested to analyze out a synchronous counter value and a reset counter value for constructing the freshness value. In the implementation process of the scheme, the simulation main node sends the synchronous message to the part to be tested, so that the part to be tested analyzes the synchronous counter value and the reset counter value for constructing the freshness value, the part to be tested can perform fault tolerance test according to the synchronous message, the fault tolerance test of the part to be tested is effectively realized, and the safety of the safety data message is improved in the aspect of fault tolerance test of the part to be tested.
Optionally, in an embodiment of the present application, constructing the freshness value according to the synchronization counter value, the reset counter value, the message counter value, and the reset flag setting value includes: constructing a freshness value according to the synchronous counter value, the locally stored reset counter value, the message counter value and the reset flag setting value; alternatively, the freshness value is constructed from the sync counter value, the modified reset counter value, the message counter value, and the reset flag setting value. In the implementation process of the scheme, the freshness value is built according to the synchronous counter value, the modified reset counter value, the message counter value and the reset mark setting value, and various fault tolerance scenes of the safety data message are simulated according to the modified reset counter value, so that the tested part passing the test can resist more complex network environments, and the safety and reliability of the tested part are effectively improved.
Optionally, in an embodiment of the present application, packaging the data to be processed, the freshness value and the message authentication code into a secure data packet includes: cutting off the freshness value to obtain the cut-off freshness value; cutting off the message verification code to obtain a cut-off message verification code; and packaging the data to be processed, the freshness value after interception and the information verification code after interception into a safety data message, wherein the message format of the safety data message is the message format accepted by the part to be tested. In the implementation process of the scheme, the data to be processed, the freshness value after interception and the message verification code after interception are packaged into the safety data message, so that the data quantity transmitted in a network is reduced, and the transmission efficiency of the safety data message is effectively improved.
Optionally, in the embodiment of the present application, determining a fault tolerance test result of a part to be tested according to fault information corresponding to a safety data packet includes: judging whether a preset fault diagnosis code exists in fault information corresponding to the safety data message; if so, determining that the fault-tolerant test result of the part to be tested is test passing, otherwise, determining that the fault-tolerant test result of the part to be tested is test failing. In the implementation process of the scheme, the fault tolerance test result of the part to be tested is determined according to whether the preset fault diagnosis code exists in the fault information corresponding to the safety data message, so that the fault tolerance test of the part to be tested is effectively realized, and the safety and reliability of the safety data message are improved in the aspect of the fault tolerance test of the part to be tested.
The embodiment of the application also provides a fault tolerance testing device, which comprises: the message verification calculation module is used for calculating a message verification code according to the data to be processed and the freshness value corresponding to the data to be processed, wherein the freshness value is used for representing the new and old degree of the data in network transmission; the data message packaging module is used for packaging the data to be processed, the freshness value and the message verification code into a safe data message; the data message sending module is used for sending a safety data message to the part to be tested so as to enable the part to be tested to process the safety data message; and the test result determining module is used for determining the fault-tolerant test result of the part to be tested according to the fault information corresponding to the safety data message.
Optionally, in an embodiment of the present application, the fault tolerance testing device further includes: the counter value acquisition module is used for acquiring the synchronous counter value, the reset counter value and the message counter value corresponding to the safety data message; the freshness value construction module is used for determining a reset mark set value according to the reset counter value and constructing the freshness value according to the synchronous counter value, the reset counter value, the message counter value and the reset mark set value.
Optionally, in an embodiment of the present application, the counter value acquisition module includes: the counter value acquisition submodule is used for acquiring a locally stored reset counter value and a locally stored synchronous counter value through the simulation master node; the counter value modification submodule is used for modifying the locally stored reset counter value to obtain a modified reset counter value; the synchronous message construction submodule is used for constructing synchronous messages according to the synchronous counter value and the modified reset counter value; and the counter value analysis submodule is used for analyzing the synchronous counter value and resetting the counter value in the synchronous message through the simulation slave node.
Optionally, in an embodiment of the present application, the counter value acquisition module further includes: and the synchronous message sending sub-module is used for sending synchronous messages to the parts to be tested through the simulation main node so as to enable the parts to be tested to analyze out a synchronous counter value and a reset counter value for constructing the freshness value.
Optionally, in an embodiment of the present application, the freshness value building module includes: the first freshness value construction submodule is used for constructing a freshness value according to the synchronous counter value, the locally stored reset counter value, the message counter value and the reset mark setting value; or, a second freshness value construction sub-module for constructing a freshness value according to the synchronization counter value, the modified reset counter value, the message counter value, and the reset flag setting value.
Optionally, in an embodiment of the present application, the data packet encapsulation module includes: the freshness value cutting sub-module is used for cutting the freshness value to obtain the cut freshness value; the message verification and interception submodule is used for intercepting the message verification code and obtaining the intercepted message verification code; and the safety message packaging sub-module is used for packaging the data to be processed, the freshness value after interception and the information verification code after interception into a safety data message, wherein the message format of the safety data message is the message format accepted by the part to be tested.
