EP1741019A1 - Authentification d'appareils de commande dans un vehicule - Google Patents

Authentification d'appareils de commande dans un vehicule

Info

Publication number
EP1741019A1
EP1741019A1 EP04730262A EP04730262A EP1741019A1 EP 1741019 A1 EP1741019 A1 EP 1741019A1 EP 04730262 A EP04730262 A EP 04730262A EP 04730262 A EP04730262 A EP 04730262A EP 1741019 A1 EP1741019 A1 EP 1741019A1
Authority
EP
European Patent Office
Prior art keywords
authentication
authentication request
vehicle
signature
control device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP04730262A
Other languages
German (de)
English (en)
Inventor
Burkhard Kuhls
Horst Kiessling
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bayerische Motoren Werke AG
Original Assignee
Bayerische Motoren Werke AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bayerische Motoren Werke AG filed Critical Bayerische Motoren Werke AG
Publication of EP1741019A1 publication Critical patent/EP1741019A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/305Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • the invention relates in particular to a method for authenticating control devices in a bus system of a motor vehicle according to the preamble of claim 1.
  • the authorization can be checked using cryptographic measures.
  • the object of the present invention is in particular to specify a method which effectively prevents manipulation of a sequence control stored in a control unit at low costs.
  • a first control device of a plurality of control devices of the motor vehicle transmits an authentication request to an authentication device via the bus system.
  • the authentication request is preferably a random number or the like generated by the control device, which is only generated once.
  • the authentication device is preferably a central control device which has access to a symmetrical, cryptographic key and can carry out a symmetrical cryptographic method.
  • a symmetrical cryptographic method requires the resources, in particular the processor, the control unit or the authentication device, significantly less than an asymmetrical method, so that control units can be designed significantly more cost-effectively when using the invention.
  • the authentication device signs the authentication request using a first symmetrical key and transmits the signed authentication request or only the signature to the first control device.
  • the signature or the generation of the signature takes place by applying a hash algorithm to the authentication request or authentication data.
  • the hash algorithm delivers a hash value that is characteristic of the specific authentication data.
  • the hash value is encrypted with the first symmetrical key and the encrypted hash value is added to the authentication request or to the authentication data and transmitted together with the authentication request to the first control device.
  • only the signature or the encrypted hash value can be transmitted to the first control device, because the authentication request was generated there and is therefore already present.
  • the first control device compares the transmitted signature with a signature determined by the first control device using the symmetrical key for the authentication request.
  • the signature can be determined by the first control device in that the same hash algorithm that has been applied by the authentication device to the authentication request to determine the signature is also applied by the first control device to the authentication request. Again there is a hash value. This hash value or the one based on of the hash value using the symmetrical key is compared with the transmitted signature or the hash value obtained from the transmitted signature again using the symmetrical key.
  • the first control device and the authentication device are considered to be mutually authenticated, i.e. for the control device, the authentication device is considered to be genuine or authorized and vice versa. Accordingly, the first control device is preferably made ready for operation in the event of a positive comparison or agreement. As an alternative or in addition, the authentication device could be granted write and / or read access to an electronic memory of the first control device.
  • one or more further control devices of the bus system carry out an authentication with the authentication device in the manner described. These measures can therefore be used to check whether there are unauthorized control units or an unauthorized authentication device in the bus system.
  • the authentication of the control devices is compared to. the authentication device in order. This reduces the hardware resources required.
  • the motor vehicle can only be put into operation when largely all control units of the bus system have carried out the authentication method with a positive comparison result. This ensures the operational safety of the bus system and the compatibility of the bus users. This measure also increases the theft protection of the motor vehicle equipped with the bus system of the invention if an immobilizer is integrated in the bus system or in the control units.
  • the authentication method is carried out in each case before the driver is started. Stuff is made, preferably after opening the vehicle. This measure periodically checks operational safety, compatibility, etc.
  • the authentication method according to the invention is largely carried out only for those control devices which must be available when the vehicle is started in order to have the vehicle ready for operation with a short lead time, if necessary.
  • the authentication method according to the invention can then be carried out for the other control units after the vehicle has started, without impeding the startup of the motor vehicle.
  • the symmetrical key varies from vehicle to vehicle and a control device of a first vehicle when performing the authentication method according to the invention for a first symmetrical key and the same control device of a second vehicle when performing the method on one accesses second symmetric key.
  • the symmetrical key is preferably “housed” in the bus system in such a way that it can only be read by the authentication device and by the control units involved in the method, ie it remains secret and cannot be changed without authorization.
  • the symmetrical key is symmetrical Keys are stored in the non-externally readable or changeable boot area of each control unit and in the corresponding area of the authentication device. Because the symmetrical key varies from vehicle to vehicle, spying out the symmetrical key of a specific vehicle is comparatively harmless. This would, of course, be completely different when spying out a symmetrical key from a vehicle that "fits" all vehicles of the same type.
  • the method according to the invention runs in the opposite direction, i.e. that the authentication device transmits an authentication request to the first control device, the first control device signs the authentication request with the first symmetrical key and transmits the signed authentication request to the authentication device.
  • the comparison is shifted from the control device to the authentication device. This goes hand in hand with a resource relief for each control device and a resource load with the authentication device.
  • the multiple resource relief compared to a single resource load saves hardware costs.
  • the authentication device carries out a further authentication check using an asymmetrical encryption method with a device external to the vehicle, in particular a public key method.
  • the authentication device transmits an authentication request or authentication data to the device external to the vehicle.
  • the device external to the vehicle applies a hash algorithm to the authentication request or the authentication data, as a result of which a hash value is obtained.
  • the hash value is encrypted with a secret personal key and the encrypted hash value is added to the authentication request or to the authentication data, ie the authentication request is signed, and the signed authentication request or only the signature, ie the one with the secret Key encrypted hash value is transmitted to the authentication device.
  • the AU- The authentication device also applies the hash algorithm to the authentication request, the result being a second hash value.
  • the authentication device decrypts the encrypted hash value obtained from the device external to the vehicle with the public key which is complementary to the personal, secret key and compares the first with the second hash value. If the comparison is positive, ie if both hash values match, then the device external to the vehicle has the authentication device successfully authenticated in the vehicle. On this basis, the device external to the vehicle, under the control of the authentication device, can be granted write and / or read access to one or more memories of one or more control units.
  • the vehicle-external device is enabled to provide the memory of one or more control units with a new sequence control or software and / or with an activation code.
  • the new sequence control can in particular be a sequence control that the previous sequencer has been updated to remove software problems and / or provide additional functionality to the controller.
  • the new sequence control can be an addition to the sequence control already stored in the control unit, which in particular provides additional functions of the control unit.
  • the activation code can, in particular, be data which activates a sequence control or software kept ready to run in the control unit or elsewhere in the vehicle, in particular for a limited time. I.e. the sequence control or software already stored in the vehicle can only be executed after the activation code has been provided in the vehicle.
  • the invention enables a bus system of a motor vehicle with control devices, in which an authentication device is provided in the bus system and an inventive method is carried out in the bus system. Furthermore, the invention enables a computer program product for the authentication of control devices in a bus system of a motor vehicle, which allows a method to run according to one or more of the preceding method claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne en particulier un procédé pour authentifier des appareils de commande dans un système de bus d'un véhicule automobile. Pour empêcher, de manière efficace et peu onéreuse, la manipulation frauduleuse d'une commande séquentielle stockée dans un appareil de commande : un premier appareil de commande transmet une demande d'authentification à un dispositif d'authentification, par l'intermédiaire du système de bus ; le dispositif d'authentification signe la demande d'authentification au moyen d'une première clé symétrique, et transmet la demande d'authentification signée ou uniquement la signature au premier appareil de commande ; le premier appareil de commande compare la signature transmise de la demande d'authentification avec une signature déterminée par le premier appareil de commande au moyen de ladite clé symétrique, et/ou ; le premier appareil de commande décode la signature transmise de la demande d'authentification au moyen de la première clé symétrique, et une première valeur de hachage est obtenue, et ; le premier appareil de commande applique un algorithme de hachage à la demande d'authentification, ce qui permet d'obtenir une deuxième valeur de hachage, et ; le premier appareil de commande est rendu opérationnel si la comparaison entre les signatures et/ou les valeurs de hachage se révèle positive ou en cas de concordance entre lesdites signatures et/ou valeurs.
EP04730262A 2004-04-29 2004-04-29 Authentification d'appareils de commande dans un vehicule Ceased EP1741019A1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2004/004666 WO2005116834A1 (fr) 2004-04-29 2004-04-29 Authentification d'appareils de commande dans un vehicule

Publications (1)

Publication Number Publication Date
EP1741019A1 true EP1741019A1 (fr) 2007-01-10

Family

ID=34957499

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04730262A Ceased EP1741019A1 (fr) 2004-04-29 2004-04-29 Authentification d'appareils de commande dans un vehicule

Country Status (5)

Country Link
US (1) US20070118752A1 (fr)
EP (1) EP1741019A1 (fr)
JP (1) JP4469892B2 (fr)
CN (1) CN100492248C (fr)
WO (1) WO2005116834A1 (fr)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2898564B1 (fr) * 2006-03-14 2009-01-23 Peugeot Citroen Automobiles Sa Procede de configuration d'une unite de traitement d'informations configurable embarquee dans un vehicule automobile.
DE102007052993A1 (de) * 2007-11-05 2009-05-07 Volkswagen Ag Kommunikationsknoten und Verfahren zur Kommunikation zwischen mindestens zwei Kommunikationsknoten in einem Car2X-Kommunikationsnetzwerk
CN101559745B (zh) * 2009-05-15 2011-03-02 华南理工大学 一种防盗抢的车辆控制系统及其实现方法
US11042816B2 (en) 2009-10-30 2021-06-22 Getaround, Inc. Vehicle access control services and platform
JP5310761B2 (ja) 2011-03-04 2013-10-09 トヨタ自動車株式会社 車両ネットワークシステム
DE102011014688B3 (de) 2011-03-22 2012-03-22 Audi Ag Kraftwagen-Steuergerät mit kryptographischer Einrichtung
US8756430B2 (en) * 2011-04-14 2014-06-17 GM Global Technology Operations LLC Exploiting application characteristics for multiple-authenticator broadcast authentication schemes
DE102013101508A1 (de) 2012-02-20 2013-08-22 Denso Corporation Datenkommunikationsauthentifizierungssystem für ein Fahrzeug, Netzkopplungsvorrichtung für ein Fahrzeug, Datenkommunikationssystem für ein Fahrzeug und Datenkommunikationsvorrichtung für ein Fahrzeug
JP5900007B2 (ja) * 2012-02-20 2016-04-06 株式会社デンソー 車両用データ通信認証システム及び車両用ゲートウェイ装置
ES2805290T3 (es) 2012-03-29 2021-02-11 Arilou Information Security Tech Ltd Dispositivo para proteger un sistema electrónico de un vehículo
DE102014101917A1 (de) * 2013-02-14 2014-08-14 DGE Inc. CAN-basierte Wegfahrsperre
US9061645B2 (en) * 2013-02-15 2015-06-23 Clever Devices, Ltd Methods and apparatus for transmission control of a transit vehicle
US9450757B2 (en) * 2014-05-07 2016-09-20 Oxcept Limited Method and device for communication security
DE102015225787A1 (de) 2015-12-17 2017-06-22 Volkswagen Aktiengesellschaft Verfahren und Vorrichtung zur Empfängerauthentifikation in einem Fahrzeugnetzwerk
DE102016212230A1 (de) * 2016-07-05 2018-01-11 Bayerische Motoren Werke Aktiengesellschaft Verfahren zur sicheren Authentifizierung von Steuervorrichtungen in einem Kraftfahrzeug
US10664413B2 (en) * 2017-01-27 2020-05-26 Lear Corporation Hardware security for an electronic control unit
JP6884600B2 (ja) * 2017-03-02 2021-06-09 任天堂株式会社 無線通信システム、通信方法、情報処理装置、および、情報処理プログラム
DE102017212344A1 (de) * 2017-07-19 2019-01-24 Audi Ag Infotainmentsystem für ein Kraftfahrzeug
US10218499B1 (en) 2017-10-03 2019-02-26 Lear Corporation System and method for secure communications between controllers in a vehicle network
US10812257B2 (en) 2017-11-13 2020-10-20 Volkswagen Ag Systems and methods for a cryptographically guaranteed vehicle identity
RU2716871C1 (ru) * 2019-03-19 2020-03-17 Дмитрий Михайлович Михайлов Система и способ защиты электронных систем управления транспортных средств от несанкционированного вторжения
US20230072454A1 (en) * 2021-08-24 2023-03-09 Robert Bosch Gmbh System and method for generating random numbers within a vehicle controller

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4411450C1 (de) * 1994-04-01 1995-03-30 Daimler Benz Ag Fahrzeugsicherungseinrichtung mit elektronischer Nutzungsberechtigungscodierung
DE19652256A1 (de) * 1996-12-16 1998-06-18 Bosch Gmbh Robert Verfahren zur Sicherung der Datenübertragung
US6032257A (en) * 1997-08-29 2000-02-29 Compaq Computer Corporation Hardware theft-protection architecture
DE19839354A1 (de) * 1998-08-28 2000-03-02 Daimler Chrysler Ag Fahrzeugkommunikationssystem
DE19909140A1 (de) * 1999-03-03 2000-09-21 Daimler Chrysler Ag Elektronische Entfernungsbestimmungsvorrichtung und damit ausgerüstete elektronische Sicherungsanlage
US20020059532A1 (en) * 2000-11-16 2002-05-16 Teruaki Ata Device and method for authentication
DE10102642B4 (de) * 2001-01-20 2015-06-18 Bayerische Motoren Werke Aktiengesellschaft Vorrichtung, Systemeinrichtung und Verwendung der Vorrichtung oder Systemeinrichtung zum Prüfen eines Steuergerätes für ein Fahrzeug
DE10112699C2 (de) * 2001-03-16 2003-06-18 Daimler Chrysler Ag Autorisierungsverfahren für die Kommunikation mit einem Datenbus
US7000115B2 (en) * 2001-06-19 2006-02-14 International Business Machines Corporation Method and apparatus for uniquely and authoritatively identifying tangible objects
DE10141737C1 (de) * 2001-08-25 2003-04-03 Daimler Chrysler Ag Verfahren zur sicheren Datenübertragung innerhalb eines Verkehrsmittels
DE10148323A1 (de) * 2001-09-29 2003-04-10 Daimler Chrysler Ag Verfahren zum Funktionstest von Steuergeräten und Programmen
US7010682B2 (en) * 2002-06-28 2006-03-07 Motorola, Inc. Method and system for vehicle authentication of a component
DE10238093B4 (de) * 2002-08-21 2007-10-18 Audi Ag Fahrzeug-Steuergerät

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005116834A1 *

Also Published As

Publication number Publication date
CN1942843A (zh) 2007-04-04
JP2007534544A (ja) 2007-11-29
WO2005116834A1 (fr) 2005-12-08
JP4469892B2 (ja) 2010-06-02
CN100492248C (zh) 2009-05-27
US20070118752A1 (en) 2007-05-24

Similar Documents

Publication Publication Date Title
WO2005116834A1 (fr) Authentification d'appareils de commande dans un vehicule
DE10008973B4 (de) Autorisierungsverfahren mit Zertifikat
EP1128242B1 (fr) Méthode de signature
DE102012110499B9 (de) Sicherheitszugangsverfahren für elektronische Automobil-Steuergeräte
EP2689553B1 (fr) Appareil de commande pour véhicule automobile avec dispositif cryptographique
DE102007058975B4 (de) Bordnetz eines Kraftfahrzeugs mit einem Master Security Modul
DE102007004645A1 (de) Tachograph
EP1740418B1 (fr) Authentification d'un dispositif de vehicule externe
EP1999521B1 (fr) Appareil de terrain
DE102012224194B4 (de) Steuersystem für ein Kraftfahrzeug
DE102010002472A1 (de) Verfahren zum Verifizieren eines Speicherblocks eines nicht-flüchtigen Speichers
EP2080144B1 (fr) Procédé pour la libération d'une carte à puce
EP1652337B1 (fr) Procede pour signer une quantite de donnees dans un systeme a cle publique et systeme de traitement de donnees pour la mise en oeuvre dudit procede
DE102008008969B4 (de) Bordnetz-System eines Kraftfahrzeugs mit einer Authentifizierungs-Vorrichtung
EP2491513B1 (fr) Procédé et système de fourniture d'objets de données à protection erdm
EP2562671A2 (fr) Procédé d'exécution d'un accès en écriture, produit de programme informatique, système informatique et carte à puce
DE102020206039A1 (de) Erstellen einer Container-Instanz
EP1642185A1 (fr) Procede d'authentification de composantes de logiciel pouvant etre notamment chargees dans un appareil de commande d'automobile
EP1054364A2 (fr) Méthode pour améliorer la sécurité de systèmes utilisant des signatures digitales
DE102009053230A1 (de) Verfahren zur Autorisierung eines externen Systems auf einem Steuergerät eines Fahrzeugs, insbesondere eines Kraftfahrzeugs
EP2230648A1 (fr) Masque de mot de passe à usage unique destiné à dévier un mot de passe à usage unique
EP3441898B1 (fr) Procédé et dispositif de protection d'un logiciel contre un utilisateur non-autorisé
DE102020200102A1 (de) Ver- und Entschlüsselung eines sicheren Speicherbereichs in einem Fahrzeug
DE102007063995B3 (de) Bordnetz eines Kraftfahrzeugs mit einem Master Security Modul
AT524619A1 (de) Computerimplementiertes Verfahren zum autorisierten Ausführen einer Software, System zur Datenverarbeitung, Computerprogrammprodukt und computerlesbares Speichermedium

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20060929

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE ES FR GB IT SE

17Q First examination report despatched

Effective date: 20070305

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE ES FR GB IT SE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20101016