WO2017132743A1 - Adaptateur et procédé de sécurité pour le réseau d'un véhicule à moteur - Google Patents

Adaptateur et procédé de sécurité pour le réseau d'un véhicule à moteur Download PDF

Info

Publication number
WO2017132743A1
WO2017132743A1 PCT/BR2017/050022 BR2017050022W WO2017132743A1 WO 2017132743 A1 WO2017132743 A1 WO 2017132743A1 BR 2017050022 W BR2017050022 W BR 2017050022W WO 2017132743 A1 WO2017132743 A1 WO 2017132743A1
Authority
WO
WIPO (PCT)
Prior art keywords
connector
motor vehicle
control unit
network
vehicle network
Prior art date
Application number
PCT/BR2017/050022
Other languages
English (en)
Portuguese (pt)
Inventor
Matheus Falleiros De Almeida Valladão FLORES
Original Assignee
Flores Matheus Falleiros De Almeida Valladão
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from BR102016002670A external-priority patent/BR102016002670A2/pt
Application filed by Flores Matheus Falleiros De Almeida Valladão filed Critical Flores Matheus Falleiros De Almeida Valladão
Publication of WO2017132743A1 publication Critical patent/WO2017132743A1/fr

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/10Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings

Definitions

  • the present invention relates to an adapter and a safety method for application to motor vehicles. More specifically, the present invention relates to an adapter and a safety method which enables the protection of a motor vehicle network by means of an electromechanical solution.
  • OBD On-Board Diagnostic
  • OBD-II On-Board Diagnostic
  • EOBD2 EOBD2
  • JOBD JOBD
  • ADR79 / 01 ADR79 / 02.
  • OBD-II connector has been standard on all North American and European light vehicles since 2003 and can be found on the vast majority of vehicles produced today.
  • This connector has a trapezoidal shape and 16 connection pins and includes predetermined pins for ISO 15765-4 CAN (Controller Area Network), ISO 9141-2 K-Line and SAE J1850 networks, as well as unspecified pins freely used by system builders. additional diagnostic So a connection to this port is simple, unhindered and provides access to the vehicular network.
  • the CAN communication network is physically composed of two twisted or untwisted wires, galvanically coupled or uncoupled, and two terminating resistors at the ends where nodes connect to it and transmit data on the network.
  • the CAN network uses a binary system for recessive and dominant states of voltage levels and has a collision control system, but in the CAN network any node can attempt to transmit on the network at any time, not requiring a central node.
  • Speeds of up to IMbits / s are expected for lines up to 40m, and even single-wire transmission, which is less widely used.
  • the market is increasingly adopting the CAN network because of its versatility and simplicity and, as such, can be found today in most vehicles.
  • the K-Line network is composed of a serial and bi-directional transmission wire, without collision control, and which, although older, is still widely found in new vehicles. Through it is also possible to have access to electronic systems of vehicles.
  • Vehicle network access can be accomplished through a wide range of methods, such as physical or remote connections, through connections to the diagnostic port.
  • wireless communication channels also allow short and long distance access to vehicle control and communication systems.
  • a malicious attack intended to control the vehicle's electronic functions may allow the vehicle to be stolen, assaulted, hijacked, and even cause accidents, intentional or otherwise.
  • this attack can be performed in various ways, such as physical or remote connections, connections to the diagnostics port, audio systems, Bluetooth, cellular or radio.
  • the injection of a suitable signal through the diagnostics port connected to the vehicle network makes it possible to control virtually any electronic component of the vehicle. This includes, in addition to other systems, brakes, throttle and door locking.
  • German patent document DE 2 020,120,033,36 describes a system that alters the order of OBD-II port pin connections to prevent connection attempts in the event of theft, but does not prevent a attacker can access the vehicular network by connecting directly to the wires.
  • German patent document DE 202,014, 104,646 describes a system that creates a fake OBD-II port to be installed in the default position and a button that reverses the connections to the originals to allow legitimate diagnostic sessions.
  • Such a solution allows a breach in cases where there is a prolonged period of access to the system, allowing to locate the actuation button or to discover the changes of the connections through measurements of electrical properties in the network terminals.
  • this solution involves considerable physical work as well as changing standard vehicle components.
  • US Patent 6,314,351 describes a firewall system between a vehicle's computer and its application software, and the vehicle's network and vehicle components.
  • the firewall prevents unauthorized access via software on the vehicle computer, vehicle network and vehicle components.
  • US Patent 7,717,261 describes a method of controlling a vehicle through the use of firewalls connected to the vehicle network.
  • WO2014061021 proposes a device for detecting and preventing an attack on a vehicle that monitors several vehicle sensors in real time, stores data in a database, and has an action unit that alerts or interrupts communications. between systems in case of an attack.
  • US Patent Application US 2016/0019389 describes a system consisting of a male-female OBD connector containing a microcontroller and a method for detecting messages from attacks on a CAN network in OBD-II.
  • the system establishes a list of incoming CAN messages, called a whitelist, and a blacklist of messages, respectively.
  • the system updates the statistical data and determines whether the message is inbound or outbound. If the message is input from an external device, the system compares the message with the white stripe, and forwards the message to the network if it is whitelisted. If the message is outgoing, the system compares it to the blacklist and warns a mobile device of the risk.
  • CAN codes enable 16 19 code possibilities that transit the network at a rate of 500kbps. Only processing this data already significantly increases the complexity of the solution, but you must know all vehicle-specific codes and separate them into allowed and disallowed codes. In addition, through the external connection that allows updates to these lists, any message can potentially be passed through. Still, it is not protected from attacks through other networks such as K-Line.
  • a safety adapter for a motor vehicle network, the motor vehicle being provided with a diagnostics port capable of allowing access to the motor vehicle network, the adapter.
  • safety device comprising: a first connector connected to the diagnostic port of the motor vehicle; a control unit connected to the first connector via a first set of conductors; and a second connector connected to the control unit via a second set of conductors, the control unit being configured to release or prevent data transmission between the first connector and the second connector by verifying a password entered by a user in the second connector.
  • the proposed invention solves the aforementioned serious problems by means of an adapter and security method based on electronic and mechanical control of vehicle network access.
  • the invention is provided with means that prevent or at least impede unauthorized physical / mechanical access to the vehicular network, and request a password for electronic access and signal transmission through the diagnostic port.
  • Figure 1 is the flowchart of the adapter's electronic protection algorithm and security method for a motor vehicle network, objects of the present invention.
  • Figure 2 is the flowchart of the adapter monitoring algorithm and security method of the present invention.
  • Figures 3a and 3b illustrate the mechanical protection of the safety adapter of the present invention in a perspective view and a side (schematic) view, respectively.
  • Figure 4 is the mechanical protection assembly flowchart of the safety adapter of the present invention.
  • Figure 5 illustrates the assembly of the electrical-electronic part of the safety adapter of the present invention.
  • the "motor vehicle network” of the invention refers to an internal electric / electronic network of the motor vehicle, to which a plurality of electrical and / or electronic components / elements / devices are connected, such as , for example, sensors, alarms, battery, fuse box, electronic controls, intelligent systems, electric steering, among others.
  • the motor vehicle network meets the OBD (On-Board Diagnostic) standard, particularly OBD II.
  • the motor vehicle is provided with a diagnostic port (21) capable of allowing access to the motor vehicle network.
  • the diagnostic port (21) is capable of diagnosing the various vehicle / electrical / electronic components / elements / devices connected to your network.
  • the diagnostic port 21 is an OBD compliant female type, particularly OBD II.
  • a safety adapter (33) object of the invention comprising a first connector (22) connected to the diagnostic port (21) of the motor vehicle.
  • the first connector 22 is an OBD compliant male type, particularly OBD II.
  • the safety adapter (33) is provided with a control unit (23) comprising a microcontroller or a programmable microprocessor or an electronic circuit having components and associated elements therebetween. configured to perform and / or allow protection and monitoring actions to be performed as described below.
  • the control unit (23) is connected to the first connector (22) via a first set of conductors (31a).
  • the safety adapter (33) further comprises a second connector (25) connected to the control unit (23) by means of a second set of conductors (31b), as shown in figures 3b and 5.
  • the second connector (25) is an OBD compliant female type, particularly OBD II.
  • the control unit (23) is configured to release or prevent data transmission between the first connector (22) and the second connector (25) by verifying a user-entered password on the second connector (25).
  • This password validation is a simple and optimized process, which requires less resources and costs, as it does not require a high processing capacity as in the state of the art.
  • the solution of the invention does not require any external connection means to update code lists, there is no way to pass any message that puts the vehicle or passengers at risk.
  • the security adapter (33) is compatible with both current and future network types.
  • the state of the art is applied only to one type of network, such as the CAN network.
  • other networks such as ISO 9141-2 K-line, L-Line, J1850 Bus +, among others, which differ both in protocols as well as physically. This is because the state of the art analyzes only the network, and the invention allows protection of access to the diagnostic port (21).
  • the invention is a more versatile and adaptable solution to the state of the art.
  • control unit (23) is configured to allow data transmission between the first connector (22) and the second connector (25) via at least one CAN type interface and / or at least one switching interface capable of switching network wires connected to said first connector (22) and the second connector (25).
  • This switching and switching of wires are new features in this type of application, which contribute to greater security as it makes the solution more robust against potential software failures.
  • a low implementation and maintenance cost is required compared to solutions already known in the prior art.
  • control unit (23) is configured to hold data transmission between the first connector (22) and the second connector (25) for a predetermined period of time if said transmission has been released after password verification.
  • the safety adapter (33) of the invention further comprises a first protective receptacle (19a) which surrounds the first connector (22), the control unit (23) and the vehicle diagnostics port (21).
  • the safety adapter (33) of the invention further comprises a second protective receptacle (19b) surrounding the second connector (25).
  • the safety adapter (33) of the invention also comprises a mechanical locking device (24) associated with the second protective receptacle (19b), as can be seen from figures 3a and 3b.
  • the second protective receptacle (19b) is configured to allow physical access of the second connector (25) by the user when the mechanical locking device (24) is unlocked after entering a manual mode password. Such access is made, for example, by opening a hatch.
  • the safety adapter (33) also comprises protective shells (16) involving a vehicle network wiring (17) and the second set of conductors (31b).
  • control unit (23) is also configured to periodically check whether any spurious devices have been connected at any point associated with the motor vehicle network.
  • control unit (23) is configured to periodically monitor electrical property values of the motor vehicle network.
  • electrical properties are related to operating and operating parameters of motor vehicle parts from sensors operatively associated with said motor vehicle parts.
  • the sensors are connected to other control units, which in turn are connected to the vehicle network.
  • the safety adapter (33) of the invention comprises an audiovisual interface panel (32) connected to the control unit (23), the control unit (23) being configured to an audiovisual alert (14) via the audiovisual interface panel (32) when the connection of the spurious device connected at any point associated with the motor vehicle network is detected.
  • the control unit (23) is further configured to:
  • the safety adapter (33) of the invention comprises a control unit (23), one or more CAN interfaces (CAN controller and Tranceiver CAN) and, in some constructions, a network switching interface between the two connections (male-female), such that it only allows access after authentication with a predefined password, said access being limited to a certain time interval, and no remote connection to the firmware, preventing clandestine updates of the product.
  • CAN interfaces CAN controller and Tranceiver CAN
  • network switching interface between the two connections male-female
  • control unit (23) is calibrated with the help of sensors to measure variations in the electrical properties of the network such as resistance, voltage, capacitance, inductance and signal patterns that are in the vehicle network.
  • the safety adapter (33) of the invention alerts the driver through a light emitting panel and sound effects.
  • This provides a safety adapter (33) that can be fitted to vehicles in their factory condition, which does not involve significant changes in their components, does not allow remote access or remote firmware updates, does not interact with CAN messages from the vehicle network and that, in addition to physically and electronically preventing clandestine connections through the diagnostic port such as OBDII or equivalent, also monitors changes in vehicular network.
  • the safety adapter (33) of the invention further alerts the occurrence of connection of clandestine elements or apparatus at any point associated with the vehicular network, including exposed places such as brakes, motors and sensors, among others.
  • the safety adapter (33) comprises a protective enclosure (barrier) (16) that involves the wiring (17) of the vehicle network.
  • a protective enclosure can be a continuous blade (as in the case of a pipe) or a flexible or rigid blanket or mesh. It extends from the structural elements (18) to the protective receptacles (19a, 19b), and between the protective receptacles (if there is more than one receptacle), said mesh being fixed to said receptacles by known fasteners. (20).
  • the first protective receptacle (19a) has all the electronics inside, namely the original female diagnostic port (21) of the vehicle connected to the first male diagnostic connector (22) as well as the control unit (23). .
  • the second protective receptacle (19b) which contains the second female diagnostic connector (25) inside.
  • Such second receptacle (19b) is provided with mechanical locking device (24) which allows access to said connector by means of a given code.
  • a single receptacle may be used containing both the first connector (22) and the control unit (23) as the second connector (25) and the mechanical locking device (24).
  • the entire structure of the vehicle network is wrapped with resistant material to mechanically protect access to it.
  • FIG 5 shows, semi-schematically, the adapter assembly (33), wherein the first connector (22) is connected via the first conductor assembly (31a), the control unit (23) which, in turn, is connected to the second connector (25) by means of the second set of conductors (31b).
  • the first connector (22) is connected to the original vehicle diagnostics port (21), while the second connector (25) will be protected within a "box" or second receptacle (19b) provided with mechanical locking device (24) which allows access without breaking the mechanical protection.
  • This connector is used for connections to external diagnostic equipment at authorized dealerships or workshops to enable vehicle diagnosis and maintenance.
  • the control unit allows data transmission (6) via the diagnostics interface. If the timer is not valid, ie its value is zero, data transmission is prevented (7) and the authentication process is resumed.
  • control unit (23) does not pass data between the first and second connectors (22) and (25) of the safety adapter (33), either through the CAN interface (Controller and Tranceiver ), or by opening the contact between the connector terminals using analog switches, relays, transistor, optical coupler or the like.
  • FIG. 2 shows the monitoring operation flowchart allowed by the safety adapter (33) of the invention.
  • the safety adapter (33) is calibrated according to the network to be connected (10).
  • the control unit (23) continuously receives signals of electrical property measurements over a period of time as the vehicle goes through its various operating states (10a), such as idling, accelerating, with the electronic systems on or off, between others. These measurement values are obtained through operational amplifiers, adc converters, among others and are saved in memory (10b) and then the lower and upper limit values are determined (10c) by taking the smallest and largest values of the measurements respectively and also saved in memory.
  • the control unit (23) continuously receives signals of measurements of the electrical properties (11a).
  • FIG. 4 shows the safety adapter mechanical protection mounting flowchart (33).
  • (26) there is the covering of the wiring (17) of the vehicular net with the protective wrap (mesh) 16 throughout its extension from the rigid structural elements (18).
  • the housing (27) is secured to these elements (18) by known fastening means (20) such as glues, resins, screws, etc.
  • all components to be protected (28) are introduced into the protective receptacles (19a, 19b).
  • the protective housing (16) is secured (29) to the protective receptacles to create mechanical protection around the entire network and its terminals (30) that prevents physical access to the network.
  • a vehicle network protection system / adapter through the diagnostics port is not known to collectively collect all of the above described constructive and functional characteristics, and which, directly or indirectly, is or was as effective as the safety adapter (33) object of the present invention.
  • the present invention also relates to a safety method for a motor vehicle network comprising the following steps:
  • a safety adapter (33) to a diagnostic port (21) capable of allowing access to the motor vehicle network;
  • the method of the invention also comprises the following steps:
  • the method of the invention also comprises the following steps:

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mechanical Engineering (AREA)
  • Small-Scale Networks (AREA)

Abstract

La présente invention concerne un adaptateur de sécurité (33) pour un réseau d'un véhicule à moteur, le véhicule à moteur étant doté d'une porte de diagnostics (21) capable de permettre l'accès au réseau du véhicule à moteur, l'adaptateur de sécurité (33) comprenant : un premier connecteur (22) connecté à la porte de diagnostics (21) du véhicule à moteur ; une unité de commande (23) connectée au premier connecteur (22) au moyen d'un premier ensemble de conducteurs (31a) ; et un second connecteur (25) connecté à l'unité de commande (23) au moyen d'un second ensemble de conducteurs (31b), l'unité de commande (23) étant conçue pour permettre ou empêcher la transmission de données entre le premier connecteur (22) et le second connecteur (25) par vérification d'un mot de passe entré par un utilisateur dans le second connecteur (25). La présente invention concerne également un procédé de sécurité pour un réseau d'un véhicule à moteur.
PCT/BR2017/050022 2016-02-05 2017-02-03 Adaptateur et procédé de sécurité pour le réseau d'un véhicule à moteur WO2017132743A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
BRBR1020160026709 2016-02-05
BR102016002670A BR102016002670A2 (pt) 2016-02-05 2016-02-05 sistema de proteção e monitoramento da rede veicular
BRBR1020170022811 2017-02-03
BR102017002281 2017-02-03

Publications (1)

Publication Number Publication Date
WO2017132743A1 true WO2017132743A1 (fr) 2017-08-10

Family

ID=59499136

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BR2017/050022 WO2017132743A1 (fr) 2016-02-05 2017-02-03 Adaptateur et procédé de sécurité pour le réseau d'un véhicule à moteur

Country Status (1)

Country Link
WO (1) WO2017132743A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070152503A1 (en) * 2005-12-30 2007-07-05 Kowalick Thomas M Vehicle connector lockout apparatus and method of using same
US20090082912A1 (en) * 2007-09-23 2009-03-26 Emanuel Melman System and methods for controlling vehicular functions
US7904569B1 (en) * 1999-10-06 2011-03-08 Gelvin David C Method for remote access of vehicle components

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7904569B1 (en) * 1999-10-06 2011-03-08 Gelvin David C Method for remote access of vehicle components
US20070152503A1 (en) * 2005-12-30 2007-07-05 Kowalick Thomas M Vehicle connector lockout apparatus and method of using same
US20090082912A1 (en) * 2007-09-23 2009-03-26 Emanuel Melman System and methods for controlling vehicular functions

Similar Documents

Publication Publication Date Title
US11064348B2 (en) In-vehicle communication system
CN107444309B (zh) 车辆网络通信保护
Palanca et al. A stealth, selective, link-layer denial-of-service attack against automotive networks
Buttigieg et al. Security issues in controller area networks in automobiles
US20180278616A1 (en) In-vehicle communication system, communication management device, and vehicle control device
CA2953144C (fr) Procede et appareil d'etablissement de securite de vehicule
CN110892683B (zh) 车载装置、管理方法和管理程序
US20130227650A1 (en) Vehicle-Mounted Network System
CN106444696B (zh) 一种用于车辆的车身控制器的诊断端口保护的系统
CN104917745A (zh) 使用密码钥控制对存储在车辆中的个人信息的访问
JP2018535603A (ja) ブロードキャストバスフレームフィルタ
KR20050073405A (ko) 차량 부품 관리 방법 및 시스템, 차량 부품 관리 데이터갱신 방법 및 시스템 그리고 차량 부품 관리 센터
KR101446525B1 (ko) 차량 해킹 방지 시스템, 방법, 및 상기 방법을 실행시키기 위한 컴퓨터 판독 가능한 프로그램을 기록한 매체
KR20200103643A (ko) 차량 내 네트워크에 보안을 제공하는 시스템 및 방법
US20180281748A1 (en) In-vehicle communication system, vehicle control device, and communication management device
CN108173856A (zh) 车辆通信数据安全检测方法、装置及车载终端
CN106327622A (zh) 车载装置控制系统和车载控制设备
US9352723B2 (en) Theft prevention device and theft prevention method
CN111051159B (zh) 车辆用控制系统
CN110445633A (zh) 用于在分布式网络中提供经认证更新的方法
Cho et al. Who killed my parked car?
WO2017132743A1 (fr) Adaptateur et procédé de sécurité pour le réseau d'un véhicule à moteur
US7034714B2 (en) Vehicle high security piggyback modules
CN116800531A (zh) 一种汽车电子电气架构及安全通信方法
BR102017002281A2 (pt) Adaptador e método de segurança para uma rede de um veículo automotor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17746655

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17746655

Country of ref document: EP

Kind code of ref document: A1