Optionally, in an embodiment of the present application, the test result determining module includes: the fault diagnosis judging sub-module is used for judging whether a preset fault diagnosis code exists in the fault information corresponding to the safety data message; the fault-tolerant test determining sub-module is used for determining that the fault-tolerant test result of the part to be tested is test passing if the fault information processed by the part to be tested has a preset fault diagnosis code, or determining that the fault-tolerant test result of the part to be tested is test failing.
The embodiment of the application also provides electronic equipment, which comprises: a processor and a memory storing machine-readable instructions executable by the processor to perform the method as described above when executed by the processor.
Embodiments of the present application also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs a method as described above.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application, and therefore should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
Fig. 1 is a schematic flow chart of a fault tolerance test method according to an embodiment of the present application;
fig. 2 is a schematic diagram of a security data packet according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a fault tolerant test environment provided by an embodiment of the present application;
FIG. 4 is a schematic diagram of freshness value provided by an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a fault tolerance testing device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it should be understood that the accompanying drawings in the embodiments of the present application are only for the purpose of illustration and description, and are not intended to limit the scope of the embodiments of the present application. In addition, it should be understood that the schematic drawings are not drawn to scale. The flowcharts used in the embodiments of the present application illustrate operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be implemented out of order and that steps without logical context may be performed in reverse order or concurrently. Moreover, one or more other operations may be added to or removed from the flow diagrams by those skilled in the art under the direction of the teachings of the embodiments of the present application.
In addition, the described embodiments are only some, but not all, of the embodiments of the present application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Accordingly, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the claimed embodiments of the application, but is merely representative of selected embodiments of the application.
It will be appreciated that "first" and "second" in embodiments of the application are used to distinguish similar objects. It will be appreciated by those skilled in the art that the words "first," "second," etc. do not limit the number and order of execution, and that the words "first," "second," etc. do not necessarily differ. In the description of the embodiments of the present application, the term "and/or" is merely an association relationship describing an association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship. The term "plurality" refers to two or more (including two), and similarly, "plurality" refers to two or more (including two).
Before introducing the fault tolerance test method provided by the embodiment of the present application, some concepts related in the embodiment of the present application are introduced:
an electronic control unit (Electronic Control Unit, ECU), also referred to as either an electronic control unit or an electronic controller, refers to an embedded system in an automotive electronic system for controlling electrical, electronic and automotive subsystems.
Protocol data units (Protocol Data Unit, PDUs), generally refer to data units that are communicated between peer levels. The Protocol Data Unit Routing (PDUR) layer, also known as a PDUR module, is part of the basic software of the Autosar system, as well as the module that must be instantiated at each Autosar system ECU.
Program data units (Inter-Process Data Unit, I-PDU) are the basic units used in exchanging data between different electronic control units in an automotive electronic system. The I-PDU contains the data information and data formats exchanged between the ECUs to ensure that the data is properly transmitted and interpreted in the automotive electronics system.
CANoe is a software tool widely used in development and testing of automotive electronic systems, and its main functions are simulation, testing and verification of communications and functions in automotive networks.
It should be noted that, the fault tolerance test method provided by the embodiment of the present application may be executed by an electronic device, where the electronic device refers to a device terminal or a server having a function of executing a computer program, where the device terminal is for example: smart phones, personal computers, tablet computers, personal digital assistants, or mobile internet appliances, etc. A server refers to a device that provides computing services over a network, such as: an x86 server and a non-x 86 server, the non-x 86 server comprising: mainframe, minicomputer, and UNIX servers.
Application scenarios to which the fault tolerance test method is applicable are described below, where the application scenarios include, but are not limited to: the fault tolerance test method is used for testing the fault tolerance performance of the part to be tested, or the fault tolerance test method is used for realizing the fault tolerance test of the part to be tested, so that the safety of the safety data message and the like are improved in the aspect of the fault tolerance test of the part to be tested.
Please refer to fig. 1, which is a flowchart illustrating a fault tolerance test method according to an embodiment of the present application; the embodiment of the application provides a fault tolerance test method, which comprises the following steps:
step S110: and calculating a message verification code according to the data to be processed and the freshness value corresponding to the data to be processed, wherein the freshness value is used for representing the degree of freshness of the data in network transmission.
The data to be processed refers to message data in network transmission, for example: the transmission of the data of the Authentic I-PDU over the controller area network (Controller Area Network, CAN) bus of the Internet of vehicles, or the transmission of the data in the local area network, etc. is required.
It can be understood that the freshness value can represent the degree of freshness of the data to be processed in network transmission, which means that the data receiving end can determine whether the data to be processed is the data intercepted by an attacker for replication and resending according to the freshness value, so that the probability of replay attack can be effectively reduced according to the freshness value.
Step S120: and packaging the data to be processed, the freshness value and the message verification code into a safety data message.
Please refer to fig. 2, which illustrates a schematic diagram of a security data packet provided by an embodiment of the present application; for ease of understanding and description, the following description will take the example that the safety data message is a SecOC bus message, and the safety data message (also referred to as a secure I-PDU) may include: an optional message Header (secure I-PDU Header), data to be processed (authentication I-PDU), a Freshness Value (FV), and a message authentication code (Message Authentication Code, MAC), which is also referred to herein as a message authentication code or authentication information (Authenticator).
Step S130: and sending the safety data message to the part to be tested so that the part to be tested processes the safety data message.
A component under test (Device Under Test, DUT), also known as a unit under test, device under test, or unit under test, is a device or component that needs to be tested during testing. The above-mentioned components to be tested may be various electronic devices, electronic components, integrated circuits, sensors, actuators, electronic modules, etc.
Please refer to fig. 3, which is a schematic diagram of a fault tolerance test environment provided by an embodiment of the present application; the fault tolerance test environment may include: the electronic equipment and the part to be tested can send the safety data message to the part to be tested so that the part to be tested processes the safety data message, that is, the electronic equipment and the part to be tested can communicate with each other in a fault-tolerant test environment. During the process of processing the safety data message, the part to be tested may have fault information, for example: if the part to be tested can normally process the safety data message within the preset fault tolerance range, the part to be tested will not generate fault information (such as fault diagnosis code), and conversely, if the part to be tested cannot process the safety data message within the preset fault tolerance range, the part to be tested will generate fault information. The electronic equipment CAN also acquire the fault information of the part to be tested through the CAN bus, and determine the fault tolerance test result of the part to be tested according to the fault information processed by the part to be tested.
The electronic device may include: a simulated master node (CANoe master) and a simulated slave node (CANoe slave). The simulation master node may also generate a synchronization message (sync message) according to the synchronization counter value and the reset counter value, and send the synchronization message to the part to be tested through the CAN bus, so that the part to be tested parses the synchronization counter value and the reset counter value for generating the freshness value from the synchronization message. In addition, the simulation master node can also directly forward the synchronous message to the simulation slave node. After receiving the forwarded synchronous message, the simulation slave node analyzes the synchronous counter value and the reset counter value in the synchronous message.
Step S140: and determining a fault tolerance test result of the part to be tested according to the fault information corresponding to the safety data message.
In a specific practical process, a unified diagnostic service (Unified Diagnostic Services, UDS) tool can be used for acquiring fault information of the parts to be tested after being processed, fault information corresponding to the safety data message can be acquired, and if a preset fault diagnosis code exists in the fault information corresponding to the safety data message, a fault tolerance test result of the parts to be tested is determined to be passing; if the fault information corresponding to the safety data message does not contain the preset fault diagnosis code, determining that the fault tolerance test result of the part to be tested is that the test is not passed.
In the implementation process of the scheme, the fault-tolerant test result of the part to be tested is determined according to the fault information corresponding to the safety data message by sending the safety data message encapsulated by the data to be processed, the freshness value and the message verification code to the part to be tested, so that the fault-tolerant test of the part to be tested is effectively realized, and the safety and the reliability of the safety data message are improved in the aspect of fault-tolerant test of the part to be tested.
Please refer to fig. 4, which illustrates a schematic diagram of a freshness value provided by an embodiment of the present application; freshness Value (FV) may include: a synchronization Counter value (Trip Counter), a Reset Counter value (Reset Counter), a Message Counter value (Message Counter), and a Reset Flag value (Reset Flag); the function and explanation of the counter value of each of them is as follows.
The synchronization Counter value (Trip Counter) may be a specific value of an increment Counter, and the initial value of the Counter value may be 0, and when the power is turned on or the device is awakened, the synchronization Counter value may be self-increased, and the self-increased step length may be set according to specific situations, for example, set to 1 or 2, etc.
The Reset Counter value (Reset Counter) may be a specific value of a monotonically increasing Counter, which may set different Reset periods according to a specific scenario, within which the Reset Counter is monotonically increasing. It will be appreciated that the message counter value may be reset to 0 upon self-increment of the reset counter value.
The Message Counter value (Message Counter) may be a specific value of a monotonically increasing Counter, which may include: a message counter high value (Message Counter Upper) and a message counter low value (Message Counter Lower), wherein the two functions may be separated in order to reduce the transmission load of the secure data message, for example: the message counter high value is used for calculation and the message counter low value is used for transmission.
A Reset Flag set value (Reset Flag), which is a specific value representing a Reset Flag, may be the lowest N-bit value from the Reset counter value (e.g., take the lowest 2-bit value of the Reset counter value).
