GB2430585A - A firewall/gateway for a vehicle network/data bus - Google Patents

A firewall/gateway for a vehicle network/data bus Download PDF

Info

Publication number
GB2430585A
GB2430585A GB0505051A GB0505051A GB2430585A GB 2430585 A GB2430585 A GB 2430585A GB 0505051 A GB0505051 A GB 0505051A GB 0505051 A GB0505051 A GB 0505051A GB 2430585 A GB2430585 A GB 2430585A
Authority
GB
United Kingdom
Prior art keywords
connector
gateway
vehicle
connector component
diagnostic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0505051A
Other versions
GB0505051D0 (en
Inventor
John Roberts
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
P TEC Ltd
Original Assignee
P TEC Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by P TEC Ltd filed Critical P TEC Ltd
Priority to GB0505051A priority Critical patent/GB2430585A/en
Publication of GB0505051D0 publication Critical patent/GB0505051D0/en
Publication of GB2430585A publication Critical patent/GB2430585A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Details Of Connecting Devices For Male And Female Coupling (AREA)
  • Small-Scale Networks (AREA)

Abstract

A connector component for a vehicle wiring harness is disclosed. The connector component including a diagnostic connector that has an external interface to which diagnostic apparatus can be connected and an internal interface that connects to a data bus. The connector includes an integral gateway that operates to restrict interchange of signals between the external interface and the internal interface. At least one signal is passed between the external interface and the internal interface without restriction by the gateway. Such signals are used for authorised diagnostic purposes such as emissions testing. Those signals that are restricted by the gateway may be processed such that those that fall within a definition set forth by one or more rules are allowed to pass and other signals are not allowed to pass. Thus the gateway acts to prevent reverse engineering or circumventing security of the vehicle.

