EP3542510A1 - Method for a communications network, and electronic control unit - Google Patents
Method for a communications network, and electronic control unitInfo
- Publication number
- EP3542510A1 EP3542510A1 EP17804113.3A EP17804113A EP3542510A1 EP 3542510 A1 EP3542510 A1 EP 3542510A1 EP 17804113 A EP17804113 A EP 17804113A EP 3542510 A1 EP3542510 A1 EP 3542510A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- communication
- risk
- data transmission
- control unit
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40052—High-speed IEEE 1394 serial bus
- H04L12/40104—Security; Encryption; Content protection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/14—Multichannel or multilink protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Definitions
- the present invention relates to methods for a communication network according to claim 1 and an electronic control unit.
- Ethernet and the overlying Internet Protocol find techniques in communication networks of vehicles collection, which are already widely used in the context of informa ⁇ tion of technical systems.
- IP Internet Protocol
- a communication packet usually comprises headers of superordinate layers of a protocol stack of a transmitting device.
- a protocol stack of a packet reception device will proceed stepwise upon reception of this communication and investigate this by previously defi ned ⁇ filter to pass the transmitted data, for example, a corresponding software application.
- a TCP / IP stack will be in a controller from a communication packet, such as an Ethernet message, and passed on the basis of the analysis of the content to the appropriate application.
- the complexity of protocol stacks increases significantly with the number of protocols used.
- audio / video bridging (AVB) for the transmission and playback of audio and video data includes four sub-protocols and time-sensitive networking (TSN) even eleven sub-protocols and extensive specifications.
- the object of the invention is to provide a method and a device by means of which a vehicle network can be designed to be safer with respect to third-party access.
- the invention proposes a method for a communication network in a motor vehicle, wherein for communication in the communication network a data transmission in min. at least one communication path is performed.
- He invention ⁇ contemporary method comprising at least one step, preferably several steps. These steps relate at least to an evaluation of the communication paths in question with regard to their attack risk.
- the attack risk represents the risk that the communication path has with regard to an attack to exploit security vulnerabilities. In other words, this is the risk of the communication path becoming the victim of a third party attack (cyberattack / hacker attack) that gains access to information or control over control mechanisms through its attack. Such a takeover of control by third parties can have an effect on safety in the automobile, in particular of the vehicle occupants , and is therefore to be avoided. This can be achieved by the invention.
- a communication path is to be understood in the context of the invention such that a path comprises a plurality of communication subscribers and a connection for data transmission between the subscribers.
- a path comprises a plurality of communication subscribers and a connection for data transmission between the subscribers.
- several communication paths may be present which are suitable for a specific communication or data transmission or various data transmissions.
- the gaps can either be eliminated and / or reduced, or connections between communication participants can be made such that there is a low security risk for an attack.
- At least one data transmission protocol is provided for the data transmission in the communication path.
- the data transmission protocols used for data transmission are also evaluated for their attack risk.
- the data transfer protocols are example ⁇ , as Ethernet, FlexRay, VLAN (Virtual Local Area Network), IP (Internet Protocol), AVB (Audio / Video Bridging), TSN (time-sensitive networking) or SOME / IP (Scalable service-oriented middleware over IP).
- the additional evaluation of the data transfer protocols provides a broader database so that better coverage of gaps and thus better security against attacks can be achieved.
- the steps of the method also relate to the selection of a communication path and a data transmission protocol for data transmission ba ⁇ sierend on the determined measurement of the related attack risks and performing the data transmission with the selected communication path and the selected data transmission protocol.
- the data transmission can be configured by the assessments of the attack risk in such a way that there is a low security risk for an attack on the network.
- the safety of a vehicle network can be increased by the invention, in particular without fi ⁇ nancial overhead.
- Ethernet or other data transmission systems such as FlexRay
- the use of Ethernet or other data transmission systems (such as FlexRay) in automobiles requires, among other things, mechanisms that exploit simple technologies and given properties of technologies in order to be able to dispense with expensive implementations and additional additional hardware.
- Early detection of attacks and misconduct through early analysis of communication paths helps to identify gaps and errors prior to delivery of the vehicle.
- the network system according to the invention is improved in terms of cost and reliability.
- the testability of the system is achieved by the invention clearly defined and thus test costs can be saved.
- the invention provides a transparent security ⁇ functionality.
- each communication path comprises a plurality of communication users.
- the communication subscribers particularly preferably include at least one transmitter and one receiver, between which a communication in the form of a data transmission is performed.
- at least one of the communication participants ie either the transmitter or the receiver, is part of the communication network in the automobile.
- this participant is arranged in the car.
- the other communication participant can either also be part of the communication network - and then would also be in the
- An external subscriber can be, for example an externally arranged control unit or a computer cloud ( "cloud") According to the further development of the subscriber, which is part of the network, preferably as a control unit (eg, ECU - Electronic Control Unit). Of the motor vehicle from ⁇ formed.
- a control unit eg, ECU - Electronic Control Unit
- the method preferably comprises, as further steps, a determination of interface parameters of at least one of the communication subscribers and / or connectivity parameters of at least one of the communication subscribers.
- the determined parameters are particularly preferably stored or stored in a database or in a common database.
- the at least one database can be particularly preferably on a central control unit or central r
- the interface parameters and / or connectivity parameters are tightened in terms of their attack risk in a further step for the evaluation of the communication paths .
- Each communication subscriber preferably has one or more interfaces for data transmission.
- the interface parameters include at least information regarding the
- Interfaces supported and / or forwarded data transmission protocols can also be provided, or alternatively, to determine whether the interfaces for a diagnostic function or a charging function (OBD,
- Powerline Besides are provided.
- the vehicle in particular electric vehicle
- data can also be coupled in via the interface or on the power line.
- the interface is provided alternatively or additionally, be examined for their speed with respect to the Da ⁇ tenübertragung out.
- the connectivity parameters comprise at least information regarding the support of connection technologies and / or distribution functionalities.
- the control unit may, for example, support various radio technologies, such as WLAN or Bluetooth. Whether the control unit has access to multiple buses, is part of the parameter of Verteilerfunkti ⁇ tionality. This also determines whether access to switches, bridges, routers and / or gateways is possible.
- the parameters are preferably stored in a database, wherein particularly preferably also information regarding the MAC address and / or IP address of the control unit and with the Control unit directly connected to other devices are stored.
- a state analysis is thus carried out according to the previously mentioned method, by determining which communication participants are present and what properties they bring with it. This state analysis is then subjected to a risk assessment to uncover gaps for possible attacks.
- parameters are also determined for the evaluation of the attack risk of the data transmission protocols and stored in a database.
- the protocol stack ⁇ (protocol stack) are particularly preferred analyzed.
- the determined parameters of the data transmission protocols relate at least to the frequency of the data protocol used, the suitability for communication with a specific number of receivers and / or the type of transmission.
- the type of transmission relates, for example, to the direction of the transmission, the synchronization or non-synchronization, the position of the communication participants and / or the connection orientation.
- a connection orientation the beginning and the end of a connection are defined by special packet sequences.
- it can be included as a parameter of the data transmission protocols, whether it is a packet-oriented communication or a streaming.
- the communication paths and data transmission protocols are assigned to risk classes using the respectively associated evaluations. This will be the process of deciding for or made simpler against the data transmission by means of a communication path and data transmission protocol. In other words, it is easier to make a decision with which communication path and which data transmission protocol the communication should take place.
- Infor ⁇ mation are used to different attack scenarios for assessing the risk of attack communication paths.
- This information is preferably also stored in a database, which is stored in particular in a memory and is not constantly updated.
- the information on the attack scenarios can also be updated on a regular basis so that more recent attack scenarios can also be taken into account.
- the update can be done, for example, via updates from an external data connection, in which a comparison of the information takes place.
- the information most preferably relate to various possible ⁇ grabbed species and an assessment of the security risk for the automobile and its occupants.
- attack is, for example, DoS - Denial of Service, in which an overload is caused by a third party, which leads to the failure of a function or a service.
- the evaluation of the communication path can thus be advantageously tailored to one or more attack scenarios, which, for example, occur statistically most frequently.
- the information on the various attack scenarios can also be used to evaluate the data transmission protocols.
- a detailed analysis is carried out by the procedure described above or there are detailed information stored in order to make an assessment of the attack risk of the network as accurately as possible.
- a further preferred embodiment of the invention can be determined before selecting a suitable communication path and the appropriate data transmission protocol, whether the communication may take place at all or whether this - by too high security risks - should be prevented.
- other measures can be taken in response to one or more of the reviews - namely, for example, a specific configuration of the firewall.
- the method according to the invention is preferably carried out once at the end of the tape (after the end of the production of the automobile), after a software update, after the disclosure of security vulnerabilities or when exchanging or updating a subscriber of the communication path.
- a software update after the disclosure of security vulnerabilities or when exchanging or updating a subscriber of the communication path.
- the evaluation of the attack risk of the communication paths is performed by means of a Algo ⁇ algorithm.
- the algorithm can also create preferred risk classes by attack risk and assign the commu ⁇ nikationspfade risk classes.
- the algorithm applies in particular one or more databases respect to the parameters of the communication paths, the supply REMtra ⁇ protocols and / or information on various attack scenarios in the evaluation a.
- a particular communication path is selected, provided or predetermined for the data transmission, then e.g. On the evaluation of the attack risk, a data transmission protocol for the communication are selected, which is a high
- the path can be selected based on the evaluation of the communication paths, which offers high security against attacks.
- the constellation can be selected from a plurality of possible communication paths and data transmission protocols, which can be selected in the interaction between communication path and data transmission protocol. Transmission protocol carries the least security risk.
- At least one of the databases is stored in a secure memory area.
- this secure memory area is provided with encryption and thus protected against attacks.
- the secure memory area may be e.g. be arranged on a central control unit.
- the invention further relates to an electronic con troll ⁇ unit or control unit for a motor vehicle control device, which is designed for carrying out the method.
- Fig. 2 is an exemplary illustration of a software stack
- Fig. 3 shows an exemplary example of a complex ether net / IP communication stack and its desperation ⁇ conditions
- Fig. 5 shows an exemplary embodiment of the erfindungsge ⁇ MAESSEN process wherein a determination of connectivity parameters and Thomasstellenparame ⁇ tern a control device is shown
- Fig. 6 illustrates an exemplary embodiment of the erfindungsge ⁇ MAESSEN process wherein a determination of parameters is shown for data transmission protocols, 7 an exemplary risk assessment of the protocols,
- Fig. 9 embodiment of the method according to the invention for securing a communication path.
- FIG. 1 shows the general structure of a known commu ⁇ nikations its or stack 1.
- Ethernet and IP Internet Protocol
- the first merger of the Internet world with AUTOSAR requires a lot of initial effort, since both worlds work quite differently (eg static vs. dynamic).
- Fig. 1 shows a typical communication packet.
- the communication packet comprises the actual data content 3 and, by way of example, several headers 2a-d, the different ones
- Layers of the software stack are assigned. Provided for each layer of the software stack in a header, which provides the layer of the software stack necessary information for processing the communication packet.
- FIG. 2 shows an exemplary illustration of a software stack 4 in a control device.
- Shown is an example of a TCP / IP stack 6.
- This is from a communication package (eg as shown in Figure 1), analyzing the packet. Based on the analysis of the content, it is determined to which application the communication packet is forwarded.
- the illustrated TCP / IP stack 6 comprises several layers, shown here as reference numerals 8, 10 and 12, wherein layer 8 as MAC (Media Access Control), layer 10 as IP (Internet Protocol) and layer 12 as TCP / UDP (Transmission Control Protocol / User Data Protocol) is formed.
- the headers of the communication packet are each assigned to one of these layers.
- the MAC layer 8 is representative of the layers one (physical layer) (eg with header 2a in FIG. 1) and two (bit transmission) (eg with header 2b in FIG. 1) according to the well-known OSI model, IP for the third layer (eg with header 2c in FIG. 1) of the OSI model and TCP / UDP for the fourth layer (eg with header 2d in FIG. 1) of the OSI model.
- the layer "middleware" ready to what the layers of five and six of the OSI model corresponds to ( Kommu ⁇ nikations tenuung and Presentation).
- a seventh layer 16 followed by an application “Application” layer).
- Ethernet frames that is the data packets 1, are transmitted to the TCP / IP stack 6.
- Fig. 3 shows an exemplary example of a complex Ethernet / IP communication stack and its branches. It is evident that there are many ways of the contents of an Ethernet packet, which must be processed in such a soft ⁇ ware stack. The complexity of software stacks is increasing dramatically in the automobile with the advent of Ethernet and IP. The detectability for a deterministic software stack is no longer so easy, especially because of the manifold possibilities of branching.
- 4 shows an embodiment of the invention in which a database 20 is stored in a central gateway 22 or the central gateway 22 has access to this database 20. The database 20 contains information which is determined by the method according to the invention.
- Gateways Branching off the central gateway 22 are further gateways (GW) and control devices or possible communication partners (drawn as boxes) which are represented by CAN (Control Area Network), LIN (Local Interconnect Network), FlexRay, MOST (Media Oriented Systems Transport). , Wireless Local Area Network (WLAN), Low Voltage Differential Signaling (LVDS), Bluetooth or Ethernet.
- CAN Control Area Network
- LIN Local Interconnect Network
- FlexRay MOST
- MOST Media Oriented Systems Transport
- WLAN Wireless Local Area Network
- LVDS Low Voltage Differential Signaling
- Bluetooth Ethernet
- risk assessments for the individual connection options are stored at least in one database (eg 20).
- the risk assessments indicate the risk of obtaining access to data and / or control of control mechanisms in the vehicle from third parties via the connection.
- the information of this database 20 is used - eg by an algorithm - to assign communication paths and data transmission protocols to risk classes.
- On the basis of the risk classes it is then selected which communication path, in combination with which data transmission protocol, the communication or data transmission is to carry out between several participants. In this case, a combination of communications path and data transmission protocol is selected ⁇ preferred which have a relatively low security risk or in which a relatively low risk of attack has been detected.
- FIG. 5 shows an exemplary embodiment of the invention for determining connectivity parameters and interface parameters of a control unit.
- the control unit ECU
- radio links such as WLAN or Bluetooth (reference numeral 32). If so, the MAC address and / or the IP address of the device are determined 33 and stored in a database 20.
- the addresses (MAC and IP) of the devices connected to the control unit are also stored in the database 20.
- the addresses can be stored here as well as the Power status (if there is an interface for Powerline Communication) 35. Power status in this case can be the way the interface is powered, such as from an external battery or from an internal battery.
- the distributor radio ⁇ ality of the control unit concern 36.
- the control unit ⁇ has a distribution functionality, it can access ver ⁇ different buses and different communication reach participants (eg switch, router, gateway).
- participants eg switch, router, gateway.
- the respective state of the ports and the possible speeds in the database 20 are preferably also stored here 37.
- the state of the ports can be, for example, the energy states such as "off", “on “,” Energy Saving Mode “,” Wake up "etc. may be provided.
- a fast interface such as e.g. 100BASE-T1 is present, or not 38.
- a rate limiting function a data rate is set relative to a unit of time.
- Policing is then monitored so that the maximum data rate per unit time is not exceeded. If overshoot occurs, e.g. if more data than set are sent, these will be e.g. discarded.
- the information or settings relating to the functions mentioned can be recorded 39 as parameters for the interfaces and stored in a database 20.
- the individual interrogation steps can be run through in a programming loop and form part of an algorithm which can be used, for example, on a central control unit, e.g. Gateway 22, and preferably stored in a secure memory ready.
- the databases 20 are preferably stored in this or another secure memory area.
- the handenen in a network of a vehicle in front ⁇ control devices are preferably arranged by means of the abovementioned process based on their connectivity to risk classes to store important Pa ⁇ parameters, will take place standardized mechanisms assignment to security based on their.
- These ECUs are either equipped with wireless technologies or with open network interfaces, which can be contacted. ,
- a check on the protocol support can take place. This can happen once (end of tape), before pending connections to the outside, after a software update or when security holes become known in existing protocols.
- the method can be triggered centrally or requested by individual ECUs. If there is, for example, the creation of a commu ⁇ nikationspfades and to be transmitted from one antenna module by radio, for example, diagnostic data, the antenna module may examine the respective neighboring devices on their proto ⁇ kollunterstützung.
- Procedure steps of the algorithm are: 50: Start the Audit on Protocol Implementations Each controller 51 examines each interface 52 as to whether certain protocol types 53 are supported 54 and / or forwarded 55.
- Step 54 It is determined if the interface supports the protocol.
- Step 55 It is determined if the interface forwards the protocol.
- Step 56 storing information in a database 20, the information being e.g. the ECU, the interface and the type of protocol.
- the protocol types are preferably queried individually by the algorithm 53.
- the results are stored in a database 20. This results preferably in a table with the mention of the ECU, the interface and whether the respective protocol type is supported. Example could such a result table as shown in Fig. 7, are created.
- the matrix shown in Figure 7 reflects the actual implementation, not the specification. Errors during implementation or gaps can be identified by this.
- the matrix can serve, for example, the TÜV or system manufacturer to verify and test a vehicle for security - regardless of the resulting mechanisms and even before the vehicle is delivered to the end customer.
- FIG. 8 shows a critical path 60, which in this case consists of an external connection (eg radio connection to a cloud) 62.
- External connections are preferably considered in the analysis parameters a priori as critical or evaluated as an exclusively internal Verbin ⁇ applications.
- a data transfer in the form of a software download 64 is to be initiated, wherein the software is to be downloaded from the cloud 62.
- An internal memory 66 is for example connected to a gateway 68 (can be identical to 22) via a head unit 70 and the gateway 68 via a WLAN connection module 72 to the cloud 62.
- This chain of communication partners 62-72 thus provides according to the example
- This path 60 is evaluated for its attack risk, ie, how high the risk of becoming a victim of a third party attack, which could possibly endanger the safety in the vehicle.
- the individual communication participants 62-72 are examined for their connectivity parameters and their interface parameters.
- This path 60 shown by way of example in FIG. 8 can be specified by the system designer or architect and can be specified as such are also defined or determined dynamically.
- the path 60 can additionally be checked for its gaps. So it can happen that an uncritical path nevertheless becomes critical. For example, due to a malfunction of a control unit whose data are forwarded to a CPU, whereby another control unit is blocked and comes to a standstill.
- Ethernet VLAN
- time synchronization IP
- IP IP
- TCP IP
- SOME SOME
- a data stream which is considered safe, can be a danger if, instead of 10 data packets per second, 1000 are to be processed suddenly by a central processing unit.
- the CPU can also be several) is therefore so important because incoming data packets are always processed with a high priority (taken ⁇ and stored). If too many packets arrive at too high a frequency and packet size, the CPU may be blocked and the controller may fail altogether.
- a communication path is fixed, for example like that in FIG. 8, then the control devices 62-72 involved can be asked about their risk class and its protocol support. With the help of the necessary protocols for communication, gaps and / or risks can be identified immediately.
- the TCP traffic is routed to the CPU in the head unit 70. This information is available for the risk assessment. Even before the actual connection is established, the TCP traffic can be limited in the head unit 70 or earlier (in the gateway 68), ie a maximum packet data rate per second can be set.
- a firewall in the head unit 70 can be configured. This means that the filters of the firewall are set to this communication or higher priority is given.
- Fig. 9 shows a possible overall view of the method according to the invention. Accordingly, at the beginning of the method, queries are first of all made to the individual communication users with regard to their interfaces and their connectivity parameters 80. The results are stored in a database 20. Furthermore, eg as the next step, the supported data transmission protocols are queried 82 and also stored in a database. The risk of attack of the respective data transmission protocols is also stored. Generally there different types of data ⁇ tragungsprotokollen are already known, each existing attack risks may also already be stored as information in a database that is used then upon detection of protocols. The evaluation of the attack risk of the data transmission protocols then takes place on the basis of the stored information.
- a risk matrix 84 (as shown in FIG. 7) may arise.
- the path is then evaluated for its attack risk 86. This can be done by means of an algorithm. Subsequently, from the supported data transmission protocols, the protocol for the communication can be selected, which has a relatively low security risk (risk for an attack on the network).
- the classifications also allow the level of potential security resources to be determined and allocated 90, thereby allowing network planning and implementation to be planned and implemented during design, tape end programming, or a dynamic and disruptive architecture. Overview of the steps:
- the storage of the databases 20 and / or the algorithm for the evaluation is particularly preferably both centrally and in each individual control unit.
- a so-called risk assessment results can then be used to analyze and secure a communication path.
- This matrix is queried when creating a communication path and, if necessary, actions are defined.
- the resulting matrix reflects the actual implementation and not the specification. Errors during implementation or security gaps can be identified.
- the matrix can serve to verify and test a vehicle for information security.
- Protocol support e.g. An ECU will change its protocol option as there are problems on a path. Here, for example, safer protocols can be selected.
- the databases are provided with the reference numeral 20 in the present figures. However, the individual parameters and the risks of attack can also be stored in separate / own databases. In this case, there is then a database for each of the interface parameters for which
- Connectivity parameters for the attack risk of the communication paths or communication users, for the attack risk of the data transmission protocols and for the sicoclasses.
- the invention defines mechanisms to select the correct software branches for potential attack functions.
- the invention sets out which packages can and which do not find which type of application.
- the invention can be applied to tape end programming and system testing. Furthermore, more and more software updates for the car will be offered in the future, which will enable new functions. Due to the large variety of variants, the invention offers to check the software stacks in the vehicle after an update in the entirety, as well as partially and re-evaluate.
- the invention proposes a method that makes these control mechanisms and options via an interface in the network configured and usable. This makes it clear which potential gaps exist and whether the software meets given requirements. This process can also create transparency, making the whole network much easier to test and test in terms of security.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102016222741.6A DE102016222741A1 (en) | 2016-11-18 | 2016-11-18 | Method for a communication network and electronic control unit |
PCT/EP2017/079027 WO2018091401A1 (en) | 2016-11-18 | 2017-11-13 | Method for a communications network, and electronic control unit |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3542510A1 true EP3542510A1 (en) | 2019-09-25 |
Family
ID=60452608
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP17804113.3A Pending EP3542510A1 (en) | 2016-11-18 | 2017-11-13 | Method for a communications network, and electronic control unit |
Country Status (7)
Country | Link |
---|---|
US (1) | US11038912B2 (en) |
EP (1) | EP3542510A1 (en) |
JP (1) | JP2020501420A (en) |
KR (1) | KR102293752B1 (en) |
CN (1) | CN109937563B (en) |
DE (1) | DE102016222741A1 (en) |
WO (1) | WO2018091401A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3566400B1 (en) * | 2017-01-05 | 2022-08-17 | Guardknox Cyber Technologies Ltd. | Specially programmed computing systems with associated devices configured to implement centralized services ecu based on services oriented architecture and methods of use thereof |
JP2020184651A (en) * | 2019-04-26 | 2020-11-12 | 日本電産モビリティ株式会社 | On-vehicle control device and information processing device |
JP7411355B2 (en) * | 2019-08-30 | 2024-01-11 | マツダ株式会社 | In-vehicle network system |
CN114760092A (en) * | 2022-03-09 | 2022-07-15 | 浙江零跑科技股份有限公司 | Network data safety detection system for intelligent automobile and cloud platform |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8909926B2 (en) | 2002-10-21 | 2014-12-09 | Rockwell Automation Technologies, Inc. | System and methodology providing automation security analysis, validation, and learning in an industrial controller environment |
US8220042B2 (en) | 2005-09-12 | 2012-07-10 | Microsoft Corporation | Creating secure interactive connections with remote resources |
US9325737B2 (en) * | 2007-06-28 | 2016-04-26 | Motorola Solutions, Inc. | Security based network access selection |
JP2009071436A (en) | 2007-09-11 | 2009-04-02 | Toshiba Corp | Communication path selecting method, and information processing device for relaying |
JP5188288B2 (en) | 2008-06-25 | 2013-04-24 | 株式会社Kddi研究所 | Cryptographic protocol security verification device, security verification method and program |
US8051480B2 (en) | 2008-10-21 | 2011-11-01 | Lookout, Inc. | System and method for monitoring and analyzing multiple interfaces and multiple protocols |
CN101937421A (en) | 2009-07-03 | 2011-01-05 | 上海大潮电子技术有限公司 | Method for collecting real-time operation information of vehicle for operation security risk assessment |
US8863256B1 (en) * | 2011-01-14 | 2014-10-14 | Cisco Technology, Inc. | System and method for enabling secure transactions using flexible identity management in a vehicular environment |
JP6508631B2 (en) * | 2012-10-17 | 2019-05-08 | タワー−セク・リミテッド | Device for detection and prevention of attacks on vehicles |
EP3056394B1 (en) * | 2013-10-08 | 2022-11-30 | ICTK Holdings Co., Ltd. | Vehicle security network device and design method therefor |
US9282110B2 (en) * | 2013-11-27 | 2016-03-08 | Cisco Technology, Inc. | Cloud-assisted threat defense for connected vehicles |
US9398035B2 (en) * | 2013-12-31 | 2016-07-19 | Cisco Technology, Inc. | Attack mitigation using learning machines |
US10369942B2 (en) * | 2014-01-06 | 2019-08-06 | Argus Cyber Security Ltd. | Hosted watchman |
-
2016
- 2016-11-18 DE DE102016222741.6A patent/DE102016222741A1/en active Pending
-
2017
- 2017-11-13 WO PCT/EP2017/079027 patent/WO2018091401A1/en unknown
- 2017-11-13 EP EP17804113.3A patent/EP3542510A1/en active Pending
- 2017-11-13 KR KR1020197014356A patent/KR102293752B1/en active IP Right Grant
- 2017-11-13 US US16/344,876 patent/US11038912B2/en active Active
- 2017-11-13 JP JP2019526329A patent/JP2020501420A/en active Pending
- 2017-11-13 CN CN201780066678.1A patent/CN109937563B/en active Active
Also Published As
Publication number | Publication date |
---|---|
US11038912B2 (en) | 2021-06-15 |
CN109937563A (en) | 2019-06-25 |
JP2020501420A (en) | 2020-01-16 |
DE102016222741A1 (en) | 2018-05-24 |
US20190268368A1 (en) | 2019-08-29 |
WO2018091401A1 (en) | 2018-05-24 |
KR102293752B1 (en) | 2021-08-24 |
KR20190065439A (en) | 2019-06-11 |
CN109937563B (en) | 2021-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3542511B1 (en) | Process for a communication network and electronic control unit | |
EP2954498B1 (en) | Method and device for connecting a diagnostic unit to a control unit in a motor vehicle | |
EP3248362B1 (en) | Data transmission in a communications network | |
WO2018091401A1 (en) | Method for a communications network, and electronic control unit | |
DE102012208205A1 (en) | Data logging or stimulation in automotive Ethernet networks using the vehicle infrastructure | |
DE102017202022A1 (en) | Motor vehicle with an in-vehicle data network and method for operating the motor vehicle | |
DE112019005529T5 (en) | On-vehicle communication device, communication control method, and communication control program | |
DE112020003655T5 (en) | SDN-BASED INtrusion Prevention Method for In-Vehicle Networks and System for Utilizing The Same | |
DE102019210229A1 (en) | Method and device for the analysis of service-oriented communication | |
DE102014224944A1 (en) | Method and control unit for transmitting safety-relevant data in a motor vehicle by means of an Ethernet standard | |
DE102019210226A1 (en) | Device and method for attack detection in a communications network | |
CN114338234B (en) | Method and device for processing message | |
WO2011134761A2 (en) | Method for establishing a communication for at least one device | |
DE102019210223A1 (en) | Device and method for attack detection in a computer network | |
DE102004020880B4 (en) | Interface for communication between vehicle applications and vehicle bus systems | |
WO2020015835A1 (en) | Communication network and network interface | |
DE102018216959B4 (en) | Method for securing a data packet by an exchange in a network, exchange and motor vehicle | |
EP2039079B1 (en) | Communication system and communication method for data communication | |
EP2056535A2 (en) | Connector and procedure to provide access to a data processing network for data processing device. | |
WO2020099298A1 (en) | Control device architecture for vehicles | |
DE102016212755B3 (en) | Ethernet vehicle electrical system with protected configurability | |
DE102020128284A1 (en) | Method for monitoring a data network in a motor vehicle and switching device and motor vehicle | |
DE102021207870A1 (en) | Method and processing unit for managing diagnostic requests in a network | |
WO2021028186A1 (en) | Network distributor, automation network and method for transmitting data in an automation network | |
WO2004107675A2 (en) | Method for routing ip-packets to an external control component of a network node in an ip-packet switching communications network comprising several network nodes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20190618 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20210325 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: CONTINENTAL AUTOMOTIVE TECHNOLOGIES GMBH |