It is understood that the calculated length of the freshness value (SecOC Freshness Value Length) may be different from the transmission length of the freshness value (SecOC Freshness Value TxLength), wherein the calculated length of the freshness value may comprise: the sum of the lengths of the synchronization Counter value (Trip Counter), the Reset Counter value (Reset Counter), the Message Counter value (Message Counter) and the Reset Flag value (Reset Flag), while the transmission length of the freshness value may include only the sum of the lengths of the Message Counter low-order value (Message Counter Lower) and the Reset Flag value (Reset Flag).
As an optional implementation manner of the fault tolerance test method, before calculating the message verification code according to the data to be processed and the freshness value corresponding to the data to be processed in step S110, the implementation manner of constructing the freshness value may further include:
step S111: and acquiring a synchronous counter value, a reset counter value and a message counter value corresponding to the safety data message.
Step S112: a reset flag setting value is determined from the reset counter value and a freshness value is constructed from the synchronization counter value, the reset counter value, the message counter value, and the reset flag setting value.
As an alternative embodiment of the above step S111, an embodiment of acquiring the synchronization counter value and the reset counter value may include:
step S111a: the locally stored reset counter value and synchronization counter value are obtained by the emulated master node.
Step S111b: and modifying the locally stored reset counter value to obtain a modified reset counter value.
Step S111c: and constructing a synchronous message according to the synchronous counter value and the modified reset counter value.
Step S111d: and analyzing the synchronous counter value and the reset counter value in the synchronous message by the simulation slave node.
The embodiment of the above steps S111a to S111d is, for example: acquiring a locally stored reset counter value and a synchronous counter value by simulating a master node, modifying the locally stored reset counter value by using an executable program compiled or interpreted by a preset programming language to acquire a modified reset counter value, then constructing a synchronous message according to the synchronous counter value and the modified reset counter value, and finally analyzing the synchronous counter value and the reset counter value in the synchronous message by simulating a slave node, wherein a programming language such as: C. c++, java, BASIC, javaScript, LISP, shell, perl, ruby, python, PHP, etc.
As an alternative implementation manner of the step S111, after constructing the synchronization packet according to the synchronization counter value and the modified reset counter value in the step S111c, the method may further include:
step S111e: and sending a synchronous message to the part to be tested through the simulation main node so as to enable the part to be tested to analyze out a synchronous counter value and a reset counter value for constructing the freshness value.
The embodiment of step S111e described above is, for example: and the simulation master node in the electronic equipment sends a synchronous message to the part to be tested through a Controller Area Network (CAN) bus of the Internet of vehicles. After receiving the synchronous message sent by the simulation master node, the part to be tested can also analyze the synchronous counter value and the reset counter value from the synchronous message, and then construct the freshness value according to the synchronous counter value and the reset counter value, the locally stored message counter value and the reset flag setting value. Specific embodiments of constructing the freshness value may include: the synchronization counter value, the reset counter value, the message counter value and the reset flag setting value are connected in a character (concatemer) mode to obtain a character string, the character string is converted into a binary number according to a preset binary number (for example, a 16-binary number or a 32-binary number), and the binary number is used as the freshness value.
As an alternative embodiment of step S112, the first embodiment of constructing the freshness value may include:
step S112a: the freshness value is constructed from the synchronization counter value, the locally stored reset counter value, the message counter value, and the reset flag setting value.
Alternatively, a second embodiment of constructing a freshness value may comprise:
step S112b: and constructing the freshness value according to the synchronous counter value, the modified reset counter value, the message counter value and the reset flag setting value.
It will be appreciated that in a specific implementation, at least any one of the above-described synchronization counter value, reset counter value, and/or message counter value may also be modified, and the freshness value may be constructed according to at least any one of the modified synchronization counter value, modified reset counter value, modified message counter value, and modified reset flag value. Specific modifications can be set according to the scenario, and for convenience of explanation and understanding, the following description will be given with an example of a scenario in which the synchronization counter in the current synchronization message is modified to be 1, and the reset counter value is 1.
In the first scenario, the operation of self-increment 1 (the modified Reset Counter value is 2) of the Reset Counter value (Reset Counter) in the synchronization message of the emulation master node (CANoe master) can be simulated, the self-increment synchronization message is received and updated by the emulation slave node (CANoe slave), and the self-increment synchronization message is also received and updated by the to-be-detected component. Specific embodiments are for example: the electronic device constructs a synchronous message according to the synchronous counter value (e.g. 1) and the modified reset counter value (e.g. 2) through the simulation master node, then sends the synchronous message to the to-be-tested part through the CAN bus, and forwards the synchronous message to the simulation slave node. After receiving the synchronization message, the emulation slave node analyzes a synchronization counter value (for example, 1) and a modified reset counter value (for example, 2) from the synchronization message, constructs a freshness value by using the synchronization counter value (for example, 1), the modified reset counter value (for example, 2) and a message counter value (for example, 0 and an initial value of 0), calculates a message verification code according to the data to be processed and the freshness value, packages the data to be processed, the freshness value and the message verification code into a safety data message, and finally sends the safety data message to the part to be tested so as to enable the part to be tested to process the safety data message. Similarly, after receiving the synchronization message, the component to be tested parses the synchronization counter value (e.g. 1) and the modified reset counter value (e.g. 2) from the synchronization message, and if the security data message sent from the node is received by the simulation slave node in the electronic device, the security data message is processed by using the synchronization counter value (e.g. 1) and the modified reset counter value (e.g. 2). If the part to be tested can normally process the safety data message within the preset fault tolerance range, the part to be tested will not generate fault information (such as fault diagnosis code), and conversely, if the part to be tested cannot process the safety data message within the preset fault tolerance range, the part to be tested will generate fault information. The electronic equipment CAN also acquire the fault information of the part to be tested through the CAN bus, and determine the fault tolerance test result of the part to be tested according to the fault information processed by the part to be tested.
In a second scenario, the operation of self-increment 1 (the modified Reset Counter value is 2) of the Reset Counter value (Reset Counter) in the synchronization message of the emulation master node (CANoe master) can be simulated, the self-increment synchronization message is lost by the exception of the emulation slave node (CANoe slave), and the to-be-detected part also receives and updates the self-increment synchronization message. The embodiment of the second scenario is similar to the embodiment of the first scenario above, and therefore, will not be described here again.
In a third scenario, the operation of self-increment 1 (the modified Reset Counter value is 2) of the Reset Counter value (Reset Counter) in the synchronous message of the emulation master node (CANoe master) can be simulated, the self-increment synchronous message is received and updated by the emulation slave node (CANoe slave), and the part to be tested is abnormal and loses the self-increment synchronous message. The embodiment of the third scenario is similar to the embodiment of the first scenario above, and therefore, will not be described here again.
In a fourth scenario, the operation of self-increment 2 (the modified Reset Counter value is 3) of the Reset Counter value (Reset Counter) in the synchronization message of the emulation master node (CANoe master) can be simulated, the self-increment synchronization message is lost by the exception of the emulation slave node (CANoe slave), and the to-be-detected part also receives and updates the self-increment synchronization message. The embodiment of the fourth scenario is similar to the embodiment of the first scenario above, and therefore, will not be described here again.
In a fifth scenario, the operation of self-increment 2 (the modified Reset Counter value is 3) of the Reset Counter value (Reset Counter) in the synchronous message of the emulation master node (CANoe master) can be simulated, the self-increment synchronous message is received and updated by the emulation slave node (CANoe slave), and the part to be tested is abnormal and loses the self-increment synchronous message. The embodiment of the fourth scenario is similar to the embodiment of the first scenario above, and therefore, will not be described here again.
In a sixth scenario, the operation of self-increment 3 (the modified Reset Counter value is 4) of the Reset Counter value (Reset Counter) in the synchronization message of the emulation master node (CANoe master) can be simulated, the self-increment synchronization message is lost by the exception of the emulation slave node (CANoe slave), and the to-be-tested part also receives and updates the self-increment synchronization message. The embodiment of the fourth scenario is similar to the embodiment of the first scenario above, and therefore, will not be described here again.
In a seventh scenario, the operation of self-increment 3 (the modified Reset Counter value is 4) of the Reset Counter value (Reset Counter) in the synchronization message of the emulation master node (CANoe master) can be simulated, the self-incremented synchronization message is received and updated by the emulation slave node (CANoe slave), and the component to be tested is abnormal and loses the self-incremented synchronization message. The embodiment of the fourth scenario is similar to the embodiment of the first scenario above, and therefore, will not be described here again.
In the implementation process of the scheme, various fault-tolerant scenes of the safety data message are simulated according to the modified counter value by modifying the counter value (for example, a synchronous counter value, a reset counter value or a message counter value), so that the tested part can resist a more complex network environment after passing the test, and the safety and reliability of the tested part are effectively improved.
As an alternative embodiment of the above step S120, an embodiment of packaging the data to be processed, the freshness value and the message authentication code into a secure data packet may include:
step S121: and cutting off the freshness value to obtain the cut-off freshness value.
Step S122: and cutting off the message verification code to obtain the cut-off message verification code.
The embodiments of the above steps S121 to S122 are, for example: the freshness value may be truncated using an executable program compiled or interpreted in a preset programming language to obtain a truncated freshness value. The message authentication code can be truncated by using an executable program compiled or interpreted by a preset programming language, and the truncated message authentication code is obtained. Among these, programming languages that can be used are, for example: C. c++, java, BASIC, javaScript, LISP, shell, perl, ruby, python, PHP, etc.
Step S123: and packaging the data to be processed, the freshness value after interception and the information verification code after interception into a safety data message, wherein the message format of the safety data message is the message format accepted by the part to be tested.
It can be understood that, when the security data message is packaged, all the freshness value and all the message verification code are not required to be packaged in the message, but the freshness value can be truncated, and/or the message verification code can be truncated, and the data to be processed, the freshness value after the truncation and/or the message verification code after the truncation can be packaged into the security data message; the length of the data to be processed may be 10 bytes (byte), the length of the freshness value before the interception may be 72 bytes, the length of the freshness value after the interception may be 2 bytes, and the message verification code is also a similar principle, so that the description is omitted.
As an optional implementation manner of the step S130, the electronic device may send the safety data message to the part to be tested through a Controller Area Network (CAN) bus of the internet of vehicles, so that the part to be tested processes the safety data message. Before the electronic device sends the security data message to the part to be tested, the electronic device may also obtain a communication key of the part to be tested, and use the communication key to send the security data message to the part to be tested (e.g., the communication key encrypts or establishes a secure channel). Optionally, if the part to be tested needs a power supply to work normally, in a practical situation, the part to be tested (KL 30 and KL15 of the DUT) may be connected to the power supply, and the supply voltage of the power supply may be 24V, so that the part to be tested performs fault tolerance test after being connected to the power supply.
As an optional implementation manner of the step S140, an implementation manner of determining the fault tolerance test result of the part to be tested according to the fault information corresponding to the safety data packet may include:
step S141: judging whether a preset fault diagnosis code exists in fault information corresponding to the safety data message.
Step S142: if the fault information corresponding to the safety data message contains a preset fault diagnosis code, determining that the fault tolerance test result of the part to be tested is test passing.
Step S143: if the fault information corresponding to the safety data message does not contain the preset fault diagnosis code, determining that the fault tolerance test result of the part to be tested is that the test is not passed.
The embodiment of the above steps S141 to S143 is, for example: judging whether a preset fault diagnosis code exists in fault information corresponding to the safety data message by using an executable program compiled or interpreted by a preset programming language, wherein the preset fault diagnosis code can be a preset SecOC fault code, and the fault information processed by the part to be tested can be the fault code recorded by the DUT, so that whether the preset SecOC fault code is included in the fault code recorded by the DUT can be determined. If the preset fault diagnosis code exists in the fault information corresponding to the safety data message, namely, the preset SecOC fault code is determined to be included in the fault code recorded by the DUT, the fault tolerance test result of the part to be tested is determined to be the passing of the test. If the fault information corresponding to the safety data message does not contain the preset fault diagnosis code, namely, the preset SecOC fault code is determined not to be included in the fault code recorded by the DUT, the fault tolerance test result of the part to be tested is determined to be that the test is not passed.
Optionally, after the test is completed, a test report in hypertext markup language (Hyper Text Markup Language, HTML) format may also be generated according to the fault-tolerant test result of the above component to be tested, where the test report may record intermediate data (such as the content sent by the above simulation master node, or the content received and processed by the simulation slave node, etc.) recorded in the fault-tolerant test process, and fault-tolerant test results of the component to be tested (such as the test success or test failure result), and so on. In the implementation process of the scheme, a test report in a hypertext markup language (HTML) format is generated according to the fault-tolerant test result of the part to be tested, so that the function of automatically generating the test report is realized, the function of recording intermediate data in the fault-tolerant test process is also realized, and the efficiency of the fault-tolerant test is improved.
Please refer to fig. 5, which illustrates a schematic structural diagram of a fault tolerance testing device according to an embodiment of the present application; the embodiment of the application provides a fault tolerance testing device 200, which comprises:
the message verification calculation module 210 is configured to calculate a message verification code according to the data to be processed and a freshness value corresponding to the data to be processed, where the freshness value is used to characterize the degree of freshness of the data in network transmission.
The data packet encapsulation module 220 is configured to encapsulate the data to be processed, the freshness value and the message verification code into a secure data packet.
The data message sending module 230 is configured to send a security data message to the part to be tested, so that the part to be tested processes the security data message.
The test result determining module 240 is configured to determine a fault tolerance test result of the part to be tested according to the fault information corresponding to the safety data message.
Optionally, in an embodiment of the present application, the fault tolerance testing device further includes:
the counter value acquisition module is used for acquiring the synchronous counter value, the reset counter value and the message counter value corresponding to the safety data message.
The freshness value construction module is used for determining a reset mark set value according to the reset counter value and constructing the freshness value according to the synchronous counter value, the reset counter value, the message counter value and the reset mark set value.
Optionally, in an embodiment of the present application, the counter value acquisition module includes:
and the counter value acquisition submodule is used for acquiring the locally stored reset counter value and the locally stored synchronous counter value through the simulation master node.
And the counter value modification submodule is used for modifying the locally stored reset counter value to obtain a modified reset counter value.
And the synchronous message construction submodule is used for constructing the synchronous message according to the synchronous counter value and the modified reset counter value.
And the counter value analysis submodule is used for analyzing the synchronous counter value and resetting the counter value in the synchronous message through the simulation slave node.
Optionally, in an embodiment of the present application, the counter value acquisition module further includes:
and the synchronous message sending sub-module is used for sending synchronous messages to the parts to be tested through the simulation main node so as to enable the parts to be tested to analyze out a synchronous counter value and a reset counter value for constructing the freshness value.
Optionally, in an embodiment of the present application, the freshness value building module includes:
the first freshness value construction sub-module is used for constructing a freshness value according to the synchronous counter value, the locally stored reset counter value, the message counter value and the reset mark setting value.
Or, a second freshness value construction sub-module for constructing a freshness value according to the synchronization counter value, the modified reset counter value, the message counter value, and the reset flag setting value.
Optionally, in an embodiment of the present application, the data packet encapsulation module includes:
and the freshness value cutting sub-module is used for cutting the freshness value to obtain the cut freshness value.
And the message verification and interception sub-module is used for intercepting the message verification code and obtaining the intercepted message verification code.
And the safety message packaging sub-module is used for packaging the data to be processed, the freshness value after interception and the information verification code after interception into a safety data message, wherein the message format of the safety data message is the message format accepted by the part to be tested.
Optionally, in an embodiment of the present application, the test result determining module includes:
the fault diagnosis judging sub-module is used for judging whether a preset fault diagnosis code exists in the fault information corresponding to the safety data message.
The fault-tolerant test determining sub-module is used for determining that the fault-tolerant test result of the part to be tested is test passing if the fault information processed by the part to be tested has a preset fault diagnosis code, or determining that the fault-tolerant test result of the part to be tested is test failing.
It should be understood that, the apparatus corresponds to the fault tolerance test method embodiment described above, and is capable of executing the steps involved in the method embodiment described above, and specific functions of the apparatus may be referred to the description above, and detailed descriptions thereof are omitted herein appropriately. The device includes at least one software functional module that can be stored in memory in the form of software or firmware (firmware) or cured in an Operating System (OS) of the device.
Please refer to fig. 6, which illustrates a schematic structural diagram of an electronic device according to an embodiment of the present application. An electronic device 300 provided in an embodiment of the present application includes: a processor 310 and a memory 320, the memory 320 storing machine-readable instructions executable by the processor 310, which when executed by the processor 310 perform the method as described above.
The embodiment of the present application also provides a computer readable storage medium 330, on which computer readable storage medium 330 a computer program is stored which, when executed by the processor 310, performs a method as above. The computer readable storage medium 330 may be implemented by any type or combination of volatile or nonvolatile Memory devices, such as static random access Memory (Static Random Access Memory, SRAM for short), electrically erasable programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM for short), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM for short), programmable Read-Only Memory (Programmable Read-Only Memory, PROM for short), read-Only Memory (ROM for short), magnetic Memory, flash Memory, magnetic disk, or optical disk.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described as different from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other. For the apparatus class embodiments, the description is relatively simple as it is substantially similar to the method embodiments, and reference is made to the description of the method embodiments for relevant points.
In the embodiments of the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
In addition, the functional modules of the embodiments of the present application may be integrated together to form a single part, or the modules may exist separately, or two or more modules may be integrated to form a single part. Furthermore, in the description herein, the descriptions of the terms "one embodiment," "some embodiments," "examples," "specific examples," "some examples," and the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the embodiments of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
The foregoing description is merely an optional implementation of the embodiment of the present application, but the scope of the embodiment of the present application is not limited thereto, and any person skilled in the art may easily think about changes or substitutions within the technical scope of the embodiment of the present application, and the changes or substitutions are covered by the scope of the embodiment of the present application.

Claims (10)

1. A fault tolerance test method, comprising:
calculating a message verification code according to data to be processed and a freshness value corresponding to the data to be processed, wherein the freshness value is used for representing the degree of freshness of the data in network transmission;
packaging the data to be processed, the freshness value and the message verification code into a safety data message;
sending the safety data message to the part to be tested so that the part to be tested processes the safety data message;
and determining a fault tolerance test result of the part to be tested according to the fault information corresponding to the safety data message.
2. The method of claim 1, further comprising, prior to said calculating a message authentication code based on the data to be processed and the freshness value corresponding to the data to be processed:
acquiring a synchronous counter value and a reset counter value, and acquiring a message counter value corresponding to the safety data message;
and determining a reset flag setting value according to the reset counter value, and constructing the freshness value according to the synchronous counter value, the reset counter value, the message counter value and the reset flag setting value.
3. The method of claim 2, wherein the obtaining the synchronization counter value and the reset counter value comprises:
Acquiring a reset counter value and a synchronous counter value which are locally stored through an emulation master node;
modifying the locally stored reset counter value to obtain a modified reset counter value;
constructing a synchronous message according to the synchronous counter value and the modified reset counter value;
and analyzing the synchronous counter value and the reset counter value in the synchronous message by the simulation slave node.
4. A method according to claim 3, further comprising, after said constructing a synchronization message from said synchronization counter value and said modified reset counter value:
and sending the synchronous message to the part to be tested through the simulation master node so that the part to be tested can analyze a synchronous counter value and a reset counter value for constructing a freshness value.
5. The method of claim 3, wherein said constructing said freshness value from said synchronization counter value, said reset counter value, said message counter value, and said reset flag setting value comprises:
constructing the freshness value according to the synchronous counter value, the locally stored reset counter value, the message counter value and the reset flag setting value;
Or constructing the freshness value according to the synchronous counter value, the modified reset counter value, the message counter value and the reset flag setting value.
6. The method according to any one of claims 1-5, wherein said encapsulating the data to be processed, the freshness value, and the message authentication code into a secure data message comprises:
cutting off the freshness value to obtain a cut-off freshness value;
intercepting the message verification code to obtain an intercepted message verification code;
and packaging the data to be processed, the cut-off freshness value and the cut-off information verification code into the safety data message, wherein the message format of the safety data message is the message format accepted by the part to be tested.
7. The method according to any one of claims 1-5, wherein determining the fault tolerance test result of the part to be tested according to the fault information corresponding to the safety data message includes:
judging whether a preset fault diagnosis code exists in fault information corresponding to the safety data message;
if yes, determining that the fault-tolerant test result of the part to be tested is test passing, otherwise, determining that the fault-tolerant test result of the part to be tested is test failing.
8. A fault tolerance testing device, comprising:
the message verification computing module is used for computing a message verification code according to the data to be processed and the freshness value corresponding to the data to be processed, wherein the freshness value is used for representing the degree of the new and old data in network transmission;
the data message packaging module is used for packaging the data to be processed, the freshness value and the message verification code into a safe data message;
the data message sending module is used for sending the safety data message to the part to be tested so that the part to be tested processes the safety data message;
and the test result determining module is used for determining the fault-tolerant test result of the part to be tested according to the fault information corresponding to the safety data message.
9. An electronic device, comprising: a processor and a memory storing machine-readable instructions executable by the processor to perform the method of any one of claims 1 to 7 when executed by the processor.
10. A computer-readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, performs the method according to any of claims 1 to 7.
CN202310798937.7A 2023-06-30 2023-06-30 Fault tolerance test method and device, electronic equipment and storage medium Pending CN116846775A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310798937.7A CN116846775A (en) 2023-06-30 2023-06-30 Fault tolerance test method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310798937.7A CN116846775A (en) 2023-06-30 2023-06-30 Fault tolerance test method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116846775A true CN116846775A (en) 2023-10-03

Family

ID=88168361

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310798937.7A Pending CN116846775A (en) 2023-06-30 2023-06-30 Fault tolerance test method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116846775A (en)

Similar Documents

Publication Publication Date Title
JP2021500816A (en) Vehicle-mounted equipment upgrade method and related equipment
CN111488166A (en) Method and device for upgrading software of management unit of double-core intelligent ammeter and storage medium
CN107306185B (en) Method and device for avoiding manipulation of data transmission
US20180310173A1 (en) Information processing apparatus, information processing system, and information processing method
WO2022116088A1 (en) Firmware data processing method and apparatus
CN111917770B (en) Device communication method, device and storage medium
CN104348578B (en) The method and device of data processing
CN112069511B (en) Data protection method, device, electronic control unit, equipment and storage medium
CN112422595A (en) Vehicle-mounted system safety protection method and device
CN115756908A (en) Method for real-time ECU crash reporting and recovery
US20190232969A1 (en) Data communication method for a vehicle
CN116846775A (en) Fault tolerance test method and device, electronic equipment and storage medium
CN111404897A (en) Message distribution method and device, storage medium and electronic equipment
CN115085867B (en) E2E verification method and device for CAN bus message
CN111736917B (en) Data verification method and device, computer equipment and storage medium
CN110198202B (en) Method and device for checking AFDX (avionics full Duplex switched Ethernet) bus message data source
CN111858100A (en) BMC message transmission method and related device
CN107444300B (en) Method for operating a data processing device for a vehicle
CN115333937B (en) Data downloading method and device and electronic equipment
CN111212396B (en) Vehicle system and method for vehicle-to-outside information interaction (V2X) communication
CN113412610A (en) Method and playback unit for playing back a protected message
CN113504931B (en) Controller testing method, device, equipment and storage medium
CN113098731B (en) Protocol stack testing method, testing system and computer storage medium
CN117527516A (en) CAN fault injection method, device, equipment and storage medium
CN116980339A (en) Internet of vehicles performance test method, device, test tool and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination