CN117221010B - Cloud-based vehicle ECU identity authentication method, communication method and system - Google Patents
Cloud-based vehicle ECU identity authentication method, communication method and system Download PDFInfo
- Publication number
- CN117221010B CN117221010B CN202311469192.6A CN202311469192A CN117221010B CN 117221010 B CN117221010 B CN 117221010B CN 202311469192 A CN202311469192 A CN 202311469192A CN 117221010 B CN117221010 B CN 117221010B
- Authority
- CN
- China
- Prior art keywords
- ecu
- vehicle
- cloud
- message
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 135
- 238000000034 method Methods 0.000 title claims abstract description 68
- 238000012795 verification Methods 0.000 claims abstract description 149
- 238000012545 processing Methods 0.000 claims description 39
- 239000000284 extract Substances 0.000 claims description 25
- 230000008569 process Effects 0.000 claims description 15
- 230000005856 abnormality Effects 0.000 claims description 6
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 230000026676 system process Effects 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention belongs to the technical field of Internet of vehicles, and particularly relates to a cloud-based vehicle ECU identity authentication method, a cloud-based vehicle ECU communication method and a cloud-based vehicle ECU identity authentication system. The identity authentication method comprises the following steps: the vehicle, the internal ECU and the external ECU register to the cloud, and the cloud stores registration information of each vehicle, the internal ECU and the external ECU; when the vehicle is powered on/when an external ECU is newly added in the vehicle/the vehicle is replaced by an internal ECU, the vehicle performs first round of ECU identity authentication, wherein the first round of ECU identity authentication comprises two phases of in-vehicle identity authentication and out-of-vehicle identity authentication, and if any phase fails, the first round of ECU identity authentication fails; after the first round of ECU identity authentication is successful, the vehicle performs second round of ECU identity authentication, and if the second round of ECU identity authentication passes, all the current vehicle ECU identity authentication is successful. The invention can efficiently carry out identity verification on all the ECUs on the vehicle, and ensure the communication safety among all the ECUs on the vehicle.
Description
Technical Field
The invention belongs to the technical field of Internet of vehicles, and particularly relates to a cloud-based vehicle ECU identity authentication method, a cloud-based vehicle ECU communication method and a cloud-based vehicle ECU identity authentication system.
Background
With the rapid development of the era, more and more automobiles are networked, and the networking of automobiles is a double-edged sword, so that convenience is brought, and meanwhile, the risk of vehicle privacy leakage exists. For vehicles, the internet of vehicles is divided into, for example, car-car, car-road external networks, and internal networks inside the vehicle itself. Various vehicle ECUs (electronic controller units) and CAN buses are main components of an in-vehicle network, and hundreds of ECUs related to power, chassis, body, entertainment systems and the like of one vehicle are all mounted on the CAN buses.
The following potential safety hazards exist in the vehicle interior network:
(1) the malicious ECU CAN be randomly mounted on the CAN bus, eavesdrop on messages transmitted in a plaintext form on the CAN bus, and perform malicious operation on other vehicle ECUs through the CAN bus.
(2) A hacker intercepts driving data transmitted from the in-vehicle network to the out-vehicle network by attacking the out-vehicle network.
(3) And a hacker sends a message to the vehicle intranet through a trusted mechanism in the impersonation vehicle outside network, and finally controls each vehicle ECU through the CAN bus to achieve the purpose of controlling the vehicle.
It is particularly important to ensure secure communication between the respective vehicle ECUs via the CAN bus.
In order to solve the potential safety hazards, the load pressure of hundreds of vehicle ECUs mounted on the CAN bus is high, and if negotiation or key distribution are frequently carried out, the CAN bus is overwhelmed, so that the transmission efficiency of in-vehicle network information is greatly affected. The conventional technology is to additionally establish a secure communication channel between each vehicle ECU and perform operations such as identity authentication and authorization, so as to improve the safety and reliability of the in-vehicle network.
But this not only increases the computation overhead and communication overhead of each vehicle ECU, but also increases the complexity and cost of the in-vehicle network and the entire internet of vehicles; meanwhile, since the identity authentication requires a large number of operations such as encryption and decryption, the response speed of the vehicle system is also reduced.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a cloud-based vehicle ECU identity authentication method which can efficiently authenticate all ECUs on a vehicle, ensure the communication safety among all ECUs on the vehicle and improve the reliability of in-vehicle network communication.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a cloud-based vehicle ECU identity authentication method comprises the following steps:
the method comprises the steps that S1, a vehicle V, an internal ECU and an external ECU register to a cloud through an offline secure channel, the cloud generates a registration message and returns the registration message to the corresponding vehicle V, the internal ECU and the external ECU, and meanwhile, the cloud stores the registration information of each vehicle V, the internal ECU and the external ECU in a cloud database, and each vehicle V, the internal ECU and the external ECU finish registration;
the internal ECU is divided into a common ECU and a gateway ECU;
s2, when the vehicle V is powered on or an external ECU is newly added on the vehicle V or an internal ECU is replaced in the vehicle V, the vehicle V performs first-wheel ECU identity authentication: the first round of ECU identity authentication comprises two stages of in-vehicle identity authentication and out-of-vehicle identity authentication, wherein all internal ECUs and external ECUs on the vehicle V perform in-vehicle identity authentication at a gateway ECU of the current vehicle V, if the in-vehicle identity authentication fails, the gateway ECU sends message information of the ECU abnormality to the vehicle V, and if the in-vehicle identity authentication succeeds, the gateway ECU requests out-of-vehicle identity authentication to a cloud end; if the identity authentication outside the vehicle is successful, namely the first round of ECU identity authentication is successful, the vehicle V carries out the second round of ECU identity authentication, otherwise, the first round of ECU identity authentication fails;
S3, the vehicle V performs second-round ECU identity authentication: the gateway ECU of the vehicle V generates a second round of identity authentication message containing all internal ECU and external ECU registration information on the current vehicle V, and sends the second round of identity authentication message to the cloud for verification, if the verification fails, the cloud sends message information of failure of the ECU identity authentication to the gateway ECU; if the verification is passed, the identity authentication of the second round of ECU is successful, namely the identity authentication of all the internal ECUs and the external ECUs on the current vehicle V is successful; when the vehicle V is powered on again or an external ECU is newly added to the vehicle V or the internal ECU is replaced in the vehicle V, the process returns to S2.
Preferably, the step S1 further comprises the following substeps:
s11, a manufacturer of a vehicle presets a hash function H in a safe storage medium of the vehicle V, storage media of all internal ECUs in the vehicle V and a cloud database;
the vehicle V registers to the cloud end through a vehicle manufacturer, namely, a first registration request A1 is sent to the cloud end:
A1={MT(A1)||VIN},
wherein VIN represents a vehicle identification code of the vehicle V, || is a connect operator, and MT (A1) represents a message type identifier of the first registration request A1;
meanwhile, all the internal ECUs in the vehicle V are registered to the cloud through a vehicle manufacturer, namely, a second registration request A2 is sent to the cloud: a2 = { MT (A2) ||id (in) |s (in) |vin },
Wherein MT (A2) represents a message type identifier of the second registration request A2, ID (in) represents a true name of the current internal ECU, and S (in) represents that the type of the current ECU is the internal ECU;
the external ECU firstly requests registration from a manufacturer of the vehicle, if the manufacturer agrees, a hash function H is preset in a storage medium of the external ECU, the external ECU registers to the cloud through the manufacturer of the vehicle, and a third registration request A3 is sent to the cloud: a3 = { MT (A3) ||id (out) |s (out) },
wherein MT (A3) represents the message type identifier of the third registration request A3, ID (out) represents the true name of the current external ECU, and S (out) represents the type of the current ECU as the external ECU;
s12, after the cloud receives the first registration request A1, extracting a vehicle identification code VIN and a message type identifier MT (A1) from the first registration request A1, comparing the current vehicle identification code VIN with the information existing in a cloud database, if the current vehicle identification code exists in the cloud database, rejecting the registration of the vehicle V by the cloud, and returning repeated registered message information to the vehicle V; if the current vehicle identification code VIN does not exist in the cloud database, the cloud platform stores the current vehicle identification code VIN in the cloud database and returns message information of successful registration to the vehicle V, and the current vehicle V finishes registration;
When the cloud receives a second registration request A2, extracting a true name ID (in) of a current internal ECU and a type S (in) of the current ECU from the second registration request A2, comparing the true name ID (in) of the current internal ECU with the existing information in a cloud database, extracting a vehicle identification code VIN of a vehicle on which the current internal ECU is installed from the second registration request A2 if the true name of the current internal ECU exists in the cloud database, comparing the vehicle identification code VIN with a vehicle identification code VIN bound by the true name of the internal ECU existing in the cloud database, refusing the registration of the current internal ECU if the VIN is the same as the VIN, and returning repeated registered message information to the current internal ECU; if VIN is different from VIN, the cloud refuses the registration of the current internal ECU and returns message information of abnormal registration to the current internal ECU; if the real name ID (in) of the current internal ECU does not exist in the cloud database, the cloud generates a first verification code Q1 and a second verification code Q2, and calculates the connection operation result of the ID (in) and the Q2 through a hash function H to obtain a corresponding pseudonym PID (in): PID (in) =h [ ID (in) ||q2];
after the cloud receives the third registration request A3, extracting the true name ID (out) of the current external ECU and the type S (out) of the current ECU from the third registration request A3, comparing the true name ID (out) of the current external ECU with the information existing in the cloud database, and if the true name of the current external ECU exists in the cloud database, returning repeated registered message information to the current external ECU by the cloud; if the real name ID (out) of the current external ECU does not exist in the cloud database, the cloud generates a third verification code Q3 and a fourth verification code Q4, and calculates the connection operation result of the ID (out) and the Q4 through a hash function H to obtain a corresponding pseudonym PID (out): PID (out) =h [ ID (out) ||q4];
S13, the cloud binds the true name ID (in), the type S (in), the first verification code Q1, the second verification code Q2 and the corresponding pseudonymous name PID (in) of the current internal ECU with the vehicle identification code VIN of the installed vehicle of the current internal ECU, and then the data are stored in a cloud database as registration information of the internal ECU, and meanwhile the cloud generates a first registration message M1 and returns the first registration message M1 to the current internal ECU: m1= { MT (M1) ||id (in) |pid (in) |q1}, the current internal ECU completes registration,
wherein MT (M1) represents a message type identifier of the first registration message M1;
the cloud end binds the true name ID (out), the type S (out), the third verification code Q3, the fourth verification code Q4 and the corresponding pseudonym PID (out) of the current external ECU together and then uses the binding together as registration information of the external ECU to be stored in a cloud end database, and meanwhile the cloud end generates a second registration message M2 and returns the second registration message M2 to the current external ECU: m2= { MT (M2) ||id (out) |pid (out) |q3}, the current external ECU completes registration,
wherein MT (M2) represents a message type identifier of the second registration message M2;
if the current internal ECU is the gateway ECU, the cloud end also packages and sends all internal ECU registration information bound with the vehicle identification code VIN of the current gateway ECU and all external ECU registration information in the current cloud end database into the current gateway ECU, and the gateway ECU stores various registration information in a self secure storage medium.
Preferably, in S1, the following is further included: when the registration information of the newly-added internal ECU of the vehicle V which is completed to be registered is in the cloud database, the cloud encrypts the registration information of the newly-added internal ECU in real time and then sends the encrypted registration information to a gateway ECU of the vehicle V corresponding to the current newly-added internal ECU; when the registration information of the external ECU is newly added in the cloud database, the cloud transmits the encrypted registration information of the newly added external ECU to all gateway ECUs stored in the current cloud database in real time, namely the gateway ECUs have the registration information of all internal ECUs in the vehicle and the registration information of all external ECUs.
Preferably, step S14 is further included after step S13:
s14, in the cloud database, if the registered vehicle V newly adds the registration information of the internal ECU, the registration information of the newly added internal ECU is recorded as R1, the cloud finds the registration information of the gateway ECU bound by the vehicle identification code VIN which is currently registered in the cloud database, and then the first verification code Q1 is called from the registration information of the gateway ECU to generate a third registration message M3, and the third registration message M3 is sent to the corresponding gateway ECU through a wireless network: m3= { MT (M3) ||q1 (R1) },
wherein MT (M3) represents a message type identifier of the third registration message M3, and Q1 (R1) represents symmetrically encrypting registration information R1 of the newly added internal ECU using the first authentication code Q1 of the corresponding gateway ECU;
When the registration information of the external ECU is newly added in the cloud database, the registration information of the newly added external ECU is recorded as R2, the cloud finds the currently stored registration information of all gateway ECUs in the cloud database, and then the first verification code Q1 is called from the registration information of each gateway ECU to generate a fourth registration message M4 and the fourth registration message M4 is sent to each corresponding gateway ECU through a wireless network: m4= { MT (M4) ||q1 (R2) },
wherein MT (M4) represents a message type identifier of the fourth registration message M4, and Q1 (R2) represents symmetrically encrypting registration information R2 of the newly added external ECU using a first authentication code Q1 of the corresponding gateway ECU
Preferably, the step S2 further comprises the following substeps:
s21, when the vehicle V is powered on or an external ECU is newly added on the vehicle V or an internal ECU is replaced in the vehicle V, all the common ECUs and the external ECUs on the vehicle V firstly send identity authentication messages to the gateway ECU to carry out in-vehicle identity authentication: m5= { MT (M5) ||pid (in) |h (Q1) }, m6= { MT (M6) |pid (out) |h (Q3) },
wherein M5 represents identity authentication information sent by each common ECU in the vehicle V to the gateway ECU through the CAN bus, MT (M5) represents a message type identifier of the identity authentication information M5, and H (Q1) represents a first verification code Q1 stored in the current common ECU through a hash function H; m6 represents identity authentication information sent by each external ECU in the vehicle V to the gateway ECU through the CAN bus, MT (M6) represents a message type identifier of the identity authentication information M6, and H (Q3) represents the third verification code Q3 stored in the current external ECU through a hash function H;
S22, the gateway ECU extracts a pseudonym PID (in) corresponding to each internal ECU from the received identity authentication message M5, extracts a pseudonym PID (out) corresponding to each external ECU from the received identity authentication message M6, and then retrieves a first verification code Q1 which is bound with the pseudonym PID (in) of each internal ECU and a third verification code Q3 which is bound with the pseudonym PID (out) of each external ECU from a self-safe storage medium for verification, and if each internal ECU meets H (Q1) =H (Q1) and each external ECU also meets H (Q3) =H (Q3), the identity authentication in the vehicle is successful, otherwise, the identity authentication in the vehicle fails, and the gateway ECU sends message information of the ECU abnormality to the vehicle V;
after the in-vehicle identity authentication is successful, the gateway ECU generates an out-vehicle identity authentication message M7 and sends the out-vehicle identity authentication message M7 to the cloud: m7= { MT (M7) ||pidg (in) | I H # -, Q1 g) of the total number of the two-phase alternating current (Q),
wherein, MT (M7) represents the message type identifier of the identity authentication message M7 outside the vehicle, PIDg (in) represents the pseudonym of the current gateway ECU, the pseudonym PIDg (in) of the current gateway ECU is contained in the pseudonym PID (in) of each internal ECU, Q1g represents the first verification code of the current gateway ECU, the first verification code Q1g of the current gateway ECU is contained in the first verification code Q1 of each internal ECU, and H (Q1 g) represents the first verification code Q1g of the current gateway ECU through a hash function H;
S23, after the cloud receives the vehicle exterior identity authentication message M7, extracting the current gateway ECU pseudonym PIDg (in) and H (Q1 g) from the vehicle exterior identity authentication message M7, searching whether the current gateway ECU pseudonym PIDg (in) exists in a cloud database, if so, finding a first verification code copy Q1g which is bound with the current gateway ECU pseudonym PIDg (in), calculating whether H (Q1 g) is identical to H (Q1 g), and if H (Q1 g) is identical to H (Q1 g), sending message information of successful vehicle exterior identity authentication to the corresponding gateway ECU, and after the corresponding gateway ECU receives the message information of successful vehicle exterior identity authentication, successfully authenticating the first round of ECU of the vehicle V;
if the cloud end does not find the current gateway ECU pseudonym PIDg (in) in the cloud end database or the calculated H (Q1 g) is different from the calculated H (Q1 g), the cloud end sends message information of failure in off-vehicle authentication to the corresponding gateway ECU.
Preferably, if the gateway ECU does not receive the message information returned by the cloud in the first time threshold Δt1 after sending the identity authentication message M7 outside the vehicle, the current gateway ECU resends the identity authentication message M7 outside the vehicle.
Preferably, the step S3 further comprises the following substeps:
s31, after the identity authentication of the first round of ECU is successful, the gateway ECU of the vehicle V arranges the pseudonyms of all the internal ECU and the external ECU stored in the safe storage medium in descending order from large to small, and then the first verification code Q1 or the third verification code Q3 corresponding to each pseudonym is called from the safe storage medium to carry out verification code arrangement according to the arrangement sequence of each pseudonym at present;
S32, the gateway ECU respectively takes bytes at two ends from each verification code according to the sequence of the current verification code, sequentially connects the bytes from left to right to form a random number N, generates a second round of identity authentication message M8 and sends the second round of identity authentication message M8 to the cloud: m8= { MT (M8) ||pidg (in) H (N),
wherein MT (M8) represents a message type identifier of the second round of authentication message M8, PIDg (in) represents a pseudonym of the current gateway ECU, and H (N) represents a random number N calculated by a hash function H;
s33, after the cloud receives the second-round identity authentication message M8, verifying the second-round identity authentication message M8:
the cloud extracts a pseudonym PIDg (in) of the gateway ECU from the second round of identity authentication message M8, and invokes a pseudonym PID (in) and a corresponding first verification code Q1 'of all internal ECUs including the current gateway ECU bound with the current gateway ECU pseudonym PIDg (in) in a cloud database, and simultaneously invokes a pseudonym PID (out) and a corresponding third verification code Q3' of all external ECUs from the current cloud database; the cloud end arranges the extracted pseudonyms PID (in) and PID (out) in descending order from large to small, arranges the first verification code Q1 ' or the third verification code Q3 ' corresponding to each pseudonym according to the arrangement order of the current pseudonyms, takes bytes at two ends of each verification code from each verification code, connects the bytes from left to right to form a random number N ', calculates H (N '), judges whether the H (N ') is identical with the H (N) extracted from the second round of identity authentication message M8, if not, the verification fails, the cloud end sends message information of failure of the identity authentication of the ECU to the gateway ECU, if so, the verification passes, the second round of the identity authentication is successful, and all internal ECUs and external ECUs on the current vehicle V pass the identity authentication.
The invention also provides a vehicle ECU communication method based on the cloud, which comprises the following steps:
step 1, starting and powering on a vehicle V, or adding an external ECU on the vehicle V, or replacing an internal ECU in the vehicle V, and performing identity authentication on all ECUs on the vehicle V at present, wherein the identity authentication method in the step is a cloud-based vehicle ECU identity authentication method;
step 2, after all ECUs on the current vehicle V pass identity authentication, the vehicle V performs in-vehicle network communication and out-of-vehicle network communication,
in-vehicle network communication: the vehicle-mounted central processing system and all ECUs on the current vehicle V communicate and interact in a plaintext message form through a CAN bus;
vehicle external network communication: the method comprises the steps that a common ECU and an external ECU on a current vehicle V collect driving data and send the driving data to a gateway ECU in a clear text message form through a CAN bus, or send the driving data to a vehicle-mounted central processing system in a clear text message form through the CAN bus, and then send the driving data to the gateway ECU in the clear text message form through the CAN bus after the vehicle-mounted central processing system processes the driving data, and the gateway ECU and a cloud terminal carry out encrypted communication;
and 3, powering off the vehicle V, stopping the in-vehicle network communication and the out-of-vehicle network communication of the current vehicle V until the next time the vehicle V is powered on, or adding an external ECU (electronic control unit) on the vehicle V, or replacing the internal ECU in the vehicle V, and returning to the step 1.
Preferably, in step 2, the encrypted communication between the gateway ECU and the cloud specifically includes the following contents:
when the gateway ECU sends a message to the cloud:
step 2a, the gateway ECU receives data transmitted by each ECU and the vehicle-mounted central processing system on the current vehicle V, and marks the data as D1, the gateway ECU marks the time when the data D1 is received as a first timestamp t1, generates a first communication message M9, and sends the first communication message M9 to the cloud: m9= { MT (M9) ||pidg (in) (D1) Q1g (D1) t 1),
wherein MT (M9) represents a message type identifier of the first communication message M9, PIDg (in) represents a pseudonym of the current gateway ECU, Q1g represents a first authentication code of the current gateway ECU, and Q1g (D1) represents symmetrically encrypting data D1 using Q1 g;
step 2b, the cloud end marks the time of receiving the first communication message M9 as a second time stamp t2, and extracts a first time stamp t1 from the first communication message M9, if the time difference between the second time stamp t2 and the first time stamp t1 is greater than a set second time threshold Δt2, the cloud end determines that the first communication message M9 is invalid, and discards the first communication message M9;
if the time difference between the second time stamp t2 and the first time stamp t1 is smaller than or equal to a set second time threshold delta t2, the first communication message M9 is judged to be valid; the cloud extracts a pseudonym PIDg (in) and Q1g (D1) of the gateway ECU from the first communication message M9, if the pseudonym PIDg (in) of the current gateway ECU does not exist in the current cloud database, the cloud judges that the first communication message M9 is illegal and discards the first communication message M9, otherwise, the cloud calls a corresponding bound first verification code in the current cloud database according to the pseudonym PIDg (in) of the current gateway ECU, and symmetrically decrypts Q1g (D1) by using the current first verification code to obtain data D1;
When the cloud sends a message to the gateway ECU:
in step 2a', the cloud end sends a second communication message M10 to the gateway ECU: m10= { MT (M10) ||pidg (in) (D2) t 3) of Q1g,
wherein MT (M10) represents a message type identifier of the second communication message M10, PIDg (in) represents a pseudonym of the gateway ECU, D2 represents data content generated by the cloud, third timestamp t3 represents a time when data D2 is generated by the cloud, Q1g represents a first verification code corresponding to the gateway ECU with the pseudonym PIDg (in), and Q1g (D2) represents symmetrically encrypting the data D2 using Q1 g;
in step 2b', the gateway ECU marks the time of receiving the second communication message M10 as a fourth time stamp t4, and extracts a third time stamp t3 from the second communication message M10, and if the time difference between the fourth time stamp t4 and the third time stamp t3 is greater than a set third time threshold Δt3, it determines that the second communication message M10 is valid; the gateway ECU extracts the pseudonym PIDg (in) from the second communication message M10 and judges that the pseudonym PIDg (in) is the pseudonym of the gateway ECU, and if the pseudonym PIDg (in) is the pseudonym of the gateway ECU, the gateway ECU extracts Q1g (D2) from the second communication message M10 and symmetrically decrypts the pseudonym by using the first verification code of the gateway ECU to obtain data D2;
In step 2c', the gateway ECU transmits the data D2 to the corresponding ECU on the current vehicle V through the CAN bus or to the vehicle-mounted central processing system through the CAN bus.
The invention also provides a vehicle ECU communication system based on the cloud, which comprises the following steps:
a general ECU mounted on a vehicle;
an external ECU mounted on the CAN bus through an external interface of the vehicle;
the vehicle communication module comprises a gateway ECU and a CAN bus, and is used for receiving the data of the common ECU or the data of the vehicle processing module, then sending information to the cloud communication module or receiving information transmitted to the vehicle;
the vehicle processing module is provided with a vehicle-mounted central processing system and is used for encrypting and decrypting information of the vehicle communication module and calculating and processing driving data;
the cloud communication module is used for sending out the information of the cloud processing module or receiving the information transmitted to the cloud;
the cloud database is used for storing cloud information and registration information of various vehicles and ECUs;
the cloud quantum random number generator is used for generating a first verification code, a second verification code, a third verification code and a fourth verification code for the cloud processing module to call;
the cloud processing module is used for encrypting and decrypting the information of the cloud communication module and calculating and processing the cloud data;
The modules, libraries are programmed or configured to perform one of the cloud-based vehicle ECU communication methods described above.
The invention has the beneficial effects that:
(1) In the invention, only the ECU registered to the cloud by the manufacturer of the vehicle is the ECU with legal identity, so that the external ECU produced by the non-manufacturer can obtain the hash function H only when the manufacturer of the vehicle is allowed, and the external ECU with legal identity can be registered, namely the manufacturer of the vehicle has autonomy for evaluating the safety of the external ECU of the vehicle, and the external ECU with high risk is excluded in the registration stage.
(2) Because the internal ECU (including the gateway ECU and the common ECU) of the vehicle CAN be replaced due to faults or newly increased due to refitting of the vehicle, and meanwhile, the external ECU is mounted on the CAN bus of the vehicle internal network through an external interface on the vehicle, the conditions CAN possibly cause some malicious ECUs on the vehicle, and the cloud-based vehicle ECU identity authentication method of the invention enables all the common ECUs and the external ECUs on the current vehicle to carry out vehicle internal identity authentication at the gateway ECU every time the vehicle is powered on/newly increased internal ECU/newly increased external ECU, only after the vehicle internal identity authentication passes, the gateway ECU initiates vehicle external identity authentication to the cloud, only the vehicle external identity authentication passes, the first-wheel ECU identity authentication only passes, then the gateway ECU initiates second-wheel ECU identity authentication to the cloud, and only the second-wheel ECU identity authentication is successful, so that all the ECUs on the current vehicle are successful in identity authentication. The success of the identity in the vehicle means that the gateway ECU considers that all the ordinary ECUs and the external ECUs on the current vehicle are legal, the success of the identity authentication outside the vehicle means that the cloud considers that the identity of the current gateway ECU is legal, and the second round of the identity authentication of the ECUs on the current vehicle is that all ECUs are combined together to perform the identity authentication on the cloud through the gateway ECU, so the success of the second round of the identity authentication means that the cloud considers that all the ECUs on the current vehicle are legal, namely, the two-round ECU identity authentication (total three times of the ECU identity authentication) developed in a hierarchical mode not only has the function of carrying out the identity authentication on each ECU of the current vehicle, but also can well avoid the condition that the gateway ECU which plays a role in the identity authentication is replaced by a malicious ECU, and the subsequent communication safety and the safety in the driving process of the vehicle are greatly improved.
What needs to be explained here is: if the gateway ECU is replaced by a malicious ECU, the gateway ECU can wrap other malicious ECUs on the vehicle to enable the malicious ECUs to pass the identity authentication in the vehicle, but the authentication method of the invention is not successful in the case, and because the cloud is also required to carry out the identity authentication on each ECU; if the authentication method fails, the vehicle CAN not carry out subsequent formal communication, and the vehicle CAN not drive, so that the malicious ECU CAN not collect vehicle data even if being mounted on the CAN bus, and the vehicle driving CAN not be interfered; and the information of authentication failure is fed back to the vehicle and is notified to the vehicle owner, so that the malicious ECU can be quickly detected.
(3) In the invention, except that each ECU sends a true name to the cloud end in the stage of online secure registration, in the two-round ECU identity authentication process, each ECU uses a pseudonym, and even if a malicious ECU exists on a vehicle, the malicious ECU cannot know the true name of the ECU behind each pseudonym; similarly, in the identity authentication process outside the vehicle, even if a hacker intercepts the authentication information interacted between the gateway ECU and the cloud end, the true names of the gateway ECU cannot be obtained, namely the invention well ensures the anonymity of each ECU, and simultaneously ensures that the gateway ECU and the cloud end with legal identities can find the true names of each ECU through the pseudonyms of each ECU, so that the information sent by each ECU has traceability.
(4) In the in-vehicle identity authentication stage, the gateway ECU performs direct and simple calculation, multiple and massive encryption and decryption operations are avoided, whether the identity of each ECU on the current vehicle is legal or not can be initially verified, if the in-vehicle identity authentication is not passed, the identity of the current vehicle is directly judged to be failed, so that a subsequent authentication process is not needed, the communication times between the vehicle and the cloud are reduced, and the communication cost is further reduced, namely, the in-vehicle identity authentication stage is rapid and efficient.
(5) After the identity authentication in the vehicle is successful, the fact that the registration information of each ECU on the current vehicle is in a secure storage medium of the gateway ECU is shown, and the gateway ECU is combined with a verification code bound with each ECU in the secure storage medium to generate a random number N, wherein the generated random number N is not only related to each ECU, but also can not be basically cracked; meanwhile, the second round of ECU identity authentication with larger calculation amount is performed at the gateway ECU and the cloud end with stronger calculation capability, so that huge calculation cost for CAN buses caused by complete identity authentication among various ECUs in the prior art is reduced.
(6) The cloud-based vehicle ECU identity authentication method is efficient in flow, reliable identity authentication is carried out on each ECU on the current vehicle, a large amount of load is not brought to the CAN bus of the vehicle interior, and communication safety of the vehicle interior and safety of vehicle driving are enhanced.
Drawings
FIG. 1 is a flow chart of a cloud-based vehicle ECU identity authentication method;
fig. 2 is a flowchart of a cloud-based vehicle ECU communication method.
Detailed Description
In order to make the technical scheme of the invention clearer and more definite, the invention is clearly and completely described below with reference to the accompanying drawings, and the technical characteristics of the technical scheme of the invention are equivalently replaced and the scheme obtained by conventional reasoning is within the protection scope of the invention under the premise of not making creative labor by a person of ordinary skill in the art.
For ease of understanding, in the present invention, a vehicle ECU includes an internal ECU that refers to an electronic controller unit that the vehicle is shipped from, such as a diesel engine, a door lock, a wiper, an automatic transmission, a router, etc., and an external ECU; the external ECU refers to an electronic controller unit, such as an OBD diagnostic instrument, which is mounted on the CAN bus through an external interface on the vehicle.
The internal ECUs are a common ECU and a gateway ECU respectively, all internal ECUs of a non-gateway ECU on a vehicle belong to the common ECUs, the common ECUs CAN perform wired communication with the gateway ECU, an external ECU and the like through a CAN bus, but the common ECUs cannot directly perform wireless communication with mechanisms of an external network of the vehicle such as a cloud end device, a road side device and the like; the gateway ECU CAN directly perform wireless communication with the mechanism of the external network, that is to say, the common ECU CAN perform wired communication with the gateway ECU through the CAN bus, and then perform indirect wireless communication with the mechanism of the external network through the gateway ECU. When a common ECU such as a diesel engine, a wiper, etc. malfunctions in use of the vehicle, replacement is required.
The message length of all the messages and the component length of each message component are preset in each vehicle and the cloud, and the information standard is uniform in order to facilitate key distribution, identity authentication and information interaction in the Internet of vehicles. Each mechanism in the vehicle, cloud and off-board network can accurately extract each component information which is connected together by using a connection operator.
The message type is briefly described: in the internet of vehicles service, there are many messages, such as authentication message, data message, registration request message, etc., in order to distinguish the messages with different functions, so that the message receiver can clearly receive the message for what purpose, and manually define the message type identifier, for example, the message type identifier of the registration request message is defined as 001, the message type identifier of the data message is defined as 002, the message type identifier of the authentication message is defined as 003, the message type identifier of the communication request message is defined as 004, the message type identifier of the key request message is defined as 005, and the message type identifier of the communication request message is defined as 006, which are all preset. The specific setting of the message type identifier is not to be taken as limiting the invention.
Example 1
As shown in fig. 1, a flowchart of a cloud-based vehicle ECU identity authentication method according to the present invention includes the following specific steps:
the method comprises the steps that S1, a vehicle V, an internal ECU and an external ECU register to a cloud through an offline secure channel, the cloud generates a registration message and returns the registration message to the corresponding vehicle V, the internal ECU and the external ECU, and meanwhile, the cloud stores the registration information of each vehicle V, the internal ECU and the external ECU in a cloud database, and each vehicle V, the internal ECU and the external ECU finish registration;
when the registration information of the newly-added internal ECU of the vehicle V which is completed to be registered is in the cloud database, the cloud encrypts the registration information of the newly-added internal ECU in real time and then sends the encrypted registration information to the gateway ECU corresponding to the current newly-added internal ECU; when the registration information of the external ECU is newly added in the cloud database, the cloud encrypts the registration information of the newly added external ECU in real time and then sends the encrypted registration information to all gateway ECUs stored in the current cloud database; namely, the gateway ECU has the registration information of all internal ECUs in the vehicle in which the gateway ECU is installed at present and the registration information of all external ECUs;
after an ECU is produced, the ECU does not need to register to the cloud end through an off-line security channel immediately, but once the ECU goes to, for example, an internal ECU or an external ECU, the ECU needs to ensure that the identity is legal in the subsequent identity authentication process, the ECU needs to register to the cloud end through the off-line security channel, and thus the registration information of the ECU can be added in cloud end data; moreover, if one ECU is used as an internal ECU, it is necessary to confirm which vehicle needs to be installed on, so when the registration information of the internal ECU is newly added in the cloud database, it is necessary to bind with a certain vehicle that has completed registration;
S2, when the vehicle V is powered on or an external ECU is newly added on the vehicle V or an internal ECU is replaced in the vehicle V, the vehicle V performs first-wheel ECU identity authentication:
the first round of ECU identity authentication comprises two stages of in-vehicle identity authentication and out-of-vehicle identity authentication, wherein all common ECUs and external ECUs on the vehicle V perform in-vehicle identity authentication at a gateway ECU of the current vehicle V, if the in-vehicle identity authentication fails, the gateway ECU sends message information of the abnormality of the ECU to the vehicle V, and if the in-vehicle identity authentication succeeds, the gateway ECU requests out-of-vehicle identity authentication to a cloud end; if the identity authentication outside the vehicle is successful, namely the first round of ECU identity authentication is successful, the vehicle V carries out the second round of ECU identity authentication, otherwise, the first round of ECU identity authentication fails;
s3, the vehicle V performs second-round ECU identity authentication: the gateway ECU of the vehicle V generates a second round of identity authentication message containing all internal ECU and external ECU registration information on the current vehicle V, and sends the second round of identity authentication message to the cloud for verification, if the verification fails, the cloud sends message information of failure of the ECU identity authentication to the gateway ECU; if the verification is passed, the identity authentication of the second round of ECU is successful, namely the identity authentication of all the internal ECUs and the external ECUs on the current vehicle V is successful; when the vehicle V is powered on again or an external ECU is newly added to the vehicle V or an internal ECU is replaced in the vehicle V, the process returns to S2.
In S1, the method further comprises the following sub-steps:
s11, a manufacturer of a vehicle factory presets a hash function H in a safe storage medium of the vehicle V, storage media of all internal ECUs of the vehicle V and a cloud database;
the vehicle V registers to the cloud end through a vehicle manufacturer, namely, a first registration request A1 is sent to the cloud end:
A1={MT(A1)||VIN},
wherein VIN represents a vehicle identification code of the vehicle V, || is a connection operator, MT (A1) represents a message type identifier of the first registration request A1, A1 is a registration request message, and the message type identifier is defined as 001, i.e., MT (A1) =001;
meanwhile, all the internal ECUs of the vehicle V are registered to the cloud through a vehicle manufacturer, namely, a second registration request A2 is sent to the cloud:
A2={MT(A2)||ID(in)||S(in)||VIN},
wherein MT (A2) represents a message type identifier of the second registration request A2, A2 is a registration request message, the message type identifier is defined as 001, i.e., MT (A2) =001, id (in) represents a true name of the current internal ECU, and S (in) represents that the type of the current ECU is the internal ECU;
the external ECU firstly requests registration from a manufacturer of the vehicle, if the manufacturer agrees, a hash function H is preset in a storage medium of the external ECU, the external ECU registers to the cloud through the manufacturer of the vehicle, and a third registration request A3 is sent to the cloud:
A3={MT(A3)||ID(out)||S(out)},
Wherein, MT (A3) represents a message type identifier of the third registration request A3, A3 is a registration request message, the message type identifier is defined as 001, i.e., MT (A3) =001, id (out) represents a true name of the current external ECU, and S (out) represents that the type of the current ECU is the external ECU.
The vehicle identification code VIN is a unique identification number of each car, and is not repeated.
In this embodiment, the real name ID (in) of the internal ECU and the real name ID (out) of the external ECU are unique product serial numbers thereof, and no duplication occurs.
The hash function H may be any one of an MD5 hash function, a SHA256 hash function, and an SM3 hash function, and the MD5 hash function, the SHA256 hash function, and the SM3 hash function are all in the prior art, which is not described herein.
The external ECU is not carried by the vehicle when leaving the factory, and one external ECU can be inserted into external interfaces of a plurality of vehicles, such as an OBD diagnostic instrument for monitoring and diagnosing faults of the vehicles, and meanwhile, the external ECU also has the problems of updating and product upgrading, so that the external ECU needs to be firstly required to be registered by various vehicle factories, and the hash function H can be preset in a storage medium of the external ECU if the current external ECU is allowed to be used on the vehicle of the vehicle.
S12, after the cloud receives the first registration request A1, extracting a vehicle identification code VIN and a message type identifier MT (A1) from the first registration request A1, comparing the current vehicle identification code VIN with the information existing in a cloud database, if the current vehicle identification code exists in the cloud database, rejecting the registration of the vehicle V by the cloud, and returning repeated registered message information to the vehicle V; if the current vehicle identification code VIN does not exist in the cloud database, the cloud platform stores the current vehicle identification code VIN in the cloud database and returns message information of successful registration to the vehicle V, and the current vehicle V finishes registration;
when the cloud receives a second registration request A2, extracting a true name ID (in) of a current internal ECU and a type S (in) of the current ECU from the second registration request A2, comparing the true name ID (in) of the current internal ECU with the existing information in a cloud database, extracting a vehicle identification code VIN of a vehicle on which the current internal ECU is installed from the second registration request A2 if the true name of the current internal ECU exists in the cloud database, comparing the vehicle identification code VIN with a vehicle identification code VIN bound by the true name of the internal ECU existing in the cloud database, refusing the registration of the current internal ECU if the VIN is the same as the VIN, and returning repeated registered message information to the current internal ECU; if VIN is different from VIN, the cloud refuses the registration of the current internal ECU and returns message information of abnormal registration to the current internal ECU; if the real name ID (in) of the current internal ECU does not exist in the cloud database, the cloud generates a first verification code Q1 and a second verification code Q2, and calculates the connection operation result of the ID (in) and the Q2 through a hash function H to obtain a corresponding pseudonym PID (in): PID (in) =h [ ID (in) ||q2];
After the cloud receives the third registration request A3, extracting the true name ID (out) of the current external ECU and the type S (out) of the current ECU from the third registration request A3, comparing the true name ID (out) of the current external ECU with the information existing in the cloud database, and if the true name of the current external ECU exists in the cloud database, returning repeated registered message information to the current external ECU by the cloud; if the real name ID (out) of the current external ECU does not exist in the cloud database, the cloud generates a third verification code Q3 and a fourth verification code Q4, and calculates the connection operation result of the ID (out) and the Q4 through a hash function H to obtain a corresponding pseudonym PID (out): PID (out) =h [ ID (out) ||q4].
In this embodiment, the cloud uses a quantum random number generator to generate a first verification code Q1, a second verification code Q2, a third verification code Q3, and a fourth verification code Q4 of a true random number. The quantum random number has unpredictability and unbiasedness, and the quantum random number is used as the verification code, so that the difficulty of cracking the verification code by a hacker is greatly improved, and the verification code has higher security and reliability.
Since the vehicle V is registered before all the internal ECUs of the vehicle V are registered, when an internal ECU that is not repeatedly registered/abnormal in registration is registered again, the vehicle identification code VIN in the second registration request sent by this internal ECU must exist in the cloud database.
S13, the cloud binds the true name ID (in) of the current internal ECU, the type S (in) of the current ECU, the first verification code Q1, the second verification code Q2 and the corresponding pseudonymous name PID (in) with the vehicle identification code VIN of the vehicle on which the current internal ECU is installed as the registration information of the internal ECU, and then stores the registration information in a cloud database, and meanwhile, the cloud generates a first registration message M1 and returns the first registration message M1 to the current internal ECU: m1= { MT (M1) ||id (in) |pid (in) |q1}, the current internal ECU completes registration,
wherein MT (M1) represents a message type identifier of the first registration message M1, M1 being a data message, the message type identifier being defined as 002, i.e., MT (M1) =002;
the cloud end binds the true name ID (out) of the current external ECU, the type S (out) of the current ECU, the third verification code Q3, the fourth verification code Q4 and the corresponding pseudonymous name PID (out) and then uses the binding as registration information of the external ECU to be stored in a cloud end database, and meanwhile the cloud end generates a second registration message M2 and returns the second registration message M2 to the current external ECU: m2= { MT (M2) ||id (out) |pid (out) |q3}, the current external ECU completes registration,
wherein MT (M2) represents a message type identifier of the second registration message M2, M2 being a data message, the message type identifier being defined as 002, i.e. MT (M2) =002;
If the current internal ECU is the gateway ECU, the cloud end also packages and sends all internal ECU registration information bound with the vehicle identification code VIN of the current gateway ECU and all external ECU registration information in the current cloud end database into the current gateway ECU, and the gateway ECU stores various registration information in a self secure storage medium.
The cloud generates the true names of the corresponding ECUs in the first registration message M1 and the second registration message M2, so that when a plurality of ECUs register to the cloud at the same time, the cloud processes all the registration information in parallel and returns the registration information to the corresponding ECUs, and after each ECU receives the registration message sent by the cloud, whether the cloud wrongly sends the registration messages of other ECUs to the cloud can be confirmed by verifying the true names of the ECUs contained in the registration message.
When the registered vehicle V is newly added with the registration information of the internal ECU in the cloud database, the vehicle is newly added or the internal ECU is replaced, for example, a wiper of the vehicle V fails and needs to be replaced by a new wiper; or when the registration information of the external ECU is newly added in the cloud database, for example, the OBD diagnostic apparatus upgrades and iterates to obtain a new product, and uses the new-generation OBD diagnostic apparatus for fault detection of each vehicle, the method further comprises the following substeps in S1:
S14, in the cloud database, if the registered vehicle V newly adds the registration information of the internal ECU, the registration information of the newly added internal ECU is recorded as R1, the cloud finds the registration information of the gateway ECU bound by the vehicle identification code VIN which is currently registered in the cloud database, and then the first verification code Q1 is called from the registration information of the gateway ECU to generate a third registration message M3, and the third registration message M3 is sent to the corresponding gateway ECU through a wireless network: m3= { MT (M3) ||q1 (R1) },
wherein MT (M3) represents a message type identifier of the third registration message M3, M3 is a data message, the message type identifier is defined as 002, i.e., MT (M3) =002, Q1 (R1) represents symmetrically encrypting the registration information R1 of the newly added internal ECU using the corresponding gateway ECU first authentication code Q1;
when the registration information of the external ECU is newly added in the cloud database, the registration information of the newly added external ECU is recorded as R2, the cloud finds the currently stored registration information of all gateway ECUs in the cloud database, and then the first verification code Q1 is called from the registration information of each gateway ECU to generate a fourth registration message M4 and the fourth registration message M4 is sent to each corresponding gateway ECU through a wireless network: m4= { MT (M4) ||q1 (R2) },
wherein MT (M4) represents a message type identifier of the fourth registration message M4, M4 is a data message, and the message type identifier is defined as 002, i.e., MT (M4) =002, and Q1 (R2) represents that the registration information R2 of the newly added external ECU is symmetrically encrypted using the corresponding gateway ECU first authentication code Q1.
In S2 the following sub-steps are also included:
s21, when the vehicle V is powered on or an external ECU is newly added on the vehicle V or an internal ECU is replaced in the vehicle V, all the common ECUs and the external ECUs on the vehicle V firstly send identity authentication messages to the gateway ECU to carry out in-vehicle identity authentication: m5= { MT (M5) ||pid (in) |h (Q1) }, m6= { MT (M6) |pid (out) |h (Q3) },
wherein M5 represents an identity authentication message sent by each general ECU in the vehicle V to the gateway ECU through the CAN bus, MT (M5) represents a message type identifier of the identity authentication message M5, M5 is an authentication message, the message type identifier is defined as 003, i.e., MT (M5) =003, H (Q1) represents calculation of the first verification code Q1 stored in the current general ECU through the hash function H; m6 represents an identity authentication message sent by each external ECU in the vehicle V to the gateway ECU through the CAN bus, MT (M6) represents a message type identifier of the identity authentication message M6, M6 is an authentication message, the message type identifier is defined as 003, i.e., MT (M6) =003, H (Q3) represents calculation of a third verification code Q3 stored in the current external ECU through a hash function H;
s22, the gateway ECU extracts a pseudonym PID (in) corresponding to each internal ECU from the received identity authentication message M5, extracts a pseudonym PID (out) corresponding to each external ECU from the received identity authentication message M6, and then retrieves a first verification code Q1 which is bound with the pseudonym PID (in) of each internal ECU and a third verification code Q3 which is bound with the pseudonym PID (out) of each external ECU from a self-safe storage medium for verification, and if each internal ECU meets H (Q1) =H (Q1) and each external ECU also meets H (Q3) =H (Q3), the identity authentication in the vehicle is successful, otherwise, the identity authentication in the vehicle fails, and the gateway ECU sends message information of the ECU abnormality to the vehicle V;
After the in-vehicle identity authentication is successful, the gateway ECU generates an out-vehicle identity authentication message M7 and sends the out-vehicle identity authentication message M7 to the cloud: m7= { MT (M7) ||pidg (in) | I H # -, Q1 g) of the total number of the two-phase alternating current (Q),
wherein, MT (M7) represents a message type identifier of the identity authentication message M7 outside the vehicle, M7 is an authentication message, the message type identifier is defined as 003, i.e., MT (M7) =003, PIDg (in) represents a pseudonym of the current gateway ECU, a pseudonym PID (in) of each internal ECU contains a pseudonym PIDg (in) of the current gateway ECU, Q1g represents a first verification code of the current gateway ECU, a first verification code Q1g of the current gateway ECU is contained in a first verification code Q1 of each internal ECU, and H (Q1 g) represents a first verification code Q1g of the current gateway ECU through a hash function H;
s23, after the cloud receives the vehicle exterior identity authentication message M7, extracting the current gateway ECU pseudonym PIDg (in) and H (Q1 g) from the vehicle exterior identity authentication message M7, searching whether the current gateway ECU pseudonym PIDg (in) exists in a cloud database, if so, finding a first verification code copy Q1g which is bound with the current gateway ECU pseudonym PIDg (in), calculating whether H (Q1 g) is identical to H (Q1 g), and if H (Q1 g) is identical to H (Q1 g), sending message information of successful vehicle exterior identity authentication to the corresponding gateway ECU, and after the corresponding gateway ECU receives the message information of successful vehicle exterior identity authentication, successfully authenticating the first round of ECU of the vehicle V;
If the cloud end does not find the current gateway ECU pseudonym PIDg (in) in the cloud end database or the calculated H (Q1 g) is different from the calculated H (Q1 g), the cloud end sends message information of failure in off-vehicle authentication to the corresponding gateway ECU.
Optionally, the gateway ECU receives the message that the authentication outside the vehicle fails and then copies the message to the vehicle V.
Optionally, if the gateway ECU does not receive the message information returned by the cloud in the first time threshold Δt1 after sending the identity authentication message M7 outside the vehicle, the current gateway ECU resends the identity authentication message M7 outside the vehicle. Therefore, the situation that the current gateway ECU is always in waiting for cloud to feed back the identity authentication result outside the vehicle due to network packet loss can be avoided, and the whole identity authentication period of each ECU on the current vehicle V is shortened.
In S3 the following sub-steps are included:
s31, after the identity authentication of the first round of ECU is successful, the gateway ECU of the vehicle V arranges the pseudonyms of all the internal ECU and the external ECU stored in the safe storage medium in descending order from large to small, and then the first verification code Q1 or the third verification code Q3 corresponding to each pseudonym is called from the safe storage medium to carry out verification code arrangement according to the arrangement sequence of each pseudonym at present;
S32, the gateway ECU respectively takes bytes at two ends from each verification code according to the sequence of the current verification code, sequentially connects the bytes from left to right to form a random number N, generates a second round of identity authentication message M8 and sends the second round of identity authentication message M8 to the cloud: m8= { MT (M8) ||pidg (in) H (N),
wherein MT (M8) represents a message type identifier of the second round of authentication message M8, M8 is an authentication message, the message type identifier is defined as 003, i.e., MT (M8) =003, pidg (in) represents a pseudonym of the current gateway ECU, and H (N) represents calculation of the random number N by the hash function H.
S33, after the cloud receives the second-round identity authentication message M8, verifying the second-round identity authentication message M8:
the cloud extracts a pseudonym PIDg (in) of the gateway ECU from the second round of identity authentication message M8, and invokes a pseudonym PID (in) and a corresponding first verification code Q1 'of all internal ECUs including the current gateway ECU bound with the current gateway ECU pseudonym PIDg (in) in a cloud database, and simultaneously invokes a pseudonym PID (out) and a corresponding third verification code Q3' of all external ECUs from the current cloud database; the cloud end arranges the extracted pseudonyms PID ' and PID ' out in descending order from large to small, arranges the first verification code Q1 ' or the third verification code Q3 ' corresponding to each pseudonym according to the arrangement order of the current pseudonyms, sequentially connects bytes at two ends of each verification code from left to right into a random number N ' from each verification code, calculates H (N '), judges whether the H (N ') is identical with H (N) extracted from a second round of identity authentication message M8 by the cloud end, if not, the verification fails, and sends message information of failure of the identity authentication of the ECU to the gateway ECU, if so, the second round of the identity authentication succeeds.
So far, all ECUs on the current vehicle V pass identity authentication, and the current formal communication CAN be developed by the ECUs on the current vehicle V through a CAN bus of an in-vehicle network. If the ECU on the current vehicle V does not pass the identity authentication method, the current vehicle V cannot be started to drive.
When the vehicle V is powered on again or an external ECU is newly added to the vehicle V or the internal ECU is replaced in the vehicle V, the process returns to S2.
The invention discloses a cloud-based vehicle ECU identity authentication method which comprises the following steps:
1. only the ECUs registered to the cloud by the manufacturer of the vehicle are the ECUs with legal identities, so that the external ECUs produced by non-manufacturer of the vehicle can obtain the hash function H only when the manufacturer of the vehicle allows the external ECUs, and the external ECUs with legal identities can be registered, namely, the manufacturer of the vehicle has autonomy for evaluating the safety of the external ECUs of the vehicle, and the external ECUs with high risks are excluded in the registration stage.
2. Because the internal ECU (including the gateway ECU and the common ECU) of the vehicle CAN be replaced due to faults or newly increased due to refitting of the vehicle, and meanwhile, the external ECU is mounted on the CAN bus of the vehicle internal network through an external interface on the vehicle, the conditions CAN possibly cause some malicious ECUs on the vehicle, and the cloud-based vehicle ECU identity authentication method of the invention enables all the common ECUs and the external ECUs on the current vehicle to carry out vehicle internal identity authentication at the gateway ECU every time the vehicle is powered on/newly increased internal ECU/newly increased external ECU, only after the vehicle internal identity authentication passes, the gateway ECU initiates vehicle external identity authentication to the cloud, only the vehicle external identity authentication passes, the first-wheel ECU identity authentication only passes, then the gateway ECU initiates second-wheel ECU identity authentication to the cloud, and only the second-wheel ECU identity authentication is successful, so that all the ECUs on the current vehicle are successful in identity authentication. The success of the identity in the vehicle means that the gateway ECU considers that all the ordinary ECUs and the external ECUs on the current vehicle are legal, the success of the identity authentication outside the vehicle means that the cloud considers that the identity of the current gateway ECU is legal, and the second round of the identity authentication of the ECUs on the current vehicle is that all ECUs are combined together to perform the identity authentication on the cloud through the gateway ECU, so the success of the second round of the identity authentication means that the cloud considers that all the ECUs on the current vehicle are legal, namely, the two-round ECU identity authentication (total three times of the ECU identity authentication) developed in a hierarchical mode not only has the function of carrying out the identity authentication on each ECU of the current vehicle, but also can well avoid the condition that the gateway ECU which plays a role in the identity authentication is replaced by a malicious ECU, and the subsequent communication safety and the safety in the driving process of the vehicle are greatly improved.
What needs to be explained here is: if the gateway ECU is replaced by a malicious ECU, the gateway ECU can wrap other malicious ECUs on the vehicle to enable the malicious ECUs to pass the identity authentication in the vehicle, but the authentication method of the invention is not successful in the case, and because the cloud is also required to carry out the identity authentication on each ECU; if the authentication method fails, the vehicle CAN not carry out subsequent formal communication, and the vehicle CAN not drive, so that the malicious ECU CAN not collect vehicle data even if being mounted on the CAN bus, and the vehicle driving CAN not be interfered; and the information of authentication failure is fed back to the vehicle and is notified to the vehicle owner, so that the malicious ECU can be quickly detected.
3. In the invention, except that each ECU sends a true name to the cloud end in the stage of online secure registration, in the two-round ECU identity authentication process, each ECU uses a pseudonym, and even if a malicious ECU exists on a vehicle, the malicious ECU cannot know the true name of the ECU behind each pseudonym; similarly, in the identity authentication process outside the vehicle, even if a hacker intercepts the authentication information interacted between the gateway ECU and the cloud end, the true names of the gateway ECU cannot be obtained, namely the invention well ensures the anonymity of each ECU, and simultaneously ensures that the gateway ECU and the cloud end with legal identities can find the true names of each ECU through the pseudonyms of each ECU, so that the information sent by each ECU has traceability.
4. In the in-vehicle identity authentication stage, the gateway ECU performs direct and simple calculation, multiple and massive encryption and decryption operations are avoided, whether the identity of each ECU on the current vehicle is legal or not can be initially verified, if the in-vehicle identity authentication is not passed, the identity of the current vehicle is directly judged to be failed, so that a subsequent authentication process is not needed, the communication times between the vehicle and the cloud are reduced, and the communication cost is further reduced, namely, the in-vehicle identity authentication stage is rapid and efficient.
5. After the identity authentication in the vehicle is successful, the fact that the registration information of each ECU on the current vehicle is in a secure storage medium of the gateway ECU is shown, and the gateway ECU is combined with a verification code bound with each ECU in the secure storage medium to generate a random number N, wherein the generated random number N is not only related to each ECU, but also can not be basically cracked; meanwhile, the second round of ECU identity authentication with larger calculation amount is performed at the gateway ECU and the cloud end with stronger calculation capability, so that huge calculation cost for CAN buses caused by complete identity authentication among various ECUs in the prior art is reduced.
6. The cloud-based vehicle ECU identity authentication method is efficient in flow, reliable identity authentication is carried out on each ECU on the current vehicle, a large amount of load is not brought to the CAN bus of the vehicle interior, and communication safety of the vehicle interior and safety of vehicle driving are enhanced.
Example 2
The invention also provides a cloud-based vehicle ECU communication method, which is used for carrying out safety communication among all ECUs of a vehicle and carrying out safety communication between a gateway ECU and a cloud, as shown in fig. 2, and comprises the following specific steps:
step 1, starting the vehicle V to power on, or adding an external ECU on the vehicle V, or replacing an internal ECU in the vehicle V, and performing identity authentication on all ECUs on the vehicle V at present, wherein the identity authentication method in the step is a cloud-based vehicle ECU identity authentication method described in the embodiment 1;
step 2, after all ECUs in the current vehicle V pass identity authentication, the vehicle V performs in-vehicle network communication and out-of-vehicle network communication,
in-vehicle network communication: the vehicle-mounted central processing system and all ECUs in the current vehicle V communicate and interact in a plaintext message form through a CAN bus;
vehicle external network communication: the method comprises the steps that a common ECU and an external ECU on a current vehicle V collect driving data and send the driving data to a gateway ECU in a clear text message form through a CAN bus, or send the driving data to a vehicle-mounted central processing system in a clear text message form through the CAN bus, and then send the driving data to the gateway ECU in the clear text message form through the CAN bus after the vehicle-mounted central processing system processes the driving data, and the gateway ECU and a cloud terminal carry out encrypted communication;
And 3, powering off the vehicle V, stopping the in-vehicle network communication and the out-of-vehicle network communication of the current vehicle V until the next time the vehicle V is powered on, or adding an external ECU (electronic control unit) on the vehicle V, or replacing the internal ECU in the vehicle V, and returning to the step 1.
In step 2, the encrypted communication between the gateway ECU and the cloud specifically includes the following contents:
when the gateway ECU sends a message to the cloud:
step 2a, the gateway ECU receives data transmitted by each ECU and the vehicle-mounted central processing system on the current vehicle V, and marks the data as D1, the gateway ECU marks the time when the data D1 is received as a first timestamp t1, generates a first communication message M9, and sends the first communication message M9 to the cloud: m9= { MT (M9) ||pidg (in) (D1) Q1g (D1) t 1),
wherein MT (M9) represents a message type identifier of the first communication message M9, PIDg (in) represents a pseudonym of the current gateway ECU, Q1g represents a first authentication code of the current gateway ECU, and Q1g (D1) represents symmetrically encrypting data D1 using Q1 g;
step 2b, the cloud end marks the time of receiving the first communication message M9 as a second time stamp t2, and extracts a first time stamp t1 from the first communication message M9, if the time difference between the second time stamp t2 and the first time stamp t1 is greater than a set second time threshold Δt2, the cloud end determines that the first communication message M9 is invalid, and discards the first communication message M9;
If the time difference between the second time stamp t2 and the first time stamp t1 is smaller than or equal to a set second time threshold delta t2, the first communication message M9 is judged to be valid; the cloud extracts a pseudonym PIDg (in) and Q1g (D1) of the gateway ECU from the first communication message M9, if the pseudonym PIDg (in) of the current gateway ECU does not exist in the current cloud database, the cloud judges that the first communication message M9 is illegal and discards the first communication message M9, otherwise, the cloud calls a corresponding bound first verification code in the current cloud database according to the pseudonym PIDg (in) of the current gateway ECU, and symmetrically decrypts Q1g (D1) by using the current first verification code to obtain data D1;
when the cloud sends a message to the gateway ECU:
in step 2a', the cloud end sends a second communication message M10 to the gateway ECU: m10= { MT (M10) ||pidg (in) (D2) t 3) of Q1g,
wherein MT (M10) represents a message type identifier of the second communication message M10, PIDg (in) represents a pseudonym of the gateway ECU, D2 represents data content generated by the cloud, third timestamp t3 represents a time when data D2 is generated by the cloud, Q1g represents a first verification code corresponding to the gateway ECU with the pseudonym PIDg (in), and Q1g (D2) represents symmetrically encrypting the data D2 using Q1 g;
In step 2b', the gateway ECU marks the time of receiving the second communication message M10 as a fourth time stamp t4, and extracts a third time stamp t3 from the second communication message M10, and if the time difference between the fourth time stamp t4 and the third time stamp t3 is greater than a set third time threshold Δt3, it determines that the second communication message M10 is valid; the gateway ECU extracts the pseudonym PIDg (in) from the second communication message M10 and judges that the pseudonym PIDg (in) is the pseudonym of the gateway ECU, and if the pseudonym PIDg (in) is the pseudonym of the gateway ECU, the gateway ECU extracts Q1g (D2) from the second communication message M10 and symmetrically decrypts the pseudonym by using the first verification code of the gateway ECU to obtain data D2;
in step 2c', the gateway ECU transmits the data D2 to the corresponding ECU on the current vehicle V through the CAN bus or to the vehicle-mounted central processing system through the CAN bus.
Optionally, each gateway ECU periodically sends a first verification code update request to the cloud end, after the cloud end receives the first verification code update request, the new first verification code is generated and returned to the corresponding gateway ECU, the first verification code update process of the gateway ECU is also performed by adopting an encryption communication mode between the gateway ECU and the cloud end as described in step 2, and after each gateway ECU receives the new first verification code, the old first verification code in the secure storage medium is replaced by the new first verification code. Each gateway ECU periodically updates the first verification code so as to better ensure the safety of message transmission between the vehicle and the cloud.
Example 3
The invention also provides a vehicle ECU communication system based on the cloud, which comprises the following steps:
a general ECU mounted on a vehicle;
an external ECU mounted on the CAN bus through an external interface of the vehicle;
the vehicle communication module comprises a gateway ECU and a CAN bus, and is used for receiving the data of the common ECU or the data of the vehicle processing module, then sending information to the cloud communication module or receiving information transmitted to the vehicle;
the vehicle processing module is provided with a vehicle-mounted central processing system and is used for encrypting and decrypting information of the vehicle communication module and calculating and processing driving data;
the cloud communication module is used for sending out the information of the cloud processing module or receiving the information transmitted to the cloud;
the cloud database is used for storing cloud information and registration information of various vehicles and ECUs;
the cloud quantum random number generator is used for generating a first verification code, a second verification code, a third verification code and a fourth verification code for the cloud processing module to call;
the cloud processing module is used for encrypting and decrypting the information of the cloud communication module and calculating and processing the cloud data.
The modules, libraries are programmed or configured to perform a cloud-based vehicle ECU identity authentication method as described in embodiment 1 or a cloud-based vehicle ECU communication method as described in embodiment 2.
The technology, shape, and construction parts of the present invention, which are not described in detail, are known in the art.
Claims (10)
1. The cloud-based vehicle ECU identity authentication method is characterized by comprising the following steps of:
the method comprises the steps that S1, a vehicle V, an internal ECU and an external ECU register to a cloud through an offline secure channel, the cloud generates a registration message and returns the registration message to the corresponding vehicle V, the internal ECU and the external ECU, and meanwhile, the cloud stores the registration information of each vehicle V, the internal ECU and the external ECU in a cloud database, and each vehicle V, the internal ECU and the external ECU finish registration;
the internal ECU is divided into a common ECU and a gateway ECU;
s2, when the vehicle V is powered on or an external ECU is newly added on the vehicle V or an internal ECU is replaced in the vehicle V, the vehicle V performs first-wheel ECU identity authentication: the first round of ECU identity authentication comprises two stages of in-vehicle identity authentication and out-of-vehicle identity authentication, wherein all internal ECUs and external ECUs on the vehicle V perform in-vehicle identity authentication at a gateway ECU of the current vehicle V, if the in-vehicle identity authentication fails, the gateway ECU sends message information of the ECU abnormality to the vehicle V, and if the in-vehicle identity authentication succeeds, the gateway ECU requests out-of-vehicle identity authentication to a cloud end; if the identity authentication outside the vehicle is successful, namely the first round of ECU identity authentication is successful, the vehicle V carries out the second round of ECU identity authentication, otherwise, the first round of ECU identity authentication fails;
S3, the vehicle V performs second-round ECU identity authentication: the gateway ECU of the vehicle V generates a second round of identity authentication message containing all internal ECU and external ECU registration information on the current vehicle V, and sends the second round of identity authentication message to the cloud for verification, if the verification fails, the cloud sends message information of failure of the ECU identity authentication to the gateway ECU; if the verification is passed, the identity authentication of the second round of ECU is successful, namely the identity authentication of all the internal ECUs and the external ECUs on the current vehicle V is successful; when the vehicle V is powered on again or an external ECU is newly added to the vehicle V or the internal ECU is replaced in the vehicle V, the process returns to S2.
2. The cloud-based vehicle ECU identity authentication method according to claim 1, wherein S1 further includes the sub-steps of:
s11, a manufacturer of a vehicle presets a hash function H in a safe storage medium of the vehicle V, storage media of all internal ECUs in the vehicle V and a cloud database;
the vehicle V registers to the cloud end through a vehicle manufacturer, namely, a first registration request A1 is sent to the cloud end:
A1={MT(A1)||VIN},
wherein VIN represents a vehicle identification code of the vehicle V, || is a connect operator, and MT (A1) represents a message type identifier of the first registration request A1;
Meanwhile, all the internal ECUs in the vehicle V are registered to the cloud through a vehicle manufacturer, namely, a second registration request A2 is sent to the cloud: a2 = { MT (A2) ||id (in) |s (in) |vin },
wherein MT (A2) represents a message type identifier of the second registration request A2, ID (in) represents a true name of the current internal ECU, and S (in) represents that the type of the current ECU is the internal ECU;
the external ECU firstly requests registration from a manufacturer of the vehicle, if the manufacturer agrees, a hash function H is preset in a storage medium of the external ECU, the external ECU registers to the cloud through the manufacturer of the vehicle, and a third registration request A3 is sent to the cloud: a3 = { MT (A3) ||id (out) |s (out) },
wherein MT (A3) represents the message type identifier of the third registration request A3, ID (out) represents the true name of the current external ECU, and S (out) represents the type of the current ECU as the external ECU;
s12, after the cloud receives the first registration request A1, extracting a vehicle identification code VIN and a message type identifier MT (A1) from the first registration request A1, comparing the current vehicle identification code VIN with the information existing in a cloud database, if the current vehicle identification code exists in the cloud database, rejecting the registration of the vehicle V by the cloud, and returning repeated registered message information to the vehicle V; if the current vehicle identification code VIN does not exist in the cloud database, the cloud platform stores the current vehicle identification code VIN in the cloud database and returns message information of successful registration to the vehicle V, and the current vehicle V finishes registration;
When the cloud receives a second registration request A2, extracting a true name ID (in) of a current internal ECU and a type S (in) of the current ECU from the second registration request A2, comparing the true name ID (in) of the current internal ECU with the existing information in a cloud database, extracting a vehicle identification code VIN of a vehicle on which the current internal ECU is installed from the second registration request A2 if the true name of the current internal ECU exists in the cloud database, comparing the vehicle identification code VIN with a vehicle identification code VIN bound by the true name of the internal ECU existing in the cloud database, refusing the registration of the current internal ECU if the VIN is the same as the VIN, and returning repeated registered message information to the current internal ECU; if VIN is different from VIN, the cloud refuses the registration of the current internal ECU and returns message information of abnormal registration to the current internal ECU; if the real name ID (in) of the current internal ECU does not exist in the cloud database, the cloud generates a first verification code Q1 and a second verification code Q2, and calculates the connection operation result of the ID (in) and the Q2 through a hash function H to obtain a corresponding pseudonym PID (in): PID (in) =h [ ID (in) ||q2];
after the cloud receives the third registration request A3, extracting the true name ID (out) of the current external ECU and the type S (out) of the current ECU from the third registration request A3, comparing the true name ID (out) of the current external ECU with the information existing in the cloud database, and if the true name of the current external ECU exists in the cloud database, returning repeated registered message information to the current external ECU by the cloud; if the real name ID (out) of the current external ECU does not exist in the cloud database, the cloud generates a third verification code Q3 and a fourth verification code Q4, and calculates the connection operation result of the ID (out) and the Q4 through a hash function H to obtain a corresponding pseudonym PID (out): PID (out) =h [ ID (out) ||q4];
S13, the cloud binds the true name ID (in), the type S (in), the first verification code Q1, the second verification code Q2 and the corresponding pseudonymous name PID (in) of the current internal ECU with the vehicle identification code VIN of the installed vehicle of the current internal ECU, and then the data are stored in a cloud database as registration information of the internal ECU, and meanwhile the cloud generates a first registration message M1 and returns the first registration message M1 to the current internal ECU: m1= { MT (M1) ||id (in) |pid (in) |q1}, the current internal ECU completes registration,
wherein MT (M1) represents a message type identifier of the first registration message M1;
the cloud end binds the true name ID (out), the type S (out), the third verification code Q3, the fourth verification code Q4 and the corresponding pseudonym PID (out) of the current external ECU together and then uses the binding together as registration information of the external ECU to be stored in a cloud end database, and meanwhile the cloud end generates a second registration message M2 and returns the second registration message M2 to the current external ECU: m2= { MT (M2) ||id (out) |pid (out) |q3}, the current external ECU completes registration,
wherein MT (M2) represents a message type identifier of the second registration message M2;
if the current internal ECU is the gateway ECU, the cloud end also packages and sends all internal ECU registration information bound with the vehicle identification code VIN of the current gateway ECU and all external ECU registration information in the current cloud end database into the current gateway ECU, and the gateway ECU stores various registration information in a self secure storage medium.
3. The cloud-based vehicle ECU identity authentication method according to claim 2, wherein in S1, further comprising the following: when the registration information of the newly-added internal ECU of the vehicle V which is completed to be registered is in the cloud database, the cloud encrypts the registration information of the newly-added internal ECU in real time and then sends the encrypted registration information to a gateway ECU of the vehicle V corresponding to the current newly-added internal ECU; when the registration information of the external ECU is newly added in the cloud database, the cloud transmits the encrypted registration information of the newly added external ECU to all gateway ECUs stored in the current cloud database in real time, namely the gateway ECUs have the registration information of all internal ECUs in the vehicle and the registration information of all external ECUs.
4. The cloud-based vehicle ECU identity authentication method according to claim 3, further comprising step S14 in the following step S13:
s14, in the cloud database, if the registered vehicle V newly adds the registration information of the internal ECU, the registration information of the newly added internal ECU is recorded as R1, the cloud finds the registration information of the gateway ECU bound by the vehicle identification code VIN which is currently registered in the cloud database, and then the first verification code Q1 is called from the registration information of the gateway ECU to generate a third registration message M3, and the third registration message M3 is sent to the corresponding gateway ECU through a wireless network: m3= { MT (M3) ||q1 (R1) },
Wherein MT (M3) represents a message type identifier of the third registration message M3, and Q1 (R1) represents symmetrically encrypting registration information R1 of the newly added internal ECU using the first authentication code Q1 of the corresponding gateway ECU;
when the registration information of the external ECU is newly added in the cloud database, the registration information of the newly added external ECU is recorded as R2, the cloud finds the currently stored registration information of all gateway ECUs in the cloud database, and then the first verification code Q1 is called from the registration information of each gateway ECU to generate a fourth registration message M4 and the fourth registration message M4 is sent to each corresponding gateway ECU through a wireless network: m4= { MT (M4) ||q1 (R2) },
wherein MT (M4) represents a message type identifier of the fourth registration message M4, and Q1 (R2) represents that registration information R2 of the newly added external ECU is symmetrically encrypted using the first authentication code Q1 of the corresponding gateway ECU.
5. The cloud-based vehicle ECU identity authentication method according to claim 4, wherein S2 further comprises the substeps of:
s21, when the vehicle V is powered on or an external ECU is newly added on the vehicle V or an internal ECU is replaced in the vehicle V, all the common ECUs and the external ECUs on the vehicle V firstly send identity authentication messages to the gateway ECU to carry out in-vehicle identity authentication: m5= { MT (M5) ||pid (in) |h (Q1) }, m6= { MT (M6) |pid (out) |h (Q3) },
Wherein M5 represents identity authentication information sent by each common ECU in the vehicle V to the gateway ECU through the CAN bus, MT (M5) represents a message type identifier of the identity authentication information M5, and H (Q1) represents a first verification code Q1 stored in the current common ECU through a hash function H; m6 represents identity authentication information sent by each external ECU in the vehicle V to the gateway ECU through the CAN bus, MT (M6) represents a message type identifier of the identity authentication information M6, and H (Q3) represents the third verification code Q3 stored in the current external ECU through a hash function H;
s22, the gateway ECU extracts a pseudonym PID (in) corresponding to each internal ECU from the received identity authentication message M5, extracts a pseudonym PID (out) corresponding to each external ECU from the received identity authentication message M6, and then retrieves a first verification code Q1 which is bound with the pseudonym PID (in) of each internal ECU and a third verification code Q3 which is bound with the pseudonym PID (out) of each external ECU from a self-safe storage medium for verification, and if each internal ECU meets H (Q1) =H (Q1) and each external ECU also meets H (Q3) =H (Q3), the identity authentication in the vehicle is successful, otherwise, the identity authentication in the vehicle fails, and the gateway ECU sends message information of the ECU abnormality to the vehicle V;
After the in-vehicle identity authentication is successful, the gateway ECU generates an out-vehicle identity authentication message M7 and sends the out-vehicle identity authentication message M7 to the cloud: m7= { MT (M7) ||pidg (in) | I H # -, Q1 g) of the total number of the two-phase alternating current (Q),
wherein, MT (M7) represents the message type identifier of the identity authentication message M7 outside the vehicle, PIDg (in) represents the pseudonym of the current gateway ECU, the pseudonym PIDg (in) of the current gateway ECU is contained in the pseudonym PID (in) of each internal ECU, Q1g represents the first verification code of the current gateway ECU, the first verification code Q1g of the current gateway ECU is contained in the first verification code Q1 of each internal ECU, and H (Q1 g) represents the first verification code Q1g of the current gateway ECU through a hash function H;
s23, after the cloud receives the vehicle exterior identity authentication message M7, extracting the current gateway ECU pseudonym PIDg (in) and H (Q1 g) from the vehicle exterior identity authentication message M7, searching whether the current gateway ECU pseudonym PIDg (in) exists in a cloud database, if so, finding a first verification code copy Q1g which is bound with the current gateway ECU pseudonym PIDg (in), calculating whether H (Q1 g) is identical to H (Q1 g), and if H (Q1 g) is identical to H (Q1 g), sending message information of successful vehicle exterior identity authentication to the corresponding gateway ECU, and after the corresponding gateway ECU receives the message information of successful vehicle exterior identity authentication, successfully authenticating the first round of ECU of the vehicle V;
If the cloud end does not find the current gateway ECU pseudonym PIDg (in) in the cloud end database or the calculated H (Q1 g) is different from the calculated H (Q1 g), the cloud end sends message information of failure in off-vehicle authentication to the corresponding gateway ECU.
6. The cloud-based vehicle ECU identity authentication method according to claim 5, wherein: if the gateway ECU does not receive the message information returned by the cloud in the first time threshold delta t1 after the gateway ECU sends the identity authentication message M7 outside the vehicle, the gateway ECU resends the identity authentication message M7 outside the vehicle.
7. The cloud-based vehicle ECU identity authentication method according to claim 5, wherein S3 further comprises the substeps of:
s31, after the identity authentication of the first round of ECU is successful, the gateway ECU of the vehicle V arranges the pseudonyms of all the internal ECU and the external ECU stored in the safe storage medium in descending order from large to small, and then the first verification code Q1 or the third verification code Q3 corresponding to each pseudonym is called from the safe storage medium to carry out verification code arrangement according to the arrangement sequence of each pseudonym at present;
s32, the gateway ECU respectively takes bytes at two ends from each verification code according to the sequence of the current verification code, sequentially connects the bytes from left to right to form a random number N, generates a second round of identity authentication message M8 and sends the second round of identity authentication message M8 to the cloud: m8= { MT (M8) ||pidg (in) H (N),
Wherein MT (M8) represents a message type identifier of the second round of authentication message M8, PIDg (in) represents a pseudonym of the current gateway ECU, and H (N) represents a random number N calculated by a hash function H;
s33, after the cloud receives the second-round identity authentication message M8, verifying the second-round identity authentication message M8:
the cloud extracts a pseudonym PIDg (in) of the gateway ECU from the second round of identity authentication message M8, and invokes a pseudonym PID (in) and a corresponding first verification code Q1 'of all internal ECUs including the current gateway ECU bound with the current gateway ECU pseudonym PIDg (in) in a cloud database, and simultaneously invokes a pseudonym PID (out) and a corresponding third verification code Q3' of all external ECUs from the current cloud database; the cloud end arranges the extracted pseudonyms PID (in) and PID (out) in descending order from large to small, arranges the first verification code Q1 ' or the third verification code Q3 ' corresponding to each pseudonym according to the arrangement order of the current pseudonyms, takes bytes at two ends of each verification code from each verification code, connects the bytes from left to right to form a random number N ', calculates H (N '), judges whether the H (N ') is identical with the H (N) extracted from the second round of identity authentication message M8, if not, the verification fails, the cloud end sends message information of failure of the identity authentication of the ECU to the gateway ECU, if so, the verification passes, the second round of the identity authentication is successful, and all internal ECUs and external ECUs on the current vehicle V pass the identity authentication.
8. The vehicle ECU communication method based on the cloud is characterized by comprising the following steps of:
step 1, starting the vehicle V to power on, or adding an external ECU on the vehicle V, or replacing an internal ECU in the vehicle V, and performing identity authentication on all ECUs on the vehicle V at present, wherein the identity authentication method in the step is a cloud-based vehicle ECU identity authentication method as set forth in claim 7;
step 2, after all ECUs on the current vehicle V pass identity authentication, the vehicle V performs in-vehicle network communication and out-of-vehicle network communication,
in-vehicle network communication: the vehicle-mounted central processing system and all ECUs on the current vehicle V communicate and interact in a plaintext message form through a CAN bus;
vehicle external network communication: the method comprises the steps that a common ECU and an external ECU on a current vehicle V collect driving data and send the driving data to a gateway ECU in a clear text message form through a CAN bus, or send the driving data to a vehicle-mounted central processing system in a clear text message form through the CAN bus, and then send the driving data to the gateway ECU in the clear text message form through the CAN bus after the vehicle-mounted central processing system processes the driving data, and the gateway ECU and a cloud terminal carry out encrypted communication;
and 3, powering off the vehicle V, stopping the in-vehicle network communication and the out-of-vehicle network communication of the current vehicle V until the next time the vehicle V is powered on, or adding an external ECU (electronic control unit) on the vehicle V, or replacing the internal ECU in the vehicle V, and returning to the step 1.
9. The cloud-based vehicle ECU communication method according to claim 8, wherein in step 2, the encrypted communication between the gateway ECU and the cloud specifically includes the following contents:
when the gateway ECU sends a message to the cloud:
step 2a, the gateway ECU receives data transmitted by each ECU and the vehicle-mounted central processing system on the current vehicle V, and marks the data as D1, the gateway ECU marks the time when the data D1 is received as a first timestamp t1, generates a first communication message M9, and sends the first communication message M9 to the cloud: m9= { MT (M9) ||pidg (in) (D1) Q1g (D1) t 1),
wherein MT (M9) represents a message type identifier of the first communication message M9, PIDg (in) represents a pseudonym of the current gateway ECU, Q1g represents a first authentication code of the current gateway ECU, and Q1g (D1) represents symmetrically encrypting data D1 using Q1 g;
step 2b, the cloud end marks the time of receiving the first communication message M9 as a second time stamp t2, and extracts a first time stamp t1 from the first communication message M9, if the time difference between the second time stamp t2 and the first time stamp t1 is greater than a set second time threshold Δt2, the cloud end determines that the first communication message M9 is invalid, and discards the first communication message M9;
if the time difference between the second time stamp t2 and the first time stamp t1 is smaller than or equal to a set second time threshold delta t2, the first communication message M9 is judged to be valid; the cloud extracts a pseudonym PIDg (in) and Q1g (D1) of the gateway ECU from the first communication message M9, if the pseudonym PIDg (in) of the current gateway ECU does not exist in the current cloud database, the cloud judges that the first communication message M9 is illegal and discards the first communication message M9, otherwise, the cloud calls a corresponding bound first verification code in the current cloud database according to the pseudonym PIDg (in) of the current gateway ECU, and symmetrically decrypts Q1g (D1) by using the current first verification code to obtain data D1;
When the cloud sends a message to the gateway ECU:
in step 2a', the cloud end sends a second communication message M10 to the gateway ECU: m10= { MT (M10) ||pidg (in) (D2) t 3) of Q1g,
wherein MT (M10) represents a message type identifier of the second communication message M10, PIDg (in) represents a pseudonym of the gateway ECU, D2 represents data content generated by the cloud, third timestamp t3 represents a time when data D2 is generated by the cloud, Q1g represents a first verification code corresponding to the gateway ECU with the pseudonym PIDg (in), and Q1g (D2) represents symmetrically encrypting the data D2 using Q1 g;
in step 2b', the gateway ECU marks the time of receiving the second communication message M10 as a fourth time stamp t4, and extracts a third time stamp t3 from the second communication message M10, and if the time difference between the fourth time stamp t4 and the third time stamp t3 is greater than a set third time threshold Δt3, it determines that the second communication message M10 is valid; the gateway ECU extracts the pseudonym PIDg (in) from the second communication message M10 and judges that the pseudonym PIDg (in) is the pseudonym of the gateway ECU, and if the pseudonym PIDg (in) is the pseudonym of the gateway ECU, the gateway ECU extracts Q1g (D2) from the second communication message M10 and symmetrically decrypts the pseudonym by using the first verification code of the gateway ECU to obtain data D2;
In step 2c', the gateway ECU transmits the data D2 to the corresponding ECU on the current vehicle V through the CAN bus or to the vehicle-mounted central processing system through the CAN bus.
10. A cloud-based vehicle ECU communication system, comprising:
a general ECU mounted on a vehicle;
an external ECU mounted on the CAN bus through an external interface of the vehicle;
the vehicle communication module comprises a gateway ECU and a CAN bus, and is used for receiving the data of the common ECU or the data of the vehicle processing module, then sending information to the cloud communication module or receiving information transmitted to the vehicle;
the vehicle processing module is provided with a vehicle-mounted central processing system and is used for encrypting and decrypting information of the vehicle communication module and calculating and processing driving data;
the cloud communication module is used for sending out the information of the cloud processing module or receiving the information transmitted to the cloud;
the cloud database is used for storing cloud information and registration information of various vehicles and ECUs;
the cloud quantum random number generator is used for generating a first verification code, a second verification code, a third verification code and a fourth verification code for the cloud processing module to call;
the cloud processing module is used for encrypting and decrypting the information of the cloud communication module and calculating and processing the cloud data;
The modules, libraries are programmed or configured to perform a cloud-based vehicle ECU communication method as claimed in claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311469192.6A CN117221010B (en) | 2023-11-07 | 2023-11-07 | Cloud-based vehicle ECU identity authentication method, communication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311469192.6A CN117221010B (en) | 2023-11-07 | 2023-11-07 | Cloud-based vehicle ECU identity authentication method, communication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117221010A CN117221010A (en) | 2023-12-12 |
| CN117221010B true CN117221010B (en) | 2024-01-12 |
Family
ID=89042936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311469192.6A Active CN117221010B (en) | 2023-11-07 | 2023-11-07 | Cloud-based vehicle ECU identity authentication method, communication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117221010B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN203706297U (en) * | 2014-03-05 | 2014-07-09 | 李建鑫 | Manual stirring type lottery machine |
| CN205121683U (en) * | 2015-11-06 | 2016-03-30 | 成都阿巴斯科技有限责任公司 | Number of shaking machine that can return serve automatically |
| CN105471858A (en) * | 2015-11-20 | 2016-04-06 | 西安电子科技大学 | Internet-of-things-sensing-equipment-based cloud platform authentication system and method |
| CN205193925U (en) * | 2015-12-14 | 2016-04-27 | 广州发际体育用品有限公司 | Rotation type number of shaking machine |
| CN205722085U (en) * | 2016-06-23 | 2016-11-23 | 杭州韶宇广告有限公司 | The number of shaking machine |
| CN206133760U (en) * | 2016-10-12 | 2017-04-26 | 义乌市星芒有机玻璃制品有限公司 | Machinery activity goes out simply number of shaking machine of ball |
| KR101803651B1 (en) * | 2016-06-22 | 2017-12-01 | 부경대학교 산학협력단 | Authentication method for connection of vehicle cloud service |
| CN110086622A (en) * | 2018-01-25 | 2019-08-02 | 南京汽车集团有限公司 | In-vehicle network security architecture designs under a kind of intelligent network connection environment |
| CN111832066A (en) * | 2020-05-20 | 2020-10-27 | 南京邮电大学 | Block chain assisted V2G security authentication and private data aggregation method |
| CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
| CN112399382A (en) * | 2020-11-17 | 2021-02-23 | 平安科技(深圳)有限公司 | Vehicle networking authentication method, device, equipment and medium based on block chain network |
| CN114867014A (en) * | 2022-05-07 | 2022-08-05 | 华中师范大学 | Internet of vehicles access control method, system, medium, equipment and terminal |
| CN116321156A (en) * | 2023-05-18 | 2023-06-23 | 合肥工业大学 | Lightweight vehicle cloud identity authentication method and communication method |
| CN116760614A (en) * | 2023-07-03 | 2023-09-15 | 重庆邮电大学 | Zero-knowledge proof identity authentication scheme for Internet of vehicles based on blockchain and PUF technology |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965218B (en) * | 2017-05-25 | 2020-09-29 | 华为技术有限公司 | Controller area network bus secure communication method, device and system |
-
2023
- 2023-11-07 CN CN202311469192.6A patent/CN117221010B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN203706297U (en) * | 2014-03-05 | 2014-07-09 | 李建鑫 | Manual stirring type lottery machine |
| CN205121683U (en) * | 2015-11-06 | 2016-03-30 | 成都阿巴斯科技有限责任公司 | Number of shaking machine that can return serve automatically |
| CN105471858A (en) * | 2015-11-20 | 2016-04-06 | 西安电子科技大学 | Internet-of-things-sensing-equipment-based cloud platform authentication system and method |
| CN205193925U (en) * | 2015-12-14 | 2016-04-27 | 广州发际体育用品有限公司 | Rotation type number of shaking machine |
| KR101803651B1 (en) * | 2016-06-22 | 2017-12-01 | 부경대학교 산학협력단 | Authentication method for connection of vehicle cloud service |
| CN205722085U (en) * | 2016-06-23 | 2016-11-23 | 杭州韶宇广告有限公司 | The number of shaking machine |
| CN206133760U (en) * | 2016-10-12 | 2017-04-26 | 义乌市星芒有机玻璃制品有限公司 | Machinery activity goes out simply number of shaking machine of ball |
| CN110086622A (en) * | 2018-01-25 | 2019-08-02 | 南京汽车集团有限公司 | In-vehicle network security architecture designs under a kind of intelligent network connection environment |
| CN111832066A (en) * | 2020-05-20 | 2020-10-27 | 南京邮电大学 | Block chain assisted V2G security authentication and private data aggregation method |
| CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
| CN112399382A (en) * | 2020-11-17 | 2021-02-23 | 平安科技(深圳)有限公司 | Vehicle networking authentication method, device, equipment and medium based on block chain network |
| CN114867014A (en) * | 2022-05-07 | 2022-08-05 | 华中师范大学 | Internet of vehicles access control method, system, medium, equipment and terminal |
| CN116321156A (en) * | 2023-05-18 | 2023-06-23 | 合肥工业大学 | Lightweight vehicle cloud identity authentication method and communication method |
| CN116760614A (en) * | 2023-07-03 | 2023-09-15 | 重庆邮电大学 | Zero-knowledge proof identity authentication scheme for Internet of vehicles based on blockchain and PUF technology |
Non-Patent Citations (1)
| Title |
|---|
| 面向云服务的安全高效无证书聚合签名车联网认证密钥协商协议;张文芳;雷丽婷;王小敏;王宇;;电子学报(第09期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117221010A (en) | 2023-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111131313B (en) | Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile | |
| CN109862040B (en) | Security authentication method and authentication system | |
| EP3780481B1 (en) | Method for upgrading vehicle-mounted device, and related device | |
| CN110572418B (en) | Vehicle identity authentication method and device, computer equipment and storage medium | |
| CN107682334B (en) | OBD interface data safety protection system and data safety protection method | |
| EP3926500B1 (en) | Device upgrade method and related device | |
| CN111629002B (en) | OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit) | |
| US10735206B2 (en) | Securing information exchanged between internal and external entities of connected vehicles | |
| CN112994898B (en) | Vehicle intranet communication safety authentication method and device | |
| Nowdehi et al. | In-vehicle CAN message authentication: An evaluation based on industrial criteria | |
| CA2979653A1 (en) | In-vehicle networking | |
| CN111279310A (en) | Vehicle-mounted equipment upgrading method and related equipment | |
| US20180270052A1 (en) | Cryptographic key distribution | |
| CN115396121B (en) | Security authentication method for security chip OTA data packet and security chip device | |
| KR102436138B1 (en) | Method and system for replacing vehicle parts using in-vehicle network based on vehicle ethernet | |
| EP3148152A1 (en) | Cryptographic key distribution | |
| CN116405302B (en) | System and method for in-vehicle safety communication | |
| US20230015877A1 (en) | Certificate list update method and apparatus | |
| CN114301596A (en) | OTA (over the air) secure communication method and device for vehicle intranet, vehicle-mounted system and storage medium | |
| CN115665138A (en) | Automobile OTA (over the air) upgrading system and method | |
| CN113556710B (en) | Vehicle Bluetooth key method and device and vehicle | |
| Buschlinger et al. | Plug-and-patch: Secure value added services for electric vehicle charging | |
| CN116094833A (en) | Key management method and system for whole vehicle key distribution | |
| CN117221010B (en) | Cloud-based vehicle ECU identity authentication method, communication method and system | |
| Mokhadder et al. | Evaluation of vehicle system performance of an SAE J1939-91C network security implementation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |