JP2024040861A - Communication device - Google Patents

Abstract

To provide a communication device capable of determining that an unauthorized device is connected by the communication device as a single unit.SOLUTION: A communication device includes a transceiver 10 and a controller 20. The controller outputs a transmission signal including identification information as a communication signal to be transmitted through a communication wire, and receives a reception signal including the identification information as a communication signal received through the communication wire. The transceiver is connected to the communication wire, transmits the transmission signal inputted from the controller from the communication wire, and outputs the reception signal received from the communication wire to the controller. The transceiver includes a storage part 132 for storing the identification information included in the transmission signal, and a processing part 131 for determining that an unauthorized device is connected to the communication wire in the case that the same identification information as the identification information included in the reception signal is stored in the storage part.SELECTED DRAWING: Figure 2

Description

The present disclosure relates to communication devices.

Patent Document 1 discloses an in-vehicle network system in which an ECU and a communication protocol issuing device are connected via an in-vehicle network.

When the communication protocol issuing device receives a registration request requesting the ECU to participate in the in-vehicle network from the registration device that allows the ECU to participate in the in-vehicle network, the communication protocol issuing device performs authentication on the registration device and then requests the above implementation on the in-vehicle network. Create compliant definition data and send it back to the registered device.

The registration device receives the definition data transmitted by the communication protocol issuing device, and requests the ECU to store the received definition data in the memory. The ECU then receives the definition data from the registration device, stores it in the memory, and communicates using the in-vehicle network according to the communication protocol according to the portion defined by the definition data. According to this in-vehicle network system, the overall operation of the in-vehicle network is defined by a unique communication protocol for each vehicle, and it is detected that an unauthorized ECU that is not aware of the rules is connected to the in-vehicle network.

Japanese Patent Application Publication No. 2013-168865

In the prior art literature, it is necessary to develop a communication protocol issuing device that performs a dedicated operation and to store definition data in the memory of the ECU via a registration device. For this reason, in the prior art literature, there is a problem in that a fraudulent ECU cannot be detected by a single ECU.

One object of the disclosure is to provide a communication device that can determine, by itself, that an unauthorized device has been connected.

The communication device disclosed herein is
A communication device configured to be able to transmit and receive a plurality of communication signals including unique identification information via a communication line (200),
a controller (20) that outputs a transmission signal as a communication signal transmitted via a communication line and receives a reception signal as a communication signal received via the communication line;
A transceiver (10) connected to a communication line, which transmits a transmission signal input from the controller from the communication line and outputs a reception signal received from the communication line to the controller,
The controller outputs a transmission signal containing identification information,
One of the controller and one of the transceivers is
a storage unit (132) in which identification information included in the transmission signal is stored;
The present invention is characterized by comprising a processing section (131) that determines that an unauthorized device is connected to the communication line when the same identification information as the identification information included in the received signal is stored in the storage section.

According to the communication device disclosed herein, the identification information included in the transmission signal is stored in the storage unit. Then, the communication device determines that an unauthorized device is connected to the communication line when the same identification information as the identification information included in the received signal is stored in the storage unit. Therefore, the communication device alone can determine that an unauthorized device has been connected.

The multiple embodiments disclosed in this specification employ different technical means to achieve their respective objectives. The claims and the reference numerals in parentheses described in this section exemplarily indicate correspondence with parts of the embodiment described later, and are not intended to limit the technical scope. The objects, features, and advantages disclosed in this specification will become more apparent by reference to the subsequent detailed description and accompanying drawings.

FIG. 1 is a block diagram showing a schematic configuration of a communication network. FIG. 2 is a block diagram showing a schematic configuration of an electronic control device. 3 is a flowchart showing a processing operation during transmission in a communication device. 3 is a flowchart showing a processing operation at the time of reception in a communication device. 3 is a flowchart showing an ID deletion processing operation in a communication device. 3 is a flowchart showing an ID deletion processing operation in a communication device.

Hereinafter, embodiments for carrying out the present disclosure will be described with reference to the drawings.

<Configuration>
The configurations of the communication devices 10 and 20 will be explained using FIGS. 1 and 2. The communication devices 10 and 20 are installed in at least one of the electronic control devices 100 to 120. As shown in FIG. 1, the electronic control devices 100 to 120 are configured to be able to send and receive messages (communication) to each other via a communication line 200. In this way, the electronic control devices 100 to 120 constitute a communication network via the communication line 200. This communication network can also be mounted on a vehicle, for example. In this case, the communication network may also be referred to as an in-vehicle network. In the drawings, the electronic control unit is indicated as an ECU. ECU is an abbreviation for Electronic Control Unit. A message corresponds to a communication signal. Messages are communicated in a predetermined format called a frame.

In this embodiment, as an example, three electronic control devices 100 to 120 are connected to the communication line 200. However, the present disclosure is not limited thereto, as long as a plurality of electronic control devices are connected to the communication line 200.

In this embodiment, as an example, an example in which communication devices 10 and 20 are installed in an electronic control device 100 is adopted. In this case, the other electronic control devices 110 and 120 are configured to be able to communicate via the communication line 200 by devices whose processing operations are different from those of the communication devices 10 and 20. However, in the present disclosure, all the electronic control devices 100 to 120 may include the communication devices 10 and 20.

Each electronic control device 100 to 120 communicates in accordance with a predetermined communication standard. In this embodiment, Controller Area Network (hereinafter referred to as CAN: registered trademark) is adopted as an example of a communication standard. However, the present disclosure is not limited thereto, and can also be adopted in communication standards such as LIN and CXPI. LIN is an abbreviation for Local Interconnect Network. CXPI is an abbreviation for Clock Extension Peripheral Interface.

The communication line 200 includes two lines 201 and 202. The message is represented by the potential difference between the two lines 201,202. The communication line 200 can be said to be a two-wire communication line including a CANH line 201 and a CANL line 202. Further, the communication line 200 may also be called a communication bus or a CAN bus.

A message without a potential difference corresponds to a recessive level signal. On the other hand, a message with a potential difference corresponds to a signal at a dominant level. A signal at a recessive level is sometimes called recessive. On the other hand, a signal at a dominant level is sometimes called a dominant signal. Therefore, when each electronic control unit 100 to 120 transmits a message, it generates a potential difference between the CANH line 201 and the CANL line 202, and transmits the value (0) indicated by the dominant and the value (1) indicated by the recessive. do. In this way, each of the electronic control devices 100 to 120 transmits and receives messages using the two-wire operating voltage method.

If a dominant and a recessive conflict on the communication line 200, the dominant is given priority. Dominant level signals have priority over recessive level signals. Therefore, when the communication line 200 is fixed at a dominant level and occupied by a certain electronic control device, other electronic control devices are unable to communicate via the communication line 200.

As shown in FIG. 2, the electronic control device 100 includes a controller 20 and a transceiver 10 as a communication device. In addition to the communication device, the electronic control device 100 may also include a microcomputer that processes transmitted data and received data. Furthermore, the controller 20 may be provided in a microcomputer. Transmission data is data included in a message to be transmitted. Received data is data included in a received message.

Each electronic control device 100-120 transmits multiple messages. Each message is unique to each sending electronic control device 100-120. Each message also includes identification information unique to each message. Hereinafter, identification information will also be referred to as ID.

The controller 20 is a communication control device that controls communication with other electronic control devices 110 and 120 according to the CAN protocol. The controller 20 converts transmission data to be transmitted into a message, and instructs the transceiver 10 to transmit while performing communication mediation to the communication line 200 and the like. Controller 20 can instruct transceiver 10 to send a plurality of different messages.

When issuing a transmission instruction, the controller 20 outputs a message (transmission signal) to be transmitted via the communication line 200 as an input signal to the transceiver 10 . At this time, the controller 20 outputs a message including the ID to the transceiver 10. Further, the controller 20 receives a message (received signal) received via the communication line 200 as an output signal of the transceiver 10 . Controller 20 is sometimes called a CAN controller. The message sent via the communication line 200 can also be called a transmission message. The message received via the communication line 200 can also be called a received message.

The transceiver 10 includes a transmitter 11, a receiver 12, a controller 13, and the like. The transmitter 11 and the receiver 12 are connected to a CANH line 201 and a CANL line 202 of a communication line 200. The transmitter 11 transmits a message input from the controller 20 through the communication line 200 . The receiving unit 12 outputs the message received from the communication line 200 to the controller 20. That is, transceiver 10 converts the message received from controller 20 from a bit level to a voltage level and transmits it to communication line 200. Further, the transceiver 10 reads the voltage level from the communication line 200, converts the voltage level to a bit level, and outputs the converted bit level to the controller 20.

The control unit 13 includes a processing unit 131 such as a CPU, and a storage unit 132 including a volatile memory such as a RAM and a nonvolatile memory such as a flash memory. CPU is an abbreviation for Central Processing Unit. RAM is an abbreviation for Random Access Memory.

The processing unit 131 receives a message output from the controller 20 as input. The processing unit 131 extracts the ID included in the message and stores the extracted ID in the storage unit 132. Preferably, the processing unit 131 stores the ID in a nonvolatile memory in the storage unit 132. In this way, the storage unit 132 stores the ID included in the message.

Electronic control device 100 sends multiple different messages. Therefore, the processing unit 131 receives a plurality of different messages. Therefore, the storage unit 132 stores a plurality of IDs. It is preferable that the ID is stored in the storage unit 132 in an erasable state.

Further, the processing unit 131 receives the received message output from the receiving unit 12 as input. The processing unit 131 extracts the ID included in the received message. The processing unit 131 then detects whether an unauthorized device is connected to the communication line 200 based on the ID extracted from the received message and the ID stored in the storage unit 132. In other words, the processing unit 131 detects spoofing. The unauthorized device is not an electronic control device that is legally attached to the communication line 200, but is an electronic device that is illegally connected to the communication line 200 by a malicious third party or the like. Transceiver 10 is sometimes referred to as a CAN transceiver.

<Processing operation>
The processing operation of the transceiver 10 will be explained using FIGS. 3 to 6. First, processing operations when transmitting a message will be described using FIG. 3. When the transceiver 10 receives an input signal from the controller 20, it starts processing the flowchart shown in FIG.

In step S10, the ID is detected from the input signal. That is, the processing unit 131 extracts the ID from the message that is the input signal.

In step S11, it is determined whether the same ID is stored in the storage unit 132. The processing unit 131 checks whether the ID extracted in step S10 is already stored in the storage unit 132. That is, the processing unit 131 checks whether the currently input message has been input in the past. It can also be said that the processing unit 131 checks whether the ID included in the current message needs to be stored in the storage unit 132.

If the processing unit 131 determines that the ID extracted in step S10 is already stored in the storage unit 132, it considers that there is no need to store the ID and ends the flowchart of FIG. 3. If the processing unit 131 determines that the ID extracted in step S10 is not stored in the storage unit 132, it determines that the ID needs to be stored and proceeds to step S12.

In step S12, the ID is added to the storage unit 132. The processing unit 131 stores the ID extracted in step S10 in the storage unit 132. This is to compare the ID included in the received message to determine whether or not an unauthorized device is connected to the communication line 200.

Next, processing operations when receiving a message will be described using FIG. 4. When the transceiver 10 receives the received message from the receiving unit 12, it starts the process of the flowchart shown in FIG.

In step S20, the ID is detected from the output signal. That is, the processing unit 131 extracts the ID from the received message that is the output signal.

In step S21, it is determined whether the same ID is stored in the storage unit 132. The processing unit 131 checks whether the ID extracted in step S20 is stored in the storage unit 132. The processing unit 131 performs a check in step S21 in order to determine whether a message that is supposed to be transmitted only by the electronic control device 100 in which the processing unit 131 is installed has been received. That is, the processing unit 131 performs the check in step S21 to determine whether an unauthorized device is connected to the communication line 200.

If the processing unit 131 determines that the ID extracted in step S20 is stored in the storage unit 132, it assumes that there is a possibility that an unauthorized device is connected to the communication line 200, and proceeds to step S22. If the processing unit 131 determines that the ID extracted in step S10 is not stored in the storage unit 132, it assumes that the unauthorized device is not connected to the communication line 200, and ends the flowchart of FIG.

In step S22, it is determined whether the input signal ID=output signal ID. The processing unit 131 determines whether the ID included in the input signal and the ID included in the output signal match. That is, the processing unit 131 determines whether the ID included in the message input from the controller 20 matches the ID included in the received message output to the controller 20 within a predetermined time after the message is input. .

If the processing unit 131 does not determine that they match, the process proceeds to step S23. On the other hand, if the processing unit 131 determines that they match, the processing unit 131 ends the flowchart of FIG. 4 without proceeding to step S23.

If the input signal ID does not equal the output signal ID, it can be assumed that a message sent by an unauthorized device has been received via the communication line 200. Therefore, if the processing unit 131 does not determine that they match, it assumes that an unauthorized device is connected to the communication line 200 and proceeds to step S23.

On the other hand, if the input signal ID=output signal ID, it can be assumed that the processing section 131 has received the message transmitted by the processing section 131 via the communication line 200. Therefore, even if the processing unit 131 makes a YES determination in step S21, it does not determine that an unauthorized device is connected to the communication line 200 if the input signal ID=output signal ID. As a result, the transceiver 10 can prevent the transceiver 10 from erroneously determining that an unauthorized device is connected based on the message it has transmitted.

Note that in the present disclosure, step S22 can also be omitted. In this case, if the same ID as the ID included in the received message is stored in the storage unit 132, the processing unit 131 determines that an unauthorized device has been connected to the communication line 200.

In step S23, an error frame is transmitted to the communication line. The processing unit 131 transmits an error frame via the transmitting unit 11 in order to prevent frames transmitted by an unauthorized device from continuously flowing to the communication line 200. In other words, the processing unit 131 transmits an error frame in order to destroy the frame transmitted by the unauthorized device. In this embodiment, as an example of an error frame, a dominant level signal is continuously transmitted for a certain period of time.

Further, when determining that an unauthorized device is connected to the communication line 200, the processing unit 131 may notify the controller 20 that the unauthorized device has been connected to the communication line 200. That is, when the determination is NO in step S22, the processing unit 131 executes at least one of step S23 and notification to the controller 20.

Furthermore, the transceiver 10 may start the process of the flowchart shown in FIG. 5 every time it extracts an ID from a message that is an input signal.

In step S30, the time (time) when each ID stored in the storage unit 132 was last input is recorded. The processing unit 131 records the time when each ID was input. Furthermore, the processing unit 131 updates the time every time each ID is input. Accordingly, the processing unit 131 records the time when each ID was last input. Furthermore, the processing unit 131 records each ID and time in association with each other in the storage unit 132 or the like. Note that the time when each ID is input can also be said to be the time when the ID is extracted from each input message.

In step S31, it is determined whether a certain period of time has elapsed. The processing unit 131 determines whether a certain period of time has passed since the start of the operation. If the processing unit 131 determines that the predetermined time has elapsed, the process proceeds to step S32, and if it does not determine that the predetermined time has elapsed, the process returns to step S30. Note that the processing unit 131 can measure the elapsed time using a timer or the like.

In step S32, it is determined whether there is any ID for which no input has been made for a reference time or longer. The processing unit 131 determines whether there is an ID that has not been input to the transceiver 10 for a reference time or more since the last input time.

The processing unit 131 measures the elapsed time from the last input time for each ID, and determines whether there is any ID for which the elapsed time exceeds the reference time. If the processing unit 131 determines that there is an ID for which no input has been made for longer than the reference time, it assumes that the corresponding ID exists and proceeds to step S33. Furthermore, if the processing unit 131 determines that there is an ID for which no input has been made for longer than the reference time, it can be said that the process proceeds to step S33, assuming that the elapsed time since the extraction of the ID has not reached the reference value.

On the other hand, if the processing unit 131 does not determine that there is an ID for which no input has been made for longer than the reference time, it assumes that there is no corresponding ID and ends the flowchart of FIG. The relevant ID is an ID that has not been input to the transceiver 10 for a reference time or longer. Note that the reference time corresponds to a reference value.

In step S33, the corresponding ID is deleted from the storage unit 132. The processing unit 131 deletes the corresponding ID from the storage unit 132.

Furthermore, the transceiver 10 may start the process of the flowchart shown in FIG. 6 every time it reads an ID from a message that is an input signal.

In step S40, the number of inputs for each ID stored in the storage unit 132 is recorded. The processing unit 131 updates the number of inputs each time each ID is input. The processing unit 131 associates each ID with the number of inputs and records them in the storage unit 132 or the like. Note that the number of times each ID is input can also be said to be the number of times the ID is extracted from each input message. The number of times each ID is input can also be said to be the number of times each input message is transmitted.

In step S41, it is determined whether the total number of inputs is equal to or greater than a certain number of times. If the processing unit 131 determines that the total number of inputs for each ID is equal to or greater than the predetermined number of times after starting the operation, the processing section 131 proceeds to step S42, and if it does not determine that the total number of inputs for each ID is equal to or greater than the predetermined number of times, it returns to step S40. Note that the processing unit 131 can count the number of inputs using a counter or the like.

In step S42, it is determined whether there is an ID whose number of inputs is equal to or less than a reference number of times. The processing unit 131 determines whether there is an ID whose number of inputs is equal to or less than a reference number of times. The processing unit 131 counts the number of inputs for each ID, and determines whether there is any ID for which the number of inputs is less than the reference number of times. When the processing unit 131 determines that there is an ID that is equal to or less than the reference number of times, it is assumed that there is a corresponding ID, and the process proceeds to step S43. Furthermore, if the processing unit 131 determines that there is an ID that is less than or equal to the reference number of times, it can be said that the processing unit 131 assumes that the number of times the ID has been extracted does not reach the reference value and proceeds to step S43.

On the other hand, if the processing unit 131 does not determine that there is an ID that is equal to or less than the reference number of times, it assumes that there is no corresponding ID and ends the flowchart of FIG. The corresponding ID is an ID for which the number of inputs is equal to or less than the reference number of times. Note that the reference number of times corresponds to a reference value. Step S43 is similar to step S33.

In this way, the processing unit 131 deletes from the storage unit 132 IDs for which at least one of the elapsed time and the number of transmissions does not reach the reference value. That is, when a plurality of IDs are stored in the storage unit 132, the processing unit 131 deletes from the storage unit 132 only those IDs for which at least one of the elapsed time and the number of transmissions does not reach the reference value.

A message may contain an incorrect ID due to noise or the like. In this case, the processing unit 131 stores the incorrect ID in the storage unit 132. However, the transceiver 10 can delete the incorrect ID from the storage unit 132 by deleting the ID as described above.

<Effect>
According to the transceiver 10 disclosed herein, an ID included in a message, which is a transmission signal, is stored in the storage unit 132. Then, the transceiver 10 determines that an unauthorized device is connected to the communication line 200 when the same ID as the ID included in the received message, which is the received signal, is stored in the storage unit 132. Therefore, the transceiver 10 can determine that an unauthorized device is connected to the communication line 200 using only the electronic control device. Further, since the communication devices 10 and 20 determine whether an unauthorized device is connected by the transceiver 10, there is no need to change the controller 20.

Note that this embodiment employs an example in which the transceiver 10 includes a processing section 131 and a storage section 132. However, the present disclosure is not limited thereto, and the controller 20 may include the processing section 131 and the storage section 132. In this case, the processing section of the controller 20 stores the ID included in the message, which is the transmission signal, in the storage section of the controller 20. Then, the processing unit of the controller 20 determines that an unauthorized device has been connected to the communication line 200 if the same ID as the ID included in the message that is the received signal is stored in the storage unit of the controller 20. In this way, the communication devices 10 and 20 do not depend on the configuration of the transceiver 10 because the controller 20 includes the processing section 131 and the storage section 132, and therefore it is possible to suppress an increase in the cost of the transceiver 10.

Further, the processing unit of the controller 20 may execute steps S22 and S23. Furthermore, when a plurality of IDs are stored in the storage unit, the processing unit of the controller 20 may delete from the storage unit an ID for which at least one of the elapsed time and the number of transmissions does not reach a reference value.

Although the present disclosure has been described in accordance with embodiments, it is understood that the present disclosure is not limited to such embodiments or structures. The present disclosure also includes various modifications and equivalent modifications. In addition, although various combinations and configurations are shown in this disclosure, other combinations and configurations involving only one element, more, or fewer elements are also within the scope and spirit of this disclosure. It is something that can be entered.

DESCRIPTION OF SYMBOLS 10... Transceiver, 11... Transmission part, 12... Receiving part, 13... Control part, 131... Processing part, 132... Storage part, 20... Controller, 100... Electronic control unit, 200... Communication line, 201... CANH line, 202 ...CANL line

Claims (5)

A communication device configured to be able to transmit and receive a plurality of communication signals including unique identification information via a communication line (200),
a controller (20) that outputs a transmission signal as the communication signal transmitted via the communication line, and into which a reception signal as the communication signal received via the communication line is input;
A transceiver (10) connected to the communication line and configured to transmit the transmission signal input from the controller from the communication line and output the reception signal received from the communication line to the controller. ,
The controller outputs the transmission signal including the identification information,
One of the controller and the transceiver,
a storage unit (132) in which the identification information included in the transmission signal is stored;
a processing unit (131) that determines that an unauthorized device is connected to the communication line when the identification information that is the same as the identification information included in the received signal is stored in the storage unit; Device. The communication signal, which is represented by a recessive level signal and a dominant level signal that is given priority over the recessive level signal, is transmitted and received via the paired two-wire communication line using a two-wire operating voltage method. It is a thing,
The communication device according to claim 1, wherein the processing unit continues to transmit the dominant level signal for a certain period of time when determining that the unauthorized device is connected to the communication line. The processing unit is provided in the transceiver, and when determining that the unauthorized device is connected to the communication line, the processing unit notifies the controller that the unauthorized device is connected to the communication line. 2. The communication device according to 2. The processing unit extracts the identification information from the transmission signal and stores the identification information in the storage unit, and the processing unit extracts the identification information from the transmission signal and stores the identification information in the storage unit, and records the elapsed time since extracting the identification information and the number of times the identification information has been extracted. The communication device according to claim 1 or 2, wherein the identification information is deleted from the storage unit when at least one of the identification information does not reach a reference value. The processing unit is provided in the transceiver and is configured to process the identification information included in the transmission signal inputted from the controller and the reception signal outputted to the controller within a predetermined time after the transmission signal is inputted. 3. The communication device according to claim 1, wherein when the identification information included in the identification information matches, it is not determined that the unauthorized device is connected to the communication line.

Images