WO2017064075A1 - Agencement de circuits pour la génération d'un secret ou d'une clé dans un réseau - Google Patents

Agencement de circuits pour la génération d'un secret ou d'une clé dans un réseau Download PDF

Info

Publication number
WO2017064075A1
WO2017064075A1 PCT/EP2016/074368 EP2016074368W WO2017064075A1 WO 2017064075 A1 WO2017064075 A1 WO 2017064075A1 EP 2016074368 W EP2016074368 W EP 2016074368W WO 2017064075 A1 WO2017064075 A1 WO 2017064075A1
Authority
WO
WIPO (PCT)
Prior art keywords
subscriber
module
circuit arrangement
communication
transmission
Prior art date
Application number
PCT/EP2016/074368
Other languages
German (de)
English (en)
Inventor
Florian Hartwich
Timo Lothspeich
Franz Bailer
Christian Horst
Arthur Mutter
Andreas Mueller
Original Assignee
Robert Bosch Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch Gmbh filed Critical Robert Bosch Gmbh
Publication of WO2017064075A1 publication Critical patent/WO2017064075A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner

Definitions

  • Circuit arrangement for generating a secret or key in a network
  • the present invention relates to a circuit arrangement for the generation of a cryptographic secret in a network, which can be used in particular for the generation of a common, secret key in two participants of the network.
  • Point-to-point connections are also usually counted as networks and should also be addressed here with this term.
  • the two participants communicate via a shared transmission medium.
  • logical bit sequences (or, more generally, value sequences) are transmitted physically by means of corresponding transmission methods as signals or signal sequences.
  • the underlying communication system may e.g. be a CAN bus. This provides for transmission of dominant and recessive bits or correspondingly dominant and recessive signals, whereby a dominant signal or bit of a participant of the network intersperses against recessive signals or bits.
  • a state corresponding to the recessive signal adjusts itself to the transmission medium only if all participants involved provide a recessive signal for transmission or if all participants transmitting at the same time transmit a recessive signal level.
  • suitable cryptographic methods are usually used, which can generally be subdivided into two different categories: first, symmetric methods, in which the sender and receiver have the same cryptographic key, and, on the other hand, asymmetrical methods in which the sender uses the data to be transmitted is encrypted with the public (ie possibly also known to a potential attacker) key of the recipient, but the decryption can be done only with the associated private key, which is ideally known only to the recipient.
  • asymmetric methods usually have a very high computational complexity.
  • resource constrained nodes such as e.g. Sensors, actuators, or similar, suitable, which usually have only a relatively low computing power and low memory and energy-efficient work, for example due to battery operation or the use of energy harvesting.
  • bandwidth available for data transmission making the replacement of asymmetric keys with lengths of 2048 bits or even more unattractive.
  • the keys are usually stored centrally. testifies. The assignment to individual ECUs takes place in a secure environment z. B. in the factory of the vehicle manufacturer. There, the keys are also activated.
  • the non-prepublished DE 10 2015 207220 AI discloses a method for generating a shared secret or a secret symmetric key by means of public discussion between two communication participants.
  • the invention is based on a circuit arrangement which has a communication module for communication via a transmission channel as well as a further module which, in order to support the generation of a shared secret between the network participant, comprises Circuitry and another network participant is set up.
  • the secret is thereby generated by a (largely) synchronous transmission of a subscriber value sequence on a common transmission channel between the network subscribers and on the basis of the transmitted subscriber value sequences and the determined superimposition on the transmission channel.
  • the further module supports the generation of the secret, in particular it causes the (largely) synchronous transmission.
  • the hardware realization of the method in a circuit arrangement by using a communication module and the additional module provided specifically for this method enables a reliable and largely tamper-proof implementation while maintaining the necessary latency times.
  • the advantageous combination possibilities shown between the communication module (s) and the other modules enable the developer, when implementing the described methods in a circuit arrangement, to weigh the following points: resource expenditure, flexibility and modularity.
  • An integrated variant of the communication module and the further module has e.g. a low resource requirement.
  • the modularity and flexibility of this solution speak in favor of an alternative combination of separate circuit components for the communication module and the further module.
  • the further module can be combined with different types of communication modules.
  • a combination of the further module with a plurality of communication modules may be particularly advantageous in systems in which the negotiation of a key takes place only rarely and takes little time.
  • the other module can be used as a shared resource. Different combinations or assignments between communication modules and the other modules can therefore be realized.
  • An assignment can be a temporary, logical assignment, but also a temporary or fixed circuit connection.
  • the communication modules then include corresponding communication controller functionality, eg a CAN controller or a LIN controller. Particularly advantageous is a shutdown of the other module when it is not needed, or under certain operating conditions of the system in which the circuit is used, for example, outside as safely defined system states.
  • the underlying methods for generating a secret or a cryptographic key do not require any manual intervention and thus enable the automated establishment of secure communication relationships between two nodes.
  • the methods have a very low complexity, in particular with regard to the required hardware design, such as e.g. the required memory resources and computing power, and they are associated with a low energy and time requirements.
  • the methods offer very high key generation rates with a very low probability of error.
  • the methods assume that participants in a network communicate with each other via a communication channel.
  • they transfer logical sequences of values (in the case of binary logic, bit sequences) with the aid of physical signals on the transmission channel.
  • logical sequences of values in the case of binary logic, bit sequences
  • the transferred, logical value sequences as well as their logical overlay are considered.
  • Subscribers of the network can thus give first signals (for example associated with logical bit "1") and second signals (associated, for example, with logical bit “0") to the communication channel and detect resulting signals on the communication channel. If two subscribers now transmit (largely) one signal sequence at a time, the subscribers can detect the resulting overlay on the communication channel.
  • the effective, from the (largely) simultaneous transmission two (independent) signals resulting signal on the communication channel can in turn be assigned to one (or more) specific logical value (or values).
  • the transmission must be largely synchronous in that a superimposition of the individual signals of a signal sequence on the transmission medium takes place, in particular, that the signal corresponding to the n-th logical value or bit of the first subscriber with the signal corresponding to the n-th logical Value or bit of the second participant at least partially superimposed.
  • This overlay should be sufficiently long for the participants to be able to record the overlay or determine the corresponding overlay value.
  • the superimposition can be determined by arbitration mechanisms or by physical signal superposition.
  • arbitration mechanism is meant, for example, the case that a node wants to apply a recessive level, but detects a dominant level on the bus and thus omits the transmission. In this case, there is no physical interference between two signals, but only the dominant signal is seen on the transmission channel.
  • the participants can then generate a key that is secret to an outside attacker.
  • the reason for this is that the outside attacker, who can listen to the effective overall signals applied to the shared transmission medium, sees only the superimposition of the value sequences, but does not have the information about the individual value sequences of the participants. Thus, the participants have more information that they can use against the attacker to generate a secret key.
  • the described methods can be implemented particularly well in a CAN, TTCAN or CAN FD bus system.
  • a recessive bus level is replaced by a dominant bus level.
  • the superimposition of values or signals of the participants thus follows defined rules, which tion of information from the superimposed value or signal and the value or signal transmitted by them.
  • the methods are also well suited for other communication systems such as LIN and I2C.
  • a network or subscriber to a network is set up to do this by having electronic memory and computational resources to perform the steps of a corresponding method.
  • Also stored on a storage medium of such a user or on the distributed storage resources of a network may be a computer program configured to perform all the steps of a corresponding method when executed in the subscriber or in the network.
  • FIG. 1 schematically shows the structure of an exemplary, underlying communication system
  • FIG. 3 is a schematic illustration of exemplary signal sequences of two subscribers of a network and a resulting subsequence value sequence on a transmission channel between the subscribers,
  • 4 schematically shows the sequence of an exemplary method for generating a key between two subscribers of a network
  • 5 shows an exemplary communication module as part of a circuit arrangement
  • FIG. 6 shows an exemplary module for generating a secret or key exchange (further module) as part of a circuit arrangement
  • FIG. 7 shows a detail of an exemplary circuit arrangement with an integration of a communication module and a module for generating a secret or for key exchange (further module) in a circuit part
  • FIG. 8 shows a detail of an exemplary circuit arrangement with a communication module and a module for generating a secret or for key exchange (further module) in separate circuit parts and in each case
  • FIG. 9 shows a detail of an exemplary circuit arrangement with several communication modules and a module assigned to these communication modules for generating a secret or for key exchange (further module) in separate circuit parts in each case.
  • the present invention relates to a circuit arrangement, in particular an integrated circuit, e.g. B. a microcontroller, as a network participant.
  • the circuit arrangement is set up to carry out a method for generating a shared secret or (secret) symmetric cryptographic key between two nodes of a communication system (subscriber of a network).
  • the network participants communicate with each other with the support of the circuit via a shared medium (transmission channel of the network).
  • the generation or negotiation of the cryptographic keys is based on a public data exchange between the two subscribers. in the case of a possible listening third party as attacker it is not possible or very difficult to draw conclusions about the generated keys. It is thus possible to fully automatically and securely establish corresponding symmetrical cryptographic keys between two different subscribers of a network in order to then construct specific ones based on them
  • Security functions such as a data encryption or a message authentication to realize.
  • a common secret is first established for this, which can be used to generate the key.
  • a shared secret can in principle also be used for purposes other than cryptographic keys in the strict sense, e.g. as a one-time pad.
  • Such a key generation is possible for a multiplicity of wired or wireless as well as optical networks or communication systems, in particular also those in which the various subscribers communicate with each other via a linear bus and the media access to this bus takes place by means of a bitwise bus arbitration ,
  • This principle represents, for example, the basis of the widespread CAN bus.
  • Possible fields of application of the invention accordingly include, in particular, CAN-based vehicle networks and CAN-based networks in automation technology.
  • this divided transmission medium corresponds to a linear bus (wired or optical) 30, as shown by way of example in FIG
  • the network 20 in Figure 2 consists of this linear bus 30 as a shared transmission medium (e.g., a wireline transmission channel), nodes 21, 22 and 23, and (optional) bus terminations 31 and 32.
  • a dominant bit e.g., the logical bit '0'
  • a concurrently transmitted recessive bit e.g., the logical bit '1'
  • on-off-keying on-off-keying amplitude shift keying
  • a signal is transmitted, for example in the form of a simple carrier signal, in the other case (value 'Off' or '1') no signal is transmitted.
  • the state ' ⁇ ' is dominant while the state 'Off' is recessive.
  • Supports discrimination of dominant and recessive bits is a (wired or optical) system based on a bitwise bus arbitration, as used for example in the CAN bus.
  • the basic idea here is also that if, for example, two nodes want to transmit a signal at the same time and one node transmits a '1', whereas the second node transmits a '0' which 'gains''0' (ie the dominant bit) This means that the signal level that can be measured on the bus corresponds to a logical '0'.
  • this mechanism is used in particular for resolving possible collisions, whereby priority messages (ie messages with an earlier, dominant signal level) predominantly overflow -
  • priority messages ie messages with an earlier, dominant signal level
  • Each node while transmitting its CAN identifier, monitors the signal level on the bus bit by bit at the same time. If the node itself transmits a recessive bit but a dominant bit is detected on the bus, the corresponding node aborts its transmission attempt in favor of the higher priority message (with the earlier dominant bit).
  • FIG. 3 shows, for example, how a subscriber 1 (T1) keeps the bit sequence 0, 1, 1, 0, 1 ready for transmission between the times t0 and t5 via the transmission channel.
  • Subscriber 2 (T2) keeps the bit sequence 0, 1, 0, 1, 1 ready for transmission between times t0 and t5 via the transmission channel.
  • bit string 0, 1, 0, 0, 1 will be seen on the bus (B) Only between times t1 and t2 and between t4 and t5, both subscriber 1 (T1) and subscriber 2 (T2) provide a recessive bit "1", so that only in this case does the logical AND operation result in a bit level of " 1 "on the bus (B) results.
  • the process for generating a symmetric key pair is started in step 41 by one of the two nodes involved in this example (subscriber 1 and subscriber 2). This can be done, for example, by sending a special message or a special message header.
  • Both Subscriber 1 and Subscriber 2 initially generate a bit sequence locally (i.e., internally and independently) in step 42.
  • this bit sequence is at least twice, in particular at least three times as long as the common key desired as a result of the method.
  • the bit sequence is preferably generated in each case as a random or pseudo-random bit sequence, for example with the aid of a suitable random number generator or pseudo random number generator.
  • subscriber 1 and subscriber 2 transmit (largely) synchronously their respectively generated bit sequences over the divided transmission medium (using the transmission method with dominant and recessive bits, as already explained above).
  • Different possibilities for synchronizing the corresponding transmissions are conceivable.
  • either subscriber 1 or subscriber 2 could first send a suitable synchronization message to the respective other node and then start the transmission of the actual bit sequences after a certain period of time following the complete transmission of this message.
  • bit sequences of a subscriber generated in step 42 can also be displayed in step 43 several messages can be transmitted distributed, for example, if this requires the (maximum) sizes of the corresponding messages. In this variant too, the transmission of the correspondingly large number of correspondingly large messages distributed bit sequences of the other subscriber takes place again (largely) synchronously.
  • the two bit sequences then overlap, whereby due to the previously required property of the system with the distinction of dominant and recessive bits, the individual bits of subscriber 1 and subscriber 2 result in an overlay, in the example mentioned de facto AND-linked. This results in a corresponding overlay on the transmission channel, which could detect, for example, a listening third party.
  • Both subscriber 1 and subscriber 2 detect during the transmission of their bit sequences of step 43 in a parallel step 44, the effective (overlaid) bit sequences S e ff on the shared transmission medium.
  • the effective (overlaid) bit sequences S e ff on the shared transmission medium.
  • this is usually done in conventional systems during the arbitration phase anyway.
  • a node knows that the effective state is dominant on the shared medium if the node itself has sent a dominant bit, but if a node has sent a recessive bit, it does not know the state on the shared transmission medium first Further, however, in this case, he can determine by a suitable measurement what it looks like, because, in this case, the node does not send anything, so there are no problems with so-called self-interference, especially in the case of wireless Systems would otherwise require a complex echo cancellation.
  • both subscriber 1 and subscriber 2 also again (largely) synchronously transmit their initial bit sequences STI and ST2, but this time inverted.
  • the synchronization of the corresponding transmissions can again be realized exactly in the same way as described above.
  • the two sequences are then ANDed together again.
  • Subscribers 1 and 2 in turn determine the effective, superimposed bit sequences S e ff on the shared transmission medium.
  • Both subscriber 1 and subscriber 2 determine during the transmission of their now inverted bit sequences then again the effective, superimposed bit sequences on the shared transmission medium.
  • both nodes subscriber 1 and subscriber 2), as well as a possible attacker (eg subscriber 3) who overhears the communication on the shared transmission medium, thus know the effective, superimposed bit sequences S e ff and Seff '.
  • participant 1 still knows his initially generated, local bit sequence STI and participant 2 his initially generated, local bit sequence ST2.
  • subscriber 1 in turn does not know the initially generated, local bit sequence of subscriber 2 and subscriber 2 does not know the initially generated, local bit sequence of subscriber 1.
  • the detection of the overlay bit sequence again takes place during the transmission in step 46.
  • subscriber 1 and subscriber 2 can also use their inverted, local bit sequence directly with or directly after their own Sending steps 45 and 46 in steps 43 and 44.
  • the original and the inverted bit sequences can be transmitted in a message as well as in separate messages as partial bit sequences.
  • step 47 subscriber 1 and subscriber 2 now respectively locally (ie internally) link the effective, superposed bit sequences (S e ff and S e ff '), in particular with a logical OR function.
  • the individual bits in the bit sequence (Sges) resulting from the OR operation now indicate whether the corresponding bits of STI and ST2 are identical or different. For example, if the nth bit within S tot is a '0', it means that the nth bit within STI is inverse to the corresponding bit within ST2. Likewise, if the nth bit within Sges is a '1', the corresponding bits within STI and ST2 are identical.
  • Subscriber 1 and subscriber 2 then cancel in step 48 based on the bit sequence S ges obtained from the OR operation in their original, initial bit sequences STI and ST2 all bits which are identical in both sequences. This consequently leads to correspondingly shortened bit sequences.
  • Bits from the common, truncated bit sequence where it must be clearly defined which N bits to take, e.g. by simply selecting the first N bits of the sequence. It is also possible to calculate a hash function via the shared, shortened bit sequence which provides a hash of length N. In general, the rendering can be done with any linear and nonlinear function that returns a N bit length bit sequence when applied to the co-present truncated bit sequence.
  • the mechanism of key generation from the common truncated bit sequence is preferably identical in both subscribers 1 and 2 and is performed accordingly in the same way.
  • a checksum could be calculated using the generated keys and exchanged between subscribers 1 and 2. If both checksums are not identical, then obviously something has failed. In this case, the described method for key generation could be repeated.
  • a whole series of resulting shortened bit sequences which are each present in the case of subscribers 1 and 2 can be generated, which are then combined into a single large sequence before the actual key is derived therefrom , If necessary, this can also be done adaptively. If, for example, the length of the common, shortened bit sequence is, for example, shorter than the desired key length N after a single pass through the described procedure, then one could, for example, generate further bits before the actual key derivation.
  • the generated symmetric key pair can be used by subscriber 1 and subscriber 2 in conjunction with established (symmetric) cryptographic methods, such as ciphers for data encryption.
  • a potential attacker eg subscriber 3 can listen to the public data transmission between subscriber 1 and subscriber 2 and thus gain knowledge of the effective, superposed bit sequences (S e ff and S e ff ') as described. The attacker then only knows which bits in the locally generated bit sequences of nodes 1 and 2 are identical and which are not. In addition, with the identical bits, the attacker can even determine whether it is a '1' or a '0'. For a complete knowledge of the resulting, shortened bit sequence (and thus the basis for key generation), however, he lacks the information about the non-identical bits.
  • bit values identical in the original, locally generated bit sequences of the users 1 and 2 are additionally deleted. This means that participant 3 has only information that is not used for key generation. Although he knows that correspondingly shortened bit sequences emerge from the different between the local bit sequences of the participants 1 and 2 participants bits. However, he does not know which bits have been sent by subscriber 1 and subscriber 2 respectively.
  • subscriber 1 and subscriber 2 also have the information about the locally generated bit sequence transmitted by them in each case.
  • the fact that the keys generated in subscribers 1 and 2 remain secret as a basis despite the public data transmission results from this information advantage over a subscriber 3 following only the public data transmission.
  • FIG. 5 shows a communication module or protocol module.
  • this is a so-called CAN protocol controller module or else a short CAN module.
  • a CAN communication module based on a CAN controller IP Module of Robert Bosch GmbH such as M_CAN, C_CAN or D_CAN or for a LIN bus system a LIN communication module based on a LIN communication controller IP module of Robert Bosch GmbH as C_LIN be used.
  • FIG. 5 shows a CAN module 50 based on the M_CAN-IP.
  • a CAN core 51 executes the communication according to a particular CAN protocol version, e.g. Version 2.0 A, B and ISO 11898-1 and can also support CAN FD. With the connections 503 and 504, the logical CAN transmit or CAN receive connections are designated.
  • the synchronization block 52 synchronizes signals between the two existing clock domains.
  • the module-internal clock is designated 59.
  • Configuration and control block 55 can be used to set CAN core-related configuration and control bits.
  • Block 56 is for interrupt control and the generation of receive and transmit timestamps.
  • the interface 58 serves as a generic slave interface for the possible connection of the CAN
  • the interface 57 serves as a generic master interface access to a message memory, in particular a RAM, via the connection 502.
  • the block 53 corresponds to a Tx handler or send manager, which the Message transfer from an external message store to the CAN core controls. Up to 32 transmit buffers can be configured for transmission. Transmit timestamps are stored with corresponding message IDs.
  • the blocks 531 and 532 in the send manager correspond to a control and configuration block and a send prioritization block, respectively.
  • the Rx handler 54 controls the transmission of received ones
  • the communication module thus comprises a central circuit part (here
  • CAN Core 51 for the protocol-controlled control of communication between a host CPU and an external message memory as well as for protocol-based reception and transmission of messages via the communication system (here via the connections 503 and 504).
  • An interface here master interface 57 and the connection 502 is the module with the external Message store connected.
  • Via another interface here slave interface 58 and the connection 501, the module is connected to the host CPU. It can be implemented as a stand-alone unit, as part of an ASIC or with an FPGA.
  • a module 60 is shown, which in a circuit arrangement of a
  • Subscriber on a network can support this subscriber in the generation of a shared secret with other network subscribers (hereinafter also referred to as "further module”) .
  • the module 60 can thereby provide data or messages to the bus 600, which in a preferred embodiment implemented as a CAN bus.
  • the module 60 has a block 64 for configuring the module via an interface 604, in particular for protocol-specific configurations such as baud rate, IDs, etc. Furthermore, it comprises a block 63 (eg a register) in which a character string, in particular a random number or
  • Block 62 denotes a trigger module, which can be made in a preferred embodiment via the interface 602 to a trigger signal.
  • the trigger module can trigger a trigger signal independently.
  • the module also has transmitters such as the
  • Tx buffer transmit buffer memory
  • the main mode of operation of the module is that, depending on a configuration (indicated by the connection 605 between configuration block 64 and transmission means 61), a random number or pseudo-random number from block 63 is given via connection 606 to the transmission means 61 and via the interface 601 to the CAN Bus 600 is output. This process is triggered (either already the transmission of the number from block 63 to block 61 or at least the transmission of the number from block 61 to bus 600). in particular by a triggering signal through the trigger module 62 via the connection 607 to the transmitting means 61.
  • the latter can also have a memory 65 (in particular a RAM) in which one or more random numbers or pseudorandom numbers are stored, which are output via the transmission means 61 as a function of the trigger signal.
  • a memory 65 in particular a RAM
  • random numbers or pseudorandom numbers are stored, which are output via the transmission means 61 as a function of the trigger signal.
  • These random numbers can also be generated by an optional random number generator (in particular a TRNG) in the module 60.
  • the module 60 can also have receiving means 67, in particular receiving buffer memory 67, which can receive messages or data from the bus 600 via an interface 612. Via an interface 613 between receiving means 67 and trigger block 62, a trigger signal for transmitting data can also be triggered in this embodiment depending on received data. For example, it can be recognized that a random number sequence for secret generation is placed on the bus by another network subscriber (eg via a corresponding message ID) and then the trigger is made by the trigger block 62, that this subscriber also uses the module 60 to carry out a random number sequence (largely) synchronously with the transmission of the random number sequence by the other network participant on the bus.
  • receiving means 67 in particular receiving buffer memory 67
  • a trigger signal for transmitting data can also be triggered in this embodiment depending on received data. For example, it can be recognized that a random number sequence for secret generation is placed on the bus by another network subscriber (eg via a corresponding message ID) and then the trigger is made by the trigger block 62, that this subscriber also uses
  • error states of the module 60 can be stored and these are also reported via an interface 608 to external or retrieved from external.
  • the module 60 may also have a circuit part 69 for dynamic message generation.
  • the latter can receive a random number or pseudorandom number via an interface 609 and, depending on this, generate a message and forward it to the transmission means 61 via the connection 610.
  • the message is intended for largely synchronous transmission of random numbers with another network participant in order to generate a shared secret between the network participants as described above.
  • a circuit arrangement in particular a microcontroller
  • the communication module and the further module are integrated in a circuit part. This is shown by way of example in FIG. 7.
  • Communication module and another module are integrated here in the circuit part 70 of the circuit arrangement.
  • the functions described above for the further module are additionally integrated in a communication module or protocol module.
  • the communication module with additional functions 70 is connected via a connection 72 to a host interface 71 to the host (computing unit of the circuit arrangement or host CPU of the microcontroller) and via receiving or transmitting interface 74 or 75 to a bus system.
  • Interface 73 denotes a secure interface, e.g. to a
  • Hardware security module of the circuit arrangement or of the microcontroller is
  • FIG. 8 shows an alternative advantageous embodiment of the combination of a communication module with another module for secret generation in a circuit arrangement.
  • a communication module 810 and another module 820 are combined as separate circuit parts. They each have a connection 801 or 802 to the host interface 800.
  • the communication module has a transmission interface 812 and a reception interface 811, the further module via a transmission interface 822 and a reception interface 823.
  • the receive interfaces 811 and 823 may be merged together. This may in particular mean that the received signals are divided from a common receiving line, for example by Time Division Multiplex.
  • a duplication takes place for the received signal, so that the same received signal is transmitted via the connection 811 to the communication module 810 and via the connection 823 to the further module 820 becomes.
  • the transmit interfaces 812 and 822 may also be merged.
  • the communication module 810 may configure the further module 820 via a connection 814. Via a connection 815, the communication module 810 may also trigger the further module 820 also to initiate the subscriber sequence for
  • FIG. 9 shows three communication modules 910, 920, 930 as well as a further module 990.
  • the receive and transmit interface 991 of the further module is via a mux / demux block 980 receive / transmit controls (Rx / Tx
  • Controls 940, 950, 960 assigned. Each of these controllers 940, 950 and 960 is in turn also each assigned to a receive and transmit interface 911, 921 and 931 of the communication modules 910, 920 and 930, respectively.
  • the communication modules 910, 920, 930 and the further module 990 are connected to the host interface 900 via connections 912, 922, 932 and 992, respectively. Similar to that described with reference to FIG. 8, the communication modules 910, 920 and 930, respectively, can configure and trigger the further module 990 via configuration and trigger connections 915, 925 and 935, respectively. For this purpose, the configuration and trigger connections 915, 925 and 935 via multiplexer MUX and connections 901 and 902 are assigned to the further module 990.
  • Communication module 910, 920 or 930 and further module 990 via these multiplexers MUX or the mux / demux block 980 is controlled via the allocation controller 970 and via the connections 971, 972 and 981, respectively.
  • the control is done e.g. from a central processing unit of the circuit arrangement, e.g. a CPU of a microcontroller.
  • the assignment could also be requested by one of the communication modules themselves, an arbiter then allocates the further module.
  • the exemplary assignment 1: 3 from FIG. 9 can also be used to assign a different number n> 1 of communication modules to a further module with appropriate scaling.
  • Corresponding circuit arrangements can then have 1 further module and n assigned communication modules.
  • the number of further modules is also scalable, so m> l further modules could be flexibly assigned to n> 1 communication modules.
  • several other modules could also be assigned to a communication module.
  • a further module can then preferably request a communication module, an arbiter makes the allocation.
  • This configuration of another module with multiple communication modules could be useful, for example, in a design in which a circuit arrangement such as a microcontroller has multiple communication interfaces that are used only for negotiating new keys.
  • the keys obtained could be used for communication via further communication interfaces. This is possible because the negotiation of a key is rare and the negotiation and the active circuit itself only take a little time. If such an assignment of a further module to a plurality of communication modules is realized, then this further module can also contain, for example, configuration registers which can likewise be used for configurations of the communication modules.
  • Two mutually associated modules must be able to send and receive messages on the same transmission channel or bus.
  • a) Merge Tx signals The two Tx signals are merged (bus emulation by simple AND operation). The resulting (linked) Tx signal is fed to the transceiver.
  • the communication module and the further module have simultaneous access to the bus.
  • the big advantage here is that both modules are always connected to the bus and can arbitrate against each other (eg CAN bus arbitration).
  • Time division multiplexing Tx signals The two Tx signals are connected in time multiplex on the transceiver.
  • each module has its own transceiver: both modules have their own dedicated transceiver. The transceiver of the communication module and the transceiver of the other module are connected to the same bus.
  • the further module partly participates in the bus communication. Therefore, it also requires bus protocol-specific settings as well as the communication module.
  • bus protocol-specific settings for the configuration of the further module there are different alternatives. These can be freely combined with the various assignment combinations described above between the communication module and the further module.
  • the further module contains configuration registers for the protocol-specific settings. This allows a modular, simple design. The complexity of the configuration is shifted to the software.
  • the further module receives the settings from the assigned communication module. For this purpose, a wiring of the configuration signals may be sufficient. This possibility is shown in FIGS. 8 and 9 as an option. If the further module is assigned to several communication modules, e.g. a multiplexer can be used to select the appropriate configuration signals. An advantage of this variant is that the further module is always configured the same as the assigned communication module, this avoids configuration errors.
  • the further module can be triggered by another network subscriber via the common communication connection or the common bus.
  • This allows the other modules of the respective network participants their Transfer messages with the subscriber value sequences (largely) synchronously on the communication link. Triggering takes place, for example, by sending a special trigger message or implicitly by sending the message with the subscriber value sequence (in this case, the message ID can then act as a trigger, for example).
  • the further module triggers itself or is executed by software, i. e.g. via a host computing unit of the circuitry, e.g. triggered a host CPU of a microcontroller.
  • the further module is triggered by the assigned communication module. This requires a trigger line from the communication module to the other module. If the further module is assigned to several communication modules, e.g. a multiplexer can be used to select the appropriate trigger line. This possibility is shown in FIGS. 8 and 9 as an option.
  • the overall system eg a car with a communication network
  • V ⁇ X with a given maximum speed X or communication network below a certain load threshold

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un agencement de circuits, en particulier un microcontrôleur. L'agencement de circuits comprend au moins un module de communication destiné à la communication de l'agencement de circuits comme premier utilisateur de réseau avec au moins un deuxième utilisateur de réseau via un canal de transmission, en particulier un bus. L'agencement de circuits comporte au moins un autre module destiné à la génération d'un secret, commun avec le deuxième utilisateur de réseau, pour générer une clé. L'agencement de circuit est adapté pour ordonner à l'aide de l'autre module la transmission d'une première séquence de valeurs sur le canal de transmission de façon au moins partiellement synchronisée avec la transmission d'une seconde séquence de valeurs par le deuxième utilisateur de réseau et pour déterminer le secret afin de générer une clé sur la base de la première séquence de valeurs et sur la base de la séquence de valeurs résultante sur le canal de transmission lors de la transmission synchrone de la première séquence de valeurs et de la seconde séquence de valeurs.
PCT/EP2016/074368 2015-10-15 2016-10-11 Agencement de circuits pour la génération d'un secret ou d'une clé dans un réseau WO2017064075A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102015220057.4A DE102015220057A1 (de) 2015-10-15 2015-10-15 Schaltungsanordnung zur Erzeugung eines Geheimnisses oder Schlüssels in einem Netzwerk
DE102015220057.4 2015-10-15

Publications (1)

Publication Number Publication Date
WO2017064075A1 true WO2017064075A1 (fr) 2017-04-20

Family

ID=57130382

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2016/074368 WO2017064075A1 (fr) 2015-10-15 2016-10-11 Agencement de circuits pour la génération d'un secret ou d'une clé dans un réseau

Country Status (2)

Country Link
DE (1) DE102015220057A1 (fr)
WO (1) WO2017064075A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102020203604A1 (de) 2020-03-20 2021-09-23 Airbus Operations Gmbh Kommunikationsschlüsselerzeugung in einem avioniknetzwerk und verfahren zum erzeugen von kommunikationsschlüsseln für netzwerkteilnehmer in einem avioniknetzwerk

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009002396A1 (de) 2009-04-15 2010-10-21 Robert Bosch Gmbh Verfahren zum Manipulationsschutz eines Sensors und von Sensordaten des Sensors und einen Sensor hierzu
DE102009045133A1 (de) 2009-09-29 2011-03-31 Robert Bosch Gmbh Verfahren zum Manipulationsschutz von Sensordaten und Sensor hierzu
US20120290753A1 (en) * 2011-05-09 2012-11-15 Denso Corporation Connection method for bus controllers and communication system
DE102012215326A1 (de) * 2012-08-29 2014-03-06 Robert Bosch Gmbh Verfahren und Vorrichtung zur Ermittlung eines kryptografischen Schlüssels in einem Netzwerk
DE102015207220A1 (de) 2014-04-28 2015-10-29 Robert Bosch Gmbh Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
DE102014208975A1 (de) 2014-05-13 2015-11-19 Robert Bosch Gmbh Verfahren zur Generierung eines Schlüssels in einem Netzwerk sowie Teilnehmer an einem Netzwerk und Netzwerk
DE102014209042A1 (de) 2014-05-13 2015-11-19 Robert Bosch Gmbh Verfahren und Vorrichtung zum Erzeugen eines geheimen Schlüssels

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009002396A1 (de) 2009-04-15 2010-10-21 Robert Bosch Gmbh Verfahren zum Manipulationsschutz eines Sensors und von Sensordaten des Sensors und einen Sensor hierzu
DE102009045133A1 (de) 2009-09-29 2011-03-31 Robert Bosch Gmbh Verfahren zum Manipulationsschutz von Sensordaten und Sensor hierzu
US20120290753A1 (en) * 2011-05-09 2012-11-15 Denso Corporation Connection method for bus controllers and communication system
DE102012215326A1 (de) * 2012-08-29 2014-03-06 Robert Bosch Gmbh Verfahren und Vorrichtung zur Ermittlung eines kryptografischen Schlüssels in einem Netzwerk
DE102015207220A1 (de) 2014-04-28 2015-10-29 Robert Bosch Gmbh Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
DE102014208975A1 (de) 2014-05-13 2015-11-19 Robert Bosch Gmbh Verfahren zur Generierung eines Schlüssels in einem Netzwerk sowie Teilnehmer an einem Netzwerk und Netzwerk
DE102014209042A1 (de) 2014-05-13 2015-11-19 Robert Bosch Gmbh Verfahren und Vorrichtung zum Erzeugen eines geheimen Schlüssels

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"BOSCH CAN SPECIFICATION VERSION 2.0", BOSCH CAN SPECIFICATION VERSION 2.0, XX, XX, 1 September 1991 (1991-09-01), pages 1 - 69, XP002291910 *
"Road vehicles ? Controller area network (CAN) ? Part 1: Data link layer and physical signalling ; ISO+11898-1-2003", IEEE DRAFT; ISO+11898-1-2003, IEEE-SA, PISCATAWAY, NJ USA, vol. msc.upamd, 18 November 2010 (2010-11-18), pages 1 - 52, XP017637056 *
ANONYMOUS: "On-off keying - Wikipedia, the free encyclopedia", 21 April 2014 (2014-04-21), XP055185652, Retrieved from the Internet <URL:http://en.wikipedia.org/w/index.php?title=On-off_keying&oldid=605206869> [retrieved on 20150424] *

Also Published As

Publication number Publication date
DE102015220057A1 (de) 2017-04-20

Similar Documents

Publication Publication Date Title
EP3138258B1 (fr) Procédé de génération d&#39;un secret ou d&#39;une clé dans un réseau
DE102015220038A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder Schlüssels in einem Netzwerk
DE102016208451A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
WO2017064075A1 (fr) Agencement de circuits pour la génération d&#39;un secret ou d&#39;une clé dans un réseau
EP3363145B1 (fr) Procédé et dispositif permettant de générer un secret partagé
EP3363146B1 (fr) Procédé de génération d&#39;une clé dans un agencement de circuits
WO2017064124A1 (fr) Agencement de circuits de génération d&#39;un secret ou d&#39;une clé dans un réseau
WO2017064027A1 (fr) Procédé de génération d&#39;un élément secret ou d&#39;une clé dans un réseau
WO2016188667A1 (fr) Procédé pour générer un élément secret ou une clé dans un réseau
WO2017064025A1 (fr) Procédé de génération d&#39;un élément secret ou d&#39;une clé dans un réseau
WO2017064067A1 (fr) Procédé pour générer une clé dans un réseau et pour activer une sécurisation d&#39;une communication dans le réseau sur la base de la clé
DE102016208453A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
WO2017064129A1 (fr) Procédé permettant de générer un élément secret pour un chiffrement à usage unique dans un réseau
WO2017064131A1 (fr) Procédé permettant de générer un élément secret ou une clé dans un réseau
WO2017064009A1 (fr) Procédé et dispositif pour rafraîchir un secret commun, notamment une clé cryptographique symétrique, entre un premier noeud et un deuxième noeud d&#39;un système de communication
WO2017064125A1 (fr) Procédé permettant de générer un élément secret ou une clé dans un réseau
WO2017064002A1 (fr) Procédé et dispositif permettant de générer un secret partagé
DE102016208452A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
WO2017064006A1 (fr) Procédé et dispositif permettant de générer une clé partagée dans un système de bus de terrain
WO2017064005A1 (fr) Module d&#39;émission s&#39;utilisant dans le cadre de la génération d&#39;un secret sur la base de signaux dominants et récessifs
DE102016208448A1 (de) Verfahren zur Erzeugung eines Geheimnisses oder eines Schlüssels in einem Netzwerk
DE102015220009A1 (de) Schaltungsanordnung zur Generierung eines Geheimnisses in einem Netzwerk
WO2017063995A1 (fr) Procédé de génération d&#39;un secret ou d&#39;une clé dans un réseau
DE102015219991A1 (de) Verfahren und Vorrichtung zum Etablieren eines gemeinsamen Geheimnisses

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16781108

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16781108

Country of ref document: EP

Kind code of ref document: A1