GB2551137B - Method to control unauthorised hacking of fuel injector operation control - Google Patents

Method to control unauthorised hacking of fuel injector operation control Download PDF

Info

Publication number
GB2551137B
GB2551137B GB1609862.6A GB201609862A GB2551137B GB 2551137 B GB2551137 B GB 2551137B GB 201609862 A GB201609862 A GB 201609862A GB 2551137 B GB2551137 B GB 2551137B
Authority
GB
United Kingdom
Prior art keywords
ecu
message
injector
parameter
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1609862.6A
Other versions
GB2551137A (en
GB201609862D0 (en
Inventor
T Williams Edward
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Delphi Technologies IP Ltd
Original Assignee
Delphi Technologies IP Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Delphi Technologies IP Ltd filed Critical Delphi Technologies IP Ltd
Priority to GB1609862.6A priority Critical patent/GB2551137B/en
Publication of GB201609862D0 publication Critical patent/GB201609862D0/en
Priority to PCT/EP2017/063505 priority patent/WO2017211730A1/en
Publication of GB2551137A publication Critical patent/GB2551137A/en
Application granted granted Critical
Publication of GB2551137B publication Critical patent/GB2551137B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F02COMBUSTION ENGINES; HOT-GAS OR COMBUSTION-PRODUCT ENGINE PLANTS
    • F02DCONTROLLING COMBUSTION ENGINES
    • F02D41/00Electrical control of supply of combustible mixture or its constituents
    • F02D41/22Safety or indicating devices for abnormal conditions
    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F02COMBUSTION ENGINES; HOT-GAS OR COMBUSTION-PRODUCT ENGINE PLANTS
    • F02DCONTROLLING COMBUSTION ENGINES
    • F02D41/00Electrical control of supply of combustible mixture or its constituents
    • F02D41/24Electrical control of supply of combustible mixture or its constituents characterised by the use of digital means
    • F02D41/26Electrical control of supply of combustible mixture or its constituents characterised by the use of digital means using computer, e.g. microprocessor
    • F02D41/28Interface circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/10Internal combustion engine [ICE] based vehicles
    • Y02T10/40Engine management systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Chemical & Material Sciences (AREA)
  • Combustion & Propulsion (AREA)
  • Mechanical Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Combined Controls Of Internal Combustion Engines (AREA)
  • Electrical Control Of Air Or Fuel Supplied To Internal-Combustion Engine (AREA)

Description

METHOD TO CONTROL UNAUTHORISED HACKING OF FUEL INJECTOR OPERATION CONTROL
FIELD OF THE INVENTION
This disclosure relates to methods and apparatus to prevent tampering and unauthorised amendment to fuel injector operation. It has specific, but not exclusive application, to injectors which include microprocessor (chips) associated with them.
BACKGROUND OF THE INVENTION
Modern engines use fuel injection, and typically have one or more fuel injectors to dispense fuel into a combustion space. Typically fuel injectors are controlled by an Electronic Control Unit (ECU). The ECU provides a control signal e.g. by way of an electrical pulse to be sent/applied to an actuator of the fuel injector to operate the injector to dispense i.e. inject fuel. The longer the electrical pulse, the more fuel is injected, and thus the power developed by the engine is increased. Thus in some examples injector operation is dictated by Pulse Width Modulation (PWM).
It is known to tamper with signals from the ECU to increase power in an unauthorised manner. It is possible to buy a device (such as a “pulse extender”) that is connectable between the ECU and the injector; such devices typically for example can measure the electrical pulse from the ECU and then applies a longer pulse (i.e. amend the pulse length in an unauthrosed fashion) to the injector to make it inject more fuel than the ECU was planning to inject. This increases the power to the engine but will also increase emissions and shorten the life of the engine so engine manufacturers would like to stop this from happening. Other tampering methods include altering the data regarding the magnitude of one or more pulses in an activation profile or adding extra pulse(s)..
It is an object of the invention to overcome such problems and reduce the possibility of unauthrosed tampering with fuel injection control and signals.
STATEMENT OF THE INVENTION
In one aspect is provided a method to detect unauthorised hacking or manipulation of a control signal, containing control information, sent to a fuel injector from an Engine Control Unit (ECU), said control information comprising pulse profile data to be applied to the actuator of a said fuel injector, said fuel injector including processor mean associated therewith, said processor means adapted to communicate with said ECU, comprising: a) said processor means generating data indicative of at least one parameter of a pulse profile, comprising one or more actual pulses, provided to or implemented by, the actuator in a fuelling cycle; b) said processor means transmitting a message including said data indicative of said at least one parameter to said ECU, c) said ECU comparing the at least one parameter in said data with said corresponding parameters of the control signal sent to said fuel injector to determine if unauthorised alteration has occurred..
Said data indicative of said at least one parameter sent to the ECU may be provided in an encrypted form or message.
Said processor means may encrypt the data and or message.
The method may include the initial step of sending a message request by the ECU to said injector for the processor means to transmit said data indicative of said at least one parameter.
Said message request may includes a message count or number, and said message transmitted to the ECU includes the message count or number.
Said encryption may uses an encryption key sent to the processor means by the ECU.
Said pulse profile parameter(s) may includes parameter(s) indicative of the number, magnitude or period of said one or more pulses applied, or implemented by said actuator in a fueling cycle.;
BRIEF DESCRIPTION OF DRAWINGS
The invention will now be described by way of example and with reference to the following figures of which:
Figure 1 shows the connection between an ECU and an injector with an associated processor (chip).
Figure 2 shows the connection between an ECU and an injector with an associated processor (chip) with unauthorised hacking apparatus therebetween..
DETAILED DESCRIPTION OF THE INVENTION
Nowadays, fuel injectors often have a microprocessor or “chip” associated with them. Typically such a chip is located integral with the fuel injector. Such a chip is used to store identification parameters, trim data and operational parameters. The processors typically have processing functionality/ability which assists the diagnostics or control of the fuel injectors. The processor may for example receive signals from sensors e.g. on the injector and process these to provide operational parameters or used to amend amended injector and process these to provide operational parameters or used to amend amended control. Such injectors are often referred to as “intelligent” or “smart” injectors. Such processors are often connected to the drive circuitry of the injector actuator. The term “chip” or “processor” hereinafter includes any semiconductor circuitry having a capable processing ability and includes application-specific integrated circuits (ASIC) or field-programmable gate arrays (FPGA) or similar.
In aspects, the methodology uses such intelligent injectors to flag up and/prevent unauthorized tampering or hacking of injector control signals
In a basic example, when using an (intelligent) injector with a processor that communicates to the ECU via the injector drive wires, it is possible to check tampering (e.g. by use of an unauthorised pulse extender) by the following methodology.
In a simple method, the processor (chip) on the injector is provided with, or determines, data on the duration or magnitude of one or more fuel pulses that actually occurs in a fueling cycle. This data may be obtained by any suitable means and would be understood by the person skilled in the art. The data may be provided for example by sensors measuring the activation pulse e.g. across the injectors terminals or by any other appropriate detection means.
The chip on the injector then sends an encrypted message to the ECU containing this data via appropriate communication means. The ECU then analyses the data and compares this data with corresponding demand injection pulse data that had been previously sent. The term “corresponding” would be understood to mean the measured and transmitted pulse data by the processor on the injector occurs for that pulse control data which was transmitted by the ECU, or at the same time, within the same short time span, time -stamped etc.
If the comparison shows that any (fuelling cycle) activation profile has one or more pulse durations or magnitudes which are different e.g. . longer than the corresponding (demand) pulse(s) sent by the ECU in an activation profile, the ECU determines that there has been tampering (unauthorised hacking). In addition the comparison may comprise comparing the number of pulses in the (activation) pulse profile sent by the ECU and those determined by the processor on the injector that have been implemeted i.e. applied.. The ECU may take appropriate measures.
In a preferred embodiment the encrypted message sent from the chip on the injector is sent as a result from a request (message) sent from the ECU. This message/enquiry may also be encrypted. So in such a method the following steps take place.
Step 1: The ECU sends an encrypted request to the smart injector to check the duration of one or more (e.g. particular) pulses. The message may include a unique message counter.
Step 2: The injector processor measures the duration of an injection pulse (i.e. corresponding to the particular pulse) that has been implemented in controlling the injector.
Step 3: The injector processor transmits the measured duration (and optionally the message counter) to the ECU in an encrypted message.
Step 4: The ECU can then compare the actual duration of the pulse received from the injector processor. If there is a significant deviation; then tampering is assumed. Any appropriate action may occur such as registering the tampering, over-riding it or limiting the operation of the engine.
If the injection extender device has been fitted, it can choose to allow the message to go to the ECU, in which case the ECU will know the duration of the pulse applied to the injector and can compare this to the duration it had output. Alternatively the injection extender can suppress the message, in which case the ECU will know that something has suppressed the message.
The injection extender device will not be able to modify the message from the injector processor because the message is encrypted.
The length or duration of the pulse as measured or computed by the injector processor can be performed in several ways and would be clear to the skilled person. In the most effective method, the length of pulse signal sent to the wires of the injectors, or associated drive circuitry may be determined.
In a preferred embodiment the request message includes a message counter.
The injection extender device (tamper device) won’t be able to replay a previous message from the injector processor because each request and reply has a different message counter value.
Detailed Examples
Referring to Figure 1 , this shows a first embodiment of the present invention, in which a fuel injector 2 including chip or microprocessor (including e.g. signal processing means) is coupled to an ECU 1 by means of e.g. a bi-directional data cable 3 connected between a first input/output of the injector and a first input/output of the ECU. The fuel injector includes e.g. sensor or other means to determine the length or magnitude of the fuel pulse used in the actual activation in a fuelling cycle of the fuel injector. A cryptographic process may be employed whereby e.g. a digital data encryption may be used by the injector chip and encrypt the determined data using an encryption key (hereinafter referred to as the "Key") in order to generate an encrypted signal or message which is provided to the ECU.
Figure 2 shows the same figure as figure 1 but shows a tampering device 4 between the ECU and injectors used to e.g. extend the demand fuel injection pulses in an unauthorised fashion..
The ECU may have an input/output area including a digital signal processor arranged to receive an encrypted signal from the injector (chip). The injector chip may also be arranged to receive the Key from an Encryption Key Generator module within the ECU. The injector chip may be configured to communicate the Key to a decryption module within the ECU. A decryption module is either the ECU or the chip can be arranged to decrypt encrypted signals ( using e.g. the Key and output a decrypted signal or message, the ECU may be arranged to receive the decrypted signal/message from the (e.g. decryption module of the injector chip and determine the sensed fuel injection pulse length from the decrypted signal.
When fuel injectors with such chips are initially associated with the ECU, for example during vehicle or engine assembly, a learning mode is activated. Whilst in the learning mode, an Encryption Key Generator module of the ECU may generates a Key, which is stored on a memory device (not shown) of the ECU. The Key may be sent or broadcast to the injector chip and stored in a memory device (not shown). The stored Key may be used d by the encryption in the chip on the injector.
Example 1
The following shows one detailed example of the invention: At engine start, an exchange occurs between the ECU and the injector chip in order to verify that the correct learnt components are present. The exchange involves the ECU sending a randomly generated data message to the injector chip, and the injector chip generating a response data message using the previously learnt Key. The injector chip transmits the response data message to the ECU and the ECU processes the response data message using the previously stored Key. If the response data message matches the randomly generated data message, then the ECU verifies that the Key corresponds to the Key exchanged during the learning process, i.e. that the correct injector chip is present. When the ECU has verified that the correct injector chip is present, the system commences exchanging encrypted pulse length data. In the event that the ECU determines that the response is incorrect, a recovery strategy may be entered. The recovery strategy may prevent engine starting or activate an alternative operating mode, such as an engine speed control mode in which the engine speed is a function of the driver pedal position or fixed at a predetermined value.
The encryption process may use either a single encryption Key process to ensure that the data transfer is secure or may use a dual key process such as that described below. The pulse length data is encrypted using the Key (i.e. the learnt Key) and a second encryption key, which is hereinafter icfei'icd to as a "Period Specific Key". The Period Specific Key is also generated by the Encryption Key generator 38 of the ECU and provided to the injector chip. The function of the Period Specific Key is to alter the encryption algorithm during engine running thus enabling the system to detect unauthorised inference with the system components during engine running. The Period Specific Key is periodically updated, i.e. a new Period Specific Key is generated and exchanged with the injector chip at a frequency determined by a system calibration device (not shown). For example, the Period Specific Key may be fixed for a complete enginerunning period, or updated one or more times during that period.
The data message provided to the ECU from the injector chip comprises the encrypted pulse length data. During normal running, the decryption unit of the ECU decrypts the encrypted data message and provides the decrypted data message to the injector chip. The value of the decrypted data message is used as the measured pulse length. In the event of the system determining that the received pulse length message is incorrect, the system will enter a recovery mode. By way of example, a recovery mode may involve the ECU activating an engine speed control mode, as described earlier.

Claims (7)

CLAIMS:
1. A method to detect unauthorised hacking or manipulation of a control signal containing control information, sent to a fuel injector (2) from an Engine Control Unit (ECU) (1), said control information comprising pulse profile data to be applied to the actuator of a said fuel injector (2), said fuel injector including processor means associated therewith, said processor means adapted to communicate with said ECU (1), comprising: a) said processor means generating data indicative of at least one parameter of a pulse profile, comprising one or more actual pulses, provided to or implemented by, the actuator in a fuelling cycle; b) said processor means transmitting a message including said data indicative of said at least one parameter to said ECU (1), c) said ECU (1) comparing the at least one parameter in said data with said corresponding parameters of the control signal sent to said fuel injector (2) to determine if unauthorised alteration has occurred.
2. A method as claimed in claim 1 wherein said data indicative of said at least one parameter sent to the ECU (1) is provided in an encrypted form or message.
3. A method as claimed in claim 2 wherein said processor means encrypts the data and/or message.
4. A method as claimed in claims 1 to 3 including the initial step of sending a message request by the ECU (1) to said injector (2) for the processor means to transmit said data indicative of said at least one parameter.
5. A method as claimed in claim 4 wherein said message request includes a message count or number, and said message transmitted to the ECU includes the message count or number.
6. A method as claimed in claim 2 to 5 wherein said encryption uses an encryption key sent to the processor means by the ECU.
7. A method as claimed in claims 1 to 6 wherein said pulse profile parameter(s) includes parameter(s) indicative of the number, magnitude or period of said one or more pulses applied, or implemented by said actuator in a fueling cycle.
GB1609862.6A 2016-06-06 2016-06-06 Method to control unauthorised hacking of fuel injector operation control Active GB2551137B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1609862.6A GB2551137B (en) 2016-06-06 2016-06-06 Method to control unauthorised hacking of fuel injector operation control
PCT/EP2017/063505 WO2017211730A1 (en) 2016-06-06 2017-06-02 Method to control unauthorised hacking of fuel injector operation control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1609862.6A GB2551137B (en) 2016-06-06 2016-06-06 Method to control unauthorised hacking of fuel injector operation control

Publications (3)

Publication Number Publication Date
GB201609862D0 GB201609862D0 (en) 2016-07-20
GB2551137A GB2551137A (en) 2017-12-13
GB2551137B true GB2551137B (en) 2019-10-30

Family

ID=56508138

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1609862.6A Active GB2551137B (en) 2016-06-06 2016-06-06 Method to control unauthorised hacking of fuel injector operation control

Country Status (2)

Country Link
GB (1) GB2551137B (en)
WO (1) WO2017211730A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19728841A1 (en) * 1997-07-05 1999-02-04 Bosch Gmbh Robert Data transmission monitoring method for car ECU and injector pump control unit

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10111286B4 (en) * 2001-03-09 2005-04-21 Audi Ag Control system and method for controlling automotive components
DE102004036810A1 (en) * 2004-07-29 2006-03-23 Zf Lenksysteme Gmbh Communication method for at least two system components of a motor vehicle
DE102005039760A1 (en) * 2005-08-23 2007-03-01 Robert Bosch Gmbh External tuning-measure detecting method for internal combustion engine, involves evaluating difference between actual-performance value and target-performance value, where target-performance value is provided by control device
EP2194257A1 (en) * 2008-12-05 2010-06-09 Delphi Technologies Holding S.à.r.l. A method of controlling a vehicle engine system
DE102009002396A1 (en) * 2009-04-15 2010-10-21 Robert Bosch Gmbh Method for manipulation protection of a sensor and sensor data of the sensor and a sensor for this purpose
US8925083B2 (en) * 2011-10-25 2014-12-30 GM Global Technology Operations LLC Cyber security in an automotive network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19728841A1 (en) * 1997-07-05 1999-02-04 Bosch Gmbh Robert Data transmission monitoring method for car ECU and injector pump control unit

Also Published As

Publication number Publication date
WO2017211730A1 (en) 2017-12-14
GB2551137A (en) 2017-12-13
GB201609862D0 (en) 2016-07-20

Similar Documents

Publication Publication Date Title
US9127610B2 (en) Method of controlling a vehicle engine system
US8768996B2 (en) Method for generating a challenge-response pair in an electric machine, and electric machine
US8966289B2 (en) Pairing of angle sensor and electronic control unit
CN108536118B (en) Vehicle ECU, system and method for ECU to provide diagnostic information
US8035494B2 (en) Motor vehicle control device data transfer system and process
EP1916612A2 (en) Autonomous field reprogramming
JPH1191509A (en) Security device for vehicle
US9286264B2 (en) Vehicle speed limiter via gauge interface
US10025954B2 (en) Method for operating a control unit
CN113347133B (en) Authentication method and device of vehicle-mounted equipment
US10628643B2 (en) Vehicle immobilizer
JP2021149964A (en) Validation of software residing on remote computing device
CN113014542A (en) System and method for network intrusion detection based on physical measurement
US9893886B2 (en) Communication device
GB2551137B (en) Method to control unauthorised hacking of fuel injector operation control
CN105471583B (en) The digital certificate method and electronic identification system of vehicle mounted electrical apparatus
RU2510972C2 (en) Method of operating sensor device and sensor device
US20210176631A1 (en) Devices, methods, and computer program for releasing transportation vehicle components, and vehicle-to-vehicle communication module
US20220377539A1 (en) Vehicle system, server, and vehicle communication security method
CN114511949A (en) Biometric authentication type vehicle start with paired sensor and key intrusion detection
WO2014159117A2 (en) Vehicle speed limiter via gauge interface
US10789365B2 (en) Control device and control method
JP6461272B1 (en) Control device
CN112994876B (en) Vehicle-mounted controller key injection detection method, injection method and readable storage medium
KR101725146B1 (en) Method for inspecting a immobilizer type

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20190222 AND 20190227