WO2020088910A1 - Transmission de messages à bord d'un véhicule à moteur - Google Patents
Transmission de messages à bord d'un véhicule à moteur Download PDFInfo
- Publication number
- WO2020088910A1 WO2020088910A1 PCT/EP2019/077588 EP2019077588W WO2020088910A1 WO 2020088910 A1 WO2020088910 A1 WO 2020088910A1 EP 2019077588 W EP2019077588 W EP 2019077588W WO 2020088910 A1 WO2020088910 A1 WO 2020088910A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- receiver
- message
- transmitter
- messages
- motor vehicle
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Definitions
- the invention relates to the transmission of messages on board a
- the invention relates to the secure transmission of messages from one sender to several recipients.
- a motor vehicle includes a transmitter and several ready to receive
- Control devices which are each set up to process messages from the sender.
- the messages can relate, for example, to an operating state or a driving situation of the motor vehicle, and the control units can control a driving function of the motor vehicle on the basis of the messages.
- the messages can be both time-critical and security-relevant.
- control units can have limited processing resources, so the use of
- Cryptography can slow processing. Encryption can increase the bandwidth required for the transmission of messages and documentation of transmitted messages, for example for
- One object on which the invention is based is to secure messages sent by a transmitter to a plurality of receivers on board a motor vehicle without putting a heavy burden on the receivers for the security.
- the invention solves the problem by means of the objects of the independent
- a method for transmitting messages from a transmitter to a first and a second comprises
- Receiver on board a motor vehicle Steps of transmitting a first message from the sender to the first receiver; the transmission of a second message from the sender to the first and the second receiver, the messages in each case authentication information for authenticating the Transmitter compared to the first receiver; checking the authentication information of the transmitter by the first receiver; transmitting a control message depending on a result of the check from the first recipient to the second recipient; and processing received messages by the second receiver in
- the sender can be authenticated to the first recipient. Authentication to the second recipient can be omitted, so that valuable resources in the provision, transmission or processing can be saved.
- the transmitter and the second receiver can be spared in terms of processing time and / or a transmission medium between the transmitter and the second receiver in terms of bandwidth.
- the sender can then send any number of second messages that can be processed by one or more second receivers.
- the transmitted messages can also be processed by the first recipient.
- the second recipient discards the second message if the control message indicates a failed check by the first recipient.
- the second message relates to data that are to be processed by the second recipient, a message whose authenticity could not be confirmed can simply be rejected. A single message can thus be omitted in a series of messages. This can increase the quality of processed data. If the message concerns a measured value, for example, this can be ignored. A series of measured values can then have a gap at the relevant point.
- the first message can be transmitted as unicast. It can
- a point-to-point connection is established between the transmitter and the first receiver.
- IP Internet Protocol
- the second message can be transmitted as a multicast, for which the
- IP Internet protocol
- the message to be transmitted can be provided with several recipients, so that it only has to be transmitted once. This transmission can also take place on the basis of a known protocol such as the Internet protocol.
- control message is transmitted less frequently than the second one
- a positive control message can be transmitted periodically as long as messages are received that can be authenticated.
- the control message can, for example, be time-controlled or in each case transmitted after receipt of a predetermined number of authenticated second messages.
- Control message can also be based on the type of sample with a
- the coincidence can relate to a time or a number of transmitted second messages. This can save processing time and / or bandwidth between the first and the second receiver.
- only part of the second message is checked.
- certain second messages can be checked and a corresponding control message can be transmitted for each check.
- the first and / or the second message are preferably transmitted by means of IPSec. It is not necessary to encrypt the message. Authentication information from the sender can still be added. A data field provided for this is also called an authentication header.
- the control message can be transmitted using SOME / IP. It is a communication protocol, which is used in particular in the
- a transmitter on board a motor vehicle comprises a transmission device which is set up to transmit a first message to a first receiver and to transmit a second message to a first and a second receiver, the
- Messages each include authentication information for authenticating the transmitter to the first receiver.
- the transmitter can comprise a sensor, the second message being determined on the basis of a measured value of the sensor.
- the sensor can in particular be set up to scan an environment of the motor vehicle.
- the senor can comprise a radar or LiDAR sensor.
- the sensor can be attached in particular in the area of an outer skin of the motor vehicle.
- the sensor or transmitter can be exposed, so that an attacker can send messages to one of the receivers using a wired or wireless transmission method.
- a technique described here can prevent such a message from being evaluated and being used as a basis for controlling the motor vehicle.
- a first receiver on board a motor vehicle comprises a receiving device for receiving
- a receiver on board a motor vehicle comprises a first receiving device for receiving messages which have been sent by a transmitter to the latter and a further receiver; a second receiving device for receiving a control message from a further receiver; and an evaluation device which is set up to process the received message as a function of the control message.
- a system on board a motor vehicle includes a transmitter described herein, a first receiver described herein, and at least one second receiver described herein.
- a motor vehicle includes a system described herein.
- An evaluation device of a transmitter described here or one of the receivers described herein can be set up to carry out a method described here in whole or in part.
- the evaluation device can be a programmable microcomputer or
- Microcontrollers include, the method in the form of a
- Computer program product can also be stored on a computer-readable data carrier. Additional features or advantages of the method can be transmitted to the transmitter, the first receiver or the second receiver or to the system and vice versa.
- Figure 1 shows a system
- Figure 2 illustrates a flow diagram of a method.
- FIG. 1 shows a system 100 which is mounted on board a motor vehicle 105 as an example.
- the system 100 comprises a transmitter 110, a first receiver 115 and at least a second receiver 120
- the transmitter 110 comprises a transmission device 135 for transmitting a message via the first data bus 125, and preferably a sensor 140.
- the transmitter 110 is preferably set up to send messages which are determined on the basis of measured values from the sensor 140.
- the sensor 140 is preferably set up to scan an environment of the motor vehicle 105.
- sensor 140 may include a non-contact sensor such as a radar or LiDAR sensor.
- the messages may include raw data from sensor 140.
- the sensor values of sensor 140 may require a wide bandwidth so that the first data bus 125 can be used to a high degree, even if a fast data bus such as Gigabit Ethernet is used.
- the receivers 115, 120 can each comprise control devices, of which at least one sensor data of the transmitter 110 is processed in order to
- One or more of the receivers 115, 120 can be part of a partially autonomous or autonomous control of the motor vehicle 105.
- the first receiver 115 comprises a receiving device 145, one
- Receiving device 145 is set up to receive a message from transmitter 110 and is preferably connected to first data bus 125.
- the second receiver 120 comprises a first receiving device 160, an evaluation device 165 and a second receiving device 170.
- the first receiving device 160 is set up to receive messages from the transmitter 110 and is preferably connected to the first data bus 125.
- the second receiving device 170 is set up to receive messages from the first receiver.
- Transmitting device 155 of the first receiver 115 can be connected to the first data bus 125 or the second data bus 130.
- the transmitter 110 authenticate itself to the first receiver 115 by means of a first message and then second
- the first receiver 115 is set up to check the authentication information of the transmitter 110 and to transmit a message to the second receiver 120 as a function of a test result. If the first recipient 1 15 cannot authenticate a message from the sender 1 10, then the corresponding one
- FIG. 2 shows a flow chart of an exemplary method 200, which can be carried out in particular by means of a system 100, preferably on board a motor vehicle 105.
- steps associated with transmitter 110 are in a left area
- those associated with first receiver 115 are in a central area
- steps associated with second receiver 120 are in a right area shown.
- information can be generated by the transmitter 110 using the sensor 140, for example. This can
- an environment of the motor vehicle 105 can be scanned in a contactless manner by means of the sensor 140.
- a step 210 can
- Steps 205 and 210 can run in the manner of an endless loop.
- a message can be generated based on the information previously provided.
- the message can be transmitted in a step 220 from the transmitter 110 to the first receiver 115 and optionally to the second receiver 120.
- Authentication can take place for the first time by means of a first message, which is preferably transmitted by the transmitter 110 exclusively to the first receiver 115 by means of a point-to-point connection.
- the transmitter 115 can be authenticated with respect to the first receiver 115, which can also comprise a plurality of messages which are exchanged between the transmitter 110 and the first receiver 115. Authentication can be carried out according to a predetermined protocol, in particular the IKEv2 protocol, which is part of the IPsec protocol collection. In this communication, no user data are preferred by the Transmitter 110 transmits, but at least one cryptographic key is transmitted. One or more second messages transmitted subsequently can be multicast from the transmitter 110 to the first receiver 115 and the second receiver 120. The authentication of the transmitter 110 to the first receiver 115 can take place again at predetermined intervals in the further course of the method 200.
- the first recipient 115 checks the authentication information attached to the message. Verification can be part of the authentication protocol mentioned above. On the basis of a
- a check message can be provided in a step 230 in a test result. This can be transmitted in a step 235 from the first receiver 115 to the second receiver 120.
- Both the checking of the authentication information in step 225 and the transmission of the control message in step 235 can be carried out for every or every second message from the sender 110. However, reviews or submissions can be less frequent. In one embodiment, a negative test result is transmitted immediately, while positive test results are only transmitted sporadically. A reverse embodiment is also conceivable.
- the sporadically transmitted information can, for example, be selected on a time, event or random basis.
- the second recipient 120 received the message from the sender 110 and the control message from the first recipient 115. Depending on the control message received, it can then process or reject the message received from the transmitter 110. If control messages only arrive sporadically, a control message can, for example, be received by all of the second recipient 120 since the last control message
- Step 245 can also be cycled through in the manner of an endless loop.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Traffic Control Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
L'invention concerne un procédé de transmission de messages d'un émetteur à un premier et un deuxième récepteur à bord d'un véhicule à moteur, ce procédé comprenant les étapes suivantes : transmission d'un premier message de l'émetteur au premier récepteur ; transmission d'un deuxième message de l'émetteur au premier et au deuxième récepteur, les messages comprenant chacun des informations d'authentification pour authentifier l'émetteur par rapport au premier récepteur ; vérification des informations d'authentification de l'émetteur par le premier récepteur ; transmission d'un message de contrôle au deuxième récepteur en fonction d'un résultat de la vérification par le premier récepteur ; et traitement de messages reçus par le deuxième récepteur en fonction du message de contrôle transmis.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102018127152.2A DE102018127152A1 (de) | 2018-10-31 | 2018-10-31 | Übermittlung von Nachrichten an Bord eines Kraftfahrzeugs |
DE102018127152.2 | 2018-10-31 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020088910A1 true WO2020088910A1 (fr) | 2020-05-07 |
Family
ID=68289933
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2019/077588 WO2020088910A1 (fr) | 2018-10-31 | 2019-10-11 | Transmission de messages à bord d'un véhicule à moteur |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE102018127152A1 (fr) |
WO (1) | WO2020088910A1 (fr) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102013215577A1 (de) * | 2013-08-07 | 2015-02-12 | Siemens Aktiengesellschaft | Verfahren und System zur geschützten Gruppenkommunikation mit Sender-Authentisierung |
EP3148236A1 (fr) * | 2015-09-25 | 2017-03-29 | Argus Cyber Security Ltd | System and method for controlling access to an in-vehicle communication network |
DE102016207642A1 (de) * | 2016-05-03 | 2017-11-09 | Siemens Aktiengesellschaft | Verfahren und Vorrichtungen zum Authentisieren eines Datenstroms |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
MY178103A (en) * | 2013-11-27 | 2020-10-02 | Mimos Berhad | An authentication method |
EP3373553B1 (fr) * | 2017-03-09 | 2024-05-08 | Argus Cyber Security Ltd | Système et procédé de fourniture de cybersécurité à un réseau de communication embarqué |
-
2018
- 2018-10-31 DE DE102018127152.2A patent/DE102018127152A1/de active Pending
-
2019
- 2019-10-11 WO PCT/EP2019/077588 patent/WO2020088910A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102013215577A1 (de) * | 2013-08-07 | 2015-02-12 | Siemens Aktiengesellschaft | Verfahren und System zur geschützten Gruppenkommunikation mit Sender-Authentisierung |
EP3148236A1 (fr) * | 2015-09-25 | 2017-03-29 | Argus Cyber Security Ltd | System and method for controlling access to an in-vehicle communication network |
DE102016207642A1 (de) * | 2016-05-03 | 2017-11-09 | Siemens Aktiengesellschaft | Verfahren und Vorrichtungen zum Authentisieren eines Datenstroms |
Also Published As
Publication number | Publication date |
---|---|
DE102018127152A1 (de) | 2020-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3157281B1 (fr) | Procédé de communication protégée dans un véhicule | |
EP3110101A1 (fr) | Procede de protection de manipulation de paquets de donnees utiles a transmettre par un systeme de bus entre des composants systeme | |
DE602004002044T2 (de) | Authentifizierungs-System- und Verfahren unter Verwendung von individualisierten und nicht-individualisierten Zertifikaten | |
DE102015214267A1 (de) | Verfahren und System zum Erzeugen eines sicheren Kommunikationskanals für Endgeräte | |
EP2238733A2 (fr) | Méthode et système de transmission sécurisée de données dans un tachygraphe | |
DE102016212752A1 (de) | Kommunikations-relaisvorrichtung, kommunikationsnetzwerk; kommunikationsrelais-programm und kommunikationsrelais-verfahren | |
DE102015200279A1 (de) | Einwegübertragungseinrichtung, Vorrichtung undVerfahren zum rückwirkungsfreien Erfassen von Daten | |
DE102009027676A1 (de) | Kommunikationsverfahren, Computerprogrammprodukt, Vorrichtung und Computersystem | |
DE102013218212A1 (de) | Verfahren zum abgesicherten Übermitteln von Daten | |
DE112016004438T5 (de) | Bordkommunikationssystem | |
EP3496975B1 (fr) | Véhicule automobile ayant un réseau de données divisé en plusiers domaines séparés et procédé d'exploitation du réseau de données | |
DE102011007588A1 (de) | Verfahren und Vorrichtung zur Steuerungs-Kommunikation zwischen gekoppelten Zugteilen | |
DE102012209408A1 (de) | Sichere Übertragung einer Nachricht | |
EP3412018A1 (fr) | Procédé d'échange de messages entre dispositifs de sécurité | |
WO2020088910A1 (fr) | Transmission de messages à bord d'un véhicule à moteur | |
WO2020109200A1 (fr) | Procédé de surveillance d'un système de transmission de données, système de transmission de données et véhicule à moteur | |
EP3734478A1 (fr) | Procédé d'attribution des certificats, système de guidage, utilisation d'un tel système de guidage, installation technique, composants d'installation et utilisation d'un fournisseur d'identité | |
EP3363145B1 (fr) | Procédé et dispositif permettant de générer un secret partagé | |
EP4193567B1 (fr) | Procédé pour réaliser l'équipement sécurisé d'un véhicule à l'aide d'un certificat individuel | |
DE102018102608A1 (de) | Verfahren zur Benutzerverwaltung eines Feldgeräts | |
DE102015225787A1 (de) | Verfahren und Vorrichtung zur Empfängerauthentifikation in einem Fahrzeugnetzwerk | |
EP3554001B1 (fr) | Procédé de transfert sécurisé et procédé d'échange bidirectionnel sécurisé des paquets de données électroniques dans un réseau | |
EP3541038A1 (fr) | Procédé et dispositif de transmission de données protégée de manière cryptographique entre un premier appareil et un second appareil | |
EP3832508B1 (fr) | Blocage ou annulation d'un certificat d'appareil | |
EP3881486B1 (fr) | Procédé de fourniture d'un élément de preuve du lieu d'origine pour un couple de clé numérique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19789900 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19789900 Country of ref document: EP Kind code of ref document: A1 |