JP2024011421A - Memory abnormality determination method and common key writing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To specify a failure cause of common key writing.

SOLUTION: There is provided a memory abnormality determination method in a common key writing system. The common key writing system comprises: a data protective device which encrypts and stores a common key; a key writing device which writes the encrypted common key; and an electronic control device which has a common key storage region in an HSM function. The memory abnormality determination method comprises the steps of: writing a first verification common key and a second verification common key in which a value of the first verification common key is bit-inverted into the electronic control device after the key writing device fails writing of the common key to the common key storage region; and specifying a memory abnormality of the common key storage region by evaluating a writing result of the first verification common key and the second verification common key by the key writing device.

SELECTED DRAWING: Figure 7

COPYRIGHT: (C)2024,JPO&INPIT

Description

The present invention relates to a memory abnormality determination method, and more particularly to a method for identifying the cause of an abnormality when writing of a common key to an in-vehicle electronic control unit fails.

Message authentication is used as one of the mechanisms to guarantee confidentiality in computer information communication. Message authentication is a mechanism for checking whether messages sent over a network have not been tampered with. The sender and receiver of a message have the same common key, and the sender of the message uses the common key to attach verification data calculated using a certain calculation method to the message. The recipient of the message calculates verification data from the received message and the common key, compares it with the verification data received as an attachment to the message, and if the two match, the message has not been tampered with during communication. I can confirm that.

When implementing message authentication for CAN (Controller Area Network) communication in an ECU (Electronic Control Unit) based on the AUTOSAR specifications applied to in-vehicle software for automobiles, the common key used for message authentication for CAN communication is transferred to the ECU. It is necessary to write in advance to the common key storage area of the HSM (Hardware Security Module) that the computer has.

The common key is written to the common key storage area of the HSM, and only the HSM software can access the common key storage area. The common key is sent from the application software to the HSM software and written into the common key storage area. Application software and HSM software are written to a microcontroller installed in the ECU. The HSM may be built into the microcontroller or attached external to the microcontroller. If the HSM is built into a microcontroller, the common key is written into the common key storage area of the HSM using communication within the microcontroller. When the HSM is attached outside the microcontroller, for example, SPI (Serial Peripheral Interface) communication is performed between the microcontroller and the HSM, and the common key is written into the common key storage area of the HSM.

In applying message authentication for CAN communication, car manufacturers develop application software and HSM software and issue a common key. The supplier assembles the ECU and writes the developed application software, HSM software, and common key into the ECU. When a car manufacturer develops HSM software, the specifications of the HSM software may not be disclosed, and a common key is written from application software provided by the car manufacturer through the HSM software.

If writing of the common key to the ECU fails and there is no memory error in the HSM's common key storage area, product disposal can be avoided by reinitializing the write area. It is necessary to identify whether there is

As background technology in this technical field, there is the following prior art. In Patent Document 1 (Japanese Unexamined Patent Publication No. 2018-98572), a data security device and a plurality of ECUs are connected to a communication network provided in a vehicle, and the main computing unit of the data security device is connected to the SHE (secure hardware) of the data security device. extension) to generate a message authentication code for the first message authentication code generation target information, obtains the message authentication code CMAC of the first message authentication code generation target information from SHE, and generates the initial key and first message authentication code. A distribution system is described that generates a first key update request message using a first key that is a message authentication code CMAC of target information, and transmits the first key update request message to an ECU.

Unexamined Japanese Patent Publication No. 2018-98572

AUTOSAR, "Specification of Secure Hardware Extensions", rev. R21-11, November 25, 2021

Generally, when writing a common key using application software, the common key is encrypted by a data security device, the encrypted common key is transmitted from the key writing device to the application software, and is written into a predetermined storage area. If writing of the common key is successful, response data is returned, and if writing is unsuccessful, an error ID is returned from the application software to the key writing device. The number of error IDs prepared by the application software may be smaller than the number of causes for failure in writing the common key. The cause of failure in writing the common key may be due to the setting items of the common key or to the HSM. For example, if the cause is due to the setting item of the common key, the following (1) to (5) can be considered, and if the cause is the HSM, the following (6) and (7) can be considered.
(1) Setting of UID (Unique Identification) The UID is generally set to a unique value such as a value unique to the ECU, but may be set to 0 when a common key is written on the supplier side. If the UID setting does not match the ECU-specific value or is not 0, it will cause a write failure.
(2) Setting SHE ID (Secure Hardware Extension Identification) SHE ID is the common key storage ID, and if the specified storage ID does not exist in the HSM common key storage area, it will cause a write failure. .
(3) Setting of Auth ID (Authentication Identification) Auth ID is a setting item that specifies a common key used for decrypting an encrypted common key and verifying the decryption result. If an incorrect common key is specified in the Auth ID settings, the encrypted common key cannot be decrypted properly, resulting in a write failure.
(4) Setting CID (Counter Identification) CID is a write counter ID, and if the CID of the common key to be written is not set to a larger value than the CID stored in the write destination of HSM, the reason for the write failure is becomes.
(5) Setting of FID (Flag Identification) FID is the setting of various protection flags such as common key overwriting restriction and ECU activation restriction. According to the AUTOSAR specifications, if the 0th bit of the FID is not 0, it will cause a write failure.
(6) Restrictions on writing to the HSM If writing to the HSM is restricted, this may cause write failure.
(7) Memory abnormality in the common key storage area of the HSM If the common key value cannot be written normally due to a memory abnormality in the common key storage area of the HSM, this will cause a write failure.

Reasons for failure to write a common key (1) to (6) are due to the encrypted common key data and the protection settings of the common key storage area, and the common key settings or the protection settings of the common key storage area are the causes of failure. The common key can be rewritten by reconfirming the protection settings and reinitializing the common key storage area. However, in the case of failure cause (7), the cause is an abnormality in the memory of the HSM's common key storage area, and even if the HSM's common key storage area is reinitialized, the common key cannot be written. , we need to detect this condition.

The present invention aims to identify the cause of a common key write failure and detect a hardware abnormality that cannot be recovered by reinitializing the write area.

A typical example of the invention disclosed in this application is as follows. That is, a memory abnormality determination method in a common key writing system, wherein the common key writing system includes a data security device that encrypts and stores a common key, a key writing device that writes the encrypted common key, and an HSM. and an electronic control device having a common key storage area as a function, and the memory abnormality determination method includes: a first verification common key; and writes a second verification common key obtained by bit-reversing the value of the first verification common key into the electronic control device, and the key writing device writes the first verification common key and the second verification common key. The method is characterized in that a memory abnormality in the common key storage area is identified by evaluating the write result.

According to one aspect of the present invention, it is possible to identify whether the cause of common key writing is a hardware abnormality. Problems, configurations, and effects other than those described above will be made clear by the description of the following examples.

FIG. 2 is a diagram showing the configuration of a common key writing system that writes a common key to a common key storage area of an HSM according to an embodiment of the present invention. FIG. 2 is a diagram showing a configuration of an ECU in a case where an HSM according to an embodiment of the present invention is built into a microcontroller. FIG. 2 is a diagram showing the configuration of an ECU in a case where an HSM according to an embodiment of the present invention is externally attached to a microcontroller. FIG. 2 is a diagram showing a software configuration of an ECU according to an embodiment of the present invention. FIG. 3 is a diagram showing an example of the configuration of a verification common key according to an embodiment of the present invention. FIG. 3 is a diagram showing a specific example of a verification common key according to an embodiment of the present invention. FIG. 3 is a diagram illustrating a method for identifying a memory abnormality in a common key storage area of an HSM according to an embodiment of the present invention.

Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the accompanying drawings.

[Example 1]
FIG. 1 is a diagram showing the configuration of a common key writing system that writes a common key 401 into the common key storage area 321 of the HSM 320.

The data security device 100 generates a verification common key 410 used for encrypting the common key 401 and verifying the common key write result 501, and safely stores the common key 401. According to the specifications, the common key 401 needs to be encrypted when handled outside the data security device 100. When encrypting the common key 401, two encryption algorithms are used: CBC (Cipher Block Chaining) mode of AES (Advanced Encryption Standard) encryption and CMAC (Cipher-based Message Authentication Code) based on AUTOSAR specifications. and encrypt it. The encrypted common key 400 exists divided into three parts, M1, M2, and M3. The verification common key 410 is data for verifying the write result 501 of the common key 401. Based on the AUTOSAR specifications, the verification common key 410 is an M4 and generate M5. The data security device 100 also has a function of transmitting the encrypted common key 400 and the verification common key 410 to the key writing device 200, and transmitting write result data 504 verified by the key writing device 200 from the key writing device 200. It has the function of receiving.

The key writing device 200 has a function of receiving an encrypted common key 400 and a verification common key 410 from the data security device 100, a function of transmitting the encrypted common key 400 to the application software 311, and a function of transmitting the encrypted common key 400 to the application software 311. The function of receiving the response data 502 from the application software 311 when writing is successful and the error ID 503 when writing fails, and the function of receiving the common key 401 using the verification common key 410 and response data 502 or error ID 503. It has a function of verifying the write result 501 and transmitting the write result data 504 to the data security device 100.

ECU 300 has two components: application software 311 and HSM 320.

The application software 311 has a function of receiving the encrypted common key 400 from the key writing device 200 and transmitting it to the HSM software 312, and receiving a writing result 501 of the common key 401 from the HSM software 312 to confirm that the writing was successful. It has a function of transmitting response data 502 to the key writing device 200 when writing fails, and an error ID 503 when writing fails.

The HSM 320 has HSM software 312 and a common key storage area 321.

The HSM software 312 has a function of decrypting the encrypted common key 400 received from the application software 311 and writing the decrypted common key 401 to the common key storage area 321, and a read value 500 of the writing result of the common key 401. It has a function to determine and send the write result 501 to the application software 311, and a function to calculate M4' and M5' used in the key writing device 200 to verify the key write result 501 from the read value 500 of the write result. .

The common key storage area 321 has a function of preventing access from anyone other than the HSM software 312 and safely storing the common key 401.

The data security device 100 and the key writing device 200 are connected, for example, through a local area network that is not connected to an external communication network. The key writing device 200 and the ECU 300 are connected by, for example, an in-vehicle network communication bus such as CAN.

The procedure for writing the common key 401 is as follows.

First, the data security device 100 encrypts a common key 401 to generate an encrypted common key 400, and generates a verification common key 410.

Next, the data security device 100 transmits the encrypted common key 400 and the verification common key 410 to the key writing device 200.

Next, the key writing device 200 transmits the received encrypted common key 400 to the application software 311.

Next, the application software 311 transmits the received encrypted common key 400 to the HSM software 312.

Next, the HSM software 312 decrypts the received encrypted common key 400 and writes the decrypted common key 401 into the common key storage area 321 of the HSM 320 .

Next, the HSM software 312 checks the read value 500 of the write result of the common key 401 and sends the write result 501 to the application software 311. The write result 501 when writing is successful is M4' and M5', and the write result 501 when writing is unsuccessful is error information.

Next, the application software 311 determines the success or failure of writing from the received write result 501, and sends response data 502 if the write is successful, and an error ID 503 if the write fails to the key writing device 200. do. Response data 502 includes M4' and M5'.

Next, the key writing device 200 verifies the common key writing result 501 from the received response data 502 or error ID 503. When response data 502 is received, the HSM software 312 calculates and compares M4' and M5' included in the response data 502 with M4 and M5 that the key writing device 200 receives from the data security device 100, and determines the write result. Verify the validity of 501. If M4 and M4' match, and M5 and M5' match, it can be confirmed that the common key 401 has been successfully written. When error ID 503 is received, the content of the error is verified based on the value of error ID 503. The verification result is temporarily stored in the key writing device 200 as write result data 504.

Finally, the key writing device 200 transmits the verified write result data 504 to the data security device 100, and the data security device 100 stores the write result data 504.

FIG. 2 is a diagram showing the configuration of the ECU 300a when the HSM 320 is built into the microcontroller 340a. The ECU 300a includes an in-vehicle network communication bus 330 such as CAN, a microcontroller 340a, and an intra-ECU communication bus 350 such as SPI. The microcontroller 340a includes an interface section 341 for communicating with the in-vehicle network communication bus 330 and the intra-ECU communication bus 350, a control section 342 for performing calculations on the microcontroller 340a, and application software 311 and BSW (Basic Software) 313. It consists of a data storage area 343 for storage and a built-in HSM 320a built into the microcontroller 340a.

FIG. 3 is a diagram showing the configuration of the ECU 300b when the HSM 320 is externally attached to the microcontroller 340b. The ECU 300b includes an in-vehicle network communication bus 330 such as CAN, a microcontroller 340b, an intra-ECU communication bus 350 such as SPI, and an external HSM 320b. The microcontroller 340b includes an interface section 341 for communicating with the in-vehicle network communication bus 330 and the intra-ECU communication bus 350, a control section 342 for performing calculations on the microcontroller 340b, and a data storage area 343 for storing application software 311 and BSW 313. It consists of

FIG. 4 is a diagram showing a software configuration 310 of ECU 300. The software consists of application software 311 and BSW 313. The BSW 313 includes a CAN module 315 and an SPI module 316 for communicating with the outside, a COM module 314 for communicating between various modules and application software 311, and HSM software 312. Although the CAN module 315 and the SPI module 316 are illustrated as modules for performing external communication, when using other types of external communication, it is preferable to use a communication module that is compatible with the type of communication.

FIG. 5 is a diagram showing a configuration example of a verification common key for identifying whether there is a memory abnormality in the common key storage area 321 of the HSM 320, and FIG. 6 is a specific example of the verification common key shown in FIG. FIG.

As illustrated in FIG. 5, the verification common key includes a verification common key A410 and a verification common key B420. The key value 426 of the verification common key B420 is a value obtained by inverting the bit value of the key value 416 of the verification common key A410, and the CID 424 is a larger value than the CID 414 of the verification common key A410. The UID 411, SHE ID 412, Auth ID 413, and FID 415 of the verification common key A410 and the verification common key B420 may be set to the same value as the common key.

More specifically, as illustrated in FIG. 6, the CID 414a of the verification common key A 410a is one smaller than the maximum value, and all bits of the key value 416a are set to 0. The CID 424a of the verification common key B 420a is the maximum value, and all bits of the key value 426a are set to 1. Since CID is 28 bits, the maximum value is 0xFFFFFFFF. The two common keys for verification are keys with the bit values of each other's keys reversed, and the CID424 of the common key for verification B420 is set to a larger value than the CID414 of the common key for verification A410. It doesn't have to be.

FIG. 7 shows that when writing of the common key 401 fails, it is determined whether there is a memory abnormality in the common key storage area 321 of the HSM 320, a CID abnormality of the common key 401 whose writing failed in the first place, or any other abnormality. FIG. 2 is a diagram illustrating the method.

A method for identifying a memory abnormality in the common key storage area 321 of the HSM 320 is to first write the common key 401 (S201). Next, by checking whether response data 502 or error ID 503 is received as the write result 501 from the application software 311 to the key writing device 200, the key writing device 200 can determine whether writing of the common key 401 has been completed normally. makes a determination (S202).

If the response data 502 is received (YES in S202), it is determined that writing of the common key 401 has been successfully completed (S203). On the other hand, if the error ID 503 is received (NO in S202), it is determined that there is an abnormality in writing the common key 401, and the data security device 100 creates a verification common key A 410 and a verification common key B 420, and the key writing device 200 (S204). The verification common key A410 and the verification common key B420 may be prepared in the key writing device 200 in advance.

Next, the key writing device 200 writes the verification common key A410 and the verification common key B420 into the common key storage area 321 (S205). When writing the verification common keys 410 and 420, the verification common key A410 is written first, and then the verification common key B420 is written. The key writing device 200 confirms which of the response data 502 or the error ID 503 reported from the application software 311 is to be received as the writing result 501 of the verification common key A 410 and the verification common key B 420 (S206).

If only one verification common key can be written, the storage bit of the memory in the common key storage area 321 of the HSM320 is stuck at either 0 or 1, and the data cannot be written normally, so the HSM320 It is determined that there is a memory abnormality in the common key storage area 321 (S207). If writing of the two common keys for verification fails, an error has occurred somewhere other than writing the key value to memory, so there is an error somewhere other than the memory of the common key storage area 321 of the HSM 320 (for example, when writing It is determined that the ECU 300 whose CID of the common key 401 for which the process has failed is less than or equal to the CID written in the ECU 300 is in a key writing prohibited state (S208). If writing of the two common keys for verification is successful, the cause of the writing failure is that the CID of the common key 401 whose writing failed is less than the CID written in the ECU 300, so the CID of the common key It is determined that there is an abnormality (S209).

If it is determined that there is an abnormality in something other than the memory of the common key storage area 321 of the HSM 320 (S208), or that there is an abnormality in the CID of the common key 401 for which writing has failed (S209), the ECU 300 is reset and the common key storage By initializing the area 321, the ECU 300 can be reused without being determined to be a defective product.

In the common key writing system of the embodiment of the present invention, the key writing device 200 writes the first verification common key 410 and the first verification common key 410 after failing to write the common key 401 to the common key storage area 321. By writing the second verification common key 420 with the bit-reversed value into the electronic control unit (ECU 300) and evaluating the writing results 501 of the first verification common key 410 and the second verification common key 420, the common key is Since a memory abnormality in the storage area 321 is identified, it is possible to identify whether the cause of the common key write error is a hardware abnormality, a data abnormality in the common key 401 to be written, or a protection setting of the write area. Therefore, if there is no hardware abnormality, it is possible to avoid discarding the product by initializing the common key storage area 321.

In addition, after writing the common key 401 fails, if two verification common keys with the key values bit-reversed are sequentially written, and only one write is successful, it is determined that the memory is abnormal, so the hardware Wear abnormalities can be accurately determined. Therefore, even if the number of error IDs is smaller than the number of causes of failure in the key write result 501, the cause of the error can be accurately identified.

Note that the present invention is not limited to the embodiments described above, and includes various modifications and equivalent configurations within the scope of the appended claims. For example, the embodiments described above have been described in detail to explain the present invention in an easy-to-understand manner, and the present invention is not necessarily limited to having all the configurations described. Further, a part of the configuration of one embodiment may be replaced with the configuration of another embodiment. Further, the configuration of one embodiment may be added to the configuration of another embodiment. Further, other configurations may be added, deleted, or replaced with a part of the configuration of each embodiment.

Further, each of the above-mentioned configurations, functions, processing units, processing means, etc. may be realized in part or in whole by hardware, for example by designing an integrated circuit, and a processor realizes each function. It may also be realized by software by interpreting and executing a program.

Information such as programs, tables, files, etc. that realize each function can be stored in a storage device such as a memory, a hard disk, or an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.

Furthermore, the control lines and information lines shown are those considered necessary for explanation, and do not necessarily show all the control lines and information lines necessary for implementation. In reality, almost all configurations can be considered interconnected.

100 Data security device 200 Key writing device 300, 300a, 300b ECU
310 Software configuration 311 Application software 312 HSM software 314 COM module 315 CAN module 316 SPI module 321 Common key storage area 330 In-vehicle network communication bus 340a, 340b Microcontroller 341 Interface section 342 Control section 343 Data storage area 350 ECU communication bus 400 Encryption Common key 401 Common key 410 First common key for verification 420 Second common key for verification

Claims (7)

A memory abnormality determination method in a common key writing system, the method comprising:
The common key writing system is
a data security device that encrypts and stores the common key;
a key writing device that writes the encrypted common key;
It has an electronic control unit with a common key storage area for the HSM function,
The memory abnormality determination method includes:
The key writing device writes a first verification common key and a second verification common key obtained by bit-reversing the value of the first verification common key after failing to write the common key to the common key storage area. write to the electronic control unit,
A memory abnormality determination method, characterized in that the key writing device determines a memory abnormality in the common key storage area by evaluating the writing results of the first verification common key and the second verification common key. . The memory abnormality determination method according to claim 1,
The key writing device determines that the common key storage area is abnormal if only one of the first verification common key and the second verification common key is written as normal. Memory abnormality determination method. The memory abnormality determination method according to claim 1,
If the writing results for both of the first common verification key and the second common key for verification are normal, the key writing device writes the first common key for verification and the second common key for verification. A memory abnormality determination method characterized by determining that a previously written common key is abnormal. The memory abnormality determination method according to claim 1,
A method for determining a memory abnormality, characterized in that the HSM function is built into a microcontroller of the electronic control device. The memory abnormality determination method according to claim 1,
A memory abnormality determination method, wherein the HSM function is provided separately from a microcontroller of the electronic control device. The memory abnormality determination method according to claim 1,
The memory abnormality determination method, wherein the key writing device writes the first verification common key into the common key storage area and then writes the second verification common key into the common key storage area. A common key writing system,
a data security device that encrypts and stores the common key;
a key writing device that writes the encrypted common key;
Equipped with an electronic control unit that has a common key storage area for the HSM function,
The key writing device is
writing a first verification common key and a second verification common key obtained by bit-reversing the value of the first verification common key into the electronic control device after the writing of the common key to the common key storage area fails;
A common key writing system, characterized in that a memory abnormality in the common key storage area is identified by evaluating the writing results of the first common key for verification and the second common key for verification.

Images