WO2020088910A1 - Transmission de messages à bord d'un véhicule à moteur - Google Patents

Transmission de messages à bord d'un véhicule à moteur Download PDF

Info

Publication number
WO2020088910A1
WO2020088910A1 PCT/EP2019/077588 EP2019077588W WO2020088910A1 WO 2020088910 A1 WO2020088910 A1 WO 2020088910A1 EP 2019077588 W EP2019077588 W EP 2019077588W WO 2020088910 A1 WO2020088910 A1 WO 2020088910A1
Authority
WO
WIPO (PCT)
Prior art keywords
receiver
message
transmitter
messages
motor vehicle
Prior art date
Application number
PCT/EP2019/077588
Other languages
German (de)
English (en)
Inventor
Stefan Grosse
Original Assignee
Bayerische Motoren Werke Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bayerische Motoren Werke Aktiengesellschaft filed Critical Bayerische Motoren Werke Aktiengesellschaft
Publication of WO2020088910A1 publication Critical patent/WO2020088910A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • the invention relates to the transmission of messages on board a
  • the invention relates to the secure transmission of messages from one sender to several recipients.
  • a motor vehicle includes a transmitter and several ready to receive
  • Control devices which are each set up to process messages from the sender.
  • the messages can relate, for example, to an operating state or a driving situation of the motor vehicle, and the control units can control a driving function of the motor vehicle on the basis of the messages.
  • the messages can be both time-critical and security-relevant.
  • control units can have limited processing resources, so the use of
  • Cryptography can slow processing. Encryption can increase the bandwidth required for the transmission of messages and documentation of transmitted messages, for example for
  • One object on which the invention is based is to secure messages sent by a transmitter to a plurality of receivers on board a motor vehicle without putting a heavy burden on the receivers for the security.
  • the invention solves the problem by means of the objects of the independent
  • a method for transmitting messages from a transmitter to a first and a second comprises
  • Receiver on board a motor vehicle Steps of transmitting a first message from the sender to the first receiver; the transmission of a second message from the sender to the first and the second receiver, the messages in each case authentication information for authenticating the Transmitter compared to the first receiver; checking the authentication information of the transmitter by the first receiver; transmitting a control message depending on a result of the check from the first recipient to the second recipient; and processing received messages by the second receiver in
  • the sender can be authenticated to the first recipient. Authentication to the second recipient can be omitted, so that valuable resources in the provision, transmission or processing can be saved.
  • the transmitter and the second receiver can be spared in terms of processing time and / or a transmission medium between the transmitter and the second receiver in terms of bandwidth.
  • the sender can then send any number of second messages that can be processed by one or more second receivers.
  • the transmitted messages can also be processed by the first recipient.
  • the second recipient discards the second message if the control message indicates a failed check by the first recipient.
  • the second message relates to data that are to be processed by the second recipient, a message whose authenticity could not be confirmed can simply be rejected. A single message can thus be omitted in a series of messages. This can increase the quality of processed data. If the message concerns a measured value, for example, this can be ignored. A series of measured values can then have a gap at the relevant point.
  • the first message can be transmitted as unicast. It can
  • a point-to-point connection is established between the transmitter and the first receiver.
  • IP Internet Protocol
  • the second message can be transmitted as a multicast, for which the
  • IP Internet protocol
  • the message to be transmitted can be provided with several recipients, so that it only has to be transmitted once. This transmission can also take place on the basis of a known protocol such as the Internet protocol.
  • control message is transmitted less frequently than the second one
  • a positive control message can be transmitted periodically as long as messages are received that can be authenticated.
  • the control message can, for example, be time-controlled or in each case transmitted after receipt of a predetermined number of authenticated second messages.
  • Control message can also be based on the type of sample with a
  • the coincidence can relate to a time or a number of transmitted second messages. This can save processing time and / or bandwidth between the first and the second receiver.
  • only part of the second message is checked.
  • certain second messages can be checked and a corresponding control message can be transmitted for each check.
  • the first and / or the second message are preferably transmitted by means of IPSec. It is not necessary to encrypt the message. Authentication information from the sender can still be added. A data field provided for this is also called an authentication header.
  • the control message can be transmitted using SOME / IP. It is a communication protocol, which is used in particular in the
  • a transmitter on board a motor vehicle comprises a transmission device which is set up to transmit a first message to a first receiver and to transmit a second message to a first and a second receiver, the
  • Messages each include authentication information for authenticating the transmitter to the first receiver.
  • the transmitter can comprise a sensor, the second message being determined on the basis of a measured value of the sensor.
  • the sensor can in particular be set up to scan an environment of the motor vehicle.
  • the senor can comprise a radar or LiDAR sensor.
  • the sensor can be attached in particular in the area of an outer skin of the motor vehicle.
  • the sensor or transmitter can be exposed, so that an attacker can send messages to one of the receivers using a wired or wireless transmission method.
  • a technique described here can prevent such a message from being evaluated and being used as a basis for controlling the motor vehicle.
  • a first receiver on board a motor vehicle comprises a receiving device for receiving
  • a receiver on board a motor vehicle comprises a first receiving device for receiving messages which have been sent by a transmitter to the latter and a further receiver; a second receiving device for receiving a control message from a further receiver; and an evaluation device which is set up to process the received message as a function of the control message.
  • a system on board a motor vehicle includes a transmitter described herein, a first receiver described herein, and at least one second receiver described herein.
  • a motor vehicle includes a system described herein.
  • An evaluation device of a transmitter described here or one of the receivers described herein can be set up to carry out a method described here in whole or in part.
  • the evaluation device can be a programmable microcomputer or
  • Microcontrollers include, the method in the form of a
  • Computer program product can also be stored on a computer-readable data carrier. Additional features or advantages of the method can be transmitted to the transmitter, the first receiver or the second receiver or to the system and vice versa.
  • Figure 1 shows a system
  • Figure 2 illustrates a flow diagram of a method.
  • FIG. 1 shows a system 100 which is mounted on board a motor vehicle 105 as an example.
  • the system 100 comprises a transmitter 110, a first receiver 115 and at least a second receiver 120
  • the transmitter 110 comprises a transmission device 135 for transmitting a message via the first data bus 125, and preferably a sensor 140.
  • the transmitter 110 is preferably set up to send messages which are determined on the basis of measured values from the sensor 140.
  • the sensor 140 is preferably set up to scan an environment of the motor vehicle 105.
  • sensor 140 may include a non-contact sensor such as a radar or LiDAR sensor.
  • the messages may include raw data from sensor 140.
  • the sensor values of sensor 140 may require a wide bandwidth so that the first data bus 125 can be used to a high degree, even if a fast data bus such as Gigabit Ethernet is used.
  • the receivers 115, 120 can each comprise control devices, of which at least one sensor data of the transmitter 110 is processed in order to
  • One or more of the receivers 115, 120 can be part of a partially autonomous or autonomous control of the motor vehicle 105.
  • the first receiver 115 comprises a receiving device 145, one
  • Receiving device 145 is set up to receive a message from transmitter 110 and is preferably connected to first data bus 125.
  • the second receiver 120 comprises a first receiving device 160, an evaluation device 165 and a second receiving device 170.
  • the first receiving device 160 is set up to receive messages from the transmitter 110 and is preferably connected to the first data bus 125.
  • the second receiving device 170 is set up to receive messages from the first receiver.
  • Transmitting device 155 of the first receiver 115 can be connected to the first data bus 125 or the second data bus 130.
  • the transmitter 110 authenticate itself to the first receiver 115 by means of a first message and then second
  • the first receiver 115 is set up to check the authentication information of the transmitter 110 and to transmit a message to the second receiver 120 as a function of a test result. If the first recipient 1 15 cannot authenticate a message from the sender 1 10, then the corresponding one
  • FIG. 2 shows a flow chart of an exemplary method 200, which can be carried out in particular by means of a system 100, preferably on board a motor vehicle 105.
  • steps associated with transmitter 110 are in a left area
  • those associated with first receiver 115 are in a central area
  • steps associated with second receiver 120 are in a right area shown.
  • information can be generated by the transmitter 110 using the sensor 140, for example. This can
  • an environment of the motor vehicle 105 can be scanned in a contactless manner by means of the sensor 140.
  • a step 210 can
  • Steps 205 and 210 can run in the manner of an endless loop.
  • a message can be generated based on the information previously provided.
  • the message can be transmitted in a step 220 from the transmitter 110 to the first receiver 115 and optionally to the second receiver 120.
  • Authentication can take place for the first time by means of a first message, which is preferably transmitted by the transmitter 110 exclusively to the first receiver 115 by means of a point-to-point connection.
  • the transmitter 115 can be authenticated with respect to the first receiver 115, which can also comprise a plurality of messages which are exchanged between the transmitter 110 and the first receiver 115. Authentication can be carried out according to a predetermined protocol, in particular the IKEv2 protocol, which is part of the IPsec protocol collection. In this communication, no user data are preferred by the Transmitter 110 transmits, but at least one cryptographic key is transmitted. One or more second messages transmitted subsequently can be multicast from the transmitter 110 to the first receiver 115 and the second receiver 120. The authentication of the transmitter 110 to the first receiver 115 can take place again at predetermined intervals in the further course of the method 200.
  • the first recipient 115 checks the authentication information attached to the message. Verification can be part of the authentication protocol mentioned above. On the basis of a
  • a check message can be provided in a step 230 in a test result. This can be transmitted in a step 235 from the first receiver 115 to the second receiver 120.
  • Both the checking of the authentication information in step 225 and the transmission of the control message in step 235 can be carried out for every or every second message from the sender 110. However, reviews or submissions can be less frequent. In one embodiment, a negative test result is transmitted immediately, while positive test results are only transmitted sporadically. A reverse embodiment is also conceivable.
  • the sporadically transmitted information can, for example, be selected on a time, event or random basis.
  • the second recipient 120 received the message from the sender 110 and the control message from the first recipient 115. Depending on the control message received, it can then process or reject the message received from the transmitter 110. If control messages only arrive sporadically, a control message can, for example, be received by all of the second recipient 120 since the last control message
  • Step 245 can also be cycled through in the manner of an endless loop.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Traffic Control Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un procédé de transmission de messages d'un émetteur à un premier et un deuxième récepteur à bord d'un véhicule à moteur, ce procédé comprenant les étapes suivantes : transmission d'un premier message de l'émetteur au premier récepteur ; transmission d'un deuxième message de l'émetteur au premier et au deuxième récepteur, les messages comprenant chacun des informations d'authentification pour authentifier l'émetteur par rapport au premier récepteur ; vérification des informations d'authentification de l'émetteur par le premier récepteur ; transmission d'un message de contrôle au deuxième récepteur en fonction d'un résultat de la vérification par le premier récepteur ; et traitement de messages reçus par le deuxième récepteur en fonction du message de contrôle transmis.
PCT/EP2019/077588 2018-10-31 2019-10-11 Transmission de messages à bord d'un véhicule à moteur WO2020088910A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102018127152.2A DE102018127152A1 (de) 2018-10-31 2018-10-31 Übermittlung von Nachrichten an Bord eines Kraftfahrzeugs
DE102018127152.2 2018-10-31

Publications (1)

Publication Number Publication Date
WO2020088910A1 true WO2020088910A1 (fr) 2020-05-07

Family

ID=68289933

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/077588 WO2020088910A1 (fr) 2018-10-31 2019-10-11 Transmission de messages à bord d'un véhicule à moteur

Country Status (2)

Country Link
DE (1) DE102018127152A1 (fr)
WO (1) WO2020088910A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102013215577A1 (de) * 2013-08-07 2015-02-12 Siemens Aktiengesellschaft Verfahren und System zur geschützten Gruppenkommunikation mit Sender-Authentisierung
EP3148236A1 (fr) * 2015-09-25 2017-03-29 Argus Cyber Security Ltd System and method for controlling access to an in-vehicle communication network
DE102016207642A1 (de) * 2016-05-03 2017-11-09 Siemens Aktiengesellschaft Verfahren und Vorrichtungen zum Authentisieren eines Datenstroms

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
MY178103A (en) * 2013-11-27 2020-10-02 Mimos Berhad An authentication method
EP3373553B1 (fr) * 2017-03-09 2024-05-08 Argus Cyber Security Ltd Système et procédé de fourniture de cybersécurité à un réseau de communication embarqué

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102013215577A1 (de) * 2013-08-07 2015-02-12 Siemens Aktiengesellschaft Verfahren und System zur geschützten Gruppenkommunikation mit Sender-Authentisierung
EP3148236A1 (fr) * 2015-09-25 2017-03-29 Argus Cyber Security Ltd System and method for controlling access to an in-vehicle communication network
DE102016207642A1 (de) * 2016-05-03 2017-11-09 Siemens Aktiengesellschaft Verfahren und Vorrichtungen zum Authentisieren eines Datenstroms

Also Published As

Publication number Publication date
DE102018127152A1 (de) 2020-04-30

Similar Documents

Publication Publication Date Title
EP3157281B1 (fr) Procédé de communication protégée dans un véhicule
EP3110101A1 (fr) Procede de protection de manipulation de paquets de donnees utiles a transmettre par un systeme de bus entre des composants systeme
DE602004002044T2 (de) Authentifizierungs-System- und Verfahren unter Verwendung von individualisierten und nicht-individualisierten Zertifikaten
DE102015214267A1 (de) Verfahren und System zum Erzeugen eines sicheren Kommunikationskanals für Endgeräte
EP2238733A2 (fr) Méthode et système de transmission sécurisée de données dans un tachygraphe
DE102016212752A1 (de) Kommunikations-relaisvorrichtung, kommunikationsnetzwerk; kommunikationsrelais-programm und kommunikationsrelais-verfahren
DE102015200279A1 (de) Einwegübertragungseinrichtung, Vorrichtung undVerfahren zum rückwirkungsfreien Erfassen von Daten
DE102009027676A1 (de) Kommunikationsverfahren, Computerprogrammprodukt, Vorrichtung und Computersystem
DE102013218212A1 (de) Verfahren zum abgesicherten Übermitteln von Daten
DE112016004438T5 (de) Bordkommunikationssystem
EP3496975B1 (fr) Véhicule automobile ayant un réseau de données divisé en plusiers domaines séparés et procédé d'exploitation du réseau de données
DE102011007588A1 (de) Verfahren und Vorrichtung zur Steuerungs-Kommunikation zwischen gekoppelten Zugteilen
DE102012209408A1 (de) Sichere Übertragung einer Nachricht
EP3412018A1 (fr) Procédé d'échange de messages entre dispositifs de sécurité
WO2020088910A1 (fr) Transmission de messages à bord d'un véhicule à moteur
WO2020109200A1 (fr) Procédé de surveillance d'un système de transmission de données, système de transmission de données et véhicule à moteur
EP3734478A1 (fr) Procédé d'attribution des certificats, système de guidage, utilisation d'un tel système de guidage, installation technique, composants d'installation et utilisation d'un fournisseur d'identité
EP3363145B1 (fr) Procédé et dispositif permettant de générer un secret partagé
EP4193567B1 (fr) Procédé pour réaliser l'équipement sécurisé d'un véhicule à l'aide d'un certificat individuel
DE102018102608A1 (de) Verfahren zur Benutzerverwaltung eines Feldgeräts
DE102015225787A1 (de) Verfahren und Vorrichtung zur Empfängerauthentifikation in einem Fahrzeugnetzwerk
EP3554001B1 (fr) Procédé de transfert sécurisé et procédé d'échange bidirectionnel sécurisé des paquets de données électroniques dans un réseau
EP3541038A1 (fr) Procédé et dispositif de transmission de données protégée de manière cryptographique entre un premier appareil et un second appareil
EP3832508B1 (fr) Blocage ou annulation d'un certificat d'appareil
EP3881486B1 (fr) Procédé de fourniture d'un élément de preuve du lieu d'origine pour un couple de clé numérique

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19789900

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19789900

Country of ref document: EP

Kind code of ref document: A1