Description

1 2430585 Data Interface 5lhis invention relates to a data interface. It
has particular, but not exclusive, application R)r use in a vehicle, in particular a motor road vehicle.
Automotive vehicle original equipment manufacturers (OEMs) rely increasingly on electronic networks as the communications medium between in-vehicle electronic : control units (ECUs). Virtually every new vehicle, be it a private car, a commercial lOvehicle, a bus or an off-road vehicle, uses a networking technology based on the Controller Area Network (CAN) protocol to exchange control and measurement data * .... between their ECUs. The CAN protocol has also found applications in the marine * "I.
sector.
The exhaust emissions of vehicles powered by internal combustion engines are subject l5to ever more restrictive legislation aimed at controlling the quantity and composition of vehicle emissions. To this end, manufacturers must provide the ability for roadside test equipment to interrogate the emissions performance of the ECUs on their vehicles. In automotive terms, this is specifically the engine management ECU and the transmission ECU. Furthermore, the internationally agreed legislation defines not only the tests and 2Oacceptance criteria that the vehicle must meet, but also the communications interface and protocol that the vehicle has to implement in order to allow the tests to he carried out. For automotive (passenger cars), these requirements are defined in ISO-I 5765. All OEMs have to demonstrate that their vehicles' networks are filly compliant with the above standard. The aim of this standardization of the diagnostic communications 25interface is to ensure that any "ISO-compliant" roadside tester is guaranteed to communicate with all vehicles.
In order to implement the requirements of ISO-I 5765, OEMs typically route their CAN network to an ISO diagnostic connector. The advantage of this approach is that once each emissions-relevant ECUs has been made to comply with the requirements of ISO- 15765, no extra hardware need be added to the vehicle.
However, this approach has proven to have disadvantages. The CAN is electrically connected to the diagnostic connector on the interior of the vehicle and therefore the 5connected ECUs are vulnerable to damage from electrostatic discharge (ESD). This can cause disruption of the electrical functions of the vehicle and permanent damage requiring the replacement ol one or more ECUs. Also, all traffic on the CAN is accessible at the diagnostic connector, so any OEM-proprietary network data can be readily monitored. This type of access could benefit non-approved service organizations lOattempting to gain reverse-engineer the vehicle to develop an understanding of its operation or car thieves attempting to circumvent security systems.
It has previously been proposed to provide an interface module that isolates the CAN bus from the diagnostic connector. However, if this is to be provided on an existing vehicle, changes to the wiring harness, component packaging and production lines are : l5required, which represents a significant cost to a vehicle manufacturer.
An aim of this invention is to provide controlled access to a vehicle data bus for diagnostic equipment, while avoiding or mitigating these disadvantages.
To this end, this invention provides a connector component for a vehicle wiring harness, the connector component including a diagnostic connector that has an external interface 2Oto which diagnostic apparatus can be connected, an internal interface that connects to a data bus, and an integral gateway that operates to restrict interchange of signals between the external interface and the internal interface.
Since the vehicle wiring harness already has a connector component, substitution of a conventional connector component with one that embodies the invention provides 25protection for the data bus without increasing the total number of components present, and therefore requiring a minimum of change to the vehicle assembly procedures.
Advantageously, at least one signal is passed between the external interface and the internal interface without restriction by the gateway. Such signals are typically those that present no security risk nor that are connected to sensitive components.
Those signals that are restricted by the gateway may be processed such that: those that fall within a definition set forth by one or more rules are allowed to pass and other signals are not allowed to pass.
In order to further isolate the vehicle ECUs from electrical damage, the gateway may 5include an isolating link that includes no electrically conductive path. For example, the isolating link includes one or more of an optical link or a radio-frequency link. This arrangement can protect the vehicle control modules from high voltages or high currents applied to the external interface.
In preferred embodiments of the invention, the external interface of the connector is a lOdiagnostic interface that conforms to ISO-15765.
The connector may include a power supply stage to supply power to the gateway. Most advantageously, such a power supply stage draws power form the vehicle wiring harness.
* A connector embodying the invention is typically suitable for use in a motor road l5vehicle. In such embodiments, the internal interface typically is connected to a CAN bus. * *
From a second aspect, this invention provides a wiring harness for a vehicle that includes a diagnostic connector according to the first aspect of the invention.
An embodiment of the invention will now be described in detail, by way of example, 2Oand with reference to the accompanying drawings, in which Figure 1 shows diagrammatically a communication path for normal vehicle network network communication in a control network of a vehicle; Figure 2 shows diagrammatically a communication path for emissions-relevant diagnosis in the network of Figure 1; 25Figure 3 shows diagrammatically a control network of a vehicle embodying the invention; Figure 4 shows in greater detail a diagnostic connector of the control network of Figure 3; Figure 5 is a block diagram that shows the logical components of a gateway module of the connector of Figure 4; and 5Figure 6 is a diagram illustrating implementation of the invention using a processing unit.
With reference first to Figure 1, a vehicle control network comprises several electronic control units 10 (ECUs) that have a function that is relevant to the emissions produced by operation of the vehicle. It also has several ECUs 12 that have a function that is not I Orelevant to the emissions produced by operation of the vehicle. A diagnostic connector :* 14 is provided, the connector complying with the requirements of ISO-I 5765. These :* various components are all interconnected by a data bus 20 which, in this embodiment, is a control area network (CAN) bus. In Figures 1 and 2, those parts of the CAN bus that are active are shown in continuous lines and labelled 20, while those parts that are l5inactive are shown in dashed lines and labelled 20'.
During normal operation of the vehicle, any of the ECUs 10, 12 can place data onto the I data bus 20. The data is broadcast onto the bus 20, and it is the responsibility of each ECU 10, 12 to determine whether it should react to the data that appears on the bus 20.
In this condition, the part of the bus 20' that connects with the diagnostic connector 14 is 20inactive.
When in diagnostic mode, the parts of the data bus 20' that are connected to the ECUs 12 that have a function that is not relevant to the emissions produced by operation of the vehicle are inactive. The ECUs 10 that have a function that is relevant to the emissions produced by operation of the vehicle are connected through the data bus 20 to the 25diagnostic connector 14. Thus, these ECUs 10 can be interrogated through the diagnostic connector 14.
As shown in Figure 3, a control network embodying the invention is a modification of that shown in Figures 1 and 2. The modification is restricted to the diagnostic connector 14, in that it incorporates a gateway 22. The function of the gateway 22 includes: 5 * receiving diagnostic request messages from a diagnostic tester connected to the diagnostic connector 16 and relaying the requests through the data bus 20 on to the relevant ECUs 10, which will process the requests; * receiving from the a response message from ECU 10 to the above diagnostic requests and relaying them to diagnostic tester through the diagnostic connector 16; * preventing any messages that are not explicitly allowed from reaching the data bus 20; and * preventing any messages that are not explicitly allowed from reaching the diagnostic connector from the data bus 20.
I OAs shown in Figure 4, the connector 16 has an external interface that comprises several terminals 24, the configuration and function of which is defined by ISO-l5765. The connector 16 additionally has an internal interface that connects it to the wiring harness 26 of the vehicle.
The signals that appear on several of the input and output lines of the connector 16. As i5shown at 30, these lines pass directly through the connector, individual terminals 24 being connected to respective lines of the wiring harness 26. Other terminals 24' carry signals that can affect operation of the ECUs 10 that have a function that is relevant to the emissions of the vehicle by placing inappropriate data onto the data bus 20. These typically include, but are not limited to, the control network for the vehicle's powertrain 20(engine, gearbox). These terminals 24' are connected through a gateway circuit unit 32 contained within the package of the diagnostic connector 16 to corresponding lines 34 within the wiring harness 26. The gateway circuit 32 is also connected through a power supply line 36 to a power supply of the vehicle. This is normally made available at the diagnostic connector, so no additional connections need be made to the vehicle's wiring 25harness. From Figure 5, the effect of the gateway circuit 32 is to create two effective networks: a vehicle network 54 that is connected to the ECUs and a diagnostic network 56 that is accessible at the diagnostic connector.
With reference to Figure 5, the gateway includes the following principal components: a power supply 40, a vehicle network transceiver 42, a vehicle network protocol module 44, a message routing engine 46, a diagnostic network protocol module 48 and a diagnostic network transceiver 50.
The power supply 40 is responsible for converting the vehicle power supply into a stable supply Rr use by the gateway module 22. It performs the functions of voltage filtering 5to remove unwanted transients, voltage down-conversion to convert the vehicle voltage (nominally 12 V) to the voltage required by the module (typically S V or 3.3 V), and current limitation to ensure that the module shuts its power supply down safely in the event of an internal device failure causing excessive power consumption.
The network transceivers 42, 50 are responsible for converting the raw electrical signal 10(i.e. the voltage/current exchanged between ECUs) to logical voltage levels that represent the data exchanged and in the opposite sense, between logical levels and the : raw signals. In the ease of a CAN Network, the signalling medium, known as the physical layer, uses two signals known as CAN_H and CAN_L. The specifications for these signals can be found from many sources and are well-known to those skilled in the
* 1 I l5technical field.
The network protocol modules 44, 48 converts the logical 1' and 0' bit stream into message frames and vice versa. The framing in this example is the CAN protocol defined in ISO-11898. The vehicle network module 44 constitutes the internal interface and the diagnostic network module 48 constitutes the external interface.
2OThe message routing engine 46 is responsible for implementing the algorithms to transfer messages from one network onto the other. In this embodiment, gateway functions to be passed by the gateway are defined by ISO-I 5765.
In operation, the gateway module must ensure that no data corruption will occur during the translation. The time to translate the message between the networks must be 25minimized. This is to ensure that the time delay between the diagnostic tester issuing a diagnostic request and reception of the diagnostic response from the target ECU under interrogation (e.g. the engine management ECU) by the tester, occurs within the time limits specified in ISO-15765 under all possible operating conditions of the powertrain network.
Some notes upon the implementation of embodiments of the invention will now be discussed.
In a first arrangement, the processing unit could be a microcontroller with on-board network protocol peripherals, which implements stages 44,46 and 48 of Figure 5. The 5message routing engine would be implemented in software. Rather than a microcontroller, an alternative would be to use a programmable logic array with a "soft- core" microprocessor could be used. The network peripherals could be implemented with IP blocks. In both instances the Network Transceivers are provided by standalone hardware.
lOAn alternative embodiment uses an external off-board network protocol modules. In * : this case, the processing unit is a microcontroller or a microprocessor that communicates with standalone network protocol modules. The message routing engine is implemented in software. a,...
* . To provide complete isolation of the vehicle's data bus from the external connector, a I 5radio-frequency link could be included in the gateway. In this case, the module a. connected to the diagnostic connector has no physical connection with the vehicle's a.: network connection, thereby improving the resistance to tampering.
The embodiment has been described in terms of a simple network topography in which message translation takes place between an external diagnostic network and a vehicle 2Onetwork. There could be more than one network to and from which the gateway will be responsible for passing messages.. While this embodiment has been described as part of a network system that uses the controller area network standard for the 051 Layer 2.
However, it has application to network systems that use other Layer I and Layer 2 standards. Likewise, it has applicable to other higher-level protocols.
25Additionally, the embodiment that has been described with respect to use on a motor vehicle. 0ff-road, lorry and bus sectors also have their own emissions regulations that impose similar requirements on these sectors and hence embodiments of this invention may also be applicable to these sectors. Furthermore, the invention may have applications to other transport sectors (e.g. marine). The emissions legislation for these 3Oareas has not been investigated.

Claims (12)

  1. Claims 1. A connector component for a vehicic wiring harness, the
    connector component including a diagnostic connector that has an external interface to which diagnostic apparatus can be connected, an internal interface that connects to a data bus, and an integral gateway that operates to restrict interchange of signals between the external interface and the internal interface.
    *
  2. 2. A connector component according to claim I in which at least one signal is * 10 passed between the external interface and the internal interface without restriction by the gateway.
  3. 3. A connector component according to claim 1 or claim 2 in which those signals that are restricted by the gateway may be processed such that: those that fall within a definition set forth by one or more rules are allowed to pass and other signals are not allowed to pass.
  4. 4. A connector component according to any preceding claim in which the gateway includes an isolating link that includes no electrically conductive path.
  5. 5. A connector component according to claim 4 in which the isolating link includes one or more of an optical link or a radio-frequency link.
  6. 6. A connector component according to any preceding claim in which the external interface of the connector is a diagnostic interface that conforms to ISO-I 5765.
  7. 7. A connector component according to any preceding claim that includes a power supply stage to supply power to the gateway.
  8. 8. A connector component according to claim 7 in which the power supply stage draws power from the vehicle wiring harness.
  9. 9. A connector according to any preceding claim suitable for use in a motor road vehicle.
  10. 10. A connector component according to claim 7 in which the internal interface is connected to a CAN bus.
  11. II. A connector component for a vehicle wiring harness substantially as herein described with reference to the accompanying drawings.
  12. 12. A wiring harness for a vehicle that includes a diagnostic connector according to any preceding claim. I...
GB0505051A 2005-03-11 2005-03-11 A firewall/gateway for a vehicle network/data bus Withdrawn GB2430585A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0505051A GB2430585A (en) 2005-03-11 2005-03-11 A firewall/gateway for a vehicle network/data bus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0505051A GB2430585A (en) 2005-03-11 2005-03-11 A firewall/gateway for a vehicle network/data bus

Publications (2)

Publication Number Publication Date
GB0505051D0 GB0505051D0 (en) 2005-04-20
GB2430585A true GB2430585A (en) 2007-03-28

Family

ID=34508921

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0505051A Withdrawn GB2430585A (en) 2005-03-11 2005-03-11 A firewall/gateway for a vehicle network/data bus

Country Status (1)

Country Link
GB (1) GB2430585A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014129107A1 (en) * 2013-02-25 2014-08-28 Toyota Jidosha Kabushiki Kaisha Information processing device and information processing method
EP3246778A1 (en) * 2016-05-17 2017-11-22 KNORR-BREMSE Systeme für Schienenfahrzeuge GmbH Device for reading out data from a safety-critical control device
EP3310021A1 (en) * 2016-10-11 2018-04-18 Honeywell International Inc. Approach for securing an access port of a vehicle network

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000009363A1 (en) * 1998-08-10 2000-02-24 Lear Corporation Firewall for vehicle communication bus
GB2351588A (en) * 1999-07-01 2001-01-03 Ibm Security for network-connected processing environments eg vehicles
US20020152398A1 (en) * 2001-03-16 2002-10-17 Rainer Krumrein Authorization process for the communication with a data bus
EP1309132A1 (en) * 2000-06-30 2003-05-07 Sumitomo Electric Industries Co., Ltd. On-vehicle gateway
JP2003152762A (en) * 2001-11-15 2003-05-23 Denso Corp Vehicle network system and distributor used for the system
US6574734B1 (en) * 1998-12-28 2003-06-03 International Business Machines Corporation Method and apparatus for securing access to automotive devices and software services
US20040073791A1 (en) * 2000-09-16 2004-04-15 Vasco Vollmer Method of controlling access

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000009363A1 (en) * 1998-08-10 2000-02-24 Lear Corporation Firewall for vehicle communication bus
US6574734B1 (en) * 1998-12-28 2003-06-03 International Business Machines Corporation Method and apparatus for securing access to automotive devices and software services
GB2351588A (en) * 1999-07-01 2001-01-03 Ibm Security for network-connected processing environments eg vehicles
EP1309132A1 (en) * 2000-06-30 2003-05-07 Sumitomo Electric Industries Co., Ltd. On-vehicle gateway
US20040073791A1 (en) * 2000-09-16 2004-04-15 Vasco Vollmer Method of controlling access
US20020152398A1 (en) * 2001-03-16 2002-10-17 Rainer Krumrein Authorization process for the communication with a data bus
JP2003152762A (en) * 2001-11-15 2003-05-23 Denso Corp Vehicle network system and distributor used for the system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014129107A1 (en) * 2013-02-25 2014-08-28 Toyota Jidosha Kabushiki Kaisha Information processing device and information processing method
CN105009546A (en) * 2013-02-25 2015-10-28 丰田自动车株式会社 Information processing device and information processing method
CN105009546B (en) * 2013-02-25 2017-10-20 丰田自动车株式会社 Information processor and information processing method
US9866527B2 (en) 2013-02-25 2018-01-09 Toyota Jidosha Kabushiki Kaisha Information processing device and information processing method
US10728249B2 (en) * 2016-04-26 2020-07-28 Garrett Transporation I Inc. Approach for securing a vehicle access port
EP3246778A1 (en) * 2016-05-17 2017-11-22 KNORR-BREMSE Systeme für Schienenfahrzeuge GmbH Device for reading out data from a safety-critical control device
EP3310021A1 (en) * 2016-10-11 2018-04-18 Honeywell International Inc. Approach for securing an access port of a vehicle network
EP3829136A1 (en) * 2016-10-11 2021-06-02 Garrett Transportation I Inc. Approach for securing a vehicle access port

Also Published As

Publication number Publication date
GB0505051D0 (en) 2005-04-20

Similar Documents

Publication Publication Date Title
CN110337799B (en) Motor vehicle having a data network inside the vehicle and method for operating a motor vehicle
US11256498B2 (en) Node, a vehicle, an integrated circuit and method for updating at least one rule in a controller area network
US11451579B2 (en) System and method for protecting electronics systems of a vehicle from cyberattacks
Abbott-McCune et al. Intrusion prevention system of automotive network CAN bus
CN108075797B (en) Vehicle-mounted communication system
US6526340B1 (en) Multi-vehicle communication interface
EP3504860B1 (en) Data bus protection device and method
CN110933021B (en) Method and device for anomaly detection in a vehicle
US20130317668A1 (en) OEM Safe Aftermarket Gateway
CN108234273B (en) Vehicle-mounted network system, relay device, and method for controlling vehicle-mounted network system
WO2022047617A1 (en) Method and system for improving vehicle security
CN111108725A (en) Method for monitoring communication on a communication bus and electronic device for connection to a communication bus
US20120173051A1 (en) OEM safe aftermarket gateway
Cho et al. Who killed my parked car?
Kwon et al. Mitigation mechanism against in-vehicle network intrusion by reconfiguring ECU and disabling attack packet
GB2430585A (en) A firewall/gateway for a vehicle network/data bus
WO2007107682A1 (en) Connector component for a vehicle wiring harness including a gateway
KR20190054394A (en) Electronic Device for Vehicle, Method of Determining Internal Resistance, and Vehicle including the same
CN114946159A (en) Method for monitoring communication on a communication bus, electronic device for connection to a communication bus, and central monitoring device for connection to a communication bus
Groza et al. Designing security for in-vehicle networks: a Body Control Module (BCM) centered viewpoint
Haeberle et al. An SDN architecture for automotive Ethernets
Liu et al. Intelligent and Connected Vehicle Security
CN106506252B (en) Conformance testing device and method for communication node
CN115016426A (en) fail-safe system, method, storage and automobile
CN112262555A (en) Communication network segment for a land motor vehicle and associated land motor vehicle

Legal Events

Date Code Title Description
AT Applications terminated before publication under section 16(1)
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)