JP6994616B2 - Radios, roadside communicators, communication packet transmission methods, and computer programs - Google Patents

Description

The present disclosure relates to radios, roadside communicators , communication packet transmission methods , and computer programs.

In recent years, intelligent transportation systems (ITS) based on road-to-vehicle communication and vehicle-to-vehicle communication have been studied. Road-to-vehicle communication is communication between a roadside communication device and an in-vehicle communication device (mobile communication device), and vehicle-to-vehicle communication is communication between an in-vehicle communication device (mobile communication device).
Standards and guidelines have been established for communication methods and security for such intelligent transportation systems (see, for example, Non-Patent Documents 1 and 2).

In the intelligent transportation system, each communication device has various functions related to security, and among them, it may have a defense function against so-called replay attacks.
As described in Non-Patent Document 2 below, a replay attack is to reuse and transmit previously transmitted information and impersonate a roadside communication device or an in-vehicle communication device to deliver erroneous information. It is an attack that causes confusion in the system.

For example, Patent Document 1 below describes a defense process for defending against a replay attack. That is, the packet containing the transmission time information is transmitted to the transmitting side communication device, and the receiving side communication device receiving this packet extracts the transmission time information stored in the packet, and the extracted information is used. Compare the indicated transmission time with the current time. If the time difference between the two times is out of the margin of error, the communication device on the receiving side determines that it is a replay attack and discards the packet.

Association of Radio Industries and Businesses, "700MHz Band Intelligent Transport Systems ARIB-STD-T109 1.2 Edition", [online], December 10, 2013, [Search June 27, 2016], Internet < http: // www. arib. or. jp / tyokakenkyu / kikaku_tushin / tushin_kikaku_number. html> ITS Information and Communication Systems Promotion Council, "Security Guidelines for Driving Support Communication Systems ITSFORUM RC-009 1.2 Edition", [online], November 25, 2013, [Search on June 27, 2016], Internet < http: // www. itsforum. gr. jp / Public / J7Database / index. html>

Japanese Unexamined Patent Publication No. 2008-154164

The roadside communication device in the above system includes an application unit that generates application data, and a communication processing unit that performs processing necessary for wireless transmission, such as storing the application data in a communication packet.

The communication processing unit adds transmission date / time information indicating the transmission date / time to the communication packet in order to enable the communication device that receives the communication packet transmitted by the own device to execute the replay attack prevention process.
After adding the transmission date and time information to the communication packet, the communication processing unit transmits the communication packet in a transmission period provided in a predetermined cycle.

Here, in the communication processing unit, the layer that adds the transmission date and time information to the communication packet and the layer that controls the transmission of the communication packet are different. The layer to which the transmission date / time information is added is a higher layer of the layer that controls transmission.
The layer that controls transmission transmits a given communication packet regardless of the transmission date and time information.
Therefore, if a delay occurs in one communication packet before the communication packet to which the transmission date / time information is added is given to the layer that controls transmission, the transmission date / time information is added after the one communication packet. The communication packet after it is sent may be given to the layer that controls transmission first.

In such a case, the later communication packet may be transmitted first, and one communication packet may be transmitted after that.
At this time, the transmission date / time information of the later communication packet indicates a time ahead of the transmission date / time information of one communication packet.
Therefore, the roadside communication device that has received one communication packet and the subsequent communication packet may determine that one communication packet is a replay attack.

The transmission date and time information of one communication packet sent later, which is related to the communication packet transmitted from the same roadside communication device, is later than the transmission date and time information of the communication packet after being sent earlier. This is because it lacks validity because it indicates the time (past time).

As described above, due to the delay in the transmission timing due to the processing after the addition of the transmission date / time information, the replay attack may be determined even though the communication packet is normal.

The radio according to the embodiment is a radio that transmits wirelessly with a roadside communication device that transmits a road-to-road communication packet to which transmission date / time information is added and also transmits a road-to-vehicle communication packet to which transmission date / time information is added. A wireless communication unit that receives the road-to-road communication packet and the road-to-vehicle communication packet as a reception packet, identification information included in the reception packet indicating a transmission source communication device, and transmission. A determination unit for determining whether or not a replay attack has been made by the received packet based on the date and time information is provided, and the determination unit is referred to as a reference date and time to be compared with the transmission date and time information in order to determine the replay attack. The information is determined by using the discrimination information included in the received packet for discriminating whether the received packet is the road-to-road communication packet or the road-to-vehicle communication packet.

Further, the radio device according to the embodiment is predetermined with respect to the date / time information setting unit that adds transmission date / time information indicating the transmission date / time of the communication packet to the communication packet and the communication packet to which the transmission date / time information is added. The transmission control unit is provided with a transmission control unit that allocates a transmission period provided in a cycle and controls the transmission in sequence, and the date and time information setting unit uses the transmission control unit to set the transmission period assigned to the communication packet. If a period of at least one cycle or more has passed since the communication packet can be transmitted , an indefinite value or a predetermined transmission date and time of the communication packet transmitted immediately before by the own machine is specified instead of the transmission date and time information. Other transmission date / time information indicating the date / time to which the period is added is added to the communication packet.

The roadside communication device according to the embodiment includes the above-mentioned radio device.

Further, the determination method according to one embodiment is the road transmitted from the roadside communication device that transmits the road-to-road communication packet to which the transmission date / time information is added and the road-to-vehicle communication packet to which the transmission date / time information is added. A reception step for receiving the road-to-road communication packet and the road-to-vehicle communication packet as a reception packet, identification information indicating a transmission source communication device included in the reception packet received in the reception step, and the transmission date and time. The determination step includes a determination step of determining whether or not a replay attack has been made by the received packet based on the information, and the determination step includes reference date and time information to be compared with the transmission date and time information in order to determine the replay attack. Is determined by using the discrimination information included in the received packet for discriminating whether the received packet is the road-to-road communication packet or the road-to-vehicle communication packet.

A computer program according to an embodiment is a computer program for causing a computer to determine whether or not a communication packet is a replay attack, and the inter-road communication packet to which transmission date and time information is added is sent to the computer. In the reception step of receiving the road-to-road communication packet and the road-to-vehicle communication packet transmitted from the roadside communication device that transmits the road-to-vehicle communication packet to which the transmission date and time information is added as a reception packet, and the reception step. The determination step of determining whether or not a replay attack was made by the received packet based on the identification information indicating the transmission source communication device included in the received packet and the transmission date / time information is executed. The determination step is a computer program for causing the reception packet to include reference date and time information to be compared with the transmission date and time information for determining the replay attack, and the reception packet is between the roads. It is a computer program determined by using discrimination information for discriminating between a communication packet and the road-to-vehicle communication packet.

According to the present disclosure, it is possible to prevent a communication packet from being erroneously determined as a replay attack .

It is a schematic perspective view which shows the whole structure of the intelligent transportation system (ITS) which concerns on embodiment. It is a block diagram which shows the structure of the roadside communication apparatus and the vehicle-mounted communication apparatus which concerns on this embodiment. (A) is a diagram showing a wireless frame used in this wireless communication system, (b) is a diagram showing an example of a transmission period and a transmission prohibition period of a roadside communication device set according to the wireless frame, (c) is a diagram. , Is a diagram showing an example of a transmission prohibition period of an in-vehicle communication device. It is a figure which shows an example of the communication packet transmitted by the roadside communication device. The protocol stack shown in the standard of Non-Patent Document 1 plus the extended layer EL shown in the guideline of Non-Patent Document 2 is shown. It is a block diagram which showed a part of the function which a communication processing apparatus of a roadside communication device has. It is a flowchart which shows an example of the determination processing performed by the determination unit. It is a figure which shows the communication process when a roadside communication device transmits a communication packet. It is a figure which shows the communication packet which concerns on the modification. It is a flowchart which shows the transmission processing of the roadside communication packet executed by the communication processing part of the roadside communication device which concerns on another embodiment.

[Explanation of Embodiment]
First, the contents of the embodiments will be listed and described.
(1) The radio device according to the embodiment is wireless with a roadside communication device that transmits a road-to-road communication packet to which transmission date and time information is added and also transmits a road-to-vehicle communication packet to which transmission date and time information is added. A radio communication unit that communicates with a radio communication unit that receives the road-to-road communication packet and the road-to-vehicle communication packet as a reception packet, and identification information including a transmission packet indicating a transmission source communication device included in the reception packet. A determination unit for determining whether or not a replay attack has been made by the received packet based on the transmission date / time information is provided, and the determination unit is compared with the transmission date / time information in order to determine the replay attack. The reference date and time information is determined by using the discrimination information included in the received packet for discriminating whether the received packet is the road-to-road communication packet or the road-to-vehicle communication packet.

According to the radio device having the above configuration, the reception packet is determined because the reference date and time information is determined after determining whether the received packet is a road-to-road communication packet or the road-to-vehicle communication packet using the discrimination information. Before determining whether or not is a replay attack, it is possible to identify whether the received packet is a road-to-road communication packet or a road-to-vehicle communication packet.
Therefore, when determining the received packet, the determination unit can determine the transmission date / time information obtained from the packets of the same communication type as the reference date / time information, and can compare the transmission date / time information between the same communication types.
As a result, if the transmission timing of the road-to-road communication packet is delayed, the relationship between the transmission date and time between the road-to-road communication packet and the road-to-vehicle communication packet and the relationship between the actual transmission timing are inconsistent. Even if it occurs, the determination unit compares the transmission date and time between the inter-road communication packets. As a result, the replay attack can be appropriately determined regardless of the delay in the transmission timing of the inter-road communication packet.

(2) In the radio, the received packet includes a field in which application data is stored and a control field in which control data necessary for wireless communication is stored, and the discrimination information is the control field. It is preferably stored in.
In this case, the discrimination information can be acquired without imposing a load on the application.

(3) Further, the radio device according to the embodiment has a date / time information setting unit that adds transmission date / time information indicating the transmission date / time of the communication packet to the communication packet, and the communication packet to which the transmission date / time information is added. The transmission control unit is provided with a transmission control unit that allocates and controls transmission periods provided in a predetermined cycle, and the date and time information setting unit has the transmission control unit that is assigned to the communication packet. If the communication packet is provided at least one cycle after the communication packet can be transmitted by the unit, an indefinite value or a communication packet transmitted immediately before by the own machine is transmitted instead of the transmission date / time information. Other transmission date and time information indicating the date and time obtained by adding a predetermined period to the date and time is added to the communication packet.

According to the radio device having the above configuration, the allocated transmission period is set at least one cycle after the communication packet can be transmitted by the transmission control unit, so that the transmission timing of the communication packet is delayed. When is generated, instead of the transmission date / time information, other transmission date / time information indicating an indefinite value or a date / time obtained by adding a predetermined period to the transmission date / time of the communication packet transmitted immediately before is stored in the communication packet whose transmission timing is delayed. Therefore, it is possible to prevent the communication packet from being erroneously determined as a replay attack.

(4) Further, the roadside communication device according to the embodiment includes the radios according to the above (1) to (3).

(5) The determination method according to the embodiment is transmitted from a roadside communication device that transmits an inter-road communication packet to which transmission date and time information is added and also transmits a road-to-vehicle communication packet to which transmission date and time information is added. The reception step of receiving the road-to-road communication packet and the road-to-vehicle communication packet as a reception packet, the identification information indicating the transmission source communication device included in the reception packet received in the reception step, and the transmission. The determination step includes a determination step of determining whether or not a replay attack has been made by the received packet based on the date and time information, and the determination step is a reference date and time to be compared with the transmission date and time information in order to determine the replay attack. The information is determined by using the discrimination information included in the received packet for discriminating whether the received packet is the road-to-road communication packet or the road-to-vehicle communication packet.

(6) Further, the computer program according to the embodiment is a computer program for causing the computer to determine whether or not the communication packet is a replay attack, and the transmission date and time information is added to the computer. With a reception step of receiving the road-to-road communication packet and the road-to-vehicle communication packet transmitted from the roadside communication device that transmits the road-to-vehicle communication packet and the road-to-vehicle communication packet to which the transmission date and time information is added as a reception packet. , A determination to determine whether or not a replay attack was made by the received packet based on the identification information indicating the transmission source communication device included in the received packet received in the receiving step and the transmission date and time information. The determination step is a computer program for executing the step, and the determination step includes the reference date and time information to be compared with the transmission date and time information in order to determine the replay attack, in the received packet. Is a computer program determined by using discrimination information for discriminating between the road-to-road communication packet and the road-to-vehicle communication packet.

[Details of the embodiment]
Hereinafter, preferred embodiments will be described with reference to the drawings.
In addition, at least a part of each embodiment described below may be arbitrarily combined.
[Communication system configuration]
FIG. 1 is a schematic perspective view showing an overall configuration of an intelligent transportation system (ITS) according to an embodiment. In this embodiment, as an example of the road structure, a grid structure in which a plurality of roads in the north-south direction and the east-west direction intersect each other is assumed.
As shown in FIG. 1, the intelligent transportation system of the present embodiment includes a traffic signal 1, a roadside communication device 2, an in-vehicle communication device (mobile communication device) 3, a central device 4, and a vehicle 5 equipped with the in-vehicle communication device 3. It also includes a roadside sensor 6 including a vehicle detector, a surveillance camera, and the like.
It should be noted that the points not particularly described in this embodiment are based on Non-Patent Document 1.

The traffic signal 1 and the roadside communication device 2 are installed at each of the plurality of intersections J1 to J16, and are connected to the router 8 via a wired communication line 7 such as a telephone line. This router 8 is connected to the central device 4 in the traffic control center.
The central device 4 constitutes a traffic signal 1 and a roadside communication device 2 in an area under its jurisdiction and a LAN (Local Area Network). The central device 4 may be installed on the road instead of the traffic control center.

Roadside sensors 6 are installed at various places on the road in the jurisdiction area for the purpose of counting the number of vehicles flowing in or out of each intersection. The roadside sensor 6 comprises a vehicle detector that ultrasonically detects a vehicle 5 passing directly underneath, a surveillance camera that captures the traffic condition of the road in chronological order, and the like, and the detection information and image data are connected to the wired communication line 7. It is transmitted to the central device 4 via. In addition, in FIG. 1, for simplification of the illustration, only one signal lamp is drawn at each intersection, but at each actual intersection, at least four signal lamps are used for going up and down the roads that intersect each other. A vessel is installed.

In an intelligent transportation system, a plurality of roadside communication devices 2 installed at each of a plurality of intersections constituting a wireless communication system communicate wirelessly (road-to-vehicle communication) with an in-vehicle communication device 3 of a vehicle traveling around the roadside communication device 2. ) Is possible.
Further, each roadside communication device 2 is capable of wireless communication (roadside communication) with other roadside communication devices 2 located within a predetermined range reached by its own transmission wave.
Further, the in-vehicle communication device 3 that also constitutes the wireless communication system performs wireless communication (inter-vehicle communication) with the roadside communication device 2 by a carrier sense method, and also wirelessly communicates with another in-vehicle communication device 3 (vehicle). Inter-vehicle communication) is possible.

The roadside communication is communication performed between roadside communication devices 2, and is performed by one roadside communication device 2 transmitting a communication packet to another roadside communication device 2.
Further, road-to-vehicle communication is communication performed between the roadside communication device 2 and the vehicle-mounted communication device 3, and the roadside communication device 2 broadcasts a communication packet (road-vehicle communication information) to the vehicle-mounted communication device 3. It is done by doing.
Further, vehicle-to-vehicle communication is communication performed between vehicle-mounted communication devices 3, and is performed by transmitting a communication packet (vehicle-to-vehicle communication information) by a carrier sense method.
Further, the inter-vehicle communication is a communication performed between the in-vehicle communication device 3 and the roadside communication device 2, and the in-vehicle communication device 3 is directed to the roadside communication device 2 by a carrier sense method and a communication packet (inter-roadway communication). It is done by transmitting communication information).

FIG. 2 is a block diagram showing the configurations of the roadside communication device 2 and the vehicle-mounted communication device 3 according to the present embodiment.
As shown in FIG. 2, the roadside communication device 2 includes a wireless communication unit 21 to which an antenna 20 for wireless communication is connected, and a wired communication unit 22 for communicating with a central device 4 via a wired communication line 7. A communication processing device 23 that performs processing related to communication control is provided.
The communication processing device 23 has a function of controlling the wireless communication unit 21 and performing processing related to wireless communication and wired communication. As a result, the communication processing device 23 performs road vehicle or vehicle-to-vehicle communication, road-to-road communication, and wire communication with the central device 4 via the wired communication line 7.

The communication processing device 23 includes a storage unit (not shown), which stores information necessary for wireless communication and wired communication, a program for realizing each function described later, and the like. Applications, etc. for executing various processes of are installed.

The in-vehicle communication device 3 includes a wireless communication unit 28 to which an antenna 27 for wireless communication is connected, and a communication processing device 29.
The communication processing device 29 has the same configuration as the communication processing device 23 of the roadside communication device 2, controls the wireless communication unit 28, and has a function related to wireless communication. As a result, the communication processing device 29 performs vehicle-to-vehicle communication and road-to-vehicle communication. Further, the communication processing device 29 is provided with a storage unit (not shown), and information necessary for vehicle-to-vehicle communication and road-to-vehicle communication, applications for executing various processes described later, and the like are installed. There is.

A part or all of the functions of the communication processing device 23 and the communication processing device 29 may be configured by a hardware circuit, or a part or all of the functions may be realized by a computer program. .. When a part or all of the functions are realized by a computer program, the communication processing device 23 and the communication processing device 29 include a computer, and the computer program executed by the computer is stored in the storage unit.

FIG. 3A is a diagram showing a wireless frame used in this wireless communication system.
As shown in FIG. 3A, the length (frame length) of the wireless frame (super frame) in the time axis direction is set to 100 milliseconds. Further, the wireless frames are arranged side by side in the time axis direction. That is, 10 wireless frames are arranged per second.
The wireless frame is set based on, for example, a 1PPS (One Pulse Per Second) signal (a signal having a period of 1 second) obtained from a GPS signal received by a GPS receiver (not shown) included in the roadside communication device 2.

One radio frame includes a plurality of time slots 30.
The time slot 30 is a communication time slot (roadside device communication period) assigned to the roadside communication device 2, and the roadside communication device 2 to which the transmission period is assigned to any of the time slots 30 is assigned. The transmission period for wireless transmission by the roadside communication device 2 is set in the time slot 30. Up to 16 time slots 30 can be set in one wireless frame (100 milliseconds).

Each time slot 30 is assigned a slot number (road-to-vehicle communication period number) n (= 1 to 16). The roadside communication device 2 can recognize which time slot 30 is assigned to the own roadside communication device 2 by the slot number n. Since each time slot 30 with the slot number n is arranged one by one in the wireless frame, it is arranged in a cycle of 100 milliseconds (control cycle).

The period other than the time slot 30 assigned to the roadside communication device 2 is a period during which the vehicle-mounted communication device 3 is open for carrier-sense wireless transmission. Therefore, wireless transmission by the roadside communication device 2 is not performed during the period other than the time slot 30 assigned to the roadside communication device 2.

Of the plurality of time slots 30 included in the wireless frame, one or a plurality of time slots 30 are assigned to the roadside communication device 2. The roadside communication device 2 is prohibited from transmitting in a period other than the time slot 30 assigned to the own device 2. That is, for the roadside communication device 2, the period other than the time slot 30 assigned to the own device 2 is the transmission prohibition period.

FIG. 3B is a diagram showing an example of a transmission period and a transmission prohibition period of the roadside communication device 2 set according to the wireless frame. FIG. 3B shows a transmission prohibition period when one time slot 30 with n = 4 is assigned to the roadside communication device 2. The roadside communication device 2 performs wireless transmission in a period (transmission period) other than the transmission prohibition period.

The plurality of time slots 30 are assigned to each roadside communication device 2 so that interference does not occur between the roadside communication devices 2 adjacent to each other.
Each roadside communication device 2 performs wireless transmission in a transmission period determined by the assigned time slot 30.

The roadside communication device 2 packetizes the application data generated by the application of the own roadside communication device 2, and transmits the packet in which the application data is stored in the time slot 30 (transmission period) assigned to the own roadside communication device 2. ..
The application data generated by the application of the roadside communication device 2 includes road-to-vehicle communication information related to safe driving support provided by the system to the in-vehicle communication device 3 and a book provided to another roadside communication device 2. Contains road-to-road communication information related to system management, etc.
The roadside communication device 2 transmits a road-to-vehicle communication packet that is a communication packet that stores road-to-vehicle communication information and a road-to-road communication packet that is a communication packet that stores road-to-road communication information.

During the transmission prohibition period, the roadside communication device 2 intercepts the vehicle-to-vehicle communication and also receives the road-to-vehicle communication packet and the road-to-vehicle communication packet transmitted by the other roadside communication device 2.

FIG. 3C is a diagram showing an example of a transmission prohibition period of the in-vehicle communication device 3. FIG. 3C shows a transmission prohibition period when all the time slots 30 are assigned to any of the roadside communication devices 2.
As described above, the period other than the time slot 30 allocated to the roadside communication device 2 is allocated for the carrier sense type wireless transmission by the vehicle-mounted communication device 3. That is, in the case of FIG. 3C in which all the time slots 30 are assigned to the roadside communication device 2, the period corresponding to each time slot 30 is the transmission prohibition period.
The in-vehicle communication device 3 performs wireless transmission by a carrier sense method in a period other than these transmission prohibition periods.

As described above, since the period other than the time slot 30 assigned to the roadside communication device 2 is allocated as the period for wireless transmission of the in-vehicle communication device 3, any of the roadside communication devices 2 in the time slot 30 If there is an unused time slot 30, it is allocated to the wireless transmission of the in-vehicle communication device 3 for that period.

FIG. 4 is a diagram showing an example of a communication packet transmitted by the roadside communication device 2.
This communication packet is for the roadside communication device 2 to store and transmit various information to another roadside communication device 2 or an in-vehicle communication device 3 by road-to-road communication or road-to-vehicle communication. Communication packets are generated by packetizing application data.

The communication packet has a communication header and a communication footer at the front and rear portions, and has a security header, a data area, and a security footer between the communication header and the communication footer. The data area is provided between the security header and the security footer.

The data area mainly stores application data such as road-to-road communication information and road-to-vehicle communication information generated by the application of the roadside communication device 2.
In the case of a communication packet used for road-to-vehicle communication, information about a service for the in-vehicle communication device 3 is stored as application data in the data area.
Further, in the case of a communication packet used for road-to-road communication, information on services shared in road-to-road communication, information on equipment maintenance, and the like are stored as application data in the data area.

While the data area is a field for storing application data, the communication header, security header, security footer, and communication footer constitute a control field for storing control data necessary for wireless communication.

In the communication header, transmission setting value information and the like related to the time slot assigned as the transmission period to the roadside communication device 2 are stored. The transmission set value information is information indicating the transmission timing of the roadside communication device 2 in the wireless frame.

The security header stores the device ID of the roadside communication device 2 which is the own device, the key ID of the communication key (common key) used for encrypting wireless communication, the transmission date / time information, and the like.

The device ID is identification information unique to the communication device that is the source of the communication packet.
The key ID is information for identifying and selecting a communication key. As the communication key, different keys are used depending on the communication type such as road-to-road communication and road-to-vehicle communication. Therefore, the communication type (transmission category) of the communication packet can be determined by referring to the key ID of the communication key.
The transmission date / time information is information indicating the transmission date / time when the roadside communication device 2 which is the transmission source transmits the communication packet.

The security footer stores a MAC (Message Authentication Code) or the like for detecting falsification of a message and guaranteeing the safety of the message.
Further, as the device ID, type information of a communication device that is a transmission source of the packet, such as a roadside communication device, an in-vehicle communication device of a general vehicle, or an in-vehicle communication device of a priority vehicle, may be stored.

The transmission date / time information stored in the communication packet (security header) is whether or not the communication packet is a packet for replay attack purpose by the communication device (roadside communication device 2 and in-vehicle communication device 3) that receives the communication packet. It is used to judge.

FIG. 5 shows the protocol stack shown in the standard of Non-Patent Document 1 plus the extended layer EL shown in the guideline of Non-Patent Document 2.
The protocol stack defined in Non-Patent Document 1 includes layer 1 (L1, physical layer: Physical Layer), layer 2 (L2, data link layer: Data Link Layer), and vehicle-to-vehicle / road-to-vehicle shared communication control information layer (IVC). -RVC layer: Inter-Vehicle Communication-Road to Physical Communication Layer) and Layer 7 (L7, application layer: Application Layer). Each tier and application AP can access system management with information for system management.

Layer 1 operates in accordance with the physical layer specified in 802.11.
Layer 2 is composed of a MAC sub-layer (Medium Access Control sublayer) and an LLC sub-layer (Logical Link Control sublayer). The MAC sub-layer performs frame control and broadcast communication as communication management of the wireless channel. The LLC sub-layer provides a connectionless communication service without confirmation in order to perform packet transmission between higher-level entities.

The vehicle-to-vehicle / road-to-vehicle shared communication control information layer (IVC-RVC layer) generates and manages information necessary for vehicle-to-vehicle / road-to-vehicle shared communication control.
More specifically, the IVC-RVC layer provides source identification information, synchronization control information, and information regarding transmission setting values (transmission setting value information) regarding the period length of the time slot in the wireless frame when transmitting a communication packet. Add to application data.

Layer 7 is for providing a communication control means to the application AP.
The application AP has a function of processing application data such as vehicle information, service support information, and signal information. The application AP gives the application data to be transmitted to another communication device to the layer 7, and acquires the application data stored in the received communication packet from the layer 7.

The expansion layer EL exists as an upper layer of the layer 7, and is for expanding the communication function between the application AP and the layer 7.
The extended layer EL can access the security management SEC together with the layer 7.

Security management The SEC performs processing related to the security of communication packets.
A security header and a security footer are added to the expansion layer EL of the communication devices 2 and 3 on the receiving side, and encrypted application data is given from the lower layer (layer 7). Given the application data, the extension layer EL gives the application data to the security management SEC. Security management SEC performs security processing such as decryption on the given application data. The security management SEC provides the application data to which security processing has been performed to the extended layer EL. The expansion layer EL gives this application data to the application AP.

Further, when the application data is given from the application AP, the expansion layer ELs of the communication devices 2 and 3 on the transmitting side give the application data to the security management SEC.
Security management SEC performs security processing such as encryption on the given application data.
Further, the security management SEC adds a security header and a security footer to the application data (FIG. 4). That is, the security management SEC adds the device ID, the key ID, and the transmission date / time information to the communication packet.

The security management SEC, for example, adds transmission date / time information when application data is given. The security management SEC generates the time measured by the own machine as the transmission date / time information immediately before adding the transmission date / time information. The security management SEC adds the generated transmission date / time information to the application data.

Security management SEC provides application data that has undergone security processing such as encryption to the extended layer EL. After that, the expansion layer EL performs the processing necessary for transmission on the application data, and gives the processed application data to the lower layer (layer 7).
Next, the application data is given to the IVC-RVC layer, and the transmission setting value information is added to the communication header by the IVC-RVC layer. After that, the application data is given to layer 2 and packetized to be a communication packet. Further, this communication packet is given to layer 1 and wirelessly transmitted.

The functions corresponding to the expansion layer EL, layer 7, IVC-RVC layer, layer 2, application AP, security management SEC, and system management shown in FIG. 5 are the communication processing device 23 and the in-vehicle communication device 3 of the roadside communication device 2. It is realized by the communication processing device 29. Further, the function of layer 1 is realized by the wireless communication unit 21 of the roadside communication device 2 and the wireless communication unit 28 of the vehicle-mounted communication device 3.

Of the communication processing devices 23, the function corresponding to the application AP in FIG. 5 is referred to as an "application unit 31", and in FIG. 5, a function lower than the application AP (extended layer EL, layer 7, IVC-RVC). Layer, layer 2, security management SEC, and system management) are referred to as "communication processing unit 32".

[About judgment processing]
FIG. 6 is a block diagram showing a part of the functions possessed by the communication processing device 23 of the roadside communication device 2.
The communication processing device 23 includes the above-mentioned application unit 31 and a communication processing unit 32. Further, the communication processing unit 32 functionally includes a determination unit 36 and a storage unit 38.

The determination unit 36 has a function of executing a determination process for determining whether or not the communication packet received by the own road side communication device 2 is a replay attack.
The storage unit 38 stores a reception record table for registering a reception record of a communication packet received by the own roadside communication device 2. This reception record table is used for the determination process of the replay attack performed by the determination unit 36.

The reception record table is a table for registering the transmission date / time information of the received communication packet for each communication type. In the reception record table, the device ID of the transmission source added to the received communication packet and the transmission date / time information are associated with each other and registered for each communication type.

Each time the determination unit 36 receives a communication packet, the determination unit 36 refers to the key ID of the communication key stored in the security header of the received communication packet, the device ID of the transmission source, and the transmission date / time information, and describes the following. The determination process is executed, and the device ID and transmission date / time information are registered in the reception record table according to the determination result.

FIG. 7 is a flowchart showing an example of the determination process performed by the determination unit 36.
First, the determination unit 36 determines whether or not a communication packet has been received (step S1). If it is determined that the communication packet has not been received, the determination unit 36 returns to step S1 again. As a result, the determination unit 36 repeats the determination in step S1 until the communication packet is received.

When it is determined that the communication packet has been received in step S1, the determination unit 36 refers to the key ID attached to the received communication packet (received packet), the device ID of the transmission source, and the transmission date / time information.
Further, the determination unit 36 determines whether or not the received communication packet is an inter-road communication packet (step S2).
The determination unit 36 determines whether or not the packet is an inter-road communication packet by referring to the key ID of the communication key of the received communication packet.

As described above, different keys are used as the communication keys depending on the communication type (road-to-road communication and road-to-vehicle communication). That is, the key ID of this communication key constitutes information for determining that the communication packet is an inter-road communication packet.
The determination unit 36 stores the communication type and the key ID in association with each other in advance. Therefore, the determination unit 36 can determine the communication type of the communication packet by referring to the key ID of the communication key.

If it is determined that the communication packet received in step S2 is not an inter-road communication packet, the determination unit 36 returns to step S1. Therefore, when the received communication packet is a road-to-vehicle communication packet, the determination unit 36 does not determine whether or not it is a replay attack, and waits for the reception of the next communication packet (step S1).

When it is determined that the communication packet received in step S2 is an inter-road communication packet, the determination unit 36 determines whether or not the received communication packet is a replay attack.
That is, when it is determined that the received communication packet is an inter-road communication packet, the determination unit 36 proceeds to step S3, refers to the reception recording table stored in the storage unit 38, and records the reception of the inter-road communication packet. It is determined whether or not there is the same device ID as the device ID of the received communication packet in the device (step S3).

When it is determined in step S3 that the received record of the inter-road communication packet contains the same device ID as the device ID of the received communication packet, the determination unit 36 determines the past transmission date and time information registered in the reception record table. And the transmission date and time information added to the communication packet received this time are compared (step S4).

That is, the determination unit 36 is included in the reception record of the inter-road communication packet as the transmission date / time information (reference date / time information) to be referred to, which is compared with the transmission date / time information of the communication packet received to determine the replay attack. The past transmission date and time information registered in association with the device ID of the received communication packet existing in is determined and compared (step S2, step S4).
Further, the determination unit 36 determines that the reference date / time information is included in the received communication packet and is a communication key as discrimination information for determining whether the communication packet is a road-to-road communication packet or a road-to-vehicle communication packet. Determined using the key ID.

In step S4, the determination unit 36 determines that the comparison result is not valid when the time indicated by the transmission date / time information of the communication packet received this time does not advance with respect to the past transmission date / time information. When the time indicated by the transmission date / time information of the communication packet received this time does not advance with respect to the past transmission date / time information, the time indicated by the transmission date / time information of the communication packet received this time is the past transmission date / time information. Refers to the case where the time is the same as or more past than the time indicated by.
In the above case, the communication packet received this time has a high possibility of a replay attack. Therefore, the determination unit 36 determines that the communication packet received this time is a replay attack.

Further, the determination unit 36 determines that the comparison result is appropriate when the time indicated by the transmission date / time information of the communication packet received this time is ahead of the time indicated by the past transmission date / time information.
In this case, the communication packet received this time is unlikely to be a replay attack. Therefore, the determination unit 36 determines that the communication packet received this time is not a replay attack.

When step S4 is completed and the process proceeds to step S5 and it is determined that the comparison result in step S4 is appropriate, the determination unit 36 determines that the communication packet received this time is not a replay attack. Therefore, in this case, the determination unit 36 controls so that the road-to-road communication information (application data) stored in the communication packet received this time is given from the communication processing unit 32 to the application unit 31. As a result, the road-to-road communication information stored in the communication packet is processed by the application unit 31 (step S6).

Next, the determination unit 36 updates the reception record table with the device ID of the transmission source received this time and the transmission date / time information (step S7), and registers the transmission date / time information of the communication packet received this time. After that, the determination unit 36 returns to step S1. As a result, the determination unit 36 can perform determination processing when the communication packet of the same device ID is received next time based on the information of the communication packet received this time.

Further, even when it is determined in step S3 that the device ID of the received communication packet is not the same as the device ID in the reception record of the inter-road communication packet, the determination unit 36 proceeds to step S6 and proceeds to the communication processing unit. In 32, the processing of the inter-road communication information stored in the communication packet is executed (step S6), and the device ID of the transmission source received this time and the transmission date / time information are registered in the reception record table (step S7). , Return to step S1.

On the other hand, if it is determined in step S5 that the comparison result in step S4 is not valid, the determination unit 36 determines that the communication packet received this time is a replay attack. Therefore, the determination unit 36 does not give the communication packet received this time to the application unit 31, discards it (step S8), and returns to step S1. Therefore, the application data included in the communication packet received this time is not processed by the application unit 31.

[Transmission of communication packets by roadside communication device]
FIG. 8 is a diagram showing communication processing when the roadside communication device 2 transmits a communication packet. The horizontal axis in the figure indicates time. FIG. 8 shows a process for transmitting a communication packet from the roadside communication device 2 on the transmitting side to the roadside communication device 2 on the receiving side.
In FIG. 8, the vertical direction indicates the processing in the roadside communication device 2 on the transmitting side, and shows the mode of data transfer from the upper layer to the lower layer performed along the processing. In FIG. 8, the application unit 31 (application) is shown in the upper row, and the communication processing unit 32 is shown in the lower row.

In FIG. 8, the application unit 31 generates two types of application data, road-to-vehicle communication data (without hatching) and road-to-road communication data (with hatching).
Further, the application unit 31 and the communication processing unit 32 are configured to perform processing on application data according to, for example, a predetermined control cycle. This control cycle corresponds, for example, to the period of the radio frame of the system.

Here, in FIG. 8, attention is paid to the road-to-vehicle communication data 1 located at the left end of the stage of the application unit 31. When the road-to-vehicle communication data 1 is generated by the application unit 31, it is given to the communication processing unit 32.
The communication processing unit 32 to which the road-to-vehicle communication data 1 is given starts processing necessary for wireless transmission such as security processing. The processing required for this wireless transmission is performed by the extended layer EL, the layer 7, the IVC-RVC layer, the security management SEC, and the system management.
The process required for wireless transmission includes a process of adding transmission date / time information, which is information indicating the transmission date / time, to the road-to-vehicle communication data 1.
The communication processing unit 32 finishes the processing required for this wireless transmission within the control cycle 1. In FIG. 8, the upper stage of the communication processing unit is divided into two, the upper stage is the processing required for wireless transmission (security, etc.), and the lower stage is the processing (MAC) in the MAC sublayer, which is further required for wireless transmission. The processing stage is divided into two, the upper stage is the start of processing and the lower stage is the end of processing.

When the processing required for wireless transmission is completed, the MAC sub-layer of the communication processing unit 32 packetizes the road-to-vehicle communication data 1. Since the transmission date / time information is added to the road-to-vehicle communication data 1, the road-to-vehicle communication data and the transmission date / time information are stored in this communication packet.
Further, the MAC sub-layer of the communication processing unit 32 refers to the transmission setting value information of the road-to-vehicle communication data 1 added to the communication header by the IVC-RVC layer.
The MAC sub-layer controls the transmission of communication packets based on the referenced transmission setting value information.

The MAC sub-layer of the communication processing unit 32 assigns a predetermined time slot specified by transmission setting value information or the like to a road-to-vehicle communication packet in which the road-to-vehicle communication data 1 is packetized, and transmits the packet in the assigned time slot. The communication packet is given to the layer 1 so as to be.

In FIG. 8, the road-to-vehicle communication time slot 301 for transmitting road-to-vehicle communication data and the road-to-road communication time slot 302 for transmitting road-to-road communication data are respectively in one wireless frame. It is set one by one.
The MAC sub-layer of the communication processing unit 32 allocates the road-to-vehicle communication time slot 301 set in the next control cycle 2 to the communication packet of the road-to-vehicle communication data 1 in which the road-to-vehicle communication data 1 is packetized. The communication packet of the road-to-vehicle communication data 1 is given to the layer 1 so as to be wirelessly transmitted in the road-to-vehicle communication time slot 301.
Next, layer 1 of the communication processing unit 32 wirelessly transmits the communication packet of the road-to-vehicle communication data 1 in the road-to-vehicle communication time slot 301 having the control cycle 2.

In this way, when the MAC sub-layer of the communication processing unit 32 finishes the processing required for wireless transmission within the control cycle for the application data given in a certain control cycle, the time set in the next control cycle is set. It is configured to transmit wirelessly using a slot.
Therefore, the processing required for wireless transmission of the application data given in a certain control cycle cannot be completed. For example, if the processing required for wireless transmission is completed within the next control cycle, the communication processing unit 32 further Wireless transmission is performed using the time slot set in the next control cycle.

In principle, the MAC sub-layer wirelessly transmits application data between the same communication types in the order given by the upper layer.
Therefore, regarding the transmission of the communication packet of the inter-road communication, the MAC sub-layer sequentially transmits the communication packet of the inter-road communication to which the transmission date and time information is added in the order given from the upper layer.
Further, regarding the transmission of the communication packet of the road-to-vehicle communication, the MAC sub-layer sequentially transmits the communication packet of the road-to-vehicle communication to which the transmission date / time information is added in the order given from the upper layer.

Further, as described above, the communication processing unit 32 uses both time slots properly according to the communication type. The communication processing unit 32 transmits the road-to-vehicle communication packet using the road-to-vehicle communication time slot 301, and transmits the road-to-road communication packet using the road-to-road communication time slot 302.

Here, focusing on the road-to-road communication data 1 located to the right of the road-to-vehicle communication data 1 in FIG. 8, the road-to-road communication data 1 is generated by the application unit 31 and is generated by the communication processing unit 32. When given, the communication processing unit 32 starts processing necessary for wireless transmission with respect to the inter-road communication data 1, such as adding transmission date and time information within the control cycle 1.
After that, it is assumed that the communication processing unit 32 does not end the processing required for wireless transmission for the inter-road communication data 1 within the control cycle 1, but ends within the control cycle 2 due to a delay.

Since the communication processing unit 32 has completed the processing required for wireless transmission in the control cycle 2, transmit the communication packet of the road-to-road communication data 1 in which the road-to-road communication data 1 is stored in the time slot of the control cycle 2. Instead, wireless transmission is performed using the time slot 302 for inter-road communication set in the control cycle 3.

That is, the communication packet of the road-to-road communication data 1 has a control cycle set after one wireless frame or more, even though the processing required for wireless transmission is completed at an early timing of the control cycle 2 and the communication packet can be transmitted. The time slot 302 for inter-road communication of 3 is assigned. Therefore, a delay occurs in the transmission timing of the communication packet of the inter-road communication data 1.
As described above, the timing of wireless transmission of the communication packet may be delayed in the control cycle (wireless frame) unit depending on the timing at which the processing required for wireless transmission is completed.

On the other hand, the road-to-vehicle communication data 2 generated in the control cycle 2 is given to the communication processing unit 32 in the control cycle 2, and the transmission date / time information is given by the communication processing unit 32, which is necessary for wireless transmission. Is done.
As shown in FIG. 8, it is assumed that the communication processing unit 32 has completed the processing required for wireless transmission of the road-to-vehicle communication data 2 within the control cycle 2. In this case, the communication processing unit 32 uses the road-to-vehicle communication time slot 301 set in the control cycle 3 to transmit the communication packet of the road-to-vehicle communication data 2 in which the road-to-vehicle communication data 2 is stored.

Then, the road-to-vehicle communication data 2 to which the transmission date / time information is added in the control cycle 2 is transmitted at an earlier timing than the road-to-road communication data 1 to which the transmission date / time information is added in the control cycle 1. ..

In this case, the transmission date / time information added to the communication packet of the road-to-vehicle communication data 2 is added after the transmission date / time information of the communication packet of the road-to-road communication data 1. Therefore, the transmission date / time information added to the communication packet of the road-to-vehicle communication data 2 indicates a time after the transmission date / time information added to the communication packet of the road-to-road communication data 1.

Here, whether or not another roadside communication device 2 that has received both the communication packet of the road-to-vehicle communication data 2 and the communication packet of the road-to-road communication data 1 is a replay attack on the communication packet of the road-to-road communication data 1. When making a determination as to whether or not, the other roadside communication device 2 may determine that the communication packet of the roadside communication data 1 is a replay attack even though it is not a replay attack.

As shown by the broken line arrow "comparison determination 1" in FIG. 8, the roadside communication device 2 determines the transmission date and time information of the communication packet of the road-to-vehicle communication data 2 in order to determine the communication packet of the road-to-road communication data 1. May be referred to.
In this case, the transmission date and time information of the communication packet of the road-to-road communication data 1 sent later, which is related to the communication packet transmitted from the same roadside communication device 2, is the road-to-vehicle distance sent earlier. Since it indicates a time (past time) later than the transmission date / time information of the communication packet of the communication data 2, it lacks validity. Therefore, the other roadside communication device 2 determines that the communication packet of the roadside communication data 1 is a replay attack even though it is not a replay attack.

On the other hand, when the roadside communication device 2 of the present embodiment receives a communication packet from another roadside communication device 2 and determines a replay attack, the communication type of the received communication packet is also taken into consideration when making a determination. It is configured. This is configured so that the replay attack can be appropriately determined.

That is, the roadside communication device 2 of the present embodiment identifies the wireless communication unit 21 that receives the road-to-road communication packet and the road-to-vehicle communication packet as the reception packet, and the communication device of the transmission source included in the reception packet. It includes a device ID that is information, and a determination unit 36 that determines whether or not a replay attack has been made by a received packet based on transmission date and time information. Further, the determination unit 36 includes the reference date / time information to be compared with the transmission date / time information in order to determine the replay attack in the received communication packet, and the communication packet is a road-to-road communication packet or a road-to-vehicle communication. It is determined by using the key ID which is the discrimination information for discriminating whether it is a packet.

According to the roadside communication device 2 having the above configuration, the reference date and time information is determined after discriminating whether the received packet is a road-to-road communication packet or the road-to-vehicle communication packet using the discrimination information (step S2 in FIG. 7). Since the replay attack is determined (steps S3 to S5 in FIG. 7), the communication packet is either a road-to-road communication packet or a road-to-vehicle communication packet before determining whether or not the communication packet is a replay attack. It is possible to identify whether it is.
Therefore, when determining the communication packet, the determination unit 36 can compare the transmission date and time information between the inter-road communication packets which are packets of the same communication type.

As described above, the MAC sub-layer of the communication processing unit 32 wirelessly transmits application data between the same communication types in the order given by the upper layer in principle.
Therefore, if the transmission date and time information is compared between the communication packets of the same communication type, the MAC sublayer transmits the communication packets in the time order indicated by the transmission date and time information in the communication packets of the same communication type.

As a result, if the transmission timing of the road-to-road communication packet is delayed, the relationship between the time relationship indicated by the transmission date and time information between the road-to-road communication packet and the road-to-vehicle communication packet and the actual transmission timing. Even if there is a discrepancy in the relationship, the determination unit 36 compares the transmission date and time between the communication packets for inter-road communication (step S2 in FIG. 7). As a result, the replay attack can be appropriately determined regardless of the delay in the transmission timing of the inter-road communication packet.

For example, in FIG. 8, it is assumed that the roadside communication device 2 of the present embodiment receives each communication packet. In this case, the determination unit 36 determines the communication packet of the road-to-road communication data 1 transmitted in the road-to-road communication time slot 302 set in the control cycle 3, which is a broken line arrow in FIG. As shown in "Comparison determination 2", it is compared with the transmission date and time information of the communication packet of the road-to-road communication data 0 transmitted in the control cycle 1, which is the most recently transmitted road-to-road communication packet.
As described above, the determination unit 36 of the present embodiment does not use the transmission date / time information of the communication packet of the road-to-vehicle communication data 2 transmitted in the control cycle 3 in the determination of the road-to-road communication packet.
As a result, even if the transmission timing of the inter-road communication packet is delayed, it is possible to prevent the normal communication packet from being erroneously determined as a replay attack, and it is possible to appropriately determine the replay attack.

In the above embodiment, the key ID used as the discrimination information is stored in the security header which is a control field. Therefore, the determination unit 36 can acquire the key ID without imposing a load on the application.

In the above embodiment, the case where the key ID is used as the information for determining that the communication packet is an inter-road communication packet is illustrated, but the application data is that the communication packet is an inter-road communication packet. If it contains information for determining that, that information may be used.

For example, as shown in FIG. 9, the application data in the data area may include communication type information and service information.
The communication type information is information that identifies whether the communication form of the communication packet including the communication type information is vehicle-to-vehicle communication, road-to-vehicle communication, or road-to-road communication.
Further, the service information is information indicating in what communication form the service provided by the application data stored in the communication packet is provided, and is the same as the communication type information, the vehicle. It is possible to identify whether it is vehicle-to-vehicle communication, road-to-vehicle communication, or road-to-road communication.

In this case, the application unit 31 has a function of acquiring the above-mentioned communication type information and service information stored in the application data and giving them to the determination unit 36.

As described above, as the information for determining that the communication packet is an inter-road communication packet, communication type information or service information included in the application data can be used instead of the key ID.
Further, at least two pieces of the key ID, the communication type information, and the service information may be used together and used as the discrimination information.

[About other embodiments]
FIG. 10 is a flowchart showing a transmission process of an inter-road communication packet executed by the communication processing unit 32 of the road-side communication device 2 according to another embodiment.
First, the communication processing unit 32 determines whether or not the road-to-road communication data, which is the application data from the application unit 31, has been acquired (step S11).

When the road-to-road communication data is not given from the application unit 31, the communication processing unit 32 repeats step S11 again.
When it is determined that the road-to-road communication data from the application unit 31 has been acquired, the communication processing unit 32 adds transmission date / time information to the acquired road-to-road communication data (step S12), and executes processing necessary for wireless transmission. (Step S13). The processing required for wireless transmission is processing performed by the expansion layer EL, layer 7, IVC-RVC layer, security management SEC, and system management.
When the processing required for wireless transmission is completed, the MAC sub-layer of the communication processing unit 32 packetizes the inter-road communication data and generates an inter-road communication packet. This makes it possible to transmit inter-road communication packets.

Further, in the communication processing unit 32, is the time slot assigned to transmit the inter-road communication packet a time slot in which at least one radio frame or more has passed since the inter-road communication packet can be transmitted? It is determined whether or not (step S14).
That is, the communication processing unit 32 is controlled so that the inter-road communication packet is transmitted after a period of at least one wireless frame after the inter-road communication packet can be transmitted, so that the transmission timing of the inter-road communication packet Determines if there is a delay in.

In addition to the delay described with reference to FIG. 8 of the above-described embodiment, the delay in the transmission timing of the inter-road communication packet that occurs here also includes the delay that occurs when the application data is passed from the application unit 31 to the communication processing unit 32. include.

When it is determined in step S14 that the time slot assigned to the inter-road communication packet is not a time slot within a period of at least one wireless frame after the inter-road communication packet can be transmitted, the communication processing unit 32 determines. , Step S16, and the inter-road communication packet is transmitted as it is (step S16).

On the other hand, if it is determined in step S14 that the time slot assigned to the inter-road communication packet is a time slot within a period of at least one wireless frame after the inter-road communication packet can be transmitted, the communication process is performed. The security management SEC (date / time information setting unit) of the unit 32 replaces the transmission date / time information indicating the transmission date / time added to the inter-road communication packet with the transmission date / time information indicating an indefinite value as other transmission date / time information. It is added to the inter-road communication packet (step S15).

Here, the indefinite value is a value represented by a value other than a value for expressing a date and a time, and means a value that cannot be recognized as a date or a time by the other party who receives the value.

After that, the communication processing unit 32 transmits an inter-road communication packet to which transmission date / time information indicating an indefinite value is added (step S16).

Here, the determination unit 36 of the roadside communication device 2 processes the communication packet whose transmission date / time information is an indefinite value without determining it as a replay attack.
Therefore, when the transmission timing of the communication packet is delayed as in the roadside communication device 2 of the present embodiment, the transmission date / time information indicating an indefinite value is delayed instead of the transmission date / time information indicating the transmission date / time. Since it is stored in the communication packet, the communication packet whose transmission timing is delayed is not determined to be a replay attack.
As a result, it is possible to prevent a communication packet having a delay in transmission timing from being erroneously determined as a replay attack.

In the above embodiment, the case where the transmission date / time information indicating an indefinite value is added to the road-to-road communication packet instead of the transmission date / time information added to the road-to-road communication packet is illustrated in step S15. A date and time indicating the date and time obtained by adding a predetermined period to the time of the transmission date and time information of the road-to-road communication packet to be transmitted by the own road-side communication device 2 in the past, preferably the transmission date and time information of the road-to-road communication packet or the road-to-vehicle communication packet transmitted immediately before. Information may be added to the inter-road communication packet as transmission date and time information. The predetermined period is set within a range that does not become a time ahead of the current time even if it is added to the time of the transmission date / time information of the packet transmitted immediately before.

〔others〕
In each of the above embodiments, the case where the determination unit 36 determines whether or not the inter-road communication packet is a replay attack is exemplified, but the road of another road-side communication device 2 received by the roadside communication device 2 is illustrated. It may be determined whether or not the inter-vehicle communication packet is a replay attack.
In this case, when it is determined that the communication packet received in step S2 in FIG. 7 is not an inter-road communication packet, the determination unit 36 may determine whether or not the received communication packet is a replay attack. good.
When it is determined in step S2 that the received communication packet is not a road-to-road communication packet, the received communication packet is a road-to-vehicle communication packet. Therefore, the determination unit 36 can be made to determine the road-to-vehicle communication packet.
Further, in this case, step S3 in FIG. 7 may be configured to be executed before step S2. In this case, in step S3, it is determined whether or not the device ID is registered in the reception record regardless of whether the communication packet is road-to-road communication or road-to-vehicle communication.

It should be considered that the embodiments disclosed this time are exemplary in all respects and not restrictive.
The scope of the present disclosure is expressed by the scope of claims, not the above-mentioned meaning, and is intended to include the meaning equivalent to the scope of claims and all modifications within the scope.

1 Traffic signal 2 Roadside communication device 3 In-vehicle communication device 4 Central device 5 Vehicle 6 Roadside sensor 7 Wired communication line 8 Router 20 Antenna 21 Wireless communication unit 22 Wired communication unit 23 Communication processing device 27 Antenna 28 Wireless communication unit 29 Communication processing device 30 Time slot 31 Application unit 32 Communication processing unit 36 Judgment unit 38 Storage unit 301 Road-to-vehicle communication time slot 302 Road-to-road communication time slot J1 to J12 intersection

Claims (4)

A radio that performs wireless communication with a roadside communication device that determines whether or not a replay attack has occurred based on the transmission date and time information.
A date and time information setting unit that adds the first transmission date and time information indicating the transmission date and time of the communication packet to the communication packet, and
The communication packet is provided with a transmission control unit for allocating a transmission period provided at a predetermined cycle and controlling the communication packet to be sequentially transmitted.
When the transmission period allocated to the communication packet is provided at least one cycle after the communication packet can be transmitted by the transmission control unit, the date and time information setting unit may be provided. A radio that adds to the communication packet a second transmission date / time information indicating an indefinite value or a date / time obtained by adding a predetermined period to the transmission date / time of the communication packet transmitted immediately before by the own unit, instead of the first transmission date / time information. A roadside communication device provided with the radio device according to claim 1. It is a method of transmitting a communication packet by a radio that performs wireless communication with a roadside communication device that determines whether or not a replay attack has occurred based on the transmission date and time information.
A date and time information setting step for adding the first transmission date and time information indicating the transmission date and time of the communication packet to the communication packet, and
A transmission control step for allocating a transmission period provided at a predetermined cycle to the communication packet and controlling the communication packet to be sequentially transmitted.
When the transmission period allocated to the communication packet is provided at least one cycle after the communication packet can be transmitted by the transmission control step, the transmission date and time information is replaced with the first transmission date / time information. A step of adding a second transmission date / time information indicating an indefinite value or a date / time obtained by adding a predetermined period to the transmission date / time of the communication packet transmitted immediately before by the own machine is included in the communication packet.
How to send communication packets. A computer program for causing a computer to transmit a communication packet by a radio that performs wireless communication with a roadside communication device that determines whether or not a replay attack has occurred based on transmission date and time information.
On the computer
A date and time information setting step for adding the first transmission date and time information indicating the transmission date and time of the communication packet to the communication packet, and
A transmission control step for allocating a transmission period provided at a predetermined cycle to the communication packet and controlling the communication packet to be sequentially transmitted.
When the transmission period allocated to the communication packet is provided at least one cycle after the communication packet can be transmitted by the transmission control step, the transmission date and time information is replaced with the first transmission date / time information. Then, a step of adding a second transmission date / time information indicating an indefinite value or a date / time obtained by adding a predetermined period to the transmission date / time of the communication packet transmitted immediately before by the own machine to the communication packet is executed.
Computer program.

Images