CN117118613A - Whole vehicle instrument data security protection method, equipment and readable storage medium - Google Patents
Whole vehicle instrument data security protection method, equipment and readable storage medium Download PDFInfo
- Publication number
- CN117118613A CN117118613A CN202311350830.2A CN202311350830A CN117118613A CN 117118613 A CN117118613 A CN 117118613A CN 202311350830 A CN202311350830 A CN 202311350830A CN 117118613 A CN117118613 A CN 117118613A
- Authority
- CN
- China
- Prior art keywords
- data
- mcu
- random number
- mac value
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000004364 calculation method Methods 0.000 claims abstract description 35
- 238000004891 communication Methods 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 abstract description 14
- 238000012546 transfer Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 5
- 239000013256 coordination polymer Substances 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000005192 partition Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
A method, equipment and readable storage medium for protecting the data security of the whole vehicle instrument comprise the steps of generating a first random number based on an MCU ID number, and generating a first MAC value based on the MCU ID number, the first random number and an authentication code key; when a chip ID number, a second random number and a second MAC value sent by the instrument domain controller are received, performing key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number and the second MAC value through a private algorithm to generate a first target key; the sensitive data is encrypted based on the first target key to obtain encrypted sensitive data, and the instrument domain controller decrypts the encrypted sensitive data based on the second target key calculated by the private algorithm. The key negotiation between the MCU and the instrument domain controller is realized through the private algorithm, and the key comprising the random number is generated, so that the security of the key is improved, replay attack is avoided, and the safe transmission of sensitive data is effectively ensured.
Description
Technical Field
The application relates to the technical field of data security, in particular to a method and equipment for protecting the data security of a whole vehicle instrument and a readable storage medium.
Background
Cluster data (i.e., vehicle meter data) includes mileage, electricity, battery parameters, status data of various sensors, etc., some of which are very important, such as mileage sensitive data. For sensitive data such as mileage, once the sensitive data is tampered in the second-hand vehicle market, consumers cannot see the real mileage data of the vehicle, and further cannot learn the real use condition of the vehicle, so that the consumers suffer loss. It follows that security protection of Cluster data is very important.
In the related art, when implementing the security transmission protection of the Cluster data, the data transmission is often performed based on the public algorithm, so that the security requirement on the secret key is very high, and once the secret key is cracked, the risk of tampering of sensitive data in the Cluster data is increased, so that the security transmission of the sensitive data cannot be implemented.
Disclosure of Invention
The application provides a method, equipment and a readable storage medium for protecting the safety of data of a whole vehicle instrument, so as to effectively realize the safe transmission of sensitive data in Cluster data.
In a first aspect, an embodiment of the present application provides a method for protecting data security of a whole vehicle instrument, where the method for protecting data security of a whole vehicle instrument is applied to a micro control unit MCU, and the method includes the following steps:
generating a first random number based on the MCU ID number, and generating a first MAC value based on the MCU ID number, the first random number and a preset authentication code key;
when a chip ID number, a second random number and a second MAC value sent by an instrument domain controller are received, carrying out key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number and the second MAC value through a preset private algorithm so as to generate a first target key;
encrypting the sensitive data based on the first target key to obtain encrypted sensitive data;
and sending the encrypted sensitive data to the instrument domain controller so that the instrument domain controller decrypts the encrypted sensitive data based on the second target key calculated by the preset private algorithm.
With reference to the first aspect, in an implementation manner, the performing, by a preset private algorithm, key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number, and the second MAC value, to generate a first target key includes:
splicing the MCU ID number and the chip ID number to obtain first data;
performing exclusive OR calculation on the first random number and the second random number to obtain second data;
splicing the first data and the second data to obtain third data;
and obtaining a first target key based on the third data.
With reference to the first aspect, in an implementation manner, the generating a first MAC value based on the MCU ID number, a first random number, and a preset authentication code key includes:
and carrying out data signature on the MCU ID number, the first random number and a preset authentication code key based on an HMAC algorithm to obtain a first MAC value.
With reference to the first aspect, in one implementation manner, before the step of performing key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number, and the second MAC value by a preset private algorithm, the method further includes:
performing data signature on the MCU ID number, the second random number and a preset authentication code key based on an HMAC algorithm to obtain a target MAC value;
if the target MAC value is consistent with the second MAC value, executing the step of carrying out key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number and the second MAC value through a preset private algorithm;
and if the target MAC value is inconsistent with the second MAC value, terminating communication with the instrument domain controller or reinitiating a key negotiation request to the instrument domain controller.
In a second aspect, an embodiment of the present application provides a whole vehicle instrument data security protection method, where the whole vehicle instrument data security protection method is applied to an instrument domain controller, and the method includes the following steps:
generating a second random number based on the chip ID number, and generating a second MAC value based on the chip ID number, the second random number and a preset authentication code key;
when an MCU ID number, a first random number and a first MAC value sent by an MCU are received, carrying out key calculation on the MCU ID number, the first random number, the first MAC value, a chip ID number, a second random number and the second MAC value through a preset private algorithm so as to generate a second target key;
and decrypting the encrypted sensitive data sent by the MCU based on the second target key to obtain decrypted data.
With reference to the second aspect, in an implementation manner, the performing, by a preset private algorithm, key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number, and the second MAC value to generate a second target key includes:
splicing the MCU ID number and the chip ID number to obtain first data;
performing exclusive OR calculation on the first random number and the second random number to obtain second data;
splicing the first data and the second data to obtain third data;
and obtaining a second target key based on the third data.
With reference to the second aspect, in one implementation manner, after the step of decrypting the encrypted sensitive data sent by the MCU based on the second target key to obtain decrypted data, the method further includes:
the decrypted data is stored to the replay protection memory block RPMB by means of the trusted execution environment TEE.
With reference to the second aspect, in one implementation manner, after the step of storing, by the trusted execution environment TEE, the decrypted data into the replay protection memory block RPMB, the method further includes:
and communicating with the TEE based on Secure inter-core communication (Secure IPC) to perform read-write operation of decrypted data on the RPMB.
In a third aspect, an embodiment of the present application provides a whole vehicle instrument data security protection device, where the whole vehicle instrument data security protection device includes a processor, a memory, and a whole vehicle instrument data security protection program stored on the memory and executable by the processor, where when the whole vehicle instrument data security protection program is executed by the processor, the steps of the foregoing whole vehicle instrument data security protection method are implemented.
In a fourth aspect, an embodiment of the present application provides a computer readable storage medium, where a whole vehicle instrument data security protection program is stored on the computer readable storage medium, where when the whole vehicle instrument data security protection program is executed by a processor, the steps of the foregoing whole vehicle instrument data security protection method are implemented.
The technical scheme provided by the embodiment of the application has the beneficial effects that at least:
the key negotiation between the MCU and the instrument domain controller is realized through the private algorithm, so that the security of the key is improved, and the generated key comprises a random number, so that replay attack can be avoided, and the security transmission of sensitive data is effectively improved.
Drawings
FIG. 1 is a schematic flow chart of a first embodiment of a method for protecting data security of a whole vehicle instrument according to the present application;
FIG. 2 is a schematic diagram of a key negotiation and data encryption transmission process involved in an embodiment of the present application;
FIG. 3 is a flowchart of a second embodiment of the method for protecting data security of a whole vehicle instrument according to the present application;
FIG. 4 is a schematic diagram of a data security reading and writing process according to an embodiment of the present application;
fig. 5 is a schematic diagram of a whole vehicle instrument data security protection architecture according to an embodiment of the present application;
fig. 6 is a schematic hardware structure diagram of a whole vehicle instrument data security protection device according to an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terms "comprising" and "having" and any variations thereof in the description and claims of the application and in the foregoing drawings are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus. The terms "first," "second," and "third," etc. are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order, and are not limited to the fact that "first," "second," and "third" are not identical.
In describing embodiments of the present application, "exemplary," "such as," or "for example," etc., are used to indicate by way of example, illustration, or description. Any embodiment or design described herein as "exemplary," "such as" or "for example" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary," "such as" or "for example," etc., is intended to present related concepts in a concrete fashion.
In the description of the embodiments of the present application, unless otherwise indicated, "/" means or, for example, a/B may represent a or B; the text "and/or" is merely an association relation describing the associated object, and indicates that three relations may exist, for example, a and/or B may indicate: the three cases where a exists alone, a and B exist together, and B exists alone, and furthermore, in the description of the embodiments of the present application, "plural" means two or more than two.
In some of the processes described in the embodiments of the present application, a plurality of operations or steps occurring in a particular order are included, but it should be understood that the operations or steps may be performed out of the order in which they occur in the embodiments of the present application or in parallel, the sequence numbers of the operations merely serve to distinguish between the various operations, and the sequence numbers themselves do not represent any order of execution. In addition, the processes may include more or fewer operations, and the operations or steps may be performed in sequence or in parallel, and the operations or steps may be combined.
First, some technical terms in the present application are explained so as to facilitate understanding of the present application by those skilled in the art.
Safety il: a functional safety island;
r52: the processor is mainly used in the fields of automobiles and other industries;
secure IPC: secure inter-core communications;
crypto Engine: a hardware solution engine;
cluster Domain (CP): an instrument domain controller;
TEE (Trusted Execution Environment): a trusted execution environment;
RPMB (Replay Protected Memory Block): replay protects the memory block.
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
In a first aspect, an embodiment of the application provides a method for protecting data security of a whole vehicle instrument.
In an embodiment, referring to fig. 1, fig. 1 is a flowchart of a first embodiment of a method for protecting data security of a whole vehicle instrument according to the present application. As shown in fig. 1, the method for protecting the data security of the whole vehicle instrument is applied to a micro control unit MCU, and comprises the following steps:
step S10: and generating a first random number based on the MCU ID number, and generating a first MAC value based on the MCU ID number, the first random number and a preset authentication code key.
For example, it CAN be understood that the MCU of the whole vehicle will often receive the Cluster data sent by each sensor through a communication manner such as CAN bus, LIN bus or FLex, and the Cluster data often includes sensitive data, so when transmitting the Cluster data to the Cluster Domain, security of the transmission process needs to be ensured to prevent the sensitive data from being tampered with, and the like.
In this embodiment, referring to fig. 2, after the system is powered on, the MCU obtains its corresponding MCU ID (the MCU ID is a unique identification code of the MCU and the size is generally 8 bytes), and generates a corresponding first Random number Random data1 (the size of Random data1 is 16 bytes) based on the MCU ID, so as to be used for subsequent data signature and key negotiation, thereby effectively avoiding replay attack. Note that, the Random data1 may be a true Random number or a pseudo Random number, and may be generated by a Crypto Engine if the Random number is true, or may be generated by a linear congruence method if the pseudo Random number is true. After generating Random data1, performing MAC Value calculation based on the Random data1, the MCU ID number and an authentication code key mac_key which is pre-built in a program to obtain a first MAC Value1 corresponding to the MCU.
Similarly, the Cluster Domain communicating with the MCU also acquires the corresponding SOC ID (the SOC ID is a chip ID, the chip can be SE1000 SoC and the like, the size of the SOC ID is also 8 bytes), and generates a corresponding second Random number Random data2 (the size of the Random data2 is also 16 bytes) based on the SOC ID for subsequent data signature and key negotiation, so that replay attack is effectively avoided; after generating Random data2, the MAC Value is calculated based on the Random data2, the SOC ID number and the authentication code key mac_key previously built in the program, so as to obtain a second MAC Value2 corresponding to the CP.
Step S20: when a chip ID number, a second random number and a second MAC value sent by the instrument domain controller are received, key calculation is carried out on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number and the second MAC value through a preset private algorithm, so that a first target key is generated.
The key calculation is performed on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number, and the second MAC value by a preset private algorithm, so as to generate a first target key, including:
splicing the MCU ID number and the chip ID number to obtain first data;
performing exclusive OR calculation on the first random number and the second random number to obtain second data;
splicing the first data and the second data to obtain third data;
and obtaining a first target key based on the third data.
For example, referring to fig. 2, after the MCU completes the calculation of the MAC Value, the calculated MAC Value1, random data1 and MCU ID number are sent to the Cluster Domain, so that the Cluster Domain can perform key negotiation based on the received MAC Value1, random data1 and MCU ID through a private algorithm; similarly, after the Cluster Domain finishes calculation of the MAC Value, the calculated MAC Value2, the Random data2 and the SOC ID number are sent to the MCU, so that the MCU can carry out key negotiation based on the received MAC Value2, random data2 and the SOC ID number through a private algorithm.
It should be noted that, before the MCU sends the MAC Value1, random data1, and MCU ID number to the Cluster Domain, the MCU may first send the MAC Value1, random data1, and MCU ID number to the R52 transfer station, and then send the MAC Value1, random data1, and MCU ID number to the Cluster Domain through the R52 transfer station; similarly, cluster Domain may also send the MAC Value2, random data2, and SOC ID to the MCU via the R52 transfer station. It will be appreciated that since the MCU powers up earlier than the Cluster Domain, it starts faster and therefore requires Polling waiting, i.e. the MCU will poll the status register to obtain the data sent by the Cluster Domain from the R52 transfer station in time.
When the MCU and the Cluster Domain carry out key negotiation, the MCU and the Cluster Domain are realized based on the private algorithm which is known only by the MCU and the Cluster Domain, so that the generated key is not easy to crack by the outside, namely if the outside wants to crack the key, the private algorithm is firstly cracked, then the key can be further cracked, and a protection layer is additionally arranged for the key, thereby effectively improving the security of the key. The specific implementation process of the private algorithm may be: (1) Splicing the MCU ID and the SOC ID to obtain first data1, namely, data1 = MCU ID|SOC ID; (2) Performing exclusive OR operation on the random data1 and the random data2 to obtain second data2, namely, data2 = random data 1-random data2; (3) Splicing the data1 and the data2 to obtain third data3, namely, data3 = data1|data2; (4) And taking the data obtained after the data3 is circularly shifted right or left by the target bit as a first target key secret 1. It should be noted that, the specific value setting of the target bit may be determined according to the actual requirement, and is not limited herein, for example, if the target bit is set to 12 bits, the secret key1 may be obtained after the data3 is circularly shifted to the right or to the left by 12 bits.
Step S30: and encrypting the sensitive data based on the first target key to obtain encrypted sensitive data.
For example, referring to fig. 2, after the secret key1 is calculated by the private algorithm, the MCU may encrypt the sensitive data based on the AES-256-GCM algorithm and using the secret key1 to obtain encrypted sensitive data. Because each packet of encrypted ciphertext comprises both the ciphertext of the data and the TAG (i.e. MAC value) of the data, the encryption is performed by using an AES-256-GCM algorithm, so that the confidentiality of the data can be ensured, and the integrity of the data can be ensured.
Step S40: and sending the encrypted sensitive data to the instrument domain controller so that the instrument domain controller decrypts the encrypted sensitive data based on the second target key calculated by the preset private algorithm.
For example, referring to fig. 2, after the MCU completes encryption of the sensitive data, the encrypted sensitive data may be sent to the R52 transfer station, and then forwarded to the Cluster Domain by the R52 transfer station; after the Cluster Domain receives the encrypted sensitive data, the encrypted sensitive data is decrypted based on the second target key calculated by the private algorithm, so that corresponding decrypted data is obtained, and further safe transmission of the sensitive data is realized.
Further, in an embodiment, the generating the first MAC value based on the MCU ID number, the first random number, and a preset authentication code key includes:
and carrying out data signature on the MCU ID number, the first random number and a preset authentication code key based on an HMAC algorithm to obtain a first MAC value.
Exemplary, in this embodiment, an HMAC algorithm is used to calculate the data signature, that is, the MCU ID number, random data1 and mac_key are subjected to data signature by the HMAC algorithm, so as to obtain the MAC Value1, and realize identity verification of both communication parties, thereby ensuring validity in the data transmission process. Among them, the HMACSHA256 algorithm may be preferably used to calculate the MAC Value, and then MAC value1=hmacsha 256 (mac_key, MCU id|random data 1).
Further, in an embodiment, before the step of performing the key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number, and the second MAC value by a preset private algorithm, the method further includes:
performing data signature on the MCU ID number, the second random number and a preset authentication code key based on an HMAC algorithm to obtain a target MAC value;
if the target MAC value is consistent with the second MAC value, executing the step of carrying out key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number and the second MAC value through a preset private algorithm;
and if the target MAC value is inconsistent with the second MAC value, terminating communication with the instrument domain controller or reinitiating a key negotiation request to the instrument domain controller.
In this embodiment, after the MCU receives the CP-side data forwarded by R52, the MAC value of the received random data2 is calculated by using the HMAC algorithm, so as to determine the validity of the identities of the two parties according to whether the calculated MAC value is consistent with the received MAC value. Specifically, the formula mac=hmacsha 256 (mac_key, MCU id|random data 2) may be used to recalculate the target MAC Value, and if the target MAC Value and the received MAC Value2 are inconsistent, the communication is terminated or the negotiation key is reinitiated; only if the two are identical will the private algorithm be used for key calculation.
In an embodiment, referring to fig. 3, fig. 3 is a flowchart illustrating a second embodiment of a data security protection method for a whole vehicle instrument according to the present application. As shown in fig. 3, the whole vehicle instrument data security protection method is applied to an instrument domain controller, and the method comprises the following steps:
step N10: and generating a second random number based on the chip ID number, and generating a second MAC value based on the chip ID number, the second random number and a preset authentication code key.
As shown in fig. 2, after the system is powered on, the Cluster Domain obtains its corresponding SOC ID (the SOC ID is a chip ID, the chip may be SE1000 SOC or the like, and the size of the SOC ID is also 8 bytes), and generates a corresponding second Random number Random data2 (the size of the Random data2 is also 16 bytes) based on the SOC ID, so as to be used for subsequent data signature and key negotiation, thereby effectively avoiding replay attack; after generating Random data2, performing MAC Value calculation based on the Random data2, the SOC ID number and an authentication code key mac_key pre-built in a program to obtain a second MAC Value2 corresponding to the CP. Wherein, the Cluster Domain may preferably calculate the MAC Value by using the HMACSHA256 algorithm, and then MAC Value 2=HMACSHA 256 (mac_key, SOC ID|random data 2). It should be noted that, the method and principle of calculating the MAC value by the MCU are the same as those in the first embodiment, and for brevity of description, a detailed description is omitted.
Step N20: and when the MCU ID number, the first random number and the first MAC value sent by the MCU are received, carrying out key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number and the second MAC value through a preset private algorithm so as to generate a second target key.
The key calculation is performed on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number, and the second MAC value by a preset private algorithm, so as to generate a second target key, including:
splicing the MCU ID number and the chip ID number to obtain first data;
performing exclusive OR calculation on the first random number and the second random number to obtain second data;
splicing the first data and the second data to obtain third data;
and obtaining a second target key based on the third data.
As shown in fig. 2, for example, after the calculation of the MAC Value is completed by the Cluster Domain, the calculated MAC Value2, random data2 and SOC ID number are sent to the MCU, so that the MCU can perform key negotiation based on the received MAC Value2, random data2 and SOC ID through a private algorithm; similarly, after the MCU finishes the calculation of the MAC Value, the calculated MAC Value1, random data1 and MCU ID number are sent to the Cluster Domain, so that the Cluster Domain can carry out key negotiation based on the received MAC Value1, random data1 and MCU ID number through a private algorithm.
It should be noted that, before sending the MAC Value2, random data2, and MCU ID number to the MCU, the Cluster Domain may first be sent to the R52 transfer station, and then be sent to the MCU through the R52 transfer station. When the Cluster Domain and the MCU in the embodiment carry out key negotiation, the key negotiation is realized based on the private algorithm which is known only by the Cluster Domain and the MCU, so that the generated key is not easy to crack by the outside, namely if the outside wants to crack the key, the private algorithm is firstly cracked, then the key can be further cracked, and a protection layer is additionally arranged for the key, thereby effectively improving the security of the key.
After the Cluster Domain receives the MCU side data forwarded by the R52, firstly, performing MAC value calculation on the received random data1 by using an HMAC algorithm to determine the legitimacy of the identities of the two parties according to whether the calculated MAC value is consistent with the received MAC value. Specifically, the formula mac=hmacsha 256 (mac_key, SOC id|random data 1) may be used to recalculate the target MAC Value, and if the target MAC Value and the received MAC Value1 do not coincide, the communication is terminated or the negotiation key is reinitiated; only if the two are identical will the private algorithm be used for key calculation.
The specific implementation process of the private algorithm can be as follows: (1) Splicing the MCU ID and the SOC ID to obtain first data1, namely, data1 = MCU ID|SOC ID; (2) Performing exclusive OR operation on the random data1 and the random data2 to obtain second data2, namely, data2 = random data 1-random data2; (3) Splicing the data1 and the data2 to obtain third data3, namely, data3 = data1|data2; (4) And taking the data obtained after the data3 is circularly shifted right or left by the target bit as a second target key2. It should be noted that, the specific value setting of the target bit may be determined according to the actual requirement, and is not limited herein, for example, if the target bit is set to 12 bits, the secret key2 may be obtained after the data3 is circularly shifted to the right or to the left by 12 bits.
Step N30: and decrypting the encrypted sensitive data sent by the MCU based on the second target key to obtain decrypted data.
Illustratively, in this embodiment, after the Cluster Domain receives the encrypted sensitive data sent by the MCU from the R52 transfer station, the encrypted sensitive data is decrypted based on the AES-256-GCM algorithm and by using the secret key2 obtained by calculation to obtain decrypted data. Therefore, the key negotiation between the Cluster Domain and the MCU is realized through the private algorithm, namely, the security transmission channel is created based on the point-to-point special key negotiation mechanism, so that the security of the key is effectively improved, and the generated key comprises a random number, so that replay attack can be effectively avoided, and the security transmission of sensitive data is effectively improved.
Further, in an embodiment, after the step of decrypting the encrypted sensitive data sent by the MCU based on the second target key to obtain decrypted data, the method further includes:
the decrypted data is stored to the replay protection memory block RPMB by means of the trusted execution environment TEE.
Exemplary, referring to fig. 2, after decrypted data is obtained by the Cluster Domain, one path of decrypted data is transmitted to the Cluster display module for display, and the other path of decrypted data can be stored in the RPMB module through the TEE, so that sensitive data is prevented from being tampered, and safe storage of the Cluster data is realized. It should be noted that, the decrypted data stored in the RPMB module may be plaintext data after decryption, or may be data obtained by encrypting plaintext data by a method such as RPMB KEY, or the like, specifically, which type of data may be determined according to actual requirements, which is not limited herein.
Further, in an embodiment, after the step of storing the decrypted data to the replay protection memory block RPMB by the trusted execution environment TEE, the method further includes:
and communicating with the TEE based on Secure inter-core communication (Secure IPC) to perform read-write operation of decrypted data on the RPMB.
In this embodiment, the Cluster Domain will communicate with the TEE to implement the transmission of sensitive data, so as to perform the Secure read/write operation of decrypting the data on the RPMB, where the Secure IPC is implemented based on the hardware mailbox and the RPMSG software protocol stack, and is the Secure communication implemented by combining the Secure interrupt and the shared memory with the FireWall. Specifically, referring to fig. 4, the Read process (Read Procedure) of the sensitive data is: the Cluster Domain sends a Get Private Data command to the AP TEE through Secure IPC; the AP-TEE sends a Get RPMB Data command to the RMPB to acquire sensitive Data from the RPMB partition through a TIPC (trusted inter-core communication) path, and returns the acquired Private Data to the Cluster Domain through a Secure IPC command.
The Write process (Write Procedure) of sensitive data is: the Cluster Domain sends Store Private Data command to the AP TEE through Secure IPC; the AP-TEE sends a Store RPMB Data command to the RMPB to write sensitive Data into the RPMB partition through the TIPC path, and returns the write status through the Secure IPC command to the Cluster Domain. Therefore, the Cluster Domain in the embodiment realizes a CPU without TrustZone technology through Secure IPC, and can further complete communication with a security Domain (such as TEE), so that Secure storage of data can be completed through TEE operation RPMB.
The following explains the data transmission process between the MCU and the Cluster Domain with reference to FIG. 5.
MCU receives Cluster data sent by each sensor through communication modes such as CAN bus, LIN bus or FLex, and transmits the Cluster data to Cluster Domain through R52 in the security file, namely R52 is used as a transfer station to forward the Cluster data from MCU to Cluster Domain through an encryption channel; after the MCU and the Cluster Domain are electrified, negotiating a communication encryption key through a private algorithm; the Cluster Domain judges the authenticity of the received sensitive data, and displays the true sensitive data on one hand, and communicates with the TEE based on Secure IPC to store the true sensitive data in the RPMB, and the Cluster Domain also reads the sensitive data from the RPMB through the Secure IPC; for false sensitive data, a warning message will be popped up to the user or certain functions will be restricted.
In a second aspect, an embodiment of the present application provides a whole vehicle instrument data security protection device, where the whole vehicle instrument data security protection device may be a device with a data processing function, such as a personal computer (personal computer, PC), a notebook computer, a server, or the like.
Referring to fig. 6, fig. 6 is a schematic hardware structure diagram of a whole vehicle instrument data security protection device according to an embodiment of the present application. In the embodiment of the application, the whole vehicle instrument data safety protection device can comprise a processor, a memory, a communication interface and a communication bus.
The communication bus may be of any type for implementing the processor, memory, and communication interface interconnections.
The communication interfaces include input/output (I/O) interfaces, physical interfaces, logical interfaces, and the like, for implementing the interconnection of devices inside the whole vehicle instrument data security protection device, and for implementing the interconnection of the whole vehicle instrument data security protection device with other devices (such as other computing devices or user devices). The physical interface may be an ethernet interface, a fiber optic interface, an ATM interface, etc.; the user device may be a Display, a Keyboard (Keyboard), or the like.
The memory may be various types of storage media such as random access memory (randomaccess memory, RAM), read-only memory (ROM), nonvolatile RAM (non-volatileRAM, NVRAM), flash memory, optical memory, hard disk, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (electrically erasable PROM, EEPROM), and the like.
The processor may be a general processor, and the general processor may call the whole vehicle instrument data security protection program stored in the memory, and execute the whole vehicle instrument data security protection method provided by the embodiment of the application. For example, the general purpose processor may be a central processing unit (central processing unit, CPU). The method executed when the whole vehicle instrument data security protection program is called can refer to each embodiment of the whole vehicle instrument data security protection method of the application, and is not repeated herein.
Those skilled in the art will appreciate that the hardware configuration shown in fig. 6 is not limiting of the application and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
In a third aspect, embodiments of the present application also provide a computer-readable storage medium.
The application stores the whole vehicle instrument data safety protection program on the readable storage medium, wherein the whole vehicle instrument data safety protection program realizes the steps of the whole vehicle instrument data safety protection method when being executed by the processor.
The method implemented when the whole vehicle instrument data security protection program is executed may refer to each embodiment of the whole vehicle instrument data security protection method of the present application, and will not be described herein.
It should be noted that, the foregoing reference numerals of the embodiments of the present application are merely for describing the embodiments, and do not represent the advantages and disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising several instructions for causing a terminal device to perform the method according to the embodiments of the present application.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the application, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (10)
1. The whole vehicle instrument data safety protection method is characterized by being applied to a micro control unit MCU, and comprises the following steps of:
generating a first random number based on the MCU ID number, and generating a first MAC value based on the MCU ID number, the first random number and a preset authentication code key;
when a chip ID number, a second random number and a second MAC value sent by an instrument domain controller are received, carrying out key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number and the second MAC value through a preset private algorithm so as to generate a first target key;
encrypting the sensitive data based on the first target key to obtain encrypted sensitive data;
and sending the encrypted sensitive data to the instrument domain controller so that the instrument domain controller decrypts the encrypted sensitive data based on the second target key calculated by the preset private algorithm.
2. The method for protecting the data security of the whole vehicle instrument according to claim 1, wherein the performing key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number and the second MAC value by a preset private algorithm to generate a first target key includes:
splicing the MCU ID number and the chip ID number to obtain first data;
performing exclusive OR calculation on the first random number and the second random number to obtain second data;
splicing the first data and the second data to obtain third data;
and obtaining a first target key based on the third data.
3. The method for protecting the data security of the whole vehicle instrument according to claim 1, wherein the generating the first MAC value based on the MCU ID number, the first random number and the preset authentication code key comprises:
and carrying out data signature on the MCU ID number, the first random number and a preset authentication code key based on an HMAC algorithm to obtain a first MAC value.
4. The method for protecting the data security of the whole vehicle instrument according to claim 1, further comprising, before the step of performing key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number, and the second MAC value by a preset private algorithm:
performing data signature on the MCU ID number, the second random number and a preset authentication code key based on an HMAC algorithm to obtain a target MAC value;
if the target MAC value is consistent with the second MAC value, executing the step of carrying out key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number and the second MAC value through a preset private algorithm;
and if the target MAC value is inconsistent with the second MAC value, terminating communication with the instrument domain controller or reinitiating a key negotiation request to the instrument domain controller.
5. The whole vehicle instrument data safety protection method is characterized by being applied to an instrument domain controller and comprising the following steps of:
generating a second random number based on the chip ID number, and generating a second MAC value based on the chip ID number, the second random number and a preset authentication code key;
when an MCU ID number, a first random number and a first MAC value sent by an MCU are received, carrying out key calculation on the MCU ID number, the first random number, the first MAC value, a chip ID number, a second random number and the second MAC value through a preset private algorithm so as to generate a second target key;
and decrypting the encrypted sensitive data sent by the MCU based on the second target key to obtain decrypted data.
6. The method for protecting the data security of the whole vehicle instrument according to claim 5, wherein the performing key calculation on the MCU ID number, the first random number, the first MAC value, the chip ID number, the second random number, and the second MAC value by a preset private algorithm to generate the second target key includes:
splicing the MCU ID number and the chip ID number to obtain first data;
performing exclusive OR calculation on the first random number and the second random number to obtain second data;
splicing the first data and the second data to obtain third data;
and obtaining a second target key based on the third data.
7. The method for protecting the data security of the whole vehicle instrument according to claim 5, wherein after the step of decrypting the encrypted sensitive data sent by the MCU based on the second target key to obtain decrypted data, the method further comprises:
the decrypted data is stored to the replay protection memory block RPMB by means of the trusted execution environment TEE.
8. The method for protecting the data security of the whole vehicle instrument according to claim 5, further comprising, after the step of storing the decrypted data to the replay protection memory block RPMB by the trusted execution environment TEE:
and communicating with the TEE based on Secure inter-core communication (Secure IPC) to perform read-write operation of decrypted data on the RPMB.
9. A vehicle meter data security protection device, characterized in that the vehicle meter data security protection device comprises a processor, a memory and a vehicle meter data security protection program stored on the memory and executable by the processor, wherein the vehicle meter data security protection program, when executed by the processor, implements the steps of the vehicle meter data security protection method according to any one of claims 1 to 8.
10. A computer readable storage medium, wherein a whole vehicle meter data security protection program is stored on the computer readable storage medium, wherein the whole vehicle meter data security protection program, when executed by a processor, implements the steps of the whole vehicle meter data security protection method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311350830.2A CN117118613B (en) | 2023-10-18 | 2023-10-18 | Whole vehicle instrument data security protection method, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311350830.2A CN117118613B (en) | 2023-10-18 | 2023-10-18 | Whole vehicle instrument data security protection method, equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117118613A true CN117118613A (en) | 2023-11-24 |
| CN117118613B CN117118613B (en) | 2024-01-02 |
Family
ID=88796802
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311350830.2A Active CN117118613B (en) | 2023-10-18 | 2023-10-18 | Whole vehicle instrument data security protection method, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117118613B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624525A (en) * | 2011-11-18 | 2012-08-01 | 广西柳工机械股份有限公司 | Electronic identity recognition method for engineering machinery and device |
| CN103309315A (en) * | 2013-05-24 | 2013-09-18 | 成都秦川科技发展有限公司 | Internet of things automotive intelligent control instrument and internet of things automotive intelligent management system |
| CN105635147A (en) * | 2015-12-30 | 2016-06-01 | 深圳市图雅丽特种技术有限公司 | Vehicle-mounted-special-equipment-system-based secure data transmission method and system |
| WO2016154948A1 (en) * | 2015-03-31 | 2016-10-06 | SZ DJI Technology Co., Ltd. | Authentication systems and methods for identification of authorized participants |
| KR20170029259A (en) * | 2015-09-07 | 2017-03-15 | 현대자동차주식회사 | Method of providing secure odometer management by changing secret key and appratus for implementing the same |
| CN112347453A (en) * | 2020-11-11 | 2021-02-09 | 公安部交通管理科学研究所 | Data safety writing method and system of automobile electronic identification embedded NFC chip |
| CN112363748A (en) * | 2020-12-01 | 2021-02-12 | 安徽江淮汽车集团股份有限公司 | Automobile instrument software upgrading method, device, equipment and storage medium |
| CN113590306A (en) * | 2021-06-16 | 2021-11-02 | 惠州市德赛西威汽车电子股份有限公司 | Method for realizing reliable communication between two systems of domain controller |
| CN115378587A (en) * | 2022-10-24 | 2022-11-22 | 北京智芯微电子科技有限公司 | Key acquisition method, device, equipment and readable storage medium |
| WO2023005734A1 (en) * | 2021-07-29 | 2023-02-02 | 中国第一汽车股份有限公司 | Vehicle data uploading method and apparatus, and vehicle, system and storage medium |
| CN116668193A (en) * | 2023-07-27 | 2023-08-29 | 高新兴智联科技股份有限公司 | Communication method of terminal equipment and server of Internet of things and computer readable storage medium |
-
2023
- 2023-10-18 CN CN202311350830.2A patent/CN117118613B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624525A (en) * | 2011-11-18 | 2012-08-01 | 广西柳工机械股份有限公司 | Electronic identity recognition method for engineering machinery and device |
| CN103309315A (en) * | 2013-05-24 | 2013-09-18 | 成都秦川科技发展有限公司 | Internet of things automotive intelligent control instrument and internet of things automotive intelligent management system |
| WO2016154948A1 (en) * | 2015-03-31 | 2016-10-06 | SZ DJI Technology Co., Ltd. | Authentication systems and methods for identification of authorized participants |
| KR20170029259A (en) * | 2015-09-07 | 2017-03-15 | 현대자동차주식회사 | Method of providing secure odometer management by changing secret key and appratus for implementing the same |
| CN105635147A (en) * | 2015-12-30 | 2016-06-01 | 深圳市图雅丽特种技术有限公司 | Vehicle-mounted-special-equipment-system-based secure data transmission method and system |
| CN112347453A (en) * | 2020-11-11 | 2021-02-09 | 公安部交通管理科学研究所 | Data safety writing method and system of automobile electronic identification embedded NFC chip |
| CN112363748A (en) * | 2020-12-01 | 2021-02-12 | 安徽江淮汽车集团股份有限公司 | Automobile instrument software upgrading method, device, equipment and storage medium |
| CN113590306A (en) * | 2021-06-16 | 2021-11-02 | 惠州市德赛西威汽车电子股份有限公司 | Method for realizing reliable communication between two systems of domain controller |
| WO2023005734A1 (en) * | 2021-07-29 | 2023-02-02 | 中国第一汽车股份有限公司 | Vehicle data uploading method and apparatus, and vehicle, system and storage medium |
| CN115378587A (en) * | 2022-10-24 | 2022-11-22 | 北京智芯微电子科技有限公司 | Key acquisition method, device, equipment and readable storage medium |
| CN116668193A (en) * | 2023-07-27 | 2023-08-29 | 高新兴智联科技股份有限公司 | Communication method of terminal equipment and server of Internet of things and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 李云岗;胡兵;于哲;潘红升;姜玉龙: "智能移动存储安全SOC芯片", 《科技成果》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117118613B (en) | 2024-01-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107735793B (en) | Binding trusted input sessions to trusted output sessions | |
| JP5815294B2 (en) | Secure field programmable gate array (FPGA) architecture | |
| CN100487715C (en) | Date safety storing system, device and method | |
| CN105095696B (en) | Method, system and the equipment of safety certification are carried out to application program | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| US7697691B2 (en) | Method of delivering Direct Proof private keys to devices using an on-line service | |
| CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
| CN108566381A (en) | A kind of security upgrading method, device, server, equipment and medium | |
| US10680816B2 (en) | Method and system for improving the data security during a communication process | |
| US7693286B2 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| CN110214440A (en) | Address credible performing environment | |
| CN110621014B (en) | Vehicle-mounted equipment, program upgrading method thereof and server | |
| CN106980794A (en) | TrustZone-based file encryption and decryption method and device and terminal equipment | |
| CN102271037A (en) | Key protectors based on online keys | |
| JP5954609B1 (en) | Method and system for backing up private key of electronic signature token | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN110249336A (en) | Addressing using signature key to credible performing environment | |
| WO2006025952A2 (en) | Method of delivering direct proof private keys to devices using a distribution cd | |
| CN110166489B (en) | Data transmission method, system, equipment and computer medium in Internet of things | |
| CN112615824B (en) | Anti-leakage one-time pad communication method and device | |
| CN112703500A (en) | Protecting data stored in memory of IoT devices during low power mode | |
| CN111817856B (en) | Identity authentication method and system based on zero-knowledge proof and password technology | |
| WO2023246509A1 (en) | Gene data processing method and apparatus, device and medium | |
| CN101883357A (en) | Method, device and system for mutual authentication between terminal and intelligent card | |
| CN117118613B (en) | Whole vehicle instrument data security protection method, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |