CN117439740A - In-vehicle network identity authentication and key negotiation method, system and terminal - Google Patents

In-vehicle network identity authentication and key negotiation method, system and terminal Download PDF

Info

Publication number
CN117439740A
CN117439740A CN202311304686.9A CN202311304686A CN117439740A CN 117439740 A CN117439740 A CN 117439740A CN 202311304686 A CN202311304686 A CN 202311304686A CN 117439740 A CN117439740 A CN 117439740A
Authority
CN
China
Prior art keywords
gecu
authentication
ecu
key
obd
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311304686.9A
Other languages
Chinese (zh)
Inventor
赖成喆
马吉平
王新伟
曹进
张应辉
郑东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Posts and Telecommunications
Original Assignee
Xian University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Posts and Telecommunications filed Critical Xian University of Posts and Telecommunications
Priority to CN202311304686.9A priority Critical patent/CN117439740A/en
Publication of CN117439740A publication Critical patent/CN117439740A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Abstract

The invention belongs to the technical field of safety of the Internet of vehicles, in particular to an in-vehicle network identity authentication and key negotiation method, a system and a terminal, and designs an in-vehicle network identity authentication and key negotiation method based on a Physical Unclonable Function (PUF) in order to solve the problem of safety communication on a CAN bus in an in-vehicle network and the problem of equipment access of a vehicle-mounted diagnosis interface. In the design method, identity authentication and group key distribution of a lightweight Electronic Control Unit (ECU) are realized by utilizing the uniqueness, unclonability and message authentication code of a PUF, and an authentication tag is calculated by state information and the group key of the ECU, so that message integrity protection is realized; when the OBD-II interface is physically accessed, the identity authentication and session key negotiation of the external equipment are realized based on elliptic curve Diffie-Hellman key exchange and implicit certificates; when the OBD-II dongle is accessed wirelessly, identity authentication and key negotiation between the OBD-II dongle and the vehicle are realized based on a PUF technology.

Description

In-vehicle network identity authentication and key negotiation method, system and terminal
Technical Field
The invention belongs to the technical field of Internet of vehicles safety, and particularly relates to an in-vehicle network identity authentication and key negotiation method, system and terminal.
Background
The communication network of the intelligent network-connected automobile can be divided into an in-automobile network and an inter-automobile network, and along with the development of the technology of the internet of vehicles and automatic driving, the requirements for in-automobile and out-automobile communication are higher and higher. The modern automobile is provided with an entertainment system, a navigation system, an on-vehicle diagnosis system, an augmented reality instrument panel and the like, and the functions promote the continuous increase of the number of ECUs in the automobile on one hand, and promote the connection between an in-automobile network and an external network to be more compact on the other hand.
The Physical Unclonable Function (PUF) exploits the random variability inherent in the physical microstructure of an integrated circuit, which produces a unique output in the form of a response R for the input of a challenge C. A PUF can be considered as a challenge-response system with r=f (C), the function f (·) representing the relationship between input and output in a physically unclonable function, and the function f (·) being determined by variations in parameters inside the circuit. The security of PUFs exploits the difficulty (i.e. unclonability) of measuring or estimating these parameters and manufacturing two chips with the same parameters.
The in-vehicle communication network refers to a communication network for data transmission, processing and decision making established among in-vehicle controllers, actuators and sensors based on the traditional communication technology. The CAN bus is the most widely applied and mature in-vehicle network communication protocol, and still is a communication architecture of the main stream in the vehicle in a short period, and the CAN bus is used as a communication protocol between ECUs, so that the premise of realizing the safety of the in-vehicle network is ensured to be true and reliable. But aiming at the safety problem of the bus in the vehicle, an attacker CAN remotely attack and invade the network in the vehicle through an external network, so that the attacker CAN eavesdrop and replay the data on the CAN bus, and even modify and forge the data packet so as to control the braking, steering, door opening and closing, window lifting and the like of the vehicle. This poses a serious threat to the driver's life safety and public transportation safety.
In addition to focusing on the communication protocols within the vehicle interior, the external interface security of the vehicle is also not negligible. Intelligent networking automobiles contain rich external interfaces such as on-board diagnostics (OBD) interfaces, telematics units, bluetooth, wi-Fi, etc. The user CAN be connected to the in-vehicle network through the external interfaces, and an attacker CAN inject malicious instructions to the CAN bus through the OBD-II interface to control the vehicle by utilizing the characteristic. So that the safety of these external interfaces must be taken into consideration in order to ensure the communication safety of the in-vehicle network.
For the safety problem of the in-car network in the intelligent network-connected automobile environment, the implementation of the data encryption and message authentication technology is an effective means for solving the problem. However, the conventional encryption authentication and key negotiation technology cannot be directly applied to a vehicle-mounted network environment, and has the problems of limited bandwidth, limited resources, heterogeneous architecture and the like. At present, domestic safety problem research on intelligent network-connected automobile in-car networks is still in a primary stage. Although several schemes have been proposed for in-vehicle network authentication and key agreement before, there are problems related to the design of the scheme, such as incompatibility with the CAN bus standard, large computational communication overhead, increased bus load rate due to the scheme, and the like. Up to now, there is no perfect solution for in-vehicle network authentication and key agreement. The safety protection mechanism for researching the in-car network is an important and urgent work, and the authentication and key negotiation mechanism which is efficient, reliable and suitable for the in-car network environment can provide guarantee for the safe operation of the intelligent network car, can play a role for a modern intelligent traffic system and can promote the construction of a smart city.
Through the above analysis, the problems and defects existing in the prior art are as follows: the safety problem of the bus in the automobile still exists, an attacker CAN remotely attack and invade the network in the automobile through an external network, not only CAN tap and replay data on the CAN bus, but also CAN modify and forge data packets so as to control the braking, steering, door opening and closing, window lifting and the like of the automobile. Meanwhile, the external interface of the vehicle is also easy to be threatened, the external interface of the vehicle CAN be connected to the in-vehicle network, and an attacker CAN inject malicious instructions into the CAN bus through the external interface to control the vehicle by utilizing the characteristic. Causing serious threats to the life safety and public traffic safety of drivers. The traditional encryption authentication and key negotiation technology cannot be directly applied to a vehicle-mounted network environment, and has the problems of limited bandwidth, limited resources, heterogeneous architecture and the like. At present, many schemes improve the traditional scheme, but the problems of incompatibility with the CAN bus standard, high calculation communication overhead, increased bus load rate and the like still exist.
Disclosure of Invention
Aiming at the problems existing in the prior art, the invention provides an in-vehicle network identity authentication and key negotiation method, system and terminal.
The invention is realized in such a way that an in-vehicle network identity authentication and key negotiation method comprises the following steps:
s1, ECU authentication based on PUF: the ECU authentication based on the PUF is divided into a registration stage and an authentication stage, wherein the registration stage completes the establishment of a CRP database, and the authentication stage completes the ECU i And two-way identity authentication of the GECU;
s2, distributing a group session key: after authentication between the ECUs is completed, the ECU negotiates a group session key GK with the GECU, and the GECU distributes the group session key GK to the ECUs in the group;
s3, authentication and safe transmission of the data frames: after the group key distribution is completed, an authentication tag is generated through the group key GK to verify whether tampering occurs in the data frame transmission process. Message m before transmission of data frame i And ECU (electronic control Unit) i Is the latest state S of (2) i-1 The confidentiality of the data frame is guaranteed by exclusive-or operation;
s4, external equipment safety authentication: when the OBD-II interface is physically accessed, the identity authentication and session key negotiation of the external equipment are realized based on elliptic curve Diffie-Hellman key exchange and implicit certificates; when the OBD-II dongle is accessed wirelessly, the OBD-II dongle identity authentication and key negotiation are realized based on a PUF technology.
Further, in the PUF-based ECU authentication of S1, the Physical Unclonable Function (PUF) can be considered as a challenge-response system of r=f (C), exploiting the random variability inherent in the integrated circuit physical microstructure, which produces a unique output in the form of response R for the input of a challenge C.
Further, PUF-based ECU authentication includes two phases of enrollment and authentication;
(1) Registration:
1)ECU i sending the registration request and ID of the GECU to the GECU i A number;
2) The GECU receives a certain ECU i After the GECU makes the recording, it sends a random challenge C to it i
3)ECU i Challenge value C of received GECU i ,ECU i Calculating R i =PUF(C i ) And calculate the response R i Returning to the GECU;
4) GECU receives R i Thereafter, by<ID i ,C i ,R i >Storing a format;
(2) Authentication:
1)ECU i sending authentication request RM to GECU i
2) The GECU randomly selects one of the ECUs in a challenge-response pair (CRP) database based on its ID<C i ,R i >And calculates a temporary symmetric keyWherein k is i Is an ECU i A long-term symmetric key pre-shared with the GECU;
3) GECU is ECU i Generating a random number Seed i Calculation of Subsequently C is carried out i ,Seed i ,MAC 1 Sent to the ECU i
4)ECU i Upon receipt of C i ,Seed i And MAC 1 Thereafter, R is calculated first i =PUF(C i ) Then calculate If MAC 1 =MAC' 1 ECU then i Authentication of the GECU is completed;
5)ECU i calculation ofMAC is to 2 Transmitting to the GECU;
6) GECU is receiving MAC 2 Thereafter, calculateAuthentication if MAC 2 =MAC' 2 The GECU completes the process to the ECU i Is used for identity authentication.
Further, in the S2 distribution group session key, the GECU distributes the group key by:
1)ECU i sending a Key request RK to the GECU i
2) For each ECU i Is to request RK i GECU according to RK i The ECU is randomly selected based on the identity information of the electronic control unit i Is a pair of (a)<C i ,R i >After which calculationWherein i=1, 2,3 … m;
3) GECU computes group keysAnd calculates a temporary group key +.>
4) GECU calculates hash=h (ID i ||RK i ||C i ||GK' i ) Then calculate the temporary encryption keyEncrypting the ciphertext by using a symmetric encryption algorithm to obtain the ciphertext +.>
5) GECU sends ciphertext information CM i Challenge C i Transmitted to ECU i
6) Same group of ECUs i After receiving the message sent by the GECU, firstly pass C i Calculating R i =PUF(C i ) And calculates a symmetric key
7)ECU i Decryption is performed to obtain hash, GK' i And C i By comparing decrypted C i And C transmitted from previous GECU i If the two are the same, prove C in the transmission process i If the current flow is not tampered by the adversary, continuing the following steps, otherwise, stopping the current flow;
8)ECU i GK 'obtained by decryption' i And the existing information, calculate hash' =h (ID i ||RK i ||C i ||GK' i ) Judging the temporary group key GK 'and the key request RK by comparing the hash' and the hash i Whether tampered with by an adversary; if the key distribution flow is the same, continuing the following flow, otherwise, stopping the current key distribution flow;
9)ECU i calculation ofThen pass through GK' i And A i Exclusive or operation is carried out between the two to obtain a session group key +.>
Further, in the authentication and secure transmission of the S3 data frame, each ECU maintains a own state information S i I.e. each state S i All are composed of three parts, i represents a counter, ">The initial sub-state is indicated and,representation->Is a previous u sub-states of (2); />The definition is given by the following formula:
further, the data frame authentication and secure transmission includes the steps of:
1) Each ECU in the group generates an initial internal state before communication beginsAnd the initial internal states are all the same;
2) When sending message m i At the time, ECU s At this time, the own state is S i-1 By exclusive-or of state information S i-1 And plaintext message m i Obtaining ciphertext
3)ECU s First calculate and recognizeCertificate label t i =H GK (ID i ||S i-1 ||CM i ) Encrypted message CM i And authentication tag t i Is arranged in a data field and transmitted to the ECU r
4)ECU s Updating the current sub-state, updating the rule toThe updated self state is
5)ECU s After updating the state, the message is sent to the ECU r
6)ECU r After receiving the data frame, first calculate the authentication tag t' i =H GK (ID i ||S i-1 ||CM i ) By comparing t' i And t i Whether the same verifies whether the adversary has performed tampering with the data frame during the transmission of the data frame.
7)ECU r Recovering plaintext message m i
8)ECU r The update sub-state is a state that,update rule to +.>The updated self state is
Further, S4 the external device security authentication includes two types of physical access and wireless access. The method comprises the steps of carrying out a first treatment on the surface of the
(1) Physical access OBD interface:
1) Signature: the External Device (EDEV) first selects a random number a, calculates:
Y=aG
h=H(Y||ID GECU )
obtain signature S EDEV
2) The external device EDEV signs S with Y EDEV And its own certificate Cert EDEV Sending to the GECU;
3) Calculating a public key: after the GECU receives the message, calculating:
(P EDEV ,ID EDEV )=decode(Cert EDEV )
e 1 =H(Cert EDEV )
Q EDEV =e 1 P EDEV +Q CA
wherein P is EDEV Is the public key reconstruction value of EDEV, Q EDEV Is the public key of the EDEV;
4) Verifying the signature: GECU uses public key Q EDEV Verifying the digital signature to obtain a message digest H, and calculating H' =h (y||id) GECU ) Comparing whether the information abstract h after verifying the signature is consistent with h' calculated by a hash algorithm again, if so, verifying the signature is successful, otherwise, ending the authentication flow;
5) Signature: the GECU generates a random number b, calculates w=bg, and first pairs W, Y and ID EDEV Performing hash operation to obtain a hash value, and then signing the hash value to obtain the signatureGECU will W, signature S GECU And certificate Cert of GECU GECU Transmitting to the EDEV;
6) Calculating a public key: after receiving the message from the EDEV, the GECU performs the following calculations:
(P GECU ,ID GECU )=Decode(Cert GECU )
e 2 =H(Cert GECU )
Q GECU =e 2 P GECU +Q CA
wherein P is GECU Is the public key reconstruction value of the GECU, Q GECU Is the public key of the GECU;
7) Verifying the signature: EDEV uses public key Q GECU Verifying digital signature S GECU Obtaining the information abstract h 1 By calculating h' 1 =H(Y||ID EDEV ||w), compare information summary h 1 And h' 1 If the two are consistent, verifying the signature is successful, otherwise, ending the authentication flow;
8) Calculating a key: GECU use d GECU And Q EDEV Calculating s=d GECU Q EDEV K=bt= abG is calculated using Y and b. EDEV use d EDEV And Q GECU Calculating s=d EDEV QEGCU, k=aw= abG using W and a. Both parties use the key distribution function to distribute s, ID GECU 、ID EDEV And k as an input to the device, generating seed=kdf (s ID) EDEV ||ID EDEV The step I is that k), then the seed is subjected to hash operation once, and a session key SK is generated;
(2) Wireless access OBD-II interface:
authentication:
the server authenticates the OBD-II dongle:
1) The vehicle owner firstly sends the relevant login credentials to a server in the smart phone APP, and after the server authenticates the user, the VID is sent to the vehicle owner's mobile phone, and the login is successful. This step is not performed every time, and the connection operation with the OBD-II dongle can be initiated after the login is successful;
2) After the vehicle owner logs in successfully, the vehicle owner can be connected with the OBD-II dongle in a wireless mode through Bluetooth.
3) The server initiates an authentication request, and the smart phone APP sends the VID to the server;
4) After receiving the VID, the server first searches whether the VID is in the database, and if so, the server randomly selects a pair (C i ,R i ) Otherwise, not responding to the same;
5) The server generates a random number N s Calculation ofComputing the hash h=h (N) s ||C i ||N' s );
6) The server will be h, N s ,C i Transmitting the data to an intelligent mobile phone APP, and forwarding the data to an OBD-II dongle by the APP;
7) OBD-II dongle receives h, N s ,C i After that, firstly according to C i Calculating R i =PUF(C i ) According to R i And N s Calculation of Finally h=h (N s ||C i ||N' s ) Comparing whether h' and h are equal, if so, continuing the following flow, otherwise, terminating the authentication flow;
8) The dongle generates a random number N i Calculate h 1 =H(N s ||C i ||N i ) Will N i And h 1 Transmitting to the APP;
9) M forwarded by smart phone APP is received by server 2 Thereafter, for N i And h 1 And (5) performing verification. First calculate h' 1 =H(N s ||R i ||N i ) Comparison of h' 1 And h received 1 If the identity of the OBD and the identity of the OBD are the same, the server completes the identity authentication of the OBD-II dongle, otherwise, the authentication fails;
10 After successful authentication, the server deletes (C) from the database i ,R i );
The OBD-II dongle authenticates the smart phone APP:
1) The OBD-II dongle initiates an authentication request first;
2) After receiving the authentication request, the smart phone APP generates a random number N i And VID and N i Sending the data to a server;
3) The server looks up whether the VID is in the database, and if so, randomly selects a pair (C i ,R i ) By exclusive OR R i Random number N i Obtaining an encryption keyCalculating CM i =Enc k' (N i ) The server will C i And CM (CM) i Sending the data to a smart phone APP;
4) Smart phone APP will M again 2 And N i Forwarding to the OBD-II dongle;
5) After the OBD-II dongle receives the message, it first calculates R i =PUF(C i ) And calculate the keyDecrypting CM with K i Obtaining N' i And comparing N' i And N i If the two are the same, finishing authentication of the APP of the smart phone, otherwise, considering the APP as dishonest;
establishing a secure session phase:
1) The server randomly selects a VID (C) i ,R i )。
2) The server calculates the session key K s =H(R i ||ID dongle ) And calculateCM is applied to i And C i The method comprises the steps of sending the data to a smart phone, and forwarding the data to an OBD-II dongle by a smart phone APP;
3) Dongle receives CM i And C i After that, K 'is calculated' s =H(PUF(C i )||ID dongle ) And K 'is used' s For CM i Decrypting, e.g. C after decryption i And received C i Identical, the session key K is certified s Is correct. The communication between the OBD-II dongle and the server then uses the symmetric key K s Encryption is performed.
Another object of the present invention is to provide an in-vehicle network identity authentication and key agreement system, including:
and the ECU authentication module: based on the PUF, finishing bidirectional authentication between the ECU and the GECU;
group session key distribution module: after authentication between ECUs is completed, negotiating a group session key, and distributing the group session key to the ECUs in the group by the GECU;
and a safety transmission module: after the group key distribution is completed, verifying whether tampering occurs in the data frame transmission process through generating an authentication tag by the group key;
external device security authentication module: when the OBD-II interface is physically accessed, the identity authentication and session key negotiation of the external equipment are realized based on elliptic curve Diffie-Hellman key exchange and implicit certificates; when the OBD-II dongle is accessed wirelessly, the OBD-II dongle identity authentication and key negotiation are realized based on a PUF technology.
Another object of the present invention is to provide a computer device, where the computer device includes a memory and a processor, and the memory stores a computer program, and when the computer program is executed by the processor, the processor executes the steps of the in-vehicle network identity authentication and key negotiation method.
The invention further aims to provide an information data processing terminal which is used for realizing the in-vehicle network identity authentication and key negotiation system.
In combination with the technical scheme and the technical problems to be solved, the technical scheme to be protected has the following advantages and positive effects:
firstly, the invention realizes the identity authentication of the ECU and the distribution of the group key by utilizing the uniqueness, the unclonability and the message authentication code of the PUF, and ensures the physical security of the components such as the ECU and the authenticity of the message source; the authentication tag is calculated by using the group key through exclusive OR operation of the state information of the ECU and the message, so that confidentiality and integrity protection of the message are realized, confidentiality and integrity of data on the CAN bus are guaranteed, replay attack is prevented, safety authentication is carried out on the safety equipment when the external equipment is accessed to the OBD interface, malicious access to the OBD interface by the external equipment is prevented, and meanwhile, the authentication tag has the characteristic of light weight.
Secondly, the invention realizes bidirectional authentication between the ECU and the GECU, group key negotiation and distribution, safe transmission of data frames and safe authentication of external equipment based on the PUF technology, and the safe authentication of the ECU ensures that a data source is effective and safe, thereby ensuring the safety of a CAN bus; before the message transmission, the plaintext message and the latest state of the ECU are subjected to exclusive OR operation, and the state information of the ECU only exists in the ECU, so that the confidentiality of the message is ensured; before the data frame is transmitted, calculating an authentication tag by using a hash function with a secret key to ensure the integrity of the data frame; when the external equipment is physically or wirelessly accessed to the OBD interface, the identity authentication and key negotiation of the external equipment are respectively realized, malicious external equipment is prevented from accessing the OBD interface, and the CAN bus safety is protected.
Thirdly, whether the technical scheme of the invention solves the technical problems that people want to solve all the time but fail to obtain success all the time is solved:
the Controller Area Network (CAN) is used as the most widely applied vehicle-mounted network protocol at present, a safety mechanism is not considered at the beginning of design, and due to the characteristics of plaintext transmission, broadcast message and bitwise arbitration, data frames are easy to be attacked by sniffing, falsification, replay and the like in the transmission process. A number of solutions to the safety problem of CAN buses have been proposed, but the following problems remain: firstly, certain functions of the vehicle are real-time, and implementation of encryption and authentication mechanisms brings message delay, which requires deployment of lightweight encryption authentication protocols while ensuring security. Secondly, the payload size of the classical CAN bus makes it difficult to add authentication tags and digital signatures in case of having actual data, and some existing works split CAN bus messages, one message is used for transmitting the actual data, and the other message is specially used for authentication, which CAN increase the bus load by two times. Third, some existing works make modifications to CAN data frames that attempt to change the size of the payload or by inserting MAC tags in the CRC and identifier fields, which CAN lead to problems with incompatibility with existing CAN protocol stacks. Fourth, the research work at present mainly focuses on the data security of the CAN bus, and the physical security of the components such as the ECU is less concerned.
Aiming at the safety problem of the OBD interface, the cryptography-based method is mainly focused on preventing malicious attacks when external equipment is physically connected to the OBD interface, the existing research work mainly realizes identity authentication and key negotiation by digital certificates and digital signature technology, but components of an in-vehicle network are resource-limited equipment, and lightweight authentication and key negotiation protocols will have remarkable advantages. Along with the application expansion of the OBD interface on the intelligent network-connected automobile, the potential safety hazard brought by remote access to the OBD interface needs to be more emphasized.
In the invention, aiming at the safety communication problem on the CAN bus, the lightweight ECU identity authentication and group key distribution are realized by utilizing the uniqueness, unclonability and message authentication code of the PUF, once an adversary tries to physically attack a legal ECU, key information in the legal ECU is stolen, the hardware of the ECU is damaged, correct response cannot be generated, the authentication of the ECU cannot be completed, the ECU cannot participate in the group key distribution stage, subsequent attack of the adversary cannot be performed, and the physical safety of the ECU and other components is ensured. Only symmetric cryptographic algorithms are used in the authentication process, with lightweight characteristics in terms of computational overhead and communication overhead. The data transmission process does not encrypt the plaintext message using an encryption algorithm, but rather by means of the ECU i Message sender ECU only for latest state s And a receiving side ECU r Having the feature of transmitting a plaintext message m prior to transmission of a data frame i And ECU (electronic control Unit) i Is the latest state S of (2) i-1 After exclusive-or operation is performed on the data, the adversary cannot acquire any state information in the open channel so as to achieve the effect of encrypting the data, and the adversary is led toThe state information of the ECU can also resist replay attacks. Pairing identifier ID using keyed hash function i State S i Sum ciphertext CM i Calculate the authentication tag t i Group key GK and state information S of ECU i Unknown to an attacker, only legal ECUs r The ciphertext can be decrypted using the recorded state information to obtain the plaintext message m i By updating the state information S i And compares the authentication label t i To verify the integrity of the data to ensure the integrity of the message. Through the operation, the safety of CAN bus communication is ensured, and the safety of vehicles is further ensured.
Aiming at the problem of safety authentication of external equipment, when the external equipment is directly and physically connected with an OBD-II interface, the authentication of the external equipment is completed by utilizing a digital certificate and signature technology; when the OBD-II interface is accessed remotely through the OBD-II dongle, identity authentication of the OBD-II dongle and the smart phone APP is realized, and a session key between the OBD-II dongle and the server is negotiated.
When external equipment is directly and physically accessed to an OBD-II interface, the authentication of the external equipment is completed by utilizing a digital certificate and signature technology; when the OBD-II interface is accessed remotely through the OBD-II dongle, identity authentication of the OBD-II dongle and the smart phone APP is realized, and a session key between the OBD-II dongle and the server is negotiated.
When physically accessed, the GECU passes through an implicit certificate Cert sent from the external device EDEV Obtaining public key Q of EDEV after correlation calculation EDEV By Q EDEV To signature S EDEV And verifying to prove the legitimacy of the identity of the external equipment. During transmission, if certificate Cert EDEV Or signature S EDEV Counterfeited by adversaries cannot complete the normal signature verification process, and the authentication process fails. After the identity authentication of the EDEV and the GECU is completed, the session key SK is negotiated together, key seeds are calculated by using a key distribution function based on key materials contributed by the EDEV and the GECU together, and the SK is calculated by hash operation.
When wireless access is performed, P is utilized in authenticating OBD-II donglesUnclonability and uniqueness of UF function will R i As part of the input of the hash function, only legal dongles can generate correct h ', after the dongles verify that h' and h are the same, authentication of the server is completed, and a random number N is generated i Calculate h 1 Server pair h 1 Authentication of the OBD-II dongle is verified, and replay attacks can also be resisted through the operation. In the message communication phase, the scheme uses a symmetric key for encrypted communication, the symmetric key being composed of VID and response R of PUF i Derived from the fact that only the server, smart phone APP and OBD-II dongle are aware of the VID, the smart phone APP will not transmit the VID to the dongle either, so that the adversary cannot eavesdrop on the communication link and collect the VID. Response R to PUF i Adversaries cannot rely on plaintext C over the channel i Calculate response R i So adversaries cannot calculate the session key K s The designed scheme can ensure the confidentiality of the message in the communication process.
By authenticating the external device, unauthorized devices can be prevented from accessing the OBD interface, thereby protecting the safety of the vehicle. Only authenticated devices can communicate with the OBD interface, which greatly reduces the risk of the vehicle being attacked or illegally accessed.
Fourth, the in-vehicle network identity authentication and key negotiation method provides an innovative vehicle-mounted network security solution. The method comprises four main steps: PUF-based ECU authentication, distribution group session keys, authentication and secure transmission of data frames, and external device security authentication.
In particular, physical Uncloneable Function (PUF) technology plays a key role in the security protection of vehicular networks. The PUF uses small differences in the physical structure of the hardware device to generate unique and uncloneable identity authentication information, providing an effective means of preventing cloning of hardware.
In addition, key management and secure transmission of data frames are also embodied in the method. Through distribution and management of the secret key, only authenticated equipment can be ensured to be accessed to the network, and meanwhile, the safety in the data transmission process is ensured.
Furthermore, the method also deals with the problem of external equipment access. For the physical access equipment, the method adopts Diffie-Hellman key exchange and implicit certificates based on elliptic curves, so that the security of identity authentication and key negotiation is ensured. The wireless access device performs identity authentication and key agreement by employing PUF-based techniques.
In general, the identity authentication and key negotiation method has important influence on the safety protection technology of the vehicle-mounted network, and is hopeful to improve the safety of the vehicle-mounted network.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of an in-vehicle network identity authentication and key agreement method provided by an embodiment of the present invention;
fig. 2 is a schematic diagram of an in-vehicle network identity authentication and key negotiation system according to an embodiment of the present invention;
fig. 3 is a flowchart of external device access authentication and key agreement provided in an embodiment of the present invention;
FIG. 4 is a flowchart of authentication of an OBD-II dongle by a server according to an embodiment of the present invention;
fig. 5 is a flowchart of authentication of a dongle to a smart phone according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a system model according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Aiming at the problems existing in the prior art, the invention provides an in-vehicle network identity authentication and key negotiation method, a system and a terminal, and the invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the in-vehicle network identity authentication and key negotiation method provided by the embodiment of the invention includes:
S1, ECU authentication based on a Physical Unclonable Function (PUF): performing mutual authentication between the ECU and a Gateway ECU (GECU) based on the PUF;
s2, distributing a group session key: after authentication between ECUs is completed, negotiating a group session key GK, and distributing the group session key GK to the ECUs in the group by the GECU;
s3, authentication and safe transmission of the data frames: after the group key distribution is completed, generating an authentication tag through the group key GK to verify whether tampering occurs in the data frame transmission process;
s4, external equipment safety authentication: when the vehicle-mounted diagnosis system (OBD-II) interface is physically accessed, the identity authentication and the session key negotiation of the external equipment are realized based on elliptic curve Diffie-Hellman key exchange and implicit certificates; when the OBD-II dongle is accessed wirelessly, the OBD-II dongle identity authentication and key negotiation are realized based on a PUF technology.
As shown in fig. 2, the in-vehicle network identity authentication and key negotiation system provided by the embodiment of the invention includes:
and the ECU authentication module: based on the PUF, finishing bidirectional authentication between the ECU and the GECU;
group session key distribution module: after authentication between ECUs is completed, negotiating a group session key, and distributing the group session key to the ECUs in the group by the GECU;
and a safety transmission module: after the group key distribution is completed, verifying whether tampering occurs in the data frame transmission process through generating an authentication tag by the group key;
External device security authentication module: when the OBD-II interface is physically accessed, the identity authentication and session key negotiation of the external equipment are realized based on elliptic curve Diffie-Hellman key exchange and implicit certificates; when the OBD-II dongle is accessed wirelessly, the OBD-II dongle identity authentication and key negotiation are realized based on a PUF technology.
The invention realizes the lightweight ECU identity authentication and group key distribution by utilizing the uniqueness, unclonability and message authentication code of the PUF; and calculating an authentication tag through the state information of the ECU and the group key, thereby realizing message integrity protection. Based on elliptic curve Diffie-Hellman key exchange and implicit certificate, external equipment identity authentication and session key negotiation are realized; based on the PUF technology, a lightweight identity authentication and key negotiation scheme is designed when the wireless access is realized through the OBD-II dongle.
The technical scheme of the invention is further described below with reference to specific embodiments.
The invention consists of the following entities: ECU, GECU, external access physical entity, OBD system, OBD-II dongle, smart phone, server. Compared with the ECU, the GECU has better computing resources and storage resources, and in the scheme, the GECU plays a role of a trusted third party and is responsible for distributing the group session key to the common ECU. The general ECU is responsible for controlling certain specific functions of the vehicle.
First, the ECU and the GECU complete the mutual authentication based on the PUF ECU authentication phase.
Secondly, the negotiation and distribution stage of the group key is performed based on the PUF, and the GECU distributes the group key to the ECU in the group.
And then, in the authentication and safe transmission stage of the data frame, the authentication tag is calculated through the state information of the ECU and the group key, so that the integrity of the message is protected.
Finally, in the security authentication stage of the external equipment, when the OBD-II interface is physically accessed, the identity authentication and session key negotiation of the external equipment are realized based on elliptic curve Diffie-Hellman key exchange and implicit certificates; when the OBD-II dongle is accessed wirelessly, the OBD-II dongle identity authentication and key negotiation are realized based on a PUF technology.
1. PUF-based ECU authentication phase
PUF-based ECU authentication includes two phases of enrollment and authentication, where the enrollment phase is completed during the manufacturing process of the vehicle. The authentication phase is performed each time the vehicle ignition is started.
Registration phase completes GEEstablishment of PUF database on CU. During the production of a motor vehicle, an ECU i And the GECU completes the establishment of a challenge-response pair (CRP) database of the physical unclonable function in the secure channel, and the final database is stored in the GECU without risk of data leakage, and the specific flow is as follows:
1)ECU i Sends the registration request and the identity number (ID) of the GECU to the GECU i )。
2) The GECU receives a certain ECU i After the GECU makes the recording, it sends a random challenge C to it i
3)ECU i Challenge value C of received GECU i ,ECU i Calculating a response value R i =PUF(C i ) And calculate the response R i And returning to the GECU.
4) GECU receives R i Thereafter, by<ID i ,C i ,R i >And (5) format storage.
The authentication stage is completed when the automobile is started each time of ignition, and the ECU is completed at the stage i And the GECU, thereby avoiding the disguised attack of the adversary, and the specific flow is as follows:
1)ECU i sending authentication request RM to GECU i
2) The GECU randomly selects one piece of the ECU in the CRP database according to the ID<C i ,R i >And calculates a temporary symmetric keyWherein k is i Is an ECU i A long-term symmetric key pre-shared with the GECU.
3) GECU is ECU i Generating a random number Seed i Calculating a message authentication code Wherein->For the hash algorithm, C will then be i ,Seed i ,MAC 1 Sent to the ECU i
4)ECU i Upon receipt of C i ,Seed i And MSC (Mobile switching center) 1 Thereafter, R is calculated first i =PUF(C i ) Then calculate If MAC 1 =MAC' 1 ECU then i Authentication of the GECU is completed.
5)ECU i Calculation ofMAC is to 2 To the GECU.
6) GECU is receiving MAC 2 Thereafter, calculateAuthentication if MAC 2 =MAC' 2 The GECU completes the process to the ECU i Is used for identity authentication.
2. Group key negotiation and distribution phase based on PUF
After the execution of the ECU i And the mutual authentication of the GECU, then the distribution of the group session key is performed. When m ECUs in a group are authenticated, a group session key GK is negotiated at the stage and distributed to ECUs in the group by the GECU i The specific flow is as follows:
1)ECU i sending a Key request RK to the GECU i
2) For each ECU i Is to request RK i GECU according to RK i The ECU is randomly selected based on the identity information of the electronic control unit i Is a pair of (a)<C i ,R i >After which the temporary encryption material is calculatedWherein->For a symmetric encryption algorithm, i=1, 2,3 … m.
3) GECU computes group keysAnd calculates a temporary group key +.>
4) GECU calculates hash=h (ID i ||RK i ||C i ||GK' i ) Then calculate the temporary encryption keyEncrypting the ciphertext by using a symmetric encryption algorithm to obtain the ciphertext +.>
5) GECU sends ciphertext information CM i Challenge C i Transmitted to ECU i
6) Same group of ECUs i After receiving the message sent by the GECU, firstly pass C i Calculating R i =PUF(C i ) And calculates a symmetric key
7)ECU i Decryption is performed to obtain hash, GK' i And C i By comparing decrypted C i And C transmitted from previous GECU i If the two are the same, prove C in the transmission process i If the current flow is not tampered with by the adversary, the following steps are continued, otherwise, the current flow is stopped.
8)ECU i GK 'obtained by decryption' i And the existing information, calculate hash' =h (ID i ||RK i ||C i ||GK' i ) By comparing hash' and hash to determine the temporary group key GK' and the key request RK i Whether tampered with by an adversary. If the key distribution flow is the same, the following flow is continued, otherwise, the current key distribution flow is stopped.
9)ECU i Calculation ofThen pass through GK' i And A i Exclusive or operation is carried out between the two to obtain a session group key +.>
3. Authentication and secure transmission phase of data frames
After the group key distribution is completed, the CAN data frames CAN be safely transmitted between the ECUs in the group. Specifically, each ECU maintains its own state information S iI.e. each state S i All are composed of three parts, i represents a counter, ">Representing an initial sub-state->Representation->Is not equal to the previous u sub-states of (c). />The definition is given by the following formula:
the specific flow is as follows:
1) Each ECU in the group generates an initial internal state before communication beginsState of the partAnd the initial internal states are all the same.
2) When sending message m i At this time, the sender ECU s At this time, the own state is S i-1 By exclusive-or of state information S i-1 And plaintext message m i Obtaining ciphertext
3)ECU s First, calculate the authentication tag t i =H GK (ID i ||S i-1 ||CM i ) Encrypted message CM i And authentication tag t i Is arranged in a data field and transmitted to the ECU r
4)ECU s Updating the current sub-state, updating the rule to The updated self state is
5)ECU s After updating the state, the message is sent to the ECU r
6) Receiver ECU r After receiving the data frame, first calculate the authentication tag t' i =H GK (ID i ||S i-1 ||CM i ) By comparing t' i And t i Whether the same verifies whether the adversary has performed tampering with the data frame during the transmission of the data frame.
7)ECU r Recovering plaintext message m i
8)ECU r The update sub-state is a state that,update rule to +.>The updated self state is
For example, ECU i The current state isAt this time, the ECU i To send message m i Its own state information is updated as follows: first, message m i And the current state S i-1 Performing exclusive-or operation to obtain ciphertext CM i Then calculate the authentication tag t i =H GK (ID i ||S i-1 ||CM i ) Attaching an authentication tag to the message, then placing the tag in a data field for transmission, and then the ECU i Update current sub-state->Is->The update rule is for the counter, initial sub-state and message m i Hash, i.e.)> After updating the current sub-state +.>Also changes follow the definition of the state formula, in the countingAfter the self-increment operation is performed, the final result is that the self state is iterated, and the updated state isAfter updating the state, the sender sends out the message, and the receiver firstly verifies after receiving the message, and then updates the current sub-state and the current state.
4. External device security authentication phase
There are two different scenes in this stage, the first is that the physical entity is directly inserted into the OBD-II interface to communicate, and the second is that the OBD-II interface is accessed through the OBD-II dongle and the wireless channel. When the OBD-II interface is physically accessed, the identity authentication and session key negotiation of the external equipment are realized by adopting elliptic curve Diffie-Hellman key exchange and implicit certificates; when the OBD-II interface is accessed wirelessly, the OBD-II dongle identity authentication and key negotiation are realized based on a PUF technology.
(1) Physical access OBD
Both the external devices EDEV and GECU apply for and load own certificate from the certificate authority CA in advance, and have the public key Q of the CA CA While sharing elliptic curve E P (a, b), order n and generator G (x 1 ,y 1 ). The ECQV implicit certificate consists of an identifier and key data. The specific flow is as follows:
1) Signature: the External Device (EDEV) first selects a random number a, calculates:
Y=aG
h=H(Y||ID GECU )
obtain signature S EDEV
2) The external device EDEV signs S with Y EDEV And its own certificate Cert EDEV And sending to the GECU.
3) Calculating a public key: after the GECU receives the message, calculating:
(P EDEV ,ID EDEV )=decode(Cert EDEV )
e 1 =H(Cert EDEV )
Q EDEV =e 1 P EDEV +Q CA
wherein P is EDEV Is the public key reconstruction value of EDEV, Q EDEV Is the public key of the EDEV.
4) Verifying the signature: GECU uses public key Q EDEV Verifying the digital signature to obtain a message digest H, and calculating H' =h (y||id) GECU ) And comparing whether the information abstract h after signature verification and h' calculated by the hash algorithm are consistent or not, if so, successfully verifying the signature, otherwise, ending the authentication flow.
5) Signature: the GECU generates a random number b, calculates w=bg, and first pairs W, Y and ID EDEV Performing hash operation to obtain a hash value, and then signing the hash value to obtain a signatureGECU will W, signature S GECU And certificate Cert of GECU GECU To the EDEV.
6) Calculating a public key: after receiving the message from the EDEV, the GECU performs the following calculations:
(P GECU ,ID GECU )=decode(Cert GECU )
e 2 =H(Cert GECU )
Q GECU =e 2 P GECU +Q CA
wherein P is GECU Is the public key reconstruction value of the GECU, Q GECU Is the public key of the GECU.
7) Verifying the signature: EDEV uses public key Q GECU Verifying digital signature S GECU Obtaining the information abstract h 1 By calculating h' 1 =G(Y||ID EDEV ||w), compare information summary h 1 And h' 1 If the two are consistent, the signature verification is successful, otherwise, the authentication flow is ended.
8) Calculating a key: GECU use d GECU And QGEEV calculation s=d GECU QD EDEV K=by= abG is calculated using Y and b. EDEV use d EDEV And Q GECU Calculating s=d EDEV Q GECU K=aw= abG is calculated using W and a. Both parties will S, ID using a key distribution function GECU 、ID GECU And k as an input to the device, generating seed=kdf (s ID) GECU ||ID EDEV I k), and then performing hash operation on the seed once again to generate a session key SK.
(2) Wireless access OBD
Whether the traffic environmental protection department remotely monitors the emission condition of the vehicle or the insurance company needs the vehicle OBD-II dongle to upload the real mileage record, the identity of the OBD-II dongle needs to be ensured to be real. However, some users either install the compromised dongle directly to send some error data or install other users' legal OBD-II dongles on their own vehicles in order to evade inspection from the source. In order to avoid the occurrence of the situation, the server in the scheme needs to carry out identity authentication on the OBD-II dongle, so as to ensure that the vehicle and the OBD-II dongle are corresponding. The process is divided into four stages, and the specific flow is as follows:
1) Initial stage
The initial phase completes the establishment of PUF database on the server. In the production process of an OBD-II dongle, the manufacturer embeds the PUF into the OBD-II dongle. The establishment process is that the dongle registers the request and the own true identity ID dongle The response R calculated by the PUF is returned to the server, and the server uses the response R<ID dongle ,C i ,R i >The format stores the data and the process is repeated multiple times until the requirements are met. It should be noted that at this stage the communication between the OBD-II dongle and the server takes place in a secure channel without any risk of leakage, and the final database will be stored on the server for subsequent authentication of the OBD-II dongle.
2) Registration phase
The registration phase completes the registration of the OBD-II dongle on the server. When (when)When the vehicle owner registers and gets the OBD-II dongle, the traffic environmental protection department or insurance company can acquire the necessary information of the vehicle owner, such as the name username, license plate number vn, driver license number dln, etc. The server stores the information and the ID of the dongle dongle Hash to obtain vehicle associated with vehicle number vid=h (username ||vn|| dln ID dongle ) And the VID and the true identity ID of the OBD-II dongle are used for identifying the true identity ID of the VID and the true identity ID of the OBD-II dongle dongle Storing identity index table together, i.e. the format finally saved by the server is<ID dongle ,C i ,R i ,VID>。
(3) Authentication phase
The second diagram depicts the authentication flow of the server to the OBD-II dongle, and it should be noted that the connection between the smartphone and the server is secure, for example, the HTTPS protocol may be used to establish the secure connection, in which case this channel is considered secure. The specific flow is described as follows:
1) The vehicle owner firstly sends the relevant login credentials to a server in the smart phone APP, and after the server authenticates the user, the VID is sent to the vehicle owner's mobile phone, and the login is successful. This step is not performed every time, and the connection operation with the OBD-II dongle can be initiated after the login is successful.
2) After the vehicle owner logs in successfully, the vehicle owner can be connected with the OBD-II dongle in a wireless mode through Bluetooth.
3) The server initiates an authentication request, and the smart phone APP sends the VID to the server.
4) After receiving the VID, the server first searches whether the VID is in the database, and if so, the server randomly selects a pair (C i ,R i ) Otherwise it is not responded to.
5) The server generates a random number N s Calculation ofComputing the hash h=h (N) s ||C i ||N' s )。
6) The server will be h, N s ,C i TransmittingAnd forwarding the APP to the OBD-II dongle by the APP for the smart phone.
7) OBD-II dongle receives h, N s ,C i After that, firstly according to C i Calculating R i =PUF(C i ) According to R i And N s Calculation of Finally h=h (N s ||C i ||N' s ) Comparing whether h' and h are equal, if so, continuing the following flow, otherwise, terminating the authentication flow.
8) The dongle generates a random number N i Calculate h 1 =H(N s ||C i ||N i ) Will N i And h 1 And transmitting to the APP.
9) M forwarded by smart phone APP is received by server 2 Thereafter, for N i And h 1 And (5) performing verification. First calculate h' 1 =H(N s ||R i ||N i ) Comparison of h' 1 And h received 1 If the identity of the OBD and the identity of the dongle are the same, the server completes the identity authentication of the OBD-II dongle if the identity of the OBD and the identity authentication of the dongle are the same, otherwise, the authentication fails.
10 After successful authentication, the server deletes (C) from the database i ,R i )。
In the authentication phase and the communication phase, the smart phone APP plays a role in relaying messages, and as the smart phone APP is not authenticated by an application layer, an adversary CAN be connected with the OBD-II dongle in a WiFi, bluetooth and other modes, so that malicious data packets are forwarded to the CAN bus through the OBD-II dongle, and certain uncontrolled behaviors of the automobile are made, and therefore the smart phone needs to be authenticated. The third diagram describes the authentication flow of the OBD-II dongle to the smart phone APP, and is specifically described as follows:
1) The OBD-II dongle first initiates an authentication request.
2) After receiving the authentication request, the smart phone APP generatesGenerating a random number N i And VID and N i And sending the data to a server.
3) The server looks up whether the VID is in the database, and if so, randomly selects a pair (C i ,R i ) By exclusive OR R i Random number N i Obtaining an encryption keyCalculating CM i =Enc k' (N i ) The server will C i And CM (CM) i And sending the result to the smart phone APP.
4) Smart phone APP will M again 2 And N i And forwarded to the OBD-II dongle.
5) After the OBD-II dongle receives the message, it first calculates R i =PUF(C i ) And calculate the keyDecrypting CM with K i Obtaining N' i And comparing N' i And N i If the two are the same, the authentication of the intelligent mobile phone APP is completed, otherwise, the APP is considered to be dishonest.
(4) Establishing a secure session phase
After authentication of the OBD-II dongle and the smart phone APP is completed, a secure communication connection will be established between the server and the dongle. In the secure communication phase, the dongle and the server negotiate a secret key known to only two parties, and the specific process is as follows:
1) The server randomly selects a VID (C) i ,R i )。
2) The server calculates the session key K s =H(R i ||ID dongle ) And calculateCM is applied to i And C i And the data is sent to the smart phone, and the smart phone APP forwards the data to the OBD-II dongle.
3) Dongle receptionTo CM i And C i After that, K 'is calculated' s =H(PUF(C i )||ID dongle ) And K 'is used' s For CM i Decrypting, e.g. C after decryption i And received C i Identical, the session key K is certified s Is correct. The communication between the OBD-II dongle and the server then uses the symmetric key K s Encryption is performed.
The effect of the application of the present invention will be described in detail with reference to security analysis.
The invention realizes the bidirectional authentication, group key negotiation and distribution and the safe transmission of the data frames between the ECU and the GECU based on the PUF technology, and the security authentication of the ECU ensures that the data source is effective and safe and also ensures the safety of the CAN bus; before the message transmission, the plaintext message and the latest state of the ECU are subjected to exclusive OR operation, and the state of the ECU only exists in the ECU, so that the confidentiality of the message is ensured; before the data frame is transmitted, calculating an authentication tag by using a hash function with a secret key to ensure the integrity of the data frame; when the external equipment is physically or wirelessly accessed to the OBD interface, the identity authentication and key negotiation of the external equipment are respectively realized, malicious external equipment is prevented from accessing the OBD interface, and the CAN bus safety is protected.
The application embodiment of the invention provides computer equipment, which comprises a memory and a processor, wherein the memory stores a computer program, and the computer program enables the processor to execute the steps of the in-vehicle network identity authentication and key negotiation method when being executed by the processor.
The embodiment of the invention provides an information data processing terminal which is used for realizing an in-vehicle network identity authentication and key negotiation system.
The invention is divided into four parts, namely ECU authentication, group key distribution, secure transmission of data frames and external equipment security authentication.
The PUF is embedded into the ECU equipment, the uniqueness and unclonability of the PUF are utilized, the risk of long-term key leakage in the ECU is avoided, the key distribution process is simplified, once an adversary tries to physically attack the legal ECU, key information in the legal ECU is stolen, the identity of the equipment is counterfeited, the hardware of the ECU is damaged, correct response cannot be generated, the authentication of the ECU cannot be completed, the ECU cannot participate in the group key distribution stage, and subsequent attack of the adversary cannot be performed.
1. In the authentication stage of the ECU, the ECU is realized i And mutual authentication between GECUs. The ECU is received at the GECU i Is to be authenticated for request RM i After that, GECU randomly picks the ECU i A corresponding pair (C i ,R i ) And use R i And k i Calculating K' by exclusive OR operation, and then MAC 1 And C i Sent to the ECU i Challenges are made. In this process, the ECU i Specific challenge C of (2) i Corresponding PUF response R i Only through the ECU i Self PUF function calculation or GECU storage, only legal ECU i Can use C i Calculating corresponding response R i And K' is calculated. Adversary obtains long-term symmetric key k even by physically destroying ECU i But it cannot obtain R i It cannot be broken to get k'. Similarly, the ECU i R is paired with k i And Seed i Calculate message authentication code MAC 2 MAC is to 2 Sent to the GECU as a challenge, only the legitimate GECU can calculate K i And verifies the MAC 2 Through the process, the mutual authentication between the ECU and the GECU is completed, and the safety and the effectiveness of a data source are ensured.
2. After the execution of the ECU i And the mutual authentication of the GECU, then the distribution of the group session key is performed. GECU according to RK i In (a) and then calculates a group key GK, and then calculates a temporary group key GK' i Obtaining ID i ,RK i ,C i ,GK' i Hash value hash of (a) using a temporary encryption key K i Encrypting the ciphertext to obtain ciphertext CM i The GECU then sends CM i ,C i To the ECU in the group i . After receiving the message, use C i Calculating R i Then calculate the symmetric key K i Decryption using symmetric keysCM i Then, the hash value hash of the information verification message obtained through decryption is used for verifying, and after verification is successful, a temporary group session key GK 'is used' i The group session key GK is calculated.
3. In the data frame secure transmission phase, the plaintext message m is firstly transmitted i And ECU (electronic control Unit) i Is the latest state S of (2) i-1 An exclusive or operation is performed. Although the plaintext message is not encrypted using the encryption algorithm, the ECU i Message sender ECU only for latest state s And a receiving side ECU r After exclusive or operation is performed on the data, the adversary cannot acquire any state information in the public channel, so that the effect of encrypting the information is achieved. Furthermore, the identifier ID is paired using a keyed hash function i State S i Sum ciphertext CM i Calculate the authentication tag t i On the public channel, even if the adversary gets the ECU identifier information and intercepts the ciphertext content CM of the data field i But the group key GK and the state information S of the ECU i Is unknown to the adversary and unpredictable. Only legal ECU r The ciphertext can be decrypted using the recorded state information to obtain the plaintext message m i By updating the state information S i And compares the authentication label t i To verify the integrity of the data.
4. In the security authentication stage of the external equipment, when the external equipment is directly and physically connected to the OBD-II interface, the authentication of the external equipment is completed by utilizing a digital certificate and signature technology; when the OBD-II interface is accessed remotely through the OBD-II dongle, identity authentication of the OBD-II dongle and the smart phone APP is realized, and a session key between the OBD-II dongle and the server is negotiated.
When the external device is physically accessed, the GECU passes through an implicit certificate Cert sent by the external device EDEV Obtaining public key Q of EDEV after correlation calculation EDEV By Q EDEV To signature S EDEV And verifying to prove the legitimacy of the identity of the external equipment. During transmission, if certificate Cert EDEV Or signature S EDEV Forged by adversaries, normal signature verification process cannot be completed, and the authentication process will be completedAnd fail. After the identity authentication of the EDEV and the GECU is completed, the session key SK is negotiated together, key seeds are calculated by using a key distribution function based on key materials contributed by the EDEV and the GECU together, and the SK is calculated by hash operation. The adversary cannot acquire the key material s and k over the public channel and generate the session key SK.
When external equipment is accessed wirelessly, the server authenticates the APP through the login credentials, and only legal users have the correct login credentials. When authenticating OBD-II dongles, R is defined by unclonability and uniqueness of the PUF function i As part of the input of the hash function, only legal dongles can generate correct h ', after the dongles verify that h' and h are the same, authentication of the server is completed, and a random number N is generated i Calculate h 1 Server pair h 1 The verification completes the authentication of the OBD-II dongle.
During the development process, the safety of the present invention was analyzed using the Scyther tool. Scyther is a protocol formalized analysis tool. The tool may give explicit termination for protocols of unlimited sessions and unlimited sets of states, and support parallel analysis of multiple protocols. Scyther not only supports the Delov-Yao model, but also supports a self-defined security model and a strong security model, so that stronger attack capability can be defined for an attacker.
C for the two roles of ECU and GECU respectively in the ECU authentication stage i ,R i And K i Confidentiality of the ECU and GECU roles, weak consistency, non-unishot synchronicity.
In the group key distribution phase, three roles are set in the Scyther tool: GECU, ECU 1 And ECU (electronic control Unit) 2 Wherein to the ECU 1 And ECU (electronic control Unit) 2 Respectively declare C 1 ,R 1 ,K 1 ,GK' 1 And C 2 ,R 2 ,k 2 ,GK' 2 The GECU then needs to verify C 1 ,C 2 ,R 1 ,R 2 ,K 1 ,K 2 ,GK' 1 ,GK' 2 And GK confidentialitySex, and for GECU, ECU 1 And ECU (electronic control Unit) 2 The viability, weak consistency, non-unishot synchronicity of (c) are declared.
In the authentication of the wireless access OBD-II interface of the external equipment, the protocols of the authentication stage of the OBD-II dongle and the authentication stage of the APP of the smart phone by the dongle are respectively described in a form in the Scyther, and the tool is used for carrying out safety simulation analysis.
In the server authentication dongle stage, the security attributes of the main claims are: c (C) i And R is i The confidentiality of the server and the OBD-II dongle for both roles, weak consistency, non-unicast consistency and non-unicast synchronicity.
In the authentication process of the dongle to the smart phone APP, the declared security attributes are as follows: c on server i ,R i Confidentiality of data and C on dongle i ,R i Confidentiality of data; server, smart phone APP, dongle three roles of survivability, weak consistency, non-unishot consistency and non-unishot synchronicity.
The verification result shows that the safety target is met in each stage of the invention, and the safety of the safety attribute can be effectively ensured in the implementation process.
Embodiment one: in-vehicle network identity authentication
In a specific in-vehicle network environment, each Electronic Control Unit (ECU) is given a unique identity based on a PUF (physical uncloneable function). This identity is generated based on minor differences in the physical structure of the hardware device. Thus, each ECU has a unique identification that is not reproducible.
When the ECU starts and tries to connect to the on-vehicle network, it first needs to perform identity authentication. The ECU sends the identity generated by its PUF to an authentication server, which compares this identity with records in its database. If so, the authentication is successful and the ECU is allowed to connect to the network. Otherwise, the authentication fails and the ECU is denied connection.
The method utilizes the uniqueness of the PUF, ensures that only the ECU with legal identity can be connected to the vehicle-mounted network, and effectively prevents illegal equipment from being accessed.
Embodiment two: external device access
The access procedure is slightly different for external devices, such as smartphones or tablet computers. First, the external device needs to establish a connection with the in-vehicle network through bluetooth or Wi-Fi. After connection is established, the external device needs to perform identity authentication.
This process includes two steps. First, the external device performs key exchange with the authentication server through Diffie-Hellman protocol to generate a session key. This session key is valid only in the current session and is known only to the device and the server. The external device then encrypts its identity with this session key and sends it to the server. The server decrypts the identity with the same session key and compares it with the records in its database. If so, the authentication is successful and the device is allowed to access the network. Otherwise, the authentication fails and the device is denied access.
The method ensures that only authenticated external equipment can access the vehicle-mounted network by utilizing the security of the Diffie-Hellman protocol, and effectively prevents illegal equipment from being accessed.
It should be noted that the embodiments of the present invention can be realized in hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or special purpose design hardware. Those of ordinary skill in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such as provided on a carrier medium such as a magnetic disk, CD or DVD-ROM, a programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The device of the present invention and its modules may be implemented by hardware circuitry, such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, etc., or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., as well as software executed by various types of processors, or by a combination of the above hardware circuitry and software, such as firmware.
The foregoing is merely illustrative of specific embodiments of the present invention, and the scope of the invention is not limited thereto, but any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention will be apparent to those skilled in the art within the scope of the present invention.

Claims (10)

1. An in-vehicle network identity authentication and key agreement method, comprising:
s1, ECU authentication based on PUF: based on the PUF, finishing bidirectional authentication between the ECU and the GECU;
s2, distributing a group session key: after authentication between ECUs is completed, negotiating a group session key GK, and distributing the group session key GK to the ECUs in the group by the GECU;
s3, authentication and safe transmission of the data frames: after the group key distribution is completed, generating an authentication tag through the group key GK to verify whether tampering occurs in the data frame transmission process;
s4, external equipment safety authentication: when the OBD-II interface is physically accessed, the identity authentication and session key negotiation of the external equipment are realized based on elliptic curve Diffie-Hellman key exchange and implicit certificates; when the OBD-II dongle is accessed wirelessly, the OBD-II dongle identity authentication and key negotiation are realized based on a PUF technology.
2. The in-vehicle network identity authentication and key agreement method according to claim 1, wherein S1 PUF-based ECU authentication exploits the random variability inherent in the integrated circuit physical microstructure, which produces a unique output in the form of a response R for one challenge C input.
3. The in-vehicle network identity authentication and key agreement method according to claim 2, wherein the PUF-based ECU authentication includes two stages of enrollment and authentication;
(1) Registration:
1)ECU i sending the registration request and ID of the GECU to the GECU i A number;
2) The GECU receives a certain ECU i After the GECU makes the recording, it sends a random challenge C to it i
3)ECU i Challenge value C of received GECU i ,ECU i Calculating R i =PUF(C i ) And calculate the response R i Returning to the GECU;
4) GECU receives R i Thereafter, by<ID i ,C i ,R i >Storing a format;
(2) Authentication:
1)ECU i sending authentication request RM to GECU i
2) The GECU randomly selects one of the ECUs in a challenge-response pair (CRP) database based on its ID<C i ,R i >And calculates a temporary symmetric keyWherein k is i Is an ECU i A long-term symmetric key pre-shared with the GECU;
3) GECU is ECU i Generating a random number Seed i Calculation of Subsequently C is carried out i ,Seed i ,MAC 1 Sent to the ECU i
4)ECU i Upon receipt of C i ,Seed i And MAC 1 Thereafter, R is calculated first i =PUF(C i ) Then calculate If MAC 1 =MAC′ 1 ECU then i Authentication of the GECU is completed;
5)ECU i calculation ofMAC is to 2 Transmitting to the GECU;
6) GECU is receiving MAC 2 Thereafter, calculateAuthentication if MAC 2 =MAC′ 2 The GECU completes the process to the ECU i Is used for identity authentication.
4. The in-vehicle network identity authentication and key agreement method according to claim 1, wherein in S2 distributing the group session key, the GECU distributes the group key by:
1)ECU i sending a Key request RK to the GECU i
2) For each ECU i Is to request RK i GECU according to RK i The ECU is randomly selected based on the identity information of the electronic control unit i Is a pair of (a)<C i ,R i >After which calculationWherein i=1, 2, 3..m;
3) GECU computes group keysAnd calculates a temporary group key +.>
4) GECU calculates hash=h (ID i ||RK i ||C i ||GK′ i ) Then calculate the temporary encryption keyKey(s) Encrypting the ciphertext by using a symmetric encryption algorithm to obtain the ciphertext +.>
5) GECU sends ciphertext information CM i Challenge C i Transmitted to ECU i
6) Same group of ECUs i After receiving the message sent by the GECU, firstly pass C i Calculating R i =PUF(C i ) And calculates a symmetric key
7)ECU i Decryption is performed to obtain hash, GK' i And C i By comparing decrypted C i And C transmitted from previous GECU i If the two are the same, prove C in the transmission process i If the current flow is not tampered by the adversary, continuing the following steps, otherwise, stopping the current flow;
8)ECU i GK 'obtained by decryption' i And the existing information, calculate hash' =h (ID i ||RK i ||C i ||GK′ i ) Judging the temporary group key GK 'and the key request RK by comparing the hash' and the hash i Whether tampered with by an adversary; if the key distribution flow is the same, continuing the following flow, otherwise, stopping the current key distribution flow;
9) ECUi calculationThen pass through GK' i And A i Exclusive or operation is carried out between the two to obtain a session group key +.>
5. The in-vehicle network identity authentication and key agreement method according to claim 1, wherein each ECU maintains a own state information S in the authentication and security transmission of the S3 data frame i I.e. each state S i All are composed of three parts, i represents a counter, ">Representing an initial sub-state->Representation->Is a previous u sub-states of (2);the definition is given by the following formula:
6. the in-vehicle network identity authentication and key agreement method according to claim 5, wherein the data frame authentication and secure transmission includes the steps of:
1) Communication systemBefore starting, each ECU in the group generates an initial internal stateAnd the initial internal states are all the same;
2) When sending message m i At the time, ECU s At this time, the own state is S i-1 By exclusive-or of state information S i-1 And plaintext message m i Obtaining ciphertext
3)ECU s First, calculate the authentication tag t i =H GK (ID i ||S i-1 ||CM i ) Encrypted message CM i And authentication tag t i Is arranged in a data field and transmitted to the ECU r
4)ECU s Updating the current sub-state, updating the rule toThe updated self state is
5)ECU s After updating the state, the message is sent to the ECU r
6)ECU r After receiving the data frame, first calculate the authentication tag t' i =H GK (ID i ||S i-1 ||CM i ) By comparing t' i And t i Verifying whether tampering actions are implemented on the data frame by an adversary in the data frame transmission process or not by the same data frame transmission process or not;
7)ECU r recovering plaintext message m i
8)ECU r The update sub-state is a state that,update rule to +.>The updated self state is
7. The in-vehicle network identity authentication and key agreement method according to claim 1, wherein S4 the external device security authentication includes two types of physical access and wireless access;
(1) Physical access OBD interface:
1) Signature: the External Device (EDEV) first selects a random number a, calculates:
Y=aG
h=H(Y||ID GECU )
obtain signature S EDEV
2) The external device EDEV signs S with Y EDEV And its own certificate Cert EDEV Sending to the GECU;
3) Calculating a public key: after the GECU receives the message, calculating:
(P EDEV ,ID EDEV )=decode(Cert EDEV )
e 1 =H(Cert EDEV )
Q EDEV =e 1 P EDEV +Q CA
wherein P is EDEV Is the public key reconstruction value of EDEV, Q EDEV Is the public key of the EDEV;
4) Verifying the signature: GECU uses public key Q EDEV Verifying the digital signature to obtain a message digest H, and calculating H' =h (y||id) GECU ) Comparing the information abstract h after verifying the signature with the reuse hashH ' calculated by the algorithm is consistent, if the h ' and the h ' are consistent, the signature verification is successful, otherwise, the authentication flow is ended;
5) Signature: the GECU generates a random number b, calculates w=bg, and first pairs W, Y and ID EDEV Performing hash operation to obtain a hash value, and then signing the hash value to obtain the signature GECU will W, signature S GECU And certificate Cert of GECU GECU Transmitting to the EDEV;
6) Calculating a public key: after receiving the message from the EDEV, the GECU performs the following calculations:
(P GECU ,ID GECU )=decode(Cert GECU )
e 2 =H(Cert GECU )
Q GECU =e 2 P GECU +Q CA
wherein P is GECU Is the public key reconstruction value of the GECU, Q GECU Is the public key of the GECU;
7) Verifying the signature: EDEV uses public key Q GECU Verifying digital signature S GECU Obtaining the information abstract h 1 By calculating h' 1 =H(Y||ID EDEV ||w), compare information summary h 1 And h' 1 If the two are consistent, verifying the signature is successful, otherwise, ending the authentication flow;
8) Calculating a key: GECU use d GECU And Q EDEV Calculating s=d GECU Q EDEV Calculating k=by= abG using Y and b; EDEV use d EDEV And Q GECU Calculating s=d EDEV Q GECU Calculating k=aw= abG using W and a; both parties use the key distribution function to distribute s, ID GECU 、ID EDEV And k as an input to the device, generating seed=kdf (s ID) GECU ||ID EDEV The step I is that k), then the seed is subjected to hash operation once, and a session key SK is generated;
(2) Wireless access OBD-II interface:
authentication:
the server authenticates the OBD-II dongle:
1) Firstly, a vehicle owner sends a relevant login credential to a server in a smart phone APP, and after the server authenticates a user, the server sends a VID to the vehicle owner's mobile phone and login is successful; this step is not performed every time, and the connection operation with the OBD-II dongle can be initiated after the login is successful;
2) After the vehicle owner logs in successfully, the vehicle owner can be connected with the OBD-II dongle in a wireless way through Bluetooth;
3) The server initiates an authentication request, and the smart phone APP sends the VID to the server;
4) After receiving the VID, the server first searches whether the VID is in the database, and if so, the server randomly selects a pair (C i ,R i ) Otherwise, not responding to the same;
5) The server generates a random number N s Calculation ofComputing the hash h=h (N) s ||C i ||N′ s );
6) The server will be h, N s ,C i Transmitting the data to an intelligent mobile phone APP, and forwarding the data to an OBD-II dongle by the APP;
7) OBD-II dongle receives h, N s ,C i After that, firstly according to C i Calculating R i =PUF(C i ) According to R i And N s Calculation ofFinally h=h (N s ||C i ||N′ s ) Comparing whether h' and h are equal, if so, continuing the following flow, otherwise, terminating the authentication flow;
8) The dongle generates a random number N i Calculate h 1 =H(N s ||C i ||N i ) Will N i And h 1 Transmitting to the APP;
9) M forwarded by smart phone APP is received by server 2 Thereafter, for N i And h 1 Verification is performed by first calculating h' 1 =H(N s ||R i ||N i ) Comparison of h' 1 And h received 1 If the identity of the OBD and the identity of the OBD are the same, the server completes the identity authentication of the OBD-II dongle, otherwise, the authentication fails;
10 After successful authentication, the server deletes (C) from the database i ,R i );
The OBD-II dongle authenticates the smart phone APP:
1) The OBD-II dongle initiates an authentication request first;
2) After receiving the authentication request, the smart phone APP generates a random number N i And VID and N i Sending the data to a server;
3) The server looks up whether the VID is in the database, and if so, randomly selects a pair (C i ,R i ) By exclusive OR R i Random number N i Obtaining an encryption keyCalculating CM i =Enc k′ (N i ) The server will C i And CM (CM) i Sending the data to a smart phone APP;
4) Smart phone APP will M again 2 And N i Forwarding to the OBD-II dongle;
5) After the OBD-II dongle receives the message, it first calculates R i =PUF(C i ) And calculate the key Decrypting CM with K i Obtaining N' i And comparing N' i And N i Whether or not to useIf the two are the same, the authentication of the APP of the smart phone is finished, otherwise, the APP is considered as dishonest;
Establishing a secure session phase:
1) The server randomly selects a VID (C) i ,R i );
2) The server calculates the session key K s =H(R i ||ID dongle ) And calculateCM is applied to i And C i The method comprises the steps of sending the data to a smart phone, and forwarding the data to an OBD-II dongle by a smart phone APP;
3) Dongle receives CM i And C i After that, K 'is calculated' s =H(PUF(C i )||ID dongle ) And K 'is used' s For CM i Decrypting, e.g. C after decryption i And received C i Identical, the session key K is certified s Is correct, after which the communication between the OBD-II dongle and the server uses the symmetric key K s Encryption is performed.
8. An in-vehicle network identity authentication and key agreement system, comprising:
and the ECU authentication module: based on the PUF, finishing bidirectional authentication between the ECU and the GECU;
group session key distribution module: after authentication between ECUs is completed, negotiating a group session key, and distributing the group session key to the ECUs in the group by the GECU;
and a safety transmission module: after the group key distribution is completed, verifying whether tampering occurs in the data frame transmission process through generating an authentication tag by the group key;
external device security authentication module: when the OBD-II interface is physically accessed, the identity authentication and session key negotiation of the external equipment are realized based on elliptic curve Diffie-Hellman key exchange and implicit certificates; when the OBD-II dongle is accessed wirelessly, the OBD-II dongle identity authentication and key negotiation are realized based on a PUF technology.
9. A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the in-vehicle network identity authentication and key agreement method of claim 8.
10. An information data processing terminal for implementing the in-vehicle network identity authentication and key agreement system according to any one of claims 1 to 7.
CN202311304686.9A 2023-10-10 2023-10-10 In-vehicle network identity authentication and key negotiation method, system and terminal Pending CN117439740A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311304686.9A CN117439740A (en) 2023-10-10 2023-10-10 In-vehicle network identity authentication and key negotiation method, system and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311304686.9A CN117439740A (en) 2023-10-10 2023-10-10 In-vehicle network identity authentication and key negotiation method, system and terminal

Publications (1)

Publication Number Publication Date
CN117439740A true CN117439740A (en) 2024-01-23

Family

ID=89548966

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311304686.9A Pending CN117439740A (en) 2023-10-10 2023-10-10 In-vehicle network identity authentication and key negotiation method, system and terminal

Country Status (1)

Country Link
CN (1) CN117439740A (en)

Similar Documents

Publication Publication Date Title
US10293785B2 (en) Certificate-based pairing of key fob device and control unit
US10382485B2 (en) Blockchain-assisted public key infrastructure for internet of things applications
CN110637328B (en) Vehicle access method based on portable equipment
CN104683112B (en) A kind of car car safety communicating method that certification is assisted based on RSU
CN107105060B (en) Method for realizing information security of electric automobile
Chuang et al. TEAM: Trust-extended authentication mechanism for vehicular ad hoc networks
WO2019109727A1 (en) Identity verification method and apparatus
CN110290525A (en) A kind of sharing method and system, mobile terminal of vehicle number key
CN110177354A (en) A kind of wireless control method and system of vehicle
CN112671798B (en) Service request method, device and system in Internet of vehicles
CN103532713B (en) Sensor authentication and shared key production method and system and sensor
Wang et al. NOTSA: Novel OBU with three-level security architecture for internet of vehicles
CN107493165B (en) Internet of vehicles authentication and key agreement method with strong anonymity
CN112396735B (en) Internet automobile digital key safety authentication method and device
CN113905351B (en) Internet of vehicles authentication method based on block chain and confidential calculation
US20210167963A1 (en) Decentralised Authentication
CN108933665B (en) Method for applying lightweight V2I group communication authentication protocol in VANETs
CN108377184B (en) Distributed authentication encryption method for internal network of intelligent automobile
CN111552270A (en) Safety authentication and data transmission method and device for vehicle-mounted diagnosis
Su et al. Blockchain-based internet of vehicles privacy protection system
Dolev et al. Certificating vehicle public key with vehicle attributes a (periodical) licensing routine, against man-in-the-middle attacks and beyond
CN113839782B (en) Light-weight safe communication method for CAN (controller area network) bus in vehicle based on PUF (physical unclonable function)
CN114389812B (en) Internet of vehicles lightweight privacy protection batch authentication method based on PUF
CN111274570A (en) Encryption authentication method and device, server, readable storage medium and air conditioner
CN117439740A (en) In-vehicle network identity authentication and key negotiation method, system and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination