KR20180081332A - Security System and Method of Embeded software in Vehicle electric device - Google Patents

Abstract

According to an embodiment of the present invention, the present invention relates to a data security system for embedded software of an automotive electronic device, which comprises one or more automotive electronic device components, an automotive standard software platform unit, a calculation unit, a database, and a service providing unit. The automotive electronic device components transmit generated data and metadata to the calculation unit. The calculation unit generates a hash value from the transmitted data, encodes and stores a header, including the hash value and the metadata, and the data and encodes a first hash value transmitted from a first automotive electronic device component by using a second hash value of a second automotive electronic device component in order to store the first hash value in a second header in the second automotive electronic device component. Moreover, the service providing unit decodes the data of the first automotive electronic device component by using an encoding key decoded from the hash value stored in the first header of the second automotive electronic device component. Therefore, the data security system for embedded software of an automotive electronic device is able to provide control data security of individual electronic devices by using an encoding key, thereby preventing data forgery and deletion, securing data integrity, and blocking data leakage and transfer.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data security system and a method for embedding software in a vehicle electronic device,

The present invention relates to a data security system and method for embedded software in automotive electronic devices.

2. Description of the Related Art [0002] Recently, electronic devices (vehicle fronts) used in automobiles have been continuously developed, and their functions have been diversified. The number and complexity of software also increases, and the need for standardization of vehicle electronic devices is also emerging.

As part of this standardization, AUTOSAR (Automotive Open System Architecture) is defined as a standard software design tool for the development of embedded software used in automotive electronic devices (vehicle field) .

There is a lack of standards for data security methods in automotive electrical systems built on AUTOSAR. When the data of the vehicle electric system is leaked or carried out by an external hacker, there is a problem that safety that is directly related to the life of the individual can not be guaranteed. In addition, there is a possibility that the privacy of personal information may be violated due to data leakage, which is a problem.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a data security system and method for embedded software of an automobile electronic device in order to solve the above-mentioned problems.

Another object of the present invention is to provide control data security of individual electronic devices by using encryption to prevent data tampering, tampering and deletion, ensuring data integrity, and blocking data leakage and export.

The objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

According to an aspect of the present invention, there is provided a data security system for embedded software of an automotive electronic device, including at least one automobile electrical component, an automobile standard software platform, an operation unit, a database, and a service providing unit The automobile electrical component transmits the generated data and metadata to the operation unit, the operation unit generates a hash value from the received data, and generates a header including the hash value and the metadata, Encrypts and stores the first hash value received from the first automotive electrical component using the second hash value of the second automotive electrical component in the second header of the second automotive electrical component, Wherein the hash value stored in the first header of the second automotive electrical component is decrypted And decodes the data of the first automotive electrical component using a key.

According to the present invention, the integrated control data of the vehicle electronic device is collected, the collected data is securely encrypted, the integrity of the collected data in the vehicle accident analysis process is ensured to clarify responsibility, Or by unauthorized distribution of such information by a person who abuses, abuses, or abuses the rights of others.

Also, for the purpose of standardization and compatibility of data collection and data security encryption of all automotive electronic equipment products installed in the open automobile standard software platform environment, it is required to provide a driver such as an autonomous driving automobile advanced driver assistance system (ADAS) It is expected to contribute to securing data security and stability of devices for protection.

Brief Description of the Drawings Fig. 1 is an exemplary diagram illustrating a configuration of a computer system in which a data security method of embedded software of an automotive electronic device according to the present invention is implemented; Fig.
2 is a configuration diagram of a data security device of embedded software of an automotive electronic device according to the present invention.
3 is a configuration diagram of a data security device of an embedded software of an automotive electronic device including a service providing unit for providing a service using a database according to the present invention.
4 is an exemplary view for explaining a data security method of embedded software of an automotive electronic device according to a partial embodiment of the present invention;
5 is an exemplary diagram illustrating a data structure used in an encryption method according to an embodiment of the present invention;
FIG. 6 is an exemplary diagram for explaining an embodiment of a data security method of embedded software of an automotive electronic device using the structure of FIG. 5; FIG.
FIG. 7 is an exemplary view for explaining a partial embodiment of a data security method of embedded software of an automotive electronic device using the structure of FIG. 5;
8 is an exemplary diagram illustrating a data structure used in an encryption method according to another embodiment of the present invention.
Fig. 9 is an exemplary diagram for explaining an embodiment of a data security method of embedded software of an automotive electronic device using the structure of Fig. 8; Fig.

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention, and the manner of achieving them, will be apparent from and elucidated with reference to the embodiments described hereinafter in conjunction with the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Is provided to fully convey the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. It is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. As used herein, the terms " comprises, " and / or "comprising" refer to the presence or absence of one or more other components, steps, operations, and / Or additions.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is an exemplary diagram illustrating a configuration of a computer system in which a data security method of embedded software of an automotive electronic device according to the present invention is implemented.

Meanwhile, a data security method of embedded software of an automotive electronic device according to an embodiment of the present invention may be implemented in a computer system or recorded on a recording medium. 1, a computer system includes at least one processor 110, a memory 120, a user input device 150, a data communication bus 130, a user output device 160, And may include a storage 140. Each of the above-described components performs data communication via the data communication bus 130. [

The computer system may further include a network interface 170 coupled to the network 180. The processor 110 may be a central processing unit (CPU) or a semiconductor device that processes instructions stored in the memory 120 and / or the storage 140.

The memory 120 and the storage 140 may include various forms of volatile or non-volatile storage media. For example, the memory 120 may include a ROM 123 and a RAM 126.

Accordingly, the data security method of the embedded software of the automobile electronic device according to the embodiment of the present invention can be implemented in a computer-executable method. When a data security method of embedded software of an automotive electronic device according to an embodiment of the present invention is performed in a computer device, computer-readable instructions can perform an operating method according to the present invention.

Meanwhile, the data security method of the embedded software of the automobile electronic device according to the present invention can be implemented as a computer-readable code on a computer-readable recording medium. The computer-readable recording medium includes all kinds of recording media storing data that can be decoded by a computer system. For example, there may be a ROM (Read Only Memory), a RAM (Random Access Memory), a magnetic tape, a magnetic disk, a flash memory, an optical data storage device and the like. The computer-readable recording medium may also be distributed and executed in a computer system connected to a computer network and stored and executed as a code that can be read in a distributed manner.

2 is a block diagram of a data security device of an embedded software of an automotive electronic device according to the present invention.

The data security device of the embedded software of the automotive electronic device according to the present invention comprises at least one automotive electronic component; Automotive standard software platform division; And a vehicle control data storage unit.

The automotive electrical component includes an event data recorder (EDR) 210, an electronic control unit (ECU) 220, a microcontroller unit (MCU) 230, (OBD) 240, a transmission control unit (TCU) 250, a central information display unit (CID) 260, and a display unit (HUD) Unit) < / RTI > Which are illustrative and do not limit the scope of the invention.

The EDR (Event Data Recorder) 210 is a device for recording driving information, acceleration information, brake operation information, and the like of an automobile. Recently, legislation has been imposed on all cars to be mandatory. Normally, a black box attached to an automobile means a dash camera for capturing an image, but the original meaning of a black box means EDR. Of course, the above-described dash cam can also be a kind of EDR.

An ECU (Electronic Control Unit) 220 controls components attached to an automobile and refers to an electronic control device that controls the state of an engine, an automatic transmission, an ABS, and the like of a vehicle by a computer. The first development objective of the ECU was to precisely control the core functions of the engine such as ignition timing, fuel injection, idling, and threshold setting. Now, with the advancement of computer performance, automatic transmission control, drive system, braking system, Steering system, and so on.

An MCU (Micro Control Unit) 230 is a dedicated processor for controlling parts of an automobile and corresponds to a central processing unit (CPU) of a computer.

OBD (On Board Diagnosis) 240 refers to a driving record self-diagnosis device in which a driving record is automatically stored when a vehicle is started by being attached to the vehicle.

TCU (Transmission Control Unit) is a transmission control unit that controls electronic control of a transmission that controls the engine gear ratio.

CID (Center Information Display) is a middle-sized monitor that is usually located between the driver's seat and the passenger's seat. Navigation and audio functions are implemented by panels with touch sensors.

HUD (Head Up Display) is a front display device in which driving information appears on the windshield of a driver's seat.

The various automotive electrical components described above are different in terms of development time and development subject, and are developed by their own purposes, and the technologies used are different from each other, so that it is not easy to integrate each other.

BACKGROUND ART [0002] With respect to networks in automobiles in recent years, AUTOSAR (AUTOMATIC OPEN AR ARTIFICATION) supports networks between various devices having different platforms. ATUOSAR is a subcategory classified as LIN, CAN, FlexRay, MOST and so on. MOST is a communication standard that provides high quality audio and video information through fiber optic cable to support high-capacity multimedia communication of vehicles. It can transmit at maximum 24.5 Mbps transmission rate, and CAN communication can be transmitted to BOSCH ), And has a feature of ensuring high reliability by a serial network communication method of a multi-message method defined by a maximum signal rate of 1 Mbps. FlexRay is a communication protocol based on bandwidth and performance between MOST and CAN. In the case of LIN communication, it is also called a Universal Asynchronous Receiver Transmitter (UART) interface to a car network that existed before CAN communication was developed.

For example, MCU supports and uses LIN communication and CAN communication, ECU supports CAN communication, EDR and CID can use MOST. Since the automobile standard software platform part supports both LIN, CAN, FlexRay, and MOST as a network protocol for a vehicle, it can receive data generated by communicating with various automotive electronic parts. And stores the received data in the automobile control data storage unit. The stored data is encrypted according to the encryption method according to the present invention and can be prevented from being falsified, altered or deleted by the user.

In the case of a car accident, the black box image can be an important evidence for identifying the responsibility of the accident. If the evidence is favorable to the user, there is no risk of forgery, but if the stored data is disadvantageous to the user, there is a problem that the user corrupts the evidence. According to the present invention, information related to an accident can be prevented from being falsified and erased by a user.

3 is a block diagram of a data security device of embedded software of an automotive electronic device including a service providing unit for providing a service using a database according to the present invention.

The data security device of the embedded software of the automotive electronic device according to the present invention comprises at least one automotive electronic component; An automobile standard software platform unit that receives data from the automobile electrical component and transmits the data to the operation unit; An operation unit for encrypting data received from the automobile standard software platform and storing the encrypted data in a database, and a service providing unit for providing a service by decrypting the stored encrypted data.

2, and includes the EDR 210, the ECU 220, the MCU 230, the OBD 240, the TCU 250, the CID 260, HUD 270, but this does not limit the scope of the invention.

The automobile standard software platform unit 280 supports a variety of communication devices such as AUTOSAR, WiFi, Bluetooth, ZigBee, and WAVE, and receives data in plaintext (non-encrypted data) It plays a role. The automobile standard software platform unit 280 transmits the contents received from the automobile electrical components using various communication protocols to the operation unit 320, And transmits the processed data to the calculation unit 320. [0035] At this time, the content structure transmitted by the automobile standard software platform unit 280 is composed of a header and a body. In the body, data actually generated by each automotive electronic component is stored, and metadata is stored in the header. Since the metadata may include information related to data such as date and time of generation of data, data characteristics, data size, etc., the size of the metadata may be different depending on the data, and thus the length of the metadata may also be variable.

The service provider 290 finds and decrypts the encrypted data stored in the database and the hash value corresponding to the encrypted data. In this case, the hash value may be obtained from the header of the apparatus that generated the plaintext data (unencrypted data), but may also be obtained from the header of another apparatus that has transmitted the hash value.

In the case of calculating the hash value from the data, the hash value is calculated for the data continuously generated every time the data is generated. A hash value that is different for each generated data is calculated, and a mapping table of data and a hash value should be provided.

The hash value is calculated by a predetermined calculation formula and is generally impossible to perform inverse transformation. Although it is possible to quickly calculate a hash value for a given data, it is not easy to calculate the given data from the hash value.

The hash value may be encrypted and stored.

For example, in a data security system of embedded software of an automotive electronic device comprising a first part, a second part and a third part as automotive electrical components, the hash value of the first part is stored by its own encryption method, The service providing unit may not be able to decrypt the hash value of the first component because it does not know its own encryption method. However, the hash value of the first component stored in the header of the second component is encrypted by the hash value of the second component. The hash value of the second part stored in the header of the second part is encrypted and stored by the self encrypting method and the hash value of the second part is transmitted to the third part and encrypted by the hash value of the third part. Since the third part is the last part, the hash value is stored as plain text.

If the encrypted data of the first part is decrypted, it is necessary to know the hash value of the first part because the hash value of the first part is encrypted and stored. In the above example, (1) a hash value of a third part stored in a plaintext is obtained, (2) a hash value of the second part stored in the header of the third part is decoded using the hash value of the third part, (3) calculating a hash value of the first part as a plain text by decoding the hash value of the first part stored in the header of the second part using the hash value of the second part decrypted and made into a plain text, (4) And decrypts the encrypted data of the first component using the hash value of the first component.

The encryption and decryption of the hash value can be performed in a short time because the length of the hash value is short, but it is necessary to know the connection relationship of the first part, the second part and the third part in advance. Even if the hash value of the third part is exposed to the person who does not know the connection relationship, only the data of the third part can be decrypted and the data of the first part and the second part can not be decrypted.

Although the above-described encryption method has been proposed as a sequential method, it is also possible to apply each part repeatedly using a plurality of times. For example, in the above example, the encryption order can be determined in the order of the first part - the third part - the second part - the third part - the second part - the third part - the first part. In the case of allowing duplication, the number of steps in the applied order is infinite, so even if the encryption method of the present invention is known, it is difficult to decrypt it unless the exact method actually applied is known.

The self-encrypting method may use a known symmetric algorithm or an asymmetric algorithm. Security is assured on the premise that self-encrypting methods are not exposed. Also, the self-encrypting method may be decrypted by a master key by a separate encrypting device. The self-encrypting method described above may not be stored on the assumption that the encryption system operates well. According to the present invention, since the decoding time may take a longer time depending on the length of the encryption chain, the self-encryption method is a function that can quickly decode using the master key.

The operation unit 320 temporarily stores individual contents received from the automobile standard software platform unit 280 in the database 330. Individual content that is temporarily stored is stored as a plain text or stored by its own encryption method. Since the present invention provides encryption and decryption services in real time for various kinds of data generated in real time to enhance data security, the individual contents temporarily stored are not usually directly served but are all loaded on the memory of the operation unit . Since the other program can not access the memory of the operation unit directly, data in plain text may be stored on the memory of the operation unit. When the execution of the operation unit is interrupted by a sudden shutdown or the like, the data of the individual contents is prevented from being lost and temporarily stored to maintain data integrity.

In general, when a predetermined number of contents are temporarily stored in a database, the arithmetic and logic unit is a data security method according to the present invention, which uses data of a plurality of contents according to a chain type (sequential type) and a redundancy type (cross type) And stores the encrypted data in the database 330. When the encrypted data is stored, the temporarily stored individual contents can be deleted.

Since the data of each automobile electrical component is stored in the database 330, the service provider 340 decodes the encrypted data and provides the service.

When the service provider 340 provides a service to the user terminal, a method according to an asymmetric encryption algorithm may be used between both ends. For example, according to the Diffie-Hellman key exchange method, the public keys are exchanged, the secret key shared by using the public key of the other party and the private key thereof is obtained, the data is encrypted using the shared secret key , And decode it.

FIG. 4 is an exemplary view for explaining a chain data security method according to a partial embodiment of the present invention.

In FIG. 3, an EDR header, an ECU header, an MCU header, an OBD header, a TCU header, and a CID header are sequentially connected. Each header stores metadata and a hash value. In addition, headers of other automotive electrical components can be stored in each header.

For example, according to FIG. 3, the EDR header stores the EDR metadata and the EDR hash value; The ECU header stores the EDR metadata, the EDR hash value, the ECU metadata, and the ECU hash value; The MCU header stores the ECU metadata, the hash value of the ECU, the metadata of the MCU, and the hash value of the MCU; The OBD header stores the MCU metadata, the MCU hash value, the OBD meta data, and the OBD hash value; The TCU header stores the metadata of the OBD, the hash value of the OBD, the metadata of the TCU, and the hash value of the TCU; In the CID header, the metadata of the TCU, the hash value of the TCU, the metadata of the CID, and the hash value of the CID are stored.

To be more specific, the header of the EDR is stored in the ECU header; The header of the ECU is stored in the MCU header; The header of the MCU is stored in the OBD header; The header of the OBD is stored in the TCU header; The header of the TCU is stored in the CID header.

A structure stored in this form is called a sequential structure or a chain structure. The hash value is an encryption key value used when encrypting and decrypting data stored in the database.

Since the hash value exists only in the memory and is stored in a file, it is encrypted using a self-encrypting method built in the program or is encrypted by another encryption method. Therefore, even if the hash value stored in the file is leaked, .

The encrypted data can be stored in the logical security area in addition to the physical security area by distinguishing it from the general data, and the integrity and confidentiality of the data can be verified by the exclusive viewer program by preventing falsification, modulation and deletion of the data information. Since a dedicated viewer program is not provided to the general user, it is possible to prevent falsification, modulation and deletion of data by the user.

In addition, a user authentication program may be included to authenticate a user for browsing data information.

For example, the metadata for the data generated by the EDR and the hash value of the data for the data are stored in the EDR header. The same is true for ECU, MCU, OBD, TCU, CID, and HUD.

The automobile standard software platform part generates the EDR data and the EDR header from the information received from the EDR and transmits the EDR data and the EDR header to the operation part 320. The operation part 320 temporarily stores the EDR data in the database. Similarly, the same operation is repeated for the ECU, MCU, OBD, TCU, CID, and HUD. The hash value may be generated using metadata or may be generated using data. The hash value may be generated using a hash algorithm such as SHA1, SHA2, SHA3, MD5sum, or hash table, or a user-defined hash function may be used. In addition, the hash value can be calculated by using the environmental variable of each vehicle electrical component.

5 illustrates an exemplary diagram for explaining a data structure used in an encryption method according to an embodiment of the present invention.

And specifically shows a unit structure of data stored in a database used in the chain type encryption method. However, the unit structure of this data can also be used in a redundant (cross-type) encryption method.

According to FIG. 5, a unit structure of data includes a header and data, a header is composed of a hash value and metadata, and a unit structure may include one or more headers.

A header of 2 or more can store not only its own hash value but also the headers of other automotive electrical components. However, if the encryption method of the chain structure is used, the number of the header is two. However, if you use the redundant (cross-type) security method, you may need a larger number of headers.

Normally, the hash value may be stored as plain text, but it is stored in an encrypted form using its own encryption method. On the other hand, data can be encrypted and stored using a plain hash value. Metadata can be stored in plain text, encrypted using a hash value, or encrypted using its own encryption method.

FIG. 6 is an exemplary diagram for explaining an embodiment of a data security method of embedded software of an automotive electronic device using the structure of FIG. 5; FIG.

Figure 6 shows an example using a chain (sequential) encryption method.

As described in FIG. 4, the EDR header stores the EDR metadata and the EDR hash value; The ECU header stores the EDR metadata, the EDR hash value, the ECU metadata, and the ECU hash value; The MCU header stores the ECU metadata, the hash value of the ECU, the metadata of the MCU, and the hash value of the MCU; The OBD header stores the MCU metadata, the MCU hash value, the OBD meta data, and the OBD hash value; The TCU header stores the metadata of the OBD, the hash value of the OBD, the metadata of the TCU, and the hash value of the TCU; In the CID header, the metadata of the TCU, the hash value of the TCU, the metadata of the CID, and the hash value of the CID are stored.

Using the data unit structure of FIG. 5, the EDR data is encrypted and decrypted using the EDR hash value as the encryption key value. However, since the hash value, which is the encryption key, is encrypted and stored in the EDR header and the self-encryption method does not provide the decryption service to the outside (except for the private viewer program and the user authentication program, It is possible to decrypt the EDR hash value stored in the EDR header. However, the EDR hash value is also stored in the ECU header, and is encrypted and stored using the hash value of the ECU. The EDR hash value can be obtained by decoding the encrypted hash value stored in the ECU header instead of the hash value stored in the EDR header. However, the encrypted EDR hash value stored in the ECU header is encrypted using the ECU hash value as an encryption key. Since the ECU hash value stored in the ECU header is encrypted by its own encryption method, it can not be decrypted. That is, the ECU hash value can be obtained by decoding the ECU hash value stored in the MCU header into the MCU hash value. In order to decode the EDR data, the TCU hash value is obtained using the CID hash value stored in the CID header, the OBD hash value is obtained from the TCU hash value, the MCU hash value is obtained from the OBD hash value, Obtains an EDR hash value using the ECU hash value, and decodes the EDR data using the EDR hash value.

However, since the size of the header is smaller than that of the data of each automobile electrical component, the header and the body are separately stored, and it is necessary to store the header and the body separately. If the header is read and processed at a time, it can be decoded at a high speed. The time delay due to decryption of the overload versus hash value to actually decrypt the data is small.

FIG. 7 shows an exemplary diagram for illustrating a partial embodiment of a data security method of embedded software of an automotive electronic device using the structure of FIG. 5.

7 is an exemplary diagram illustrating a redundant (mutual cross method) encryption method. Unlike the chained method of FIG. 6, in the case of the cross-cross method, one header may include header information for three or more automotive electrical components.

According to FIG. 7, the EDR header stores the EDR metadata and the EDR hash value; The ECU header stores the EDR metadata, the EDR hash value, the ECU metadata, and the ECU hash value; The MCU header stores the EDR metadata, the EDR hash value, the ECU metadata, the ECU hash value, the MCU metadata, and the MCU hash value; The OBD header stores the MCU metadata, the MCU hash value, the OBD meta data, and the OBD hash value; The TCU header stores the MCU metadata, the MCU hash value, the OBD metadata, the OBD hash value, the TCU metadata, and the TCU hash value; In the CID header, the metadata of the TCU, the hash value of the TCU, the metadata of the CID, and the hash value of the CID are stored.

Compared with FIG. 6, there are differences in that the EDU metadata and the EDR hash value are included in the MCU header, and the TCU header includes the MCU metadata and the MCU hash value.

In the case of the cross-cross method, since a plurality of headers are redundantly stored, there is a disadvantage that the path can be shortened and decoded. The method of FIG. 6 decodes a hash value in the order of CID, TCU, OBD, MCU, ECU and EDR in order to decode the EDR data and finally decodes the EDR data. In FIG. 7, , The MCU, and the EDR, in order, and decodes the EDR data.

8 is an exemplary diagram illustrating a data structure used in an encryption method according to another embodiment of the present invention.

In an embodiment of the present invention, the metadata of other automotive electrical components may not be stored, and an example of designing a unit structure of data in consideration of the metadata is shown in FIG.

In addition, in the above-mentioned non-chain type encryption method, an encryption method considering the use of the same automotive electrical component parts one or more times in order to determine the order of the automotive electrical component parts can be designed.

As shown in FIG. 8, the metadata of the header can only store metadata of the corresponding automotive electrical component. For example, the metadata of the EDR header only stores the metadata of the EDR data. On the other hand, assuming that two hash values are required for one use, a total of four pairs of hash values are displayed in pairs of two. Hash1 [1] and Hash2 [1] are defined as the hash values of the first column, and Hash1 [2] and Hash2 are respectively defined as the first hash value and the second hash value, , And Hash2 [2]. Similarly, the hash values in the third column are Hash1 [3] and Hash2 [3], and the fourth column hash values are Hash1 [4] and Hash2 [4]. Although only four pairs of hash values are shown, this is illustrative and can be adjusted as needed.

Fig. 9 illustrates an encryption method designed using the unit structure of Fig.

FIG. 9 is an exemplary diagram for explaining an embodiment of a data security method of embedded software of an automotive electronic device using the structure of FIG. 8. FIG.

For example, assume that data is generated in the vehicle electrical components A, B, and C, respectively. FIG. 9 is an exemplary diagram for explaining a method of encrypting and storing data and metadata generated in A, B, and C, respectively.

First, determine the order of encryption. In FIG. 9, encryption is performed in the order of A-B-C-B-C-B-C-B-C, and the total number and order are randomly determined within a predetermined range using a random generator. In Fig. 9, the encrypted hash values are indicated by original characters, and the order of encryption is indicated by arrows.

The automotive electrical component A first encrypts the data and metadata of A using the hash value of A and stores it. Also, (1) of the first unit structure (A) in FIG. 9 means a value stored in the hash value of A by being encrypted by its own encryption method.

In the second unit structure (B), the vehicle electric component B encrypts the data and metadata of B by using the hash value of B and stores the encrypted data. Also, the hash value of B is encrypted and stored in its own encryption method, which means ② of the second unit structure (B). In addition, it receives ① of A and encrypts and stores it using the hash value of B. In the lower part of ②, ① means ① ① encrypted with hash value of B. In this case, since the encryption method of A of ① and B of ① may be different, and the encryption key may be different, it is a completely different value. However, the values before encryption are matched. That is, if they are decrypted by the method corresponding to the encryption method, they will be the same value, but since the self-encryption method is not provided to the user, the user can only decrypt the data of A by using?

Likewise, ② of B is transmitted to C, encrypted with a hash value of C as an encryption key, and stored. The hash value of C is also stored by its own encryption method.

The fourth unit structure (B) is a case where the unit structure of B is used once more. Therefore, the result stored in the second is stored as it is, and ③ of C is stored in Hash2 [2] of B. At this time, ③ stored in Hash2 [2] of B is stored by hash value ④ of newly created B. Generally, hash values are generated using data generated by automotive electronic components. Hash1 [2] and Hash1 [3] generate hash values using values generated by random generators. Since this is a key value used only for encrypting a hash value, it may not be generated complicatedly, and it suffices to generate it with a sufficient size. Encrypts and stores ③ using the hash value (④) generated by the random generator, and ④ encrypts it by its own encryption method.

The hash value is generated by the random generator by the same method as the fifth (C), sixth (B), seventh (A), eighth (C), and ninth (Hash2). The generated hash value is stored (Hash1) by its own encryption method.

However, the tenth (C) case is somewhat different. ⑩ is generated by a random generator, and ⑨ is encrypted and stored by using ⑩, but the method of storing ⑩ is different. ⑩ may be stored as plain text and uses a different self-encrypting method than that used so far. When using the self-encrypting method that has been used so far, the self-encrypting method can be known by the complicated reverse engineering. Also, by encrypting (1) with (1) as an encryption key, and storing it in A (the lower end of (1)).

9, only the seventh (A), the ninth (B), and the tenth (C) are leaked out even if the corresponding file is leaked and the data structure is grasped.

However, since not only the encrypted order (A-B-C-B-C-B-A-C-B-C) is known but also all of the outgoing information is encrypted, decryption is almost impossible.

It is generally known that the key value used for encryption is more than 128 bits. With the development of computing power, encryption keys more than 256 bits are often used recently. However, since the present invention uses a cascade encryption method, each encryption key does not need to be so long. As a result, since all the encryption keys must match, desired data can be decrypted, so that even if the encryption key is kept short, the security is high.

According to the invention, one of the important information relates to the encrypted sequence (A-B-C-B-C-A-C-B-C). In order to match the data set and the encrypted order with each other, the entire data structure of the data security system of the embedded software of the automobile electronic device according to the present invention can be known only by reverse engineering analysis. However, It is not done.

The above-described encrypted data is decrypted according to the reverse order of the encryption method. The service providing unit that provides the decrypted data and the metadata as a service may be provided as a plain text, but information may be leaked at the time of providing. However, in the case of the present invention, it is important to prevent the decrypted data from being falsified, altered, or deleted, and it is not a big problem that the decrypted data is leaked in the final service step.

However, in terms of security enhancement, a Diffie-Hellman key exchange method for generating a shared secret key by a public key exchange method as an end-to-end encryption method may be used between a service providing terminal and a user terminal requesting a service.

As a specific public key generation key generation method, an elliptic curve encryption method using an elliptic curve and an EIGamal encryption method can be used.

The Diffie-Hellman key exchange method is as follows. The Diffie-Hellman public key exchange method is a method in which both parties Alice and Bob who exchange information exchange their private keys, generate public keys from their respective private keys, and exchange public keys. That is, Alice and Bob have the other party's public key. Alice and Bob create a new key using the exchanged public key and their private key, which is called a shared secret key. The shared secret key that Alice and Bob have has the same value and uses it to encrypt and decrypt.

To use the Diffie-Hellman public key exchange method it is easy to generate the public key from the private key, but it is difficult to calculate the private key from the public key. Also, it is difficult to calculate the shared secret key from the public key unless the private key is known, and Alice and Bob's public key should be difficult to generate the shared secret key.

If this condition is satisfied, the private key and the shared secret key are not exchanged in the encryption and decryption protocol, so that the security is maintained even if the public key to be exchanged is leaked.

EIGamal encryption using ECC (elliptic curve encryption method) is as follows.

The elliptic curve based on finite field (Galois Field) GF (2p) is suitable for implementation in a special purpose computing device such as a VLSI chip in a mobile communication device based environment.

The ECC-based ElGamal public key encryption method is a cryptographic communication method between the two (for example, Alice and Bob). After Alice and Bob exchanged public keys, Bob transmits a public key using Alice's public key and his / To Alice, and Alice is an encryption method that decrypts the encrypted message using her private key and Bob's public key. Since the public key generated from the private key k is a circular group, a natural number less than the order of the group is randomly extracted and used as a private key, and then, by a prime order, The public key K is calculated using the infinite origin E1 (a1, b1) on the elliptic curve to be determined. Where K = kE1 (a1, b1), and is the elliptic curve point scalar product. That is, a public key is generated from a private key using an elliptic curve (ECC), and a secret shared key is generated using a cyclic group (ElGamal).

While the present invention has been described in detail with reference to the accompanying drawings, it is to be understood that the invention is not limited to the above-described embodiments. Those skilled in the art will appreciate that various modifications, Of course, this is possible. Accordingly, the scope of protection of the present invention should not be limited to the above-described embodiments, but should be determined by the description of the following claims.

100: Computer system
110: Processor
120: Memory
123: ROM
126: RAM
130: Data communication bus
140: Store
150: User input device
160: User output device
170: Network interface
180: Network
210: Event data recorder (Event Data Recorder)
220: Electronic Control Unit (Electronic Control Unit)
230: Micro Control Unit
240: On Board Diagnosis
250: Transmission control unit
260: Center Information Display Unit
270: Driver's Head Up Display Unit
280: Automotive standard software platform part
290: car control data storage unit
310: Automotive electric parts
320:
330: Database
340: Service Offering

Claims (9)

A data security system for embedded software in an automotive electronic device,
A memory for storing a program for providing a data security module of an embedded software of a car electronic device; And
And a processor for executing the program,
As the processor executes the program,
Determining the order of the automotive electrical components for the data of the plurality of automotive electrical components, determining the metadata and the hash value for the data of each automotive electrical component, and using the hash value as the encryption key, Wherein the hash value is stored in a self-encrypting manner, and the hash value is further encrypted by using a hash value of data of a next electric vehicle electrical component as an encryption key,
Embedded software automotive electronic device data security system.
The method according to claim 1,
And decodes the hash value of the previous automotive electronic component in the reverse order of the predetermined order, and decodes the data of the specific automotive electronic component using the decoded hash value
Embedded software automotive electronic device data security system.
The method according to claim 1,
In order to determine the order,
In order to include the data of all automotive electrical components to be encrypted, the data of the specific automotive components are duplicated
Embedded software of automotive electronic devices data security system.
The method according to claim 1,
The hash value,
Characterized in that it is generated by a random generator
Embedded software automotive electronic device data security system.
1. A data security system for embedded software of an automotive electronic device comprising one or more automotive electrical components, an automotive standard software platform portion, a computing portion, a database, and a service providing portion,
Wherein the automotive electric component includes:
And transmits the generated data and meta data to the operation unit,
The operation unit,
A first hash value received from the first automotive electronic component is stored in the header of the second automotive electronic component, 2 header using a second hash value of the second automotive electrical component,
The service providing unit,
And decrypting the data of the first automotive electrical component using an encryption key obtained by decoding the hash value stored in the first header of the second automotive electrical component
Embedded software of automotive electronic devices data security system.
6. The method of claim 5,
The operation unit,
Wherein the first hash value is stored in a first header of the first automotive electrical component using its own encryption method and the first hash value is encrypted using a second hash value of the second automotive electrical component as an encryption key 1 hash value in the second header,
And storing the second hash value in the second header by a self-encrypting method
Embedded software of automotive electronic devices data security system.
6. The method of claim 5,
The operation unit,
The header of a plurality of automotive electrical components is ordered to form a chain link structure and the hash value of the specific automotive electrical component for the chain link structure is repeatedly stored in the header of the next automotive electrical component,
The service providing unit,
Decodes the encrypted hash value in the header of the first automobile electrical component in the header of the last automobile electrical component in order, decodes the data of the specific automotive electrical component using the decrypted hash value, and decrypts the decrypted data to the user terminal Offer
Embedded software of automotive electronic devices data security system.
6. The method of claim 5,
And a user terminal for receiving and displaying the decrypted data,
Wherein the service providing unit and the user terminal comprise:
And transmits the encrypted text by the asymmetric encryption method according to the public key exchange method and decrypts the encrypted text using the shared secret key according to the public key exchange method
Embedded software automotive electronic device data security system.
9. The method of claim 8,
The public key exchange method is a Diffie-Hellman key exchange method using an elliptic curve encryption method
Embedded software of automotive electronic devices data security system.

Images