SE1750650A1 - Method and system for determining unauthorized messages in acontroller area network of a vehicle - Google Patents

Method and system for determining unauthorized messages in acontroller area network of a vehicle

Info

Publication number
SE1750650A1
SE1750650A1 SE1750650A SE1750650A SE1750650A1 SE 1750650 A1 SE1750650 A1 SE 1750650A1 SE 1750650 A SE1750650 A SE 1750650A SE 1750650 A SE1750650 A SE 1750650A SE 1750650 A1 SE1750650 A1 SE 1750650A1
Authority
SE
Sweden
Prior art keywords
message
gan
unit
units
messages
Prior art date
Application number
SE1750650A
Other languages
Swedish (sv)
Inventor
Blomkvist Oscar
Waher Peter
Original Assignee
Scania Cv Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Scania Cv Ab filed Critical Scania Cv Ab
Priority to SE1750650A priority Critical patent/SE1750650A1/en
Publication of SE1750650A1 publication Critical patent/SE1750650A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/627Controller area network [CAN] identifiers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Mechanical Engineering (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to a method for determining unauthorized messages in a Controller Area Network (CAN) of a vehicle, said CAN comprising CAN buses sending/receiving messages representing instructions for vehicle operation. CAN units are provided with an intrusion detection functionality configured to detect source address of sent messages on a CAN bus. Said method comprises analysing, in each CAN unit being provided with an intrusion detection functionality, by means of said intrusion detection functionality, messages on said CAN bus with respect to source address so as to identify unauthorized messages as: i) a message having a source address (MSG.SA) not corresponding to an address of a CAN unit configured to send such a message or, ii) as a message having a source address (MSG.SA) corresponding to an address of a CAN unit configured to send such a message but actually not sent from such a CAN unit having that source address.The present invention also relates to a system for determining unauthorized messages in a Controller Area Network of a vehicle. The present invention also relates to a vehicle.

Description

|\/IETHOD AND SYSTEM FOR DETERIVIINING UNAUTHORIZEDIVIESSAGES IN A CONTROLLER AREA NETWORK OF A VEHICLE TECHNICAL FIELD The invention relates to a method for determining unauthorized messages ina Controller Area Network (CAN) of a vehicle according to the preamble ofclaim 1. The invention also relates to a system for determining unauthorizedmessages in a Controller Area Network (CAN) of a vehicle. The inventionalso relates to a vehicle.
BACKG ROUND ART Vehicles such as trucks are provided with a Controller Area Network (CAN)for controlling vehicle components. The Controller Area Network comprisesCAN buses and a set of electronic control units operably connected to saidCAN buses. The electronic control units are configured to send and receivemessages representing instructions to vehicle components for vehicleoperation. Such CAN buses are configured so that all electronic control unitsbeing operably connected to that CAN bus are informed of all communicatedmessages. Each control unit has at least one unique address. The ControllerArea Network does not have a mechanism for authentication which makes iteasy to forge a message.
So called lntrusion Detection Systems (lDS) are used and configured toidentify traffic in a network which may indicate hacking of the network. ForController Area Networks in vehicles a centralized lDS can be configured tolearn what normal CAN communication means by analysing thecommunication and applying algorithms and machine learning. This mayhowever lead to certain authorized messages, e.g. messages only used in special situations, being identified as unauthorized messages, or as unauthorized messages being identified as authorized messages. Accordingto another variant a centralized IDS for a CAN bus utilizes a predefineddescription of CAN traffic. Such a method cannot deal with injected messages which have spoofed addresses.
US2016344766 disc|oses a method which is used for spoofing detection inCAN bus. Each electronic control unit (ECU) includes an anti-spoof modulewhich monitors the bus and detects when a received message on the bushas an originating address that matches the outgoing address of the ECUand the received message was not sent by the ECU. The anti-spoof modulewill immediately negate the spoofed message but cannot detect messages with otherwise unused addresses.
There is however a need for further improving determination of unauthorized messages in a Controller Area Network of a vehicle.
OBJECTS OF THE INVENTION An object of the present invention is to provide a method for determiningunauthorized messages in a Controller Area Network of a vehicle which is efficient and accurate.
Another object of the present invention is to provide a system for determiningunauthorized messages in a Controller Area Network of a vehicle which is efficient and accurate.
SUMMARY OF THE INVENTION These and other objects, apparent from the following description, areachieved by a method, a system and a vehicle, as set out in the appended independent claims. Preferred embodiments of the method and the system are defined in appended dependent claims.
Specifically an object of the invention is achieved by a method fordetermining unauthorized messages in a Controller Area Network (CAN) of avehicle. Said Controller Area Network comprises at least one CAN bus and aset of CAN units operably connected to said at least one CAN bus. Said CANunits are configured to send and/or receive messages representinginstructions to vehicle components for vehicle operation. Said at least oneCAN bus is configured such that all CAN units being operably connected tothat CAN bus are informed of all communicated messages on that CAN bus.Said CAN units have at least one unique address each. According to themethod CAN units are provided with an intrusion detection functionalityconfigured to detect source address of sent messages on said CAN bus.Said method comprises the steps of: analysing, in each CAN unit beingprovided with an intrusion detection functionality, by means of said intrusiondetection functionality, messages on said CAN bus with respect to sourceaddress so as to identify authorized messages as a message having asource address corresponding to the source address of the CAN unitconfigured to send such a message and as a message actually sent fromsaid CAN unit having that source address; and to identify unauthorizedmessages as: i) a message having a source address not corresponding tothe source address of the CAN unit configured to send such a message or, ii)as a message having a source address corresponding to the source addressof the CAN unit configured to send such a message but actually not sent from said CAN unit having that source address.
Said messages configured to be sent and/or received by said CAN unitshave source addresses and generally a destination addresses. Eachmessage sent/received on a CAN bus has a source address and generallyhas a destination address. A broadcast message does not have a destination address.
According to an embodiment a CAN unit, e.g. an electronic control unit, has aunique address for each CAN bus. According to a variant these could bedifferent. According to an embodiment each CAN unit is allowed to use sameaddress on all connected CAN buses. According to an embodimentGateways also repeat the address on all CAN buses, when they bridgemessages. According to an embodiment Gateways can replace the addresswith something else. On each CAN bus, each CAN address is only used by aunique CAN unit. A CAN unit can have multiple CAN addresses. According toan embodiment there is no requirement that all CAN units have uniqueaddresses in the entire Controller Area Network.
Preferably each CAN unit or at least each CAN unit, e.g. electronic controlunit, being configured to send and/or receive messages representinginstructions to vehicle components for vehicle operation being safety criticalfor vehicle operation are provided with an intrusion detection functionality.The method thus comprises a distributed intrusion detection systemcomprising an intrusion detection functionality arranged in CAN units of theController Area Network.
Hereby unauthorized messages in a CAN of a vehicle may be determinedefficiently and accurately. By thus providing an intrusion detectionfunctionality in CAN units no additional hardware is required. Further nocommunication protocol is affected.
According to an embodiment of the method the step of identifyingunauthorized messages as a message having a source address notcorresponding to the address of the CAN unit configured to send such amessage is performed by the intrusion detection functionality of the CAN unitreceiving such an unauthorized message, and wherein the step of identifyingunauthorized messages as a message having a source addresscorresponding to the address of the CAN unit configured to send such a message but actually not sent from said CAN unit having that address is performed by the intrusion detection functionality of the CAN unit having that address.
According to an embodiment the method comprises the step of taking actionif an unauthorized message has been identified, the step of taking actioncomprising one or more of: changing the functionality of the CAN unit havingidentified said unauthorized message; interfering with the data transmissionof said unauthorized message by means of the CAN unit having identifiedsaid unauthorized message; sending, by means of said CAN unit havingidentified said unauthorized message, information about said unauthorizedmessage to the operator of the vehicle and/or externally and/or to acentralized intrusion detection system functionality configured to distributewarnings of said unauthorized message to other CAN units of said controllerarea network and/or directly to CAN units of said of said controller area network.
By thus taking action an intrusion by means of an unauthorized messagefrom an unauthorized source may be efficiently managed so that vehicleoperation and thus vehicle safety is not affected. Hereby the risk with regardto said identified unauthorized message is limited and may be eliminated.Hereby the risk with regard to said further unauthorized messages is limitedand may be eliminated.
According to an embodiment the method thus comprises the step of takingaction if an unauthorized message has been identified by changing the functionality of the CAN unit having identified said unauthorized message.
Changing the functionality of the CAN unit having identified said unauthorizedmessage may comprise having the CAN unit sending its messages encrypted and/or signed.
Changing the functionality of the CAN unit having identified said unauthorizedmessage may comprise having the CAN unit only accepting requests from alimited number of CAN units of the controller area network.
Changing the functionality of the CAN unit having identified said unauthorizedmessage may comprise having one or more CAN units only allowing critical functionality.
According to an embodiment the method thus comprises the step of takingaction if an unauthorized message has been identified by interfering with thedata transmission of said unauthorized message by means of the CAN unit having identified said unauthorized message.
According to an embodiment the method thus comprises the step of takingaction if an unauthorized message has been identified by sending, by meansof said CAN unit having identified said unauthorized message, informationabout said unauthorized message to the operator of the vehicle. lnformationabout said unauthorized message to the operator of the vehicle may beprovided by any suitable presentation means for presenting said informationto the operator of the vehicle. The presentation means may comprise visualmeans for visual presentation comprising e.g. a display unit in the instrument cluster and/or sound means for audible presentation.
According to an embodiment the method thus comprises the step of takingaction if an unauthorized message has been identified by sending, by meansof said CAN unit having identified said unauthorized message, informationabout said unauthorized message externally. Externally may be to a serverunit, computer, the cloud or the like external to the vehicle.
According to an embodiment the method thus comprises the step of takingaction if an unauthorized message has been identified by sending, by meansof said CAN unit having identified said unauthorized message, informationabout said unauthorized message to a centralized intrusion detection systemfunctionality configured to distribute warnings of said unauthorized message to other CAN units of said controller area network.
According to an embodiment the method thus comprises the step of taking action if an unauthorized message has been identified by sending, by means of said CAN unit having identified said unauthorized message, informationabout said unauthorized message directly to CAN units of said controller area network.
According to an embodiment the method comprises the step of changing thefunctionality of one or more of said CAN units having received information about said identified unauthorized message.
According to an embodiment the step of taking action thus comprises thestep of changing the functionality of one or more of said CAN units havingreceived information about said identified unauthorized message.
According to an embodiment of the method the step of changing thefunctionality of one or more of said CAN units comprises one or more of:applying a stricter policy of gateway CAN units; having one or more CANunits sending the messages encrypted and/or signed; having one or moreCAN units only accepting requests from a limited number of CAN units of thecontroller area network; having one or more CAN units only allowing criticalfunctionality.
According to an embodiment the method of changing the functionality of oneor more of said CAN units thus comprises the step of applying a stricter policy to gateway CAN units.
According to an embodiment of the method of changing the functionality ofone or more of said CAN units thus comprises the step of having one or moreCAN units sending the messages encrypted and/or signed.
According to an embodiment of the method of changing the functionality ofone or more of said CAN units thus comprises the step of having one or moreCAN units only accepting requests from a limited number of CAN units of the controller area network.
According to an embodiment of the method of changing the functionality ofone or more of said CAN units thus comprises the step of having one or moreCAN units only allowing critical functionality.
Specifically an object of the invention is achieved by a system for determiningunauthorized messages in a Controller Area Network (CAN) of a vehicle.Said Controller Area Network comprises at least one CAN bus and a set ofCAN units operably connected to said at least one CAN bus. Said CAN unitsare configured to send and/or receive messages representing instructions tovehicle components for vehicle operation. Said at least one CAN bus isconfigured such that all CAN units being operably connected to that CAN busare informed of all communicated messages on that CAN bus. Said CANunits have at least one unique address. According to the system, CAN unitsare provided with an intrusion detection functionality configured to detectsource address of sent messages on said CAN bus. Said lntrusion detectionfunctionality in each CAN unit is arranged to analyse messages on said CANbus with respect to source address so as to identify authorized messages asa message having a source address corresponding to the address of theCAN unit configured to send such a message and as a message actuallysent from said CAN unit having that address; and to identify unauthorizedmessages as: i) a message having a source address not corresponding tothe address of the CAN unit configured to send such a message or, ii) as amessage having a source address corresponding to the address of the CANunit configured to send such a message but actually not sent from said CANunit having that address.
According to an embodiment of the system the intrusion detectionfunctionality of the CAN unit receiving a message having a source addressnot corresponding to the address of the CAN unit configured to send such amessage is arranged to identify such a message as an unauthorizedmessage, and wherein the intrusion detection functionality of the CAN unithaving an address corresponding the source address of a sent message which was not sent from that CAN unit is arranged to identify such a message as an unauthorized message.
According to an embodiment the system comprises means for taking action ifan unauthorized message has been identified, the means for taking actioncomprising one or more of: means for changing the functionality of the CANunit having identified said unauthorized message; means for interfering withthe data transmission of said unauthorized message by means of the CANunit having identified said unauthorized message; means for sending, bymeans of said CAN unit having identified said unauthorized message,information about said unauthorized message to the operator of the vehicleand/or externally and/or to a centralized intrusion detection systemfunctionality configured to distribute warnings of said unauthorized messageto other CAN units of said controller area network and/or directly to CAN units of said controller area network.
According to an embodiment the system comprises means for changing thefunctionality of one or more of said CAN units having received information about said identified unauthorized message.
According to an embodiment of the system the means for changing thefunctionality of one or more of said CAN units comprises one or more of:applying a stricter policy to gateway CAN units; having one or more CANunits sending the messages encrypted and/or signed; having one or moreCAN units only accepting requests from a limited number of CAN units of thecontroller area network; having one or more CAN units only allowing critical functionality.
The system for determining unauthorized messages in a Controller AreaNetwork (CAN) of a vehicle is adapted to perform the methods as set out herein.
The system according to the invention has the advantages according to the corresponding method claims.
Specifically an object of the invention is achieved by a vehicle comprising a system as set out herein.
BRIEF DESCRIPTION OF THE DRAWINGS For a better understanding of the present invention reference is made to thefollowing detailed description when read in conjunction with theaccompanying drawings, wherein like reference characters refer to like parts throughout the several views, and in which: Fig. 1 schematically illustrates a block diagram of a Controller Area Networkof a vehicle and a system l for determining unauthorized messages in saidController Area Network according to an embodiment of the present invenfion; Fig. 2 schematically illustrates a flow chart of a method for determiningunauthorized messages in a Controller Area Network of a vehicle according to an embodiment of the present invention; and Fig. 3 schematically illustrates a side view of a vehicle according to the present invention; DETAILED DESCRIPTION Hereinafter the term “link” refers to a communication link which may be aphysical connector, such as a communication wire, or a non-physicalconnector such as a wireless connection, for example a radio or microwavelink.
Hereinafter the term “CAN unit” refers to any unit in a Controller AreaNetwork configured to be operably connected to a CAN bus and configuredto send/receive messages representing instructions to vehicle components 11 such as motor, transmission, gas pedal, brake, telematics, radio or the like.The term “CAN unit” may refer to an electronic control unit (ECU). The term“CAN unit” may refer to a computer of any suitable kind.
Fig. 1 schematically i||ustrates a block diagram of a Controller Area Network(CAN) of a vehicle and a system l for determining unauthorized messages insaid CAN according to an embodiment of the present invention.
Said Controller Area Network (CAN) comprises according to this example aset of CAN buses B1, B2, BS, B4, B5 and a set of CAN units GW, C1, C2,CS, C4, C5, C6, C7, C8, C9 operably connected to said CAN buses.
Said CAN units GW, C1, C2, CS, C4, C5, C6, C7, C8, C9 are configured to send and/or receive messages representing instructions to vehicle components for vehicle operation.
Said CAN buses B1, B2, BS are configured such that all CAN units GW, C1,C2, CS, C4, C5, C6, C7, C8, C9 being operably connected to that CAN busare informed of all communicated messages. Said CAN units GW, C1, C2,CS, C4, C5, C6, C7, C8, C9 has at least one unique address AO, A1, A2, A3,A4, A5, A6, A7, A8, A9. Each CAN unit has an intrusion detectionfunctionality IDO, lD1, ID2, IDS, lD4, lD5, lD6, lD7, lD8, lD9 configured to detect source address of sent messages on said CAN bus.
Said messages configured to be sent and/or received by said CAN unitshave source addresses and generally a destination addresses. Eachmessage sent/received on a CAN bus has a source address and generallyhas a destination address. A broadcast message does not have a destinationaddress.
Said CAN comprises a first CAN bus B1, a second CAN bus B2, a third CANbus BS, a fourth CAN bus B4 and a fifth CAN bus B5.
Said CAN units comprises a gateway GW to which said first CAN bus B1,said second CAN bus B2 and said third CAN bus BS are connected, said 12 gateway GW being configured to be an interface for said first, second andthird CAN buses. Said gateway GW has an address AO. Said gateway GWhas an intrusion detection functionality IDO configured to detect sourceaddress of sent messages on said first CAN bus B1, second CAN bus B2and third CAN bus B3.
Said CAN units GW, C1, C2, C3, C4, C5, C6, C7, C8, C9 comprises a firstCAN unit C1 operably connected to the first CAN bus B1. Said first CAN unitC1 is constituted by a Telematic electronic control unit C1. Said first CAN unitC1 has a first address A1. Said first CAN unit C1 has a first intrusiondetection functionality ID1 configured to detect source address of sentmessages on said first CAN bus B1.
Said CAN units GW, C1, C2, C3, C4, C5, C6, C7, C8, C9 comprises asecond CAN unit C2 being constituted by an on-board diagnostics electroniccontrol unit C2, with a standardized on-board diagnostics interface. Said onboard diagnostics electronic control unit C2 is used for service and providespossibility to external connection for diagnostics of certain vehiclecomponents/vehicle behaviour. Said second CAN unit C2 has a secondaddress A2. Said second CAN unit C2 has a second intrusion detectionfunctionality lD2 configured to detect source address of sent messages on said first CAN bus B1.
Said CAN units GW, C1, C2, C3, C4, C5, C6, C7, C8, C9 comprises a thirdCAN unit C3 operably connected to the second CAN bus B2. Said third CANunit C3 is constituted by a brake electronic control unit C3 for controllingbrakes of the vehicle. Said third CAN unit C3 has a third address A3. Saidthird CAN unit C3 has a third intrusion detection functionality lD3 configuredto detect source address of sent messages on said second CAN bus B2.
Said CAN units GW, C1, C2, C3, C4, C5, C6, C7, C8, C9 comprises a fourthCAN unit C4 operably connected to the second CAN bus B2. Said fourthCAN unit C4 is constituted by a gas pedal electronic control unit C4 for 13 controlling the gas pedal. Said fourth CAN unit C4 has a fourth address A4.Said fourth CAN unit C4 has a fourth intrusion detection functionality ID4configured to detect source address of sent messages on said second CANbus B2.
Said CAN units GW, C1, C2, C3, C4, C5, C6, C7, C8, C9 comprises a fifthCAN unit C5 operably connected to the second CAN bus B2. Said fifth CANunit C5 is constituted by the motor electronic control unit C5 for controllingthe motor, e.g. internal combustion engine, of the vehicle. Said motorelectronic control unit C5 is also operably connected to said fourth CAN busB4. Said motor electronic control unit C5 is also operably connected to saidthe fifth CAN bus B5. Said fifth CAN unit C5 has a fifth address A5. Said fifthCAN unit C5 has a fifth intrusion detection functionality lD5 configured todetect source address of sent messages on said second CAN bus B2. Saidfifth CAN unit C5, i.e. said motor electronic control unit C5, has a function inthe system and works as a Gateway as well. Thus the fifth CAN unit C5 maybe denoted Gateway and thus is an additional Gateway to the Gateway (GW)in the CAN.
Said CAN units GW, C1, C2, C3, C4, C5, C6, C7, C8, C9 comprises a sixthCAN unit C6 operably connected to the second CAN bus B2. Said sixth CANunit C6 is constituted by a transmission electronic control unit C6 forcontrolling the transmission, e.g. gearbox, of the vehicle. Said sixth CAN unitC6 has a sixth address A6. Said sixth CAN unit C6 has a sixth intrusiondetection functionality lD6 configured to detect source address of sentmessages on said second CAN bus B2.
Said CAN units GW, C1, C2, C3, C4, C5, C6, C7, C8, C9 comprises aseventh CAN unit C7 operably connected to the fourth CAN bus B4. Saidseventh CAN unit C7 is constituted by an electronic control unit C7 forexhaust emission control. Said seventh CAN unit C7 has a seventh addressA7. Said seventh CAN unit C7 has a seventh intrusion detection functionality 14 ID7 configured to detect source address of sent messages on said fourthCAN bus B4.
Said CAN units GW, G1, G2, G3, G4, G5, G6, G7, G8, G9 comprises aneighth GAN unit G7 operably connected to the fifth GAN bus B5. Said eighthGAN unit G8 is constituted by an electronic control unit G8 for fuel heatingcontrol. Said eighth GAN unit G8 has an eighth address A8. Said eighth GANunit G8 has an eighth intrusion detection functionality ID8 configured todetect source address of sent messages on said fifth GAN bus B5.
Said GAN units GW, G1, G2, G3, G4, G5, G6, G7, G8, G9 comprises a ninthGAN unit G9 operably connected to the third GAN bus B3. Said ninth GANunit G9 is constituted by a radio electronic control unit G7 for controlling radioand infotainment system of the vehicle and may be connectable to externalunits E1 such as a smartphone. Said ninth GAN unit G9 has a ninth addressA9. Said ninth GAN unit G9 has a ninth intrusion detection functionality ID9configured to detect source address of sent messages on said third GAN busB3.
The system I for determining unauthorized messages in a Gontroller AreaNetwork (GAN) of a vehicle comprises said intrusion detection functionalityIDO, ID1, ID2, ID3, ID4, ID5, ID6, ID7, ID8, ID9 in each GAN unit. The systemI thus comprises a distributed intrusion detection system comprising anintrusion detection functionality IDO, ID1, ID2, ID3, ID4, ID5, ID6, ID7, ID8,ID9 arranged in each GAN unit GW, G1, G2, G3, G4, G5, G6, G7, G8, G9.
Said intrusion detection functionality IDO, ID1, ID2, ID3, ID4, ID5, ID6, ID7,ID8, ID9 in each GAN unit is arranged to analyse messages on said GANbusses with respect to the source addresses. For example, the intrusiondetection functionality IDO, ID3, ID4, ID5, ID6 of the GAN units GW, G3, G4,G5, G6 are arranged to analyse messages on the second GAN bus B2 withrespect to source addresses AO, A3, A4, A5, A6.
Authorized messages are identified as a message having a source addresscorresponding to the address of the CAN unit configured to send such amessage and as a message actually sent from said CAN unit having thataddress Unauthorized messages are identified as: i) a message having a sourceaddress not corresponding to the address of the CAN unit configured to sendsuch a message or, ii) as a message having a source address correspondingto the address of the CAN unit configured to send such a message butactually not sent from said CAN unit having that address.
According to the system I the intrusion detection functionality of the CAN unitreceiving a message having a source address not corresponding to theaddress of the CAN unit configured to send such a message is arranged toidentify such a message as an unauthorized message.
According to the system I the intrusion detection functionality of the CAN unithaving an address corresponding to the source address of a sent messagewhich was not sent from that CAN unit is arranged to identify such a message as an unauthorized message.
For example, an unauthorized message is sent to the second CAN bus B2 ofthe CAN from an unauthorized unit F1 via a link L. According to anembodiment said unauthorized message from said unauthorized unit F1 is amessage representing gas pedal instructions to the motor electronic controlunit C5, i.e. the fifth CAN unit C5, to increase the motor speed, e.g. to give more gas. lf the message from said unauthorized unit F1 representing gas pedalinstructions to the motor electronic control unit C5 to increase the motorspeed has a source address not corresponding to the address of the fourthCAN unit C4, i.e. the gas pedal electronic control unit C4, the fifth CAN unitC5, i.e. the motor electronic control unit C5 will analyse the source address 16 and determine the message as an unauthorized message since it does not correspond to the address of the fourth CAN unit C4. lf the message from said unauthorized unit F1 representing gas pedalinstructions to the motor electronic control unit C5 to increase the motorspeed has a source address corresponding to the address of the fourth CANunit C4, i.e. the gas pedal electronic control unit C4, the fourth CAN unit C4will analyse the source address and determine the message as anunauthorized message since the fourth CAN unit C4 knows that it did notsend the message.
According to an embodiment the system comprises means 100 for taking action if an unauthorized message has been identified.
The means 100 for taking action comprises according to an embodimentmeans 110 for changing the functionality of the CAN unit having identifiedsaid unauthorized message. The means 110 for changing the functionality ofthe CAN unit having identified said unauthorized message is operablyconnected to the CAN unit having identified said unauthorized message via alink. The means 110 is via said link arranged to receive a signal representingdata about said unauthorized message. The means 110 is via said linkarranged to send a signal to said CAN unit representing data for changingfunctionality of said CAN unit. The means 110 is according to an embodimentcomprised in said CAN unit having identified said unauthorized message.
The means 100 for taking action comprises according to an embodimentmeans 120 for interfering with the data transmission of said unauthorizedmessage by means of the CAN unit having identified said unauthorizedmessage. The means 120 for interfering with the data transmission of saidunauthorized message is comprised in the CAN unit having identified saidunauthorized message. Said interfering with the data transmission of saidunauthorized message may comprise corrupting both the data payload and 17 any error-detecting code, i.e. CRC (cyclic redundancy check) lnterfering the data transmission allows the sender to corrupt the data field and the CRC.
The means 100 for taking action comprises according to an embodimentmeans 130 for sending, by means of said CAN unit having identified saidunauthorized message, information about said unauthorized message to theoperator of the vehicle. The means 130 for sending information about saidunauthorized message to the operator of the vehicle is operably connected tothe CAN unit having identified said unauthorized message via a link. Themeans 130 is via said link arranged to receive a signal representing dataabout said unauthorized message. The means 130 comprises according toan embodiment any suitable presentation means for presenting saidinformation to the operator of the vehicle. The presentation means maycomprise visual means for visual presentation comprising e.g. a display unit in the instrument cluster and/or sound means for audible presentation.
The means 100 for taking action comprises according to an embodimentmeans 140 for sending, by means of said CAN unit having identified saidunauthorized message, information externally. Externally may be to a serverunit, computer, the cloud or the like external to the vehicle. The means 140for sending information externally is operably connected to the CAN unithaving identified said unauthorized message via a link. The means 140 is viasaid link arranged to receive a signal representing data about said unauthorized message.
The means 100 for taking action comprises according to an embodimentmeans 150 for sending, by means of said CAN unit having identified saidunauthorized message, information to a centralized intrusion detectionsystem functionality configured to distribute warnings of said unauthorizedmessage to other CAN units of said controller area network. The means 150for sending information to a centralized intrusion detection systemfunctionality configured to distribute warnings of said unauthorized message to other CAN units of said controller area network is operably connected to 18 the CAN unit having identified said unauthorized message via a link. Themeans 150 is via said link arranged to receive a signal representing dataabout said unauthorized message. The means 150 is via said link arrangedto send a signal representing data about said unauthorized message to otherCAN units of said controller area network.
The means 100 for taking action comprises according to an embodimentmeans 160 for sending, by means of said CAN unit having identified saidunauthorized message, information directly to CAN units of said controllerarea network. The means 160 is according to an embodiment comprised insaid CAN unit having identified said unauthorized message.
According to an embodiment the system I comprises means 170 for changingthe functionality of one or more of said CAN units having received informationabout said identified unauthorized message. The means 170 for changing thefunctionality of one or more of said CAN units having received informationabout said identified unauthorized message is operably connected to theCAN units having received information about said identified unauthorizedmessage via a link. The means 170 is via said link arranged to send signalsto one or more of said CAN units having received information about saididentified unauthorized message representing data about changing thefunctionality.
According to an embodiment of the system I the means 170 for changing thefunctionality of one or more of said CAN units comprises applying a stricterpolicy to gateway CAN units.
According to an embodiment of the system I the means 170 for changing thefunctionality of one or more of said CAN units comprises having one or moreCAN units sending the messages encrypted and/or signed.
According to an embodiment of the system I the means 170 for changing thefunctionality of one or more of said CAN units comprises having one or more 19 CAN units only accepting requests from a limited number of CAN units of the controller area network.
According to an embodiment of the system I the means 170 for changing thefunctionality of one or more of said CAN units comprises having one or moreCAN units only allowing critical functionality.
Fig. 2 schematically illustrates a block diagram of a method for determiningunauthorized messages in a Controller Area Network of a vehicle according to an embodiment of the present invention.
Said CAN comprises at least one CAN bus and a set of CAN units operablyconnected to said at least one CAN bus. Said CAN units are configured tosend and/or receive messages representing instructions to vehiclecomponents for vehicle operation. Said at least one CAN bus is configuredsuch that all CAN units being operably connected to that CAN bus areinformed of all communicated messages. Said CAN units have at least one unique address.
CAN units are provided with an intrusion detection functionality configured todetect source address of sent messages on said CAN bus. Preferably eachcan unit or at least each can unit, e.g. electronic control unit, beingconfigured to send and/or receive messages representing instructions tovehicle components for vehicle operation being safety critical for vehicleoperation are provided with an intrusion detection functionality.
Said messages configured to be sent and/or received by said CAN unitshave source addresses and generally a destination addresses. Eachmessage sent/received on a CAN bus has a source address and generallyhas a destination address. A broadcast message does not have a destinationaddress.
Said method comprises the step of analysing, in each CAN unit beingprovided with an intrusion detection functionality, by means of said intrusion detection functionality, messages on said CAN bus with respect to sourceaddress so as to identify whether a message is an authorized message or an unauthorized message.
Authorized messages are identified as messages having a source addresscorresponding to the source address of a CAN unit configured to send such amessage and as a message actually sent from such a CAN unit having suchan address.
Unauthorized messages are identified as: i) messages having a sourceaddress not corresponding to an address of a CAN unit configured to sendsuch messages or, ii) as messages having a source address correspondingto an address of a CAN unit configured to send such messages but actuallynot sent from such a CAN unit having such an address.
The step of identifying unauthorized messages as messages having a sourceaddress not corresponding to an address of a CAN unit configured to sendsuch messages is performed by the intrusion detection functionality of the CAN unit receiving such an unauthorized message.
The step of identifying unauthorized messages as messages having a sourceaddress corresponding to an address of a CAN unit configured to send suchmessages but actually not sent from such a CAN unit having such anaddress is performed by the intrusion detection functionality of the CAN unithaving that address. ln Fig. 2 the method is illustrated as a block diagram where a sent message (IVISG) is analysed according to the present invention.
The intrusion detection functionality in each CAN unit is configured to detectsource address of sent messages (IVISGSA) on said CAN bus.
Said method comprises the step of analysing, in each CAN unit beingprovided with an intrusion detection functionality, by means of said intrusiondetection functionality, messages on said CAN bus with respect to source 21 address so as to identify whether a message is an authorized message or an unauthorized message.
A CAN unit, i.e. the intrusion detection functionality of that CAN unit, checkswhether the source address of the message (lVlSG.SA) corresponds to theaddress of that CAN unit configured to send such a message (S1). lf the source address of the message (lVlSG.SA) did not correspond to theaddress of that CAN unit the intrusion detection functionality of that CAN unit,i.e. that CAN unit did not send that message, the CAN unit receiving thatmessage checks whether the source address of the received message(l\/lSG.SA) corresponds to the address of a CAN unit configured to send sucha message (S1a). lf the source address of the received message (lVlSG.SA) corresponds to anaddress of a CAN unit configured to send such a message the CAN unithaving received that message determines that the message is an authorizedmessage, referred to as OK in Fig. 2 (S1a). lf the source address of the received message (lVlSG.SA) does notcorrespond to an address of a CAN unit configured to send such a messagethe CAN unit having received that message determines that the message isan unauthorized message (S1a). lf the source address of the message (lVlSG.SA) corresponds to the addressof that CAN unit the intrusion detection functionality of that CAN unit checkswhether it actually sent that message (S1 b). lf that CAN unit determines that it actually sent that message that CAN unitdetermines that the message is an authorized message, referred to as OK inFig. 2 (S1 b). lf that CAN unit determines that it did not send that message that CAN unitdetermines that the message is an unauthorized message (S1 b). 22 Due to the fact that the intrusion detection functionality in each CAN unit isconfigured to detect source address of sent messages on a CAN bus anunauthorized message will be detected wherein suitable action may be taken due to such an unauthorized message.
According to an embodiment the method comprises the step of taking action if an unauthorized message has been identified.
According to an embodiment the method comprises the step of taking actionif an unauthorized message has been identified by changing the functionalityof the CAN unit having identified said unauthorized message.
Changing the functionality of the CAN unit having identified said unauthorizedmessage may comprise having the CAN unit sending its messages encrypted and/or signed.
Changing the functionality of the CAN unit having identified said unauthorizedmessage may comprise having the CAN unit only accepting requests from a limited number of CAN units of the controller area network.
Changing the functionality of the CAN unit having identified said unauthorizedmessage may comprise having one or more CAN units only allowing criticalfunctionality.
According to an embodiment the method thus comprises the step of takingaction if an unauthorized message has been identified by interfering with thedata transmission of said unauthorized message by means of the CAN unithaving identified said unauthorized message.
According to an embodiment the method comprises the step of taking actionif an unauthorized message has been identified by sending, by means of saidCAN unit having identified said unauthorized message, information aboutsaid unauthorized message to the operator of the vehicle. Information aboutsaid unauthorized message to the operator of the vehicle may be provided byany suitable presentation means for presenting said information to the 23 operator of the vehicle. The presentation means may comprise visual meansfor visual presentation comprising e.g. a display unit in the instrument clusterand/or sound means for audible presentation.
According to an embodiment the method comprises the step of taking actionif an unauthorized message has been identified by sending, by means of saidCAN unit having identified said unauthorized message, information aboutsaid unauthorized message externally. Externally may be to a server unit,computer, the cloud or the like external to the vehicle.
According to an embodiment the method comprises the step of taking actionif an unauthorized message has been identified by sending, by means of saidCAN unit having identified said unauthorized message, information aboutsaid unauthorized message to a centralized intrusion detection systemfunctionality configured to distribute warnings of said unauthorized messageto other CAN units of said controller area network.
According to an embodiment the method comprises the step of taking actionif an unauthorized message has been identified by sending, by means of saidCAN unit having identified said unauthorized message, information aboutsaid unauthorized message directly to CAN units of said controller area network.
According to an embodiment the method comprises the step of changing thefunctionality of one or more of said CAN units having received informationabout said identified unauthorized message.
According to an embodiment the step of taking action thus comprises thestep of changing the functionality of one or more of said CAN units havingreceived information about said identified unauthorized message.
According to an embodiment of the method the step of changing thefunctionality of one or more of said CAN units comprises the step of applyinga stricter policy to gateway CAN units. 24 According to an embodiment of the method of changing the functionality ofone or more of said CAN units comprises the step of having one or moreCAN units sending the messages encrypted and/or signed.
According to an embodiment of the method of changing the functionality ofone or more of said CAN units comprises the step of having one or moreCAN units only accepting requests from a limited number of CAN units of the controller area network.
Fig. 3 schematically illustrates a side view of a vehicle V according to thepresent invention. The exemplified vehicle V is a heavy vehicle in the shapeof a truck. The vehicle comprises a Controller Area Network (CAN). Thevehicle comprises a system l for determining unauthorized messages in aController Area Network (CAN) of a vehicle according to the present invenfion.
The foregoing description of the preferred embodiments of the presentinvention has been provided for the purposes of illustration and description. ltis not intended to be exhaustive or to limit the invention to the precise formsdisclosed. Obviously, many modifications and variations will be apparent topractitioners skilled in the art. The embodiments were chosen and describedin order to best explain the principles of the invention and its practicalapplications, thereby enabling others skilled in the art to understand theinvention for various embodiments and with the various modifications as are suited to the particular use contemplated.

Claims (11)

CLAIIVIS
1. A method for determining unauthorized messages in a Controller AreaNetwork (CAN) of a vehicle, said Controller Area Network comprising at leastone CAN bus (B1, B2, BS, B4, B5) and a set of CAN units (GW, G1, G2, GS,G4, G5, G6, G7, G8, G9) operably connected to said at least one GAN bus,said GAN units being configured to send and/or receive messagesrepresenting instructions to vehicle components for vehicle operation, said atleast one GAN bus (B1, B2, BS, B4, B5) being configured such that all GANunits being operably connected to that GAN bus are informed of allcommunicated messages on that GAN bus, wherein said GAN units (GW,G1, G2, G3, G4, G5, G6, G7, G8, G9) has at least one unique address (AO,A1, A2, A3, A4, A5, A6, A7, A8, A9), characterized in that GAN units areprovided with an intrusion detection functionality (IDO, lD1, ID2, IDS, lD4, lD5,lD6, lD7, lD8, lD9) configured to detect source address of sent messages onsaid GAN bus (B1, B2, BS, B4, B5), said method comprising the steps of:analysing, in each GAN unit (GW, G1, G2, GS, G4, G5, G6, G7, G8, G9) beingprovided with an intrusion detection functionality, by means of said intrusiondetection functionality, messages on said GAN bus (B1, B2, BS, B4, B5) withrespect to source address so as to identify authorized messages as amessage having a source address corresponding to the address of the GANunit configured to send such a message and as a message actually sent fromsaid GAN unit having that address; and to identify unauthorized messagesas: i) a message having a source address not corresponding to the addressof a GAN unit configured to send such a message or, ii) as a message havinga source address corresponding to the address of a GAN unit configured tosend such a message but actually not sent from such a GAN unit having that address.
2. A method according to claim 1, wherein the step of identifyingunauthorized messages as messages having a source address notcorresponding to the address of a GAN unit (GW, G1, G2, GS, G4, G5, G6, 26 G7, G8, G9) configured to send such messages is performed by the intrusiondetection functionality of the CAN unit (GW, G1, G2, G3, G4, G5, G6, G7, G8,G9) receiving such an unauthorized message, and wherein the step ofidentifying unauthorized messages as a message having a source addresscorresponding to an address of a GAN unit (GW, G1, G2, G3, G4, G5, G6,G7, G8, G9) configured to send such a message but actually not sent fromsuch a GAN unit having that address is performed by the intrusion detectionfunctionality of the GAN unit having that address.
3. A method according to claim 2, comprising the step of taking action if anunauthorized message has been identified, the step of taking actioncomprising one or more of: changing the functionality of the GAN unit havingidentified said unauthorized message; interfering with the data transmissionof said unauthorized message by means of the GAN unit having identifiedsaid unauthorized message; sending, by means of said GAN unit havingidentified said unauthorized message, information about said unauthorizedmessage to the operator of the vehicle and/or externally and/or to acentralized intrusion detection system functionality configured to distributewarnings of said unauthorized message to other GAN units of said controller area network and/or to directly to GAN units of said controller area network.
4. A method according to claim 3, comprising the step of changing thefunctionality of one or more of said GAN units (GW, G1, G2, G3, G4, G5, G6,G7, G8, G9) having received information about said identified unauthorized message.
5. A method according to claim 4, wherein the step of changing thefunctionality of one or more of said GAN units comprises one or more of:applying a stricter policy to gateway GAN units (GW); having one or moreGAN units sending the messages encrypted and/or signed; having one ormore GAN units only accepting requests from a limited number of GAN unitsof the controller area network; having one or more GAN units only allowingcritical functionality. 27
6. A system for determining unauthorized messages in a Controller AreaNetwork (CAN) of a vehicle, said Controller Area Network comprising at leastone CAN bus (B1, B2, B3, B4, B5) and a set of CAN units (GW, G1, G2, G3,G4, G5, G6, G7, G8, G9) operably connected to said at least one GAN bus,said GAN units being configured to send and/or receive messagesrepresenting instructions to vehicle components for vehicle operation, said atleast one GAN bus (B1, B2, B3, B4, B5) being configured such that all GANunits being operably connected to that GAN bus are informed of allcommunicated messages on that GAN bus, wherein said GAN units (GW,G1, G2, G3, G4, G5, G6, G7, G8, G9) has at least one unique address (AO,A1, A2, A3, A4, A5, A6, A7, A8, A9), characterized in that GAN units areprovided with an intrusion detection functionality (IDO, lD1, ID2, lD3, lD4, lD5,lD6, lD7, lD8, lD9) configured to detect source address of sent messages onsaid GAN bus (B1, B2, B3, B4, B5), said lntrusion detection functionality ineach GAN unit (GW, G1, G2, G3, G4, G5, G6, G7, G8, G9) being arranged toanalyse messages on said GAN bus (B1, B2, B3, B4, B5) with respect tosource address so as to identify authorized messages as a message havinga source address corresponding to an address of a GAN unit configured tosend such a message and as a message actually sent from such a GAN unithaving that address; and to identify unauthorized messages as: i) a messagehaving a source address not corresponding to an address of a GAN unitconfigured to send such a message or, ii) as a message having a sourceaddress corresponding to the address of a GAN unit configured to send sucha message but actually not sent from such a GAN unit having that address.
7. A system according to claim 6, wherein the intrusion detectionfunctionality of the GAN unit (GW, G1, G2, G3, G4, G5, G6, G7, G8, G9)receiving a message having a source address not corresponding to theaddress of the GAN unit (GW, G1, G2, G3, G4, G5, G6, G7, G8, G9)configured to send such a message is arranged to identify such a messageas an unauthorized message, and wherein the intrusion detection functionality of the GAN unit (GW, G1, G2, G3, G4, G5, G6, G7, G8, G9) 28 having an address corresponding the source address of a sent messagewhich was not sent from that CAN unit is arranged to identify such a message as an unauthorized message.
8. A system according to c|aim 7, comprising means for taking action if anunauthorized message has been identified, the means for taking actioncomprising one or more of: means for changing the functionality of the CANunit having identified said unauthorized message; means for interfering withthe data transmission of said unauthorized message by means of the CANunit having identified said unauthorized message; means for sending, bymeans of said CAN unit having identified said unauthorized message,information about said unauthorized message to the operator of the vehicleand/or externally and/or to a centralized intrusion detection systemfunctionality configured to distribute warnings of said unauthorized messageto other CAN units of said controller area network and/or to directly to CAN units of said controller area network.
9. A system according to c|aim 8, comprising means for changing thefunctionality of one or more of said CAN units (GW, C1, C2, C3, C4, C5, C6,C7, C8, C9) having received information about said identified unauthorized message.
10.A system according to c|aim 9, wherein the means for changing thefunctionality of one or more of said CAN units comprises one or more of:applying a stricter policy to gateway CAN units (GW); having one or moreCAN units sending the messages encrypted and/or signed; having one ormore CAN units only accepting requests from a limited number of CAN unitsof the controller area network; having one or more CAN units only allowingcritical functionality.
11. A vehicle (V) comprising a system (l) according to any of claims 6-10.
SE1750650A 2017-05-24 2016-09-08 Method and system for determining unauthorized messages in acontroller area network of a vehicle SE1750650A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
SE1750650A SE1750650A1 (en) 2017-05-24 2016-09-08 Method and system for determining unauthorized messages in acontroller area network of a vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE1750650A SE1750650A1 (en) 2017-05-24 2016-09-08 Method and system for determining unauthorized messages in acontroller area network of a vehicle

Publications (1)

Publication Number Publication Date
SE1750650A1 true SE1750650A1 (en) 2018-02-01

Family

ID=61236536

Family Applications (1)

Application Number Title Priority Date Filing Date
SE1750650A SE1750650A1 (en) 2017-05-24 2016-09-08 Method and system for determining unauthorized messages in acontroller area network of a vehicle

Country Status (1)

Country Link
SE (1) SE1750650A1 (en)

Similar Documents

Publication Publication Date Title
US11277417B2 (en) System and method of generating rules for blocking a computer attack on a vehicle
US11451579B2 (en) System and method for protecting electronics systems of a vehicle from cyberattacks
EP3547191B1 (en) System and method of generating rules for blocking a computer attack on a vehicle
EP3827364B1 (en) Message source detection in a vehicle bus system
US10652256B2 (en) Real-time active threat validation mechanism for vehicle computer systems
US8954209B2 (en) Determining locomotive position in a locomotive consist
CN109644189B (en) Data bus protection apparatus and method
JP2007038904A (en) Car-mounted gateway device and message forwarding method used in gateway device
WO2020187985A1 (en) Method for monitoring communication on a communication bus, electronic apparatus for connection to a communication bus, and vehicle
CN112637152B (en) Vehicle-mounted Ethernet firewall system, communication delay determination method and device
JP2014226946A (en) Abnormality response system and abnormality response method for vehicular communication device
JP2017168994A (en) Communication device and communication system
Hartzell et al. Security analysis of an automobile controller area network bus
KR102402629B1 (en) Method and control unit for transmitting information to and/or from a vehicle
EP3547192B1 (en) System and method of blocking a computer attack on a means of transportation
JP2017200050A (en) Gateway device
SE1750650A1 (en) Method and system for determining unauthorized messages in acontroller area network of a vehicle
WO2019115311A1 (en) Method for providing information for the localization of errors in a communications network of an apparatus, correspondingly designed bus device station and vehicle
EP3340190A1 (en) Vehicle communication system
CN111376848B (en) Abnormal detection rule updating method, electronic control unit and vehicle-mounted network system
CN114128222B (en) Relay device system
JP7251685B2 (en) IN-VEHICLE COMPUTER, COMPUTER PROGRAM, COMPUTER-READABLE RECORDING MEDIUM, AND SECURITY SETTING METHOD
JPWO2022091371A5 (en)
JP2016059008A (en) Vehicle network system

Legal Events

Date Code Title Description
NAV Patent application has lapsed