WO2014156328A1 - Car onboard communication system and communication device - Google Patents

Car onboard communication system and communication device Download PDF

Info

Publication number
WO2014156328A1
WO2014156328A1 PCT/JP2014/052904 JP2014052904W WO2014156328A1 WO 2014156328 A1 WO2014156328 A1 WO 2014156328A1 JP 2014052904 W JP2014052904 W JP 2014052904W WO 2014156328 A1 WO2014156328 A1 WO 2014156328A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
packet
signature
transmission
communication
Prior art date
Application number
PCT/JP2014/052904
Other languages
French (fr)
Japanese (ja)
Inventor
司 京増
成沢 文雄
敏史 大塚
Original Assignee
日立オートモティブシステムズ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日立オートモティブシステムズ株式会社 filed Critical 日立オートモティブシステムズ株式会社
Publication of WO2014156328A1 publication Critical patent/WO2014156328A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the present invention relates to a communication system and a communication apparatus using an electronic signature.
  • Patent Document 1 JP-A-10-13403
  • the problem is to provide a data management system that verifies whether or not information data handled between networks has been tampered with, and the transmission apparatus and the reception apparatus are provided with common encryption means.
  • the signature data obtained by encrypting the information data by the encryption means is added to the data and transmitted, and the receiving apparatus compares the received signature data with the signature data obtained by encrypting the received information data by the encryption means. It is described that the information data is verified.
  • Patent Document 2 JP 2011-229075
  • Patent Document 2 JP 2011-229075
  • the in-vehicle device on the transmission side generates signature data for each unit data composed of M communication data, and additional data generated from the divided signature data obtained by dividing the signature data into M pieces. Is added to the communication data and sequentially transmitted, and the amount of data added to each communication frame for verifying the communication data can be reduced.
  • the present invention can be considered to detect or prevent fraud by using a data signature by a transmitting device against an attack that causes unauthorized data to enter and malfunction in a system such as an in-vehicle network.
  • the data format differs from the format of data transmitted and received between communication devices when the signature data is not used. Is incompatible.
  • the present invention makes it possible to detect fraud effectively without changing the format of the communication frame.
  • a communication system that performs communication of packet communication data includes a transmission data generation unit that generates a plurality of transmission data packets, and signature data obtained by encrypting verification information of the plurality of transmission data packets transmitted.
  • a signature data generation unit for generating a signature data packet including the transmission device having a transmission data packet and a transmission means for transmitting the signature data packet, and generating verification information for the received plurality of transmission data packets
  • the receiving unit includes a verification unit that verifies the validity of the received data in comparison with the verification information obtained from the signature data included in the signature data packet.
  • a fraudulent attack such as a spoofing attack occurs, it is detected and notified, or fail safe, illegal transfer prevention, data destruction, status recording, user or other system It is possible to deal with fraud by performing various corresponding operations such as warning notification.
  • the flowchart which shows the process of a tampering determination part The flowchart which shows the process of a tampering determination part.
  • the figure which shows the structure of the network system in another Example The figure which shows the structure of the network system in another Example.
  • FIG. 1 is a diagram showing an example of the configuration of an in-vehicle communication system 1 according to the present invention.
  • the transmission / reception of packet communication data between the transmission device 3 and the reception device 4 can be detected by the reception data verification unit 42 by the signature data packet by the transmission data signature adding unit 32 according to the present invention.
  • the receiving device 5 does not include the received data verification unit 42 and is a conventional ECU that does not support the signature data packet according to the present invention, but cannot detect tampering, but receives packet communication data. Can be processed. That is, a device to which the present invention is applied and a device to which the present invention is not applied can be mixed in the same in-vehicle communication system.
  • FIG. 2 is a diagram illustrating an example of a configuration of packet communication data transmitted from the transmission device 3 and transferred to the reception device 4 via the communication bus 2.
  • the transmission device 3 periodically transmits the transmission data packet 211 including the control data used in the control in the reception device 4, and the hash value from the control data at a rate of one for the N transmission data packets 211.
  • the receiving device 4 detects falsification of N pieces of control data received before by the hash value of the received signature data.
  • FIG. 3 is a flowchart showing a procedure for detecting tampering with packet communication data in the in-vehicle communication system 1.
  • the reception data verification unit 42 of the reception device 4 calculates a hash value from the number of control data received in advance (step n in this example) in step S1112 while receiving control data in step S1111. . If the signature data is received by the signature data packet in step S1113, the signature data is decrypted and the hash value is extracted in step S1114. In step S1115, the hash values of the two are compared. If they match, it is determined that no falsification has been performed (S1116), and if they do not match, it is determined that the control data has been falsified (S1117).
  • FIG. 4 is a diagram illustrating a configuration of the transmission data generation unit 31 of the transmission device 3.
  • the data calculation unit 311 calculates data necessary for control on the receiving device 4 side, the transmission data packet generation unit 312 adds a transmission data identifier 313 according to the calculated data type, and transmits the transmission data packet 211.
  • the transmission data packet 211 generated and transmitted via the transmission data signature adding unit 32 is sent to the communication unit 33.
  • FIG. 5 is a diagram illustrating a configuration of the transmission data signature adding unit 32 of the transmission device 3.
  • the transmission data determination unit 322 distributes the transmission data packet 211 to the communication unit 33 and the signature data generation unit 323 with reference to the transmission data identifier 313 and the signature assignment target transmission data identifier data 321 included in the transmission data packet 211.
  • the signature data generation unit 323 generates a signature data packet 212 from the transmission data packets 211 that have been distributed, and transmits the signature data packet 212 via the communication unit 33.
  • FIG. 6 is a diagram illustrating an example of data included in the signature assignment target data identifier data 321.
  • the signature data identifier associated with the transmission data identifier is stored.
  • FIG. 7 is a flowchart showing processing of the transmission data determination unit 322.
  • step S3222 the transmission data packet 211 is input from the transmission data generation unit 31.
  • step S323 the signature assignment target data identifier data 321 is referred to, and it is checked whether or not the identifier of the transmission data packet 211 is a subject to which a signature is attached. If it is determined to be the target, the process proceeds to step S 3224, and the corresponding signature data identifier and transmission data packet 211 stored in the signature assignment target data identifier data 321 are input to the signature data generation unit 323.
  • step S 3225 the transmission data packet is input to the communication unit 33. If it is determined in step S3223 that the data is not the target data, step S3225 is executed.
  • FIG. 8 is a diagram illustrating a configuration of the signature data generation unit 323.
  • the transmission data storage unit 3231 receives the transmission data packet 211 and the signature data identifier 3213 from the transmission data determination unit 322, and has already transmitted the control data included in the transmission data packet 211 for each type of the signature data identifier 3213.
  • the control data is connected to the connected transmission data string and stored.
  • the hash value generation unit 3232 generates a hash value from the transmission data string stored in the transmitted data storage unit 3231.
  • the encryption processing unit 3233 encrypts the hash value according to a predetermined encryption procedure and generates signature data.
  • the signature packet generation unit 3234 adds a signature data identifier 3213 to the signature data, and generates a signature data packet 212.
  • FIG. 9 is a diagram illustrating a configuration of the reception data verification unit 42 of the reception device 4.
  • the reception data determination unit 423 refers to the signature addition target reception data identifier data 421 and the signature data identifier data 422 and distributes the reception data packet 214 input from the communication unit 43 to the control unit 41 and the falsification determination unit 424.
  • the tampering determination unit 424 receives the received data packet 214 and the signature data packet 212, and notifies the control unit 41 when tampering is detected.
  • FIG. 10 is a flowchart showing processing of the reception data determination unit 423.
  • step S4233 it is first checked whether the packet received in step S4232 is signature data. If it is signature data, the received data packet is input to the falsification determining unit 424 in step S4235, and the process ends in step S4238. If it is determined in step S4233 that the data is not signature data, the process advances to step S4234 to check whether or not the signature is to be added. If it is the target data, in step S4236, the received data packet and the corresponding signature data identifier stored in the signature addition target received data identifier data 421 are input to the falsification determining unit 424. If it is not the target in step S4234, step S4237 is executed as it is, and the process ends in step S4238.
  • FIG. 11 is a diagram illustrating a configuration of the falsification determination unit 424.
  • the control data included in the reception data packet 214 is concatenated with the reception data string in which the control data already received is concatenated, and the received data storage unit 4241 that stores the data, and the stored reception data
  • the signature data packet 212 is decrypted, and a decryption processing unit 4244 that extracts the hash value transmitted from the transmission device and a data comparison unit 4243 that compares both hash values and detects the presence or absence of falsification are configured.
  • FIG. 12 is a flowchart showing processing of the received data storage unit 4241.
  • control data included in the received data packet 214 is stored for each type of signature data identifier 4213 input in step S42412.
  • FIG. 13 is a flowchart showing the alteration determination process by the alteration determination unit 424.
  • the tampering determination process is triggered by the input of the signature data packet in step S42422.
  • step S42423 the received data string stored in the received data storage unit 4241 is read with reference to the identifier of the input signature data packet.
  • step S42424 the hash value generation unit 4242 calculates a hash value of the read received data string.
  • step S42425 the received signature data is decrypted by the decryption processing unit 4244, and the hash value transmitted from the transmission device 3 is extracted.
  • step S42436 whether the two hashes calculated in steps S42424 and S42425 match is compared.
  • step S42428 If they match, it is determined that no falsification has been performed, and the process ends in step S42428. If they do not match in step S42426, the process proceeds to step S42427, the control unit 41 is notified that tampering has been performed, and the process ends in step S42428.
  • the received packet communication data is tampered with by verifying the signature data to be transmitted separately without changing the packet communication data subject to tamper detection. It can be verified whether or not. If the received packet communication data and the signature cannot be matched, or if the signature data itself cannot be received, it is determined that the communication system has been tampered with, so that it is possible to promptly move to a safety measure.
  • FIG. 14 is a diagram showing a configuration of a network system in the present embodiment.
  • the transmission device 61 and the reception device 5 are ECUs similar to the conventional ECU.
  • the signature generation adapter 62 is provided between the transmission device 61 and the communication bus 2, receives packet communication data transmitted from the transmission device 61, transfers the packet communication data to the communication bus 2, and converts the packet communication data into the signature object data. A signature data packet is transmitted.
  • the configuration and processing of the transmission data signature adding unit 621 are the same as those in the first embodiment.
  • the signature verification adapter 72 is provided between the receiving device 5 and the communication bus 2, transfers packet communication data received from the communication bus 2 to the receiving device 5, and receives a signature separately received for the data to be signed. The validity is verified using the data packet.
  • the configuration and processing of the reception data verification unit 721 are the same as those in the first embodiment.
  • the present embodiment it is possible to verify the validity of the packet communication data in the form of an adapter provided between the communication bus and the transmission device and the reception device using a conventional ECU.
  • FIG. 15 is a diagram showing a configuration of the network system in the present embodiment.
  • the data transfer device 8 transfers the packet communication data received from the information system communication bus 21 to the control system communication bus 22 and generates a signature data packet corresponding to the transferred packet communication data by the transmission data signature adding unit 82. To the control system communication bus 22.
  • the transfer data verification device 9 receives the packet communication data and the signature data packet transferred by the data transfer device 8, and verifies the validity of the data transferred from the information communication bus 21 by the reception data verification unit 92.
  • the transfer data verification device 9 detects falsification of the transferred data, the transfer data verification device 9 transmits packet communication data for notifying the control communication bus 22 of the falsification.
  • the transmission data signature adding unit 82 and the reception data verification unit 92 are realized by the same configuration as the transmission data signature adding unit 32 and the reception data verification unit 42 in the first embodiment.
  • the present invention paying attention to data transferred from the information-related communication bus 21 in which fraud is likely to occur, the present invention is applied to other communication devices by performing data verification by the transfer device and the verification device. Not a conventional ECU can be used.
  • FIG. 16 is a diagram showing a configuration of packet communication data transmitted / received via the communication bus in the present embodiment.
  • network communication there is no guarantee that all data will be successfully communicated due to not only unauthorized tampering but also a failure in the communication path.
  • data is repeatedly transmitted and received in a short cycle, and therefore a retransmission request is not made even if reception of some data fails. In this case, regardless of fraud, there is a difference between the data transmitted by the transmission device 3 and the data received by the reception device 4.
  • the signature request packet 213 that requests generation of signature data is transmitted from the reception device 4 to the transmission device 3 only for the transmission data packet 211 that the reception device 4 has successfully received.
  • the transmission device 3 generates signature data from the transmitted data requested by the signature request packet 213 and transmits the signature data packet 212 to the reception device 4.

Abstract

The present invention enables effective detection of fraud without requiring alteration of the format of a communication frame. A communication system for performing communication of packet communication data comprises: a transmission device provided with a transmission data generation unit for generating a plurality of transmission data packets, and a signature data generation unit for generating a signature data packet including authentication data in which verification information for a transmitted plurality of transmission data packets is encrypted, the transmission device further having a transmission means for transmitting the transmission data packets and the signature data packet; and a receiving means having a verification unit for generating verification information with regard to a received plurality of transmission data packets, and comparing the generated information with verification information obtained from the authentication data included in the received signature data packet to verify the validity of the received data.

Description

車載通信システム及び通信装置In-vehicle communication system and communication device
 本発明は、電子署名を利用した通信システム及び通信装置に関する。 The present invention relates to a communication system and a communication apparatus using an electronic signature.
 本技術分野の背景技術として、特開平10-13403(特許文献1)がある。この広報では、ネットワーク間で扱われる情報データに改ざんがないかどうかを検証するデータ管理システムを提供することを課題として、送信装置と受信装置に共通の暗号化手段を備えさせ、送信装置は情報データに上記暗号化手段により該情報データを暗号化した署名データを付加して送信し、受信装置は受信した情報データを暗号化手段により暗号化した署名データと、受信した上記署名データを比較することにより、上記情報データの検証を行う、と記載されている。 As background art in this technical field, there is JP-A-10-13403 (Patent Document 1). In this public relations, the problem is to provide a data management system that verifies whether or not information data handled between networks has been tampered with, and the transmission apparatus and the reception apparatus are provided with common encryption means. The signature data obtained by encrypting the information data by the encryption means is added to the data and transmitted, and the receiving apparatus compares the received signature data with the signature data obtained by encrypting the received information data by the encryption means. It is described that the information data is verified.
 また、特開2011-229075(特許文献2)がある。この公報では、特許文献1で記載されている電子署名による通信データの正当性検証を自動車通信システムに適用する際に、署名データを付加することによる通信データのスループットの低下を抑制可能な通信システムを提供することを課題とし、送信側となる車載装置は、M回分の通信データからなる単位データごとに、署名データを生成すると共に、その署名データをM分割した分割署名データから生成した付加データを、通信データに付加して順次送信する、ことを特徴としており、通信データを検証するために各通信フレームに付加するデータのデータ量を少なく抑えることができる。 Moreover, there is JP 2011-229075 (Patent Document 2). In this publication, when the validity verification of communication data using an electronic signature described in Patent Document 1 is applied to an automobile communication system, a communication system capable of suppressing a decrease in communication data throughput due to the addition of signature data. The in-vehicle device on the transmission side generates signature data for each unit data composed of M communication data, and additional data generated from the divided signature data obtained by dividing the signature data into M pieces. Is added to the communication data and sequentially transmitted, and the amount of data added to each communication frame for verifying the communication data can be reduced.
特開平10-13403号公報Japanese Patent Laid-Open No. 10-13403 特開2011-229075号公報JP 2011-229075 A
 本発明は、車載ネットワークなどのシステムにおいて、不正なデータを侵入させて誤動作させる攻撃に対して、送信装置によるデータの署名を利用し不正を検知、又は防御することが考えられる。 The present invention can be considered to detect or prevent fraud by using a data signature by a transmitting device against an attack that causes unauthorized data to enter and malfunction in a system such as an in-vehicle network.
 しかし、特許文献1に記載の技術では、署名データを保護する対象の情報データに付加して送信するため、署名データを利用しない場合に通信装置間で送受信されるデータの形式と異なり、データ形式の互換性に劣る。 However, in the technique described in Patent Document 1, since the signature data is transmitted in addition to the information data to be protected, the data format differs from the format of data transmitted and received between communication devices when the signature data is not used. Is incompatible.
 また特許文献2に記載の技術では、各通信フレームに対して署名データを付加しており、署名データを利用しない場合に比べ、通信フレームの形式が異なるため、やはりフレーム形式の互換性に劣る。 Further, in the technique described in Patent Document 2, since the signature data is added to each communication frame and the format of the communication frame is different from that in the case where the signature data is not used, the compatibility of the frame format is also inferior.
 本発明は、通信フレームの形式の変更を必要とせずに、効果的に不正の検出を可能とする。 The present invention makes it possible to detect fraud effectively without changing the format of the communication frame.
 上記課題を解決するために、パケット通信データの通信を行う通信システムは、複数の送信データパケットを生成する送信データ生成部と、送信した複数の送信データパケットの検証情報を暗号化した署名データを含む署名データパケットを生成する署名データ生成部とを備え、送信データパケットと署名データパケットを送信する送信手段とを有する送信装置と、受信した複数の送信データパケットについて検証情報を生成し、受信した署名データパケットに含まれる署名データから求めた検証情報と比較して受信データの正当性を検証する検証部を有する受信手段から構成される。 In order to solve the above-described problem, a communication system that performs communication of packet communication data includes a transmission data generation unit that generates a plurality of transmission data packets, and signature data obtained by encrypting verification information of the plurality of transmission data packets transmitted. A signature data generation unit for generating a signature data packet including the transmission device having a transmission data packet and a transmission means for transmitting the signature data packet, and generating verification information for the received plurality of transmission data packets The receiving unit includes a verification unit that verifies the validity of the received data in comparison with the verification information obtained from the signature data included in the signature data packet.
 本発明によれば、なりすまし攻撃のようなネットワーク上で不正な攻撃が発生した場合に、検知して通知、又はフェールセーフ、不正転送防止、データの破棄、状態の記録、ユーザー又は他システムへの警告通知、等の各種対応する動作を行い不正に対処することが可能となる。 According to the present invention, when a fraudulent attack such as a spoofing attack occurs, it is detected and notified, or fail safe, illegal transfer prevention, data destruction, status recording, user or other system It is possible to deal with fraud by performing various corresponding operations such as warning notification.
 また不正検知時の誤検知低減、データ確認時の負荷低減、についても可能になる。 Also, false detection reduction at fraud detection and load reduction at data confirmation are possible.
ネットワークシステムの例である。It is an example of a network system. 通信装置間で送受信されるパケット通信データによる署名データの生成と改ざん検出の手順を示す例である。It is an example which shows the procedure of the production | generation of signature data by the packet communication data transmitted / received between communication apparatuses, and the alteration detection. 改ざんの有無の判定するフローチャートの例である。It is an example of the flowchart which determines the presence or absence of falsification. 送信データ生成部の構成を示す図。The figure which shows the structure of a transmission data production | generation part. 送信データ署名付与部の構成を示す図。The figure which shows the structure of a transmission data signature provision part. 署名付与対象送信データ識別子データを示す図。The figure which shows signature provision object transmission data identifier data. 送信データ判定部の処理を示すフローチャート。The flowchart which shows the process of a transmission data determination part. 署名データ生成部の構成を示す図。The figure which shows the structure of a signature data generation part. 受信データ検証部の構成を示す図。The figure which shows the structure of a reception data verification part. 受信データ判定部の処理を示すフローチャート。The flowchart which shows the process of a reception data determination part. 改ざん判定部の構成を示す図。The figure which shows the structure of a tampering determination part. 改ざん判定部の処理を示すフローチャート。The flowchart which shows the process of a tampering determination part. 改ざん判定部の処理を示すフローチャート。The flowchart which shows the process of a tampering determination part. 他の実施例におけるネットワークシステムの構成を示す図。The figure which shows the structure of the network system in another Example. 他の実施例におけるネットワークシステムの構成を示す図。The figure which shows the structure of the network system in another Example. 他の実施例における通信装置間で送受信されるパケット通信データの構成を示す図。The figure which shows the structure of the packet communication data transmitted / received between the communication apparatuses in another Example.
 以下、本発明に好適な実施形態の例を図面を用いて説明する。ただし、本実施例は、主には車載ネットワークなどの周期的なデータ送受信を行うネットワークにおける装置及びシステムの動作を例にして説明しており、車載ネットワーク装置及び車載ネットワークにおけるデータ送受信システムの実施に好適であるが、ネットワーク装置及びデータ送受信システム以外への適用を妨げるものではない。 Hereinafter, an exemplary embodiment suitable for the present invention will be described with reference to the drawings. However, the present embodiment has been described mainly by taking the operation of a device and system in a network that performs periodic data transmission / reception such as an in-vehicle network as an example, and in the implementation of the data transmission / reception system in the in-vehicle network device and the in-vehicle network. Although it is preferable, application to other than network devices and data transmission / reception systems is not precluded.
 図1は、本発明による車載通信システム1の構成の一例を示す図である。送信装置3と受信装置4の間のパケット通信データの送受信は、本発明による送信データ署名付与部32による署名データパケットにより、受信データ検証部42によって不正を検出することが出来る。一方、受信装置5は、受信データ検証部42を備えておらず、本発明による署名データパケットに対応していない従来のECUであるが、改ざんを検出できない一方で、パケット通信データは、受信して処理することができる。即ち、本発明が適用された装置と、適用されていない装置を同一の車載通信システムに混在させることができる。 FIG. 1 is a diagram showing an example of the configuration of an in-vehicle communication system 1 according to the present invention. The transmission / reception of packet communication data between the transmission device 3 and the reception device 4 can be detected by the reception data verification unit 42 by the signature data packet by the transmission data signature adding unit 32 according to the present invention. On the other hand, the receiving device 5 does not include the received data verification unit 42 and is a conventional ECU that does not support the signature data packet according to the present invention, but cannot detect tampering, but receives packet communication data. Can be processed. That is, a device to which the present invention is applied and a device to which the present invention is not applied can be mixed in the same in-vehicle communication system.
 図2は、送信装置3から送信され、通信バス2を介して受信装置4に転送されるパケット通信データの構成の一例を示す図である。送信装置3は、受信装置4における制御で使用する制御データを含む、送信データパケット211を周期的に送信し、さらにN個の送信データパケット211に対して1つの割合で、制御データからハッシュ値を求めて署名データを生成し、署名データパケット212を送信する。また、受信装置4は、受信した署名データのハッシュ値によりによりそれ以前に受信していたN個の制御データの改ざんを検出する。 FIG. 2 is a diagram illustrating an example of a configuration of packet communication data transmitted from the transmission device 3 and transferred to the reception device 4 via the communication bus 2. The transmission device 3 periodically transmits the transmission data packet 211 including the control data used in the control in the reception device 4, and the hash value from the control data at a rate of one for the N transmission data packets 211. To generate signature data and transmit a signature data packet 212. Further, the receiving device 4 detects falsification of N pieces of control data received before by the hash value of the received signature data.
 図3は、車載通信システム1における、パケット通信データへの改ざんを検出する手順を示すフローチャートである。受信装置4の受信データ検証部42では、ステップS1111で制御データを受信する間、ステップS1112にて予め設定されている数(この例の場合n個)の受信した制御データからハッシュ値を算出する。ステップS1113で、署名データパケットにより署名データを受信したら、ステップS1114にて署名データを復号処理しハッシュ値を抽出する。ステップS1115で両者のハッシュ値を比較し、一致すれば改ざんは行われていないものとし(S1116)、一致しなければ制御データに改ざんが行われていると判定する(S1117)。 FIG. 3 is a flowchart showing a procedure for detecting tampering with packet communication data in the in-vehicle communication system 1. The reception data verification unit 42 of the reception device 4 calculates a hash value from the number of control data received in advance (step n in this example) in step S1112 while receiving control data in step S1111. . If the signature data is received by the signature data packet in step S1113, the signature data is decrypted and the hash value is extracted in step S1114. In step S1115, the hash values of the two are compared. If they match, it is determined that no falsification has been performed (S1116), and if they do not match, it is determined that the control data has been falsified (S1117).
 図4は、送信装置3の送信データ生成部31の構成を示す図である。データ算出部311は、受信装置4の側における制御に必要なデータを算出し、送信データパケット生成部312は、算出したデータの種類に応じた送信データ識別子313を付加し、送信データパケット211を生成し、送信データ署名付与部32を介して生成した送信データパケット211を通信部33に送る。 FIG. 4 is a diagram illustrating a configuration of the transmission data generation unit 31 of the transmission device 3. The data calculation unit 311 calculates data necessary for control on the receiving device 4 side, the transmission data packet generation unit 312 adds a transmission data identifier 313 according to the calculated data type, and transmits the transmission data packet 211. The transmission data packet 211 generated and transmitted via the transmission data signature adding unit 32 is sent to the communication unit 33.
 図5は、送信装置3の送信データ署名付与部32の構成を示す図である。送信データ判定部322では、送信データパケット211に含まれる送信データ識別子313と、署名付与対象送信データ識別子データ321を参照して、送信データパケット211を、通信部33と署名データ生成部323に振り分ける。署名データ生成部323は、所定個数の振り分けられてきた送信データパケット211から署名データパケット212を生成し、通信部33を介して送信する。 FIG. 5 is a diagram illustrating a configuration of the transmission data signature adding unit 32 of the transmission device 3. The transmission data determination unit 322 distributes the transmission data packet 211 to the communication unit 33 and the signature data generation unit 323 with reference to the transmission data identifier 313 and the signature assignment target transmission data identifier data 321 included in the transmission data packet 211. . The signature data generation unit 323 generates a signature data packet 212 from the transmission data packets 211 that have been distributed, and transmits the signature data packet 212 via the communication unit 33.
 図6は、署名付与対象データ識別子データ321に含まれるデータの例を示す図である。送信データ識別子に対応付けられた署名データ識別子が格納されている。 FIG. 6 is a diagram illustrating an example of data included in the signature assignment target data identifier data 321. The signature data identifier associated with the transmission data identifier is stored.
 図7は、送信データ判定部322の処理を示すフローチャートである。ステップS3222にて送信データ生成部31から送信データパケット211が入力される。ステップS323では、署名付与対象データ識別子データ321を参照して、送信データパケット211の識別子が署名を付与する対象かどうかを調べる。対象であると判定された場合、ステップS3224に進み、署名付与対象データ識別子データ321に格納されている対応する署名データ識別子と送信データパケット211を署名データ生成部323に入力する。そしてステップS3225で、送信データパケットを通信部33へ入力する。またステップS3223で、対象データで無いと判定された場合、ステップS3225を実行する。 FIG. 7 is a flowchart showing processing of the transmission data determination unit 322. In step S3222, the transmission data packet 211 is input from the transmission data generation unit 31. In step S323, the signature assignment target data identifier data 321 is referred to, and it is checked whether or not the identifier of the transmission data packet 211 is a subject to which a signature is attached. If it is determined to be the target, the process proceeds to step S 3224, and the corresponding signature data identifier and transmission data packet 211 stored in the signature assignment target data identifier data 321 are input to the signature data generation unit 323. In step S 3225, the transmission data packet is input to the communication unit 33. If it is determined in step S3223 that the data is not the target data, step S3225 is executed.
 図8は、署名データ生成部323の構成を示す図である。送信済みデータ記憶部3231には、送信データ判定部322から送信データパケット211と署名データ識別子3213が入力され、署名データ識別子3213の種類ごとに送信データパケット211に含まれる制御データを、すでに送信済みの制御データを連結した送信データ列に連結し、記憶する。ハッシュ値生成部は3232、送信済みデータ記憶部3231に記憶されている送信データ列からハッシュ値を生成する。暗号処理部3233は、予め定められている暗号化手順によりハッシュ値を暗号化し署名データを生成する。署名パケット生成部3234は、署名データに署名データ識別子3213を付加し、署名データパケット212を生成する。 FIG. 8 is a diagram illustrating a configuration of the signature data generation unit 323. The transmission data storage unit 3231 receives the transmission data packet 211 and the signature data identifier 3213 from the transmission data determination unit 322, and has already transmitted the control data included in the transmission data packet 211 for each type of the signature data identifier 3213. The control data is connected to the connected transmission data string and stored. The hash value generation unit 3232 generates a hash value from the transmission data string stored in the transmitted data storage unit 3231. The encryption processing unit 3233 encrypts the hash value according to a predetermined encryption procedure and generates signature data. The signature packet generation unit 3234 adds a signature data identifier 3213 to the signature data, and generates a signature data packet 212.
 図9は、受信装置4の受信データ検証部42の構成を示す図である。受信データ判定部423は、署名付与対象受信データ識別子データ421と署名データ識別子データ422を参照し、通信部43から入力される受信データパケット214を、制御部41と改ざん判定部424に振り分ける。改ざん判定部424は、受信データパケット214と署名データパケット212を入力され、改ざんを検出した場合に制御部41に通知する。 FIG. 9 is a diagram illustrating a configuration of the reception data verification unit 42 of the reception device 4. The reception data determination unit 423 refers to the signature addition target reception data identifier data 421 and the signature data identifier data 422 and distributes the reception data packet 214 input from the communication unit 43 to the control unit 41 and the falsification determination unit 424. The tampering determination unit 424 receives the received data packet 214 and the signature data packet 212, and notifies the control unit 41 when tampering is detected.
 図10は、受信データ判定部423の処理を示すフローチャートである。ステップS4232で受信したパケットを、ステップS4233でまず署名データであるかどうかを調べる。署名データである場合は、ステップS4235で受信データパケットを改ざん判定部424に入力し、ステップS4238でそのまま終了する。ステップS4233の判定で、署名データで無いと判定された場合は、ステップS4234に進み、署名付与される対象であるかどうか調べる。対象データである場合は、ステップS4236で、受信データパケットと署名付与対象受信データ識別子データ421に格納されている対応する署名データ識別子を、改ざん判定部424に入力する。ステップS4234で対象でなかった場合は、ステップS4237をそのまま実行し、ステップS4238で処理を終了する。 FIG. 10 is a flowchart showing processing of the reception data determination unit 423. In step S4233, it is first checked whether the packet received in step S4232 is signature data. If it is signature data, the received data packet is input to the falsification determining unit 424 in step S4235, and the process ends in step S4238. If it is determined in step S4233 that the data is not signature data, the process advances to step S4234 to check whether or not the signature is to be added. If it is the target data, in step S4236, the received data packet and the corresponding signature data identifier stored in the signature addition target received data identifier data 421 are input to the falsification determining unit 424. If it is not the target in step S4234, step S4237 is executed as it is, and the process ends in step S4238.
 図11は、改ざん判定部424の構成を示す図である。署名データ識別子4213の種類ごとに、受信データパケット214に含まれる制御データを、すでに受信ずみの制御データを連結した受信データ列に連結し、記憶する受信済みデータ記憶部4241と、記憶した受信データ列からハッシュ値を生成するハッシュ値生成部4242がある。また署名データパケット212を復号し、送信装置から送信されたハッシュ値を抽出する復号処理部4244と、両ハッシュ値を比較し改ざんの有無を検出するデータ比較部4243から構成される。 FIG. 11 is a diagram illustrating a configuration of the falsification determination unit 424. For each type of signature data identifier 4213, the control data included in the reception data packet 214 is concatenated with the reception data string in which the control data already received is concatenated, and the received data storage unit 4241 that stores the data, and the stored reception data There is a hash value generation unit 4242 that generates a hash value from a column. In addition, the signature data packet 212 is decrypted, and a decryption processing unit 4244 that extracts the hash value transmitted from the transmission device and a data comparison unit 4243 that compares both hash values and detects the presence or absence of falsification are configured.
 図12は、受信済みデータ記憶部4241の処理を示すフローチャートである。ステップS42412で入力された、署名データ識別子4213の種類ごとに、ステップS42413では受信データパケット214に含まれる制御データを記憶する。 FIG. 12 is a flowchart showing processing of the received data storage unit 4241. In step S42413, control data included in the received data packet 214 is stored for each type of signature data identifier 4213 input in step S42412.
 図13は、改ざん判定部424による改ざん判定の処理を示すフローチャートである。改ざん判定処理は、ステップS42422における署名データパケットの入力をトリガに行われる。ステップS42423では、入力された署名データパケットの識別子を参照し、受信済みデータ記憶部4241に記憶されている受信データ列を読み出す。ステップS42424では、ハッシュ値生成部4242にて、読み出した受信データ列のハッシュ値を算出する。ステップS42425では、受信した署名データを復号処理部4244で復号し、送信装置3から送信されたハッシュ値を抽出する。ステップS42436では、ステップS42424とステップS42425で算出した二つのハッシュが一致するか比較を行う。一致している場合、改ざんが行われていないとし、ステップS42428でそのまま処理を終了する。またステップS42426で一致しない場合は、ステップS42427に進み、制御部41に改ざんが行われている事を通知し、ステップS42428で処理を終了する。 FIG. 13 is a flowchart showing the alteration determination process by the alteration determination unit 424. The tampering determination process is triggered by the input of the signature data packet in step S42422. In step S42423, the received data string stored in the received data storage unit 4241 is read with reference to the identifier of the input signature data packet. In step S42424, the hash value generation unit 4242 calculates a hash value of the read received data string. In step S42425, the received signature data is decrypted by the decryption processing unit 4244, and the hash value transmitted from the transmission device 3 is extracted. In step S42436, whether the two hashes calculated in steps S42424 and S42425 match is compared. If they match, it is determined that no falsification has been performed, and the process ends in step S42428. If they do not match in step S42426, the process proceeds to step S42427, the control unit 41 is notified that tampering has been performed, and the process ends in step S42428.
 このように、本実施の形態によれば、改ざん検出の対象となるパケット通信データに変更を加えなくとも、別途送信する署名データを検証することで、受信したパケット通信データに改ざんが行われているかどうかを検証することができる。受信したパケット通信データと署名の整合性が取れない場合、また署名データ自体が受信できない場合は、通信システムに不正があったことが判明するため、速やかに安全処置に移行することができる。 As described above, according to the present embodiment, the received packet communication data is tampered with by verifying the signature data to be transmitted separately without changing the packet communication data subject to tamper detection. It can be verified whether or not. If the received packet communication data and the signature cannot be matched, or if the signature data itself cannot be received, it is determined that the communication system has been tampered with, so that it is possible to promptly move to a safety measure.
 次に本発明の他の実施の形態について、これまで説明した実施例との差異点を中心に説明する。 Next, another embodiment of the present invention will be described focusing on differences from the embodiments described above.
 図14は、本実施の形態におけるネットワークシステムの構成を示す図である。送信装置61及び受信装置5は、従来と同様のECUである。署名生成アダプタ62は、送信装置61と通信バス2の間に設けられ、送信装置61から送信されるパケット通信データを入力され、パケット通信データを通信バス2に転送すると共に、署名付与対象データに対して署名データパケットを送信する。送信データ署名付与部621の構成及び処理は、実施例1と同様である。 FIG. 14 is a diagram showing a configuration of a network system in the present embodiment. The transmission device 61 and the reception device 5 are ECUs similar to the conventional ECU. The signature generation adapter 62 is provided between the transmission device 61 and the communication bus 2, receives packet communication data transmitted from the transmission device 61, transfers the packet communication data to the communication bus 2, and converts the packet communication data into the signature object data. A signature data packet is transmitted. The configuration and processing of the transmission data signature adding unit 621 are the same as those in the first embodiment.
 また署名検証アダプタ72は、受信装置5と通信バス2の間に設けられ、通信バス2から受信したパケット通信データを受信装置5に転送すると共に、署名付与対象データに対して、別途受信する署名データパケットを用いて、正当性の検証を行う。受信データ検証部721の構成及び処理は、実施例1の場合と同様である。 The signature verification adapter 72 is provided between the receiving device 5 and the communication bus 2, transfers packet communication data received from the communication bus 2 to the receiving device 5, and receives a signature separately received for the data to be signed. The validity is verified using the data packet. The configuration and processing of the reception data verification unit 721 are the same as those in the first embodiment.
 本実施例の形態によれば、送信装置と受信装置に従来のECUを用いて、通信バスとの間に備え付けられるアダプタの形態で、パケット通信データの正当性を検証することができる。 According to the form of the present embodiment, it is possible to verify the validity of the packet communication data in the form of an adapter provided between the communication bus and the transmission device and the reception device using a conventional ECU.
 更に、本発明の他の実施の形態について、これまで説明した実施例との差異点を中心に説明する。 Furthermore, another embodiment of the present invention will be described focusing on differences from the embodiments described above.
 図15は、本実施の形態におけるネットワークシステムの構成を示す図である。データ転送装置8は、情報系通信バス21から受信したパケット通信データを、制御系通信バス22へ転送すると共に、送信データ署名付与部82により、転送したパケット通信データに対応する署名データパケットを生成し制御系通信バス22へ送信する。 FIG. 15 is a diagram showing a configuration of the network system in the present embodiment. The data transfer device 8 transfers the packet communication data received from the information system communication bus 21 to the control system communication bus 22 and generates a signature data packet corresponding to the transferred packet communication data by the transmission data signature adding unit 82. To the control system communication bus 22.
 また転送データ検証装置9は、データ転送装置8が転送するパケット通信データと、署名データパケットを受信し、受信データ検証部92によって情報系通信バス21から転送されるデータの正当性を検証する。転送データ検証装置9は、転送されたデータの改ざんを検出した場合、制御系通信バス22へ改ざんを通知するパケット通信データを送信する。 Further, the transfer data verification device 9 receives the packet communication data and the signature data packet transferred by the data transfer device 8, and verifies the validity of the data transferred from the information communication bus 21 by the reception data verification unit 92. When the transfer data verification device 9 detects falsification of the transferred data, the transfer data verification device 9 transmits packet communication data for notifying the control communication bus 22 of the falsification.
 送信データ署名付与部82、及び受信データ検証部92は、実施例1における送信データ署名付与部32、及び受信データ検証部42と同様の構成で実現される。 The transmission data signature adding unit 82 and the reception data verification unit 92 are realized by the same configuration as the transmission data signature adding unit 32 and the reception data verification unit 42 in the first embodiment.
 本実施の形態によれば、不正が生じやすい情報系通信バス21から転送されるデータに着目し、転送装置と検証装置によりデータの検証を行うことで、他の通信装置は本発明が適用されていない、従来のECUを使用することができる。 According to the present embodiment, paying attention to data transferred from the information-related communication bus 21 in which fraud is likely to occur, the present invention is applied to other communication devices by performing data verification by the transfer device and the verification device. Not a conventional ECU can be used.
 また、本発明の他の実施の形態についてこれまで説明した実施例との差異点を中心に説明する。 Further, other embodiments of the present invention will be described focusing on differences from the embodiments described above.
 図16は、本実施の形態における通信バスを介して送受信されるパケット通信データの構成を示す図である。ネットワーク通信においては、不正な改ざんのみならず、通信経路の不具合などにより必ずしも全てのデータの通信に成功する保証が無い。特に車載通信ネットワークでは、短い周期で繰り返しデータの送受信を行うため、一部のデータの受信に失敗しても再送信の要求を行わない。この場合、不正によらず、送信装置3が送信したデータと、受信装置4が受信したデータの間に差異が生じる。 FIG. 16 is a diagram showing a configuration of packet communication data transmitted / received via the communication bus in the present embodiment. In network communication, there is no guarantee that all data will be successfully communicated due to not only unauthorized tampering but also a failure in the communication path. In particular, in an in-vehicle communication network, data is repeatedly transmitted and received in a short cycle, and therefore a retransmission request is not made even if reception of some data fails. In this case, regardless of fraud, there is a difference between the data transmitted by the transmission device 3 and the data received by the reception device 4.
 そこで本実施の形態では、受信装置4が受信に成功した送信データパケット211についてのみ、署名データの生成を要求する署名要求パケット213を、受信装置4から送信装置3に送信する。送信装置3は、署名要求パケット213で要求されている、送信済みデータから署名データを生成し、署名データパケット212を、受信装置4へ送信する。 Therefore, in the present embodiment, the signature request packet 213 that requests generation of signature data is transmitted from the reception device 4 to the transmission device 3 only for the transmission data packet 211 that the reception device 4 has successfully received. The transmission device 3 generates signature data from the transmitted data requested by the signature request packet 213 and transmits the signature data packet 212 to the reception device 4.
 本実施の形態によれば、不正によらない受信済みデータと署名データの不一致を、改ざんと誤検知することを回避し、システム処理の効率を向上させることができる。 According to the present embodiment, it is possible to avoid erroneous detection of a mismatch between received data and signature data that are not fraudulent, and improve the efficiency of system processing.
2…通信バス
3…送信装置
4,5…受信装置
8…データ転送装置
9…転送データ検証装置
211…送信データパケット
212…署名データパケット
214…受信データパケット
31,611…送信データ生成部
32,621,82…送信データ署名付与部
33,43,83,84,612,622,722,93…通信部
21…情報系通信バス
22…制御系通信バス
41…制御部
42,721,92…受信データ検証部
311…データ算出部
312…送信データパケット生成部
313…送信データ識別子
321…署名付与対象送信データ識別子データ
322…送信データ判定部
323…署名データ生成部
3213,4213…署名データ識別子
3231…送信済みデータ記憶部
3232,4242…ハッシュ値生成部
3233…暗号処理部
3234…署名パケット生成部
421…署名付与対象受信データ識別子データ
422…署名データ識別子データ
423…受信データ判定部
424…改ざん判定部
4241…受信済みデータ記憶部
4243…データ比較部
4244…復号処理部
62…署名生成アダプタ
72…署名検証アダプタ 2 ... Communication bus 3 ... Transmitting device 4, 5 ... Receiving device 8 ... Data transfer device 9 ... Transfer data verification device 211 ... Transmission data packet 212 ... Signature data packet 214 ... Received data packet 31, 611 ... Transmission data generating unit 32, 621, 82: Transmission data signature assigning unit 33, 43, 83, 84, 612, 622, 722, 93 ... Communication unit 21 ... Information system communication bus 22 ... Control system communication bus 41 ... Control unit 42, 721, 92 ... Reception Data verification unit 311 ... Data calculation unit 312 ... Transmission data packet generation unit 313 ... Transmission data identifier 321 ... Signal assignment target transmission data identifier data 322 ... Transmission data determination unit 323 ... Signature data generation unit 3213, 4213 ... Signature data identifier 3231 ... Transmitted data storage units 3232, 4242 ... Hash value generation unit 3233 ... Cryptographic processing unit 3 34 ... Signature packet generation unit 421 ... Signature assignment target received data identifier data 422 ... Signature data identifier data 423 ... Received data determination unit 424 ... Falsification determination unit 4241 ... Received data storage unit 4243 ... Data comparison unit 4244 ... Decoding processing unit 62 ... Signature generation adapter 72 ... Signature verification adapter

Claims (5)

  1.  パケット通信データの通信を行う送信装置と受信装置からなる通信システムにおいて、
     前記送信装置は、
     少なくとも2つ以上の第1のパケット通信データを生成する送信データ生成部と、
     送信した複数の前記第1のパケット通信データの検証情報を暗号化した認証データを含む第2のパケット通信データを生成する署名データ生成部と、
     前記第1と第2のパケット通信データを送信する送信手段と、
    を有し、
     前記受信手段は、
     前記第1と第2のパケット通信データを受信する受信部と、
     受信した前記複数の第1のパケット通信データについて検証情報を生成し、受信した前記第2のパケット通信データに含まれる認証データから求めた検証情報と比較して受信データの正当性を検証する検証部を有する
    ことを特徴とする通信システム。     In a communication system consisting of a transmission device and a reception device that perform communication of packet communication data,
    The transmitter is
    A transmission data generation unit that generates at least two or more first packet communication data;
    A signature data generation unit for generating second packet communication data including authentication data obtained by encrypting verification information of the plurality of transmitted first packet communication data;
    Transmitting means for transmitting the first and second packet communication data;
    Have
    The receiving means includes
    A receiving unit for receiving the first and second packet communication data;
    Verification that generates verification information for the plurality of received first packet communication data, and verifies the validity of the received data by comparing with verification information obtained from authentication data included in the received second packet communication data The communication system characterized by having a unit.
  2.  請求項1に記載の通信システムにおいて、
     前記受信装置は、受信した少なくとも2つ以上の第1のパケット通信データを指定する情報である第3のパケット通信データを前記送信装置へ送信し、
     前記送信装置は、前記第3のパケット通信データを受信した後、当該第3のパケット通信データで指定されている少なくとも2つ以上の第1のパケット通信データの検証情報を暗号化した認証データを含む第2のパケット通信データを生成して送信すること、
    を特徴とする通信システム。     The communication system according to claim 1,
    The receiving device transmits third packet communication data, which is information specifying at least two or more received first packet communication data, to the transmitting device;
    After the transmission of the third packet communication data, the transmitting device receives authentication data obtained by encrypting verification information of at least two or more first packet communication data specified by the third packet communication data. Generating and transmitting second packet communication data including,
    A communication system characterized by the above.
  3.  請求項2に記載の通信システムにおいて、
     前記第1及び第2及び第3パケット通信データは、パケット通信データの種類を特定するパケット識別子と、伝送対象のデータを配置したデータ領域を含むこと、
    を特徴とする通信システム。     The communication system according to claim 2,
    The first, second, and third packet communication data include a packet identifier that specifies a type of packet communication data and a data area in which data to be transmitted is arranged.
    A communication system characterized by the above.
  4.  請求項1に記載の通信システムにおいて、
     前記第1のパケット通信データは、データ領域に含んでいるデータに応じて、パケット識別子を持つこと、を特徴とする通信システム。     The communication system according to claim 1,
    The communication system characterized in that the first packet communication data has a packet identifier according to data included in a data area.
  5.  請求項1に記載の通信システムにおいて、
     前記第2のパケット通信データは、検証対象とする第1のパケット通信データに対応するパケット識別子を持つこと、を特徴とする通信システム。     The communication system according to claim 1,
    The communication system characterized in that the second packet communication data has a packet identifier corresponding to the first packet communication data to be verified.
PCT/JP2014/052904 2013-03-29 2014-02-07 Car onboard communication system and communication device WO2014156328A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2013-070945 2013-03-29
JP2013070945A JP5940013B2 (en) 2013-03-29 2013-03-29 In-vehicle communication system and communication device

Publications (1)

Publication Number Publication Date
WO2014156328A1 true WO2014156328A1 (en) 2014-10-02

Family

ID=51623329

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/052904 WO2014156328A1 (en) 2013-03-29 2014-02-07 Car onboard communication system and communication device

Country Status (2)

Country Link
JP (1) JP5940013B2 (en)
WO (1) WO2014156328A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109314645A (en) * 2016-08-10 2019-02-05 Kddi株式会社 Data providing system, data protecting device, data offering method and computer program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008060809A (en) * 2006-08-30 2008-03-13 Toyota Infotechnology Center Co Ltd Vehicle-to-vehicle communication method, vehicle-to-vehicle communication system and on-vehicle communication equipment
JP2009081549A (en) * 2007-09-25 2009-04-16 Kyocera Corp Signature verifying method, stream generating method, reception device, and stream transmission device
WO2011105350A1 (en) * 2010-02-24 2011-09-01 ルネサスエレクトロニクス株式会社 Wireless communications device and authentication processing method
JP2011229075A (en) * 2010-04-22 2011-11-10 Denso Corp Communications system, transmitter, receiver, and transmitter-receiver

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008060809A (en) * 2006-08-30 2008-03-13 Toyota Infotechnology Center Co Ltd Vehicle-to-vehicle communication method, vehicle-to-vehicle communication system and on-vehicle communication equipment
JP2009081549A (en) * 2007-09-25 2009-04-16 Kyocera Corp Signature verifying method, stream generating method, reception device, and stream transmission device
WO2011105350A1 (en) * 2010-02-24 2011-09-01 ルネサスエレクトロニクス株式会社 Wireless communications device and authentication processing method
JP2011229075A (en) * 2010-04-22 2011-11-10 Denso Corp Communications system, transmitter, receiver, and transmitter-receiver

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109314645A (en) * 2016-08-10 2019-02-05 Kddi株式会社 Data providing system, data protecting device, data offering method and computer program
CN109314645B (en) * 2016-08-10 2021-08-13 Kddi株式会社 Data providing system, data protection device, data providing method, and storage medium
US11212109B2 (en) 2016-08-10 2021-12-28 Kddi Corporation Data provision system, data security device, data provision method, and computer program

Also Published As

Publication number Publication date
JP5940013B2 (en) 2016-06-29
JP2014195194A (en) 2014-10-09

Similar Documents

Publication Publication Date Title
Ueda et al. Security authentication system for in-vehicle network
Hu et al. Review of secure communication approaches for in-vehicle network
US9252945B2 (en) Method for recognizing a manipulation of a sensor and/or sensor data of the sensor
US8520839B2 (en) Data transmitter with a secure and efficient signature
JP5949572B2 (en) Vehicle improper state detection method, control method in vehicle system, and system
US20180270052A1 (en) Cryptographic key distribution
US9998476B2 (en) Data distribution apparatus, communication system, moving object, and data distribution method
JP5598164B2 (en) Computer system
US10425231B2 (en) Information processing apparatus and method for authenticating message
JP2010011400A (en) Cipher communication system of common key system
Zalman et al. A secure but still safe and low cost automotive communication technique
CN112865959B (en) Consensus method of distributed node equipment, node equipment and distributed network
KR102256730B1 (en) System and method for vehicle verification and communication
CN112448941A (en) Authentication system and method for authenticating a microcontroller
CN116232593B (en) Multi-password module sensitive data classification and protection method, equipment and system
CN113114621A (en) Communication method for bus dispatching system and bus dispatching system
Zou et al. The study of secure CAN communication for automotive applications
Daily et al. Securing CAN traffic on J1939 networks
US10862675B2 (en) Method for exchanging messages between security-relevant devices
Püllen et al. Securing FlexRay-based in-vehicle networks
US10438002B2 (en) Field-bus data transmission
JP5940013B2 (en) In-vehicle communication system and communication device
KR102236282B1 (en) Method and system for authenticating communication data of vehicle
Giri et al. An integrated safe and secure approach for authentication and secret key establishment in automotive Cyber-Physical systems
EP3618385B1 (en) Method and arrangement for encoding/decoding a signal at a first and second communication node in a road vehicle

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14776009

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14776009

Country of ref document: EP

Kind code of ref document: A1