WO2023274872A1 - Verfahren und steuergerät zum erzeugen eines zufallswerts unter verwendung eines microcontrollers - Google Patents
Verfahren und steuergerät zum erzeugen eines zufallswerts unter verwendung eines microcontrollers Download PDFInfo
- Publication number
- WO2023274872A1 WO2023274872A1 PCT/EP2022/067337 EP2022067337W WO2023274872A1 WO 2023274872 A1 WO2023274872 A1 WO 2023274872A1 EP 2022067337 W EP2022067337 W EP 2022067337W WO 2023274872 A1 WO2023274872 A1 WO 2023274872A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- value
- bits
- binary
- random value
- temperature
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000008859 change Effects 0.000 description 9
- 230000004044 response Effects 0.000 description 6
- 238000013459 approach Methods 0.000 description 5
- 230000000739 chaotic effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000009529 body temperature measurement Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000001186 cumulative effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000013021 overheating Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/76—Architectures of general purpose stored program computers
- G06F15/78—Architectures of general purpose stored program computers comprising a single central processing unit
- G06F15/7839—Architectures of general purpose stored program computers comprising a single central processing unit with memory
- G06F15/7842—Architectures of general purpose stored program computers comprising a single central processing unit with memory on one IC chip (single chip microcontrollers)
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
Definitions
- the present invention relates to a method for generating a random value using a microcontroller and a correspondingly configured control unit for a vehicle.
- a so-called handshake takes place.
- the diagnostic device uses a so-called challenge and response routine, for example, to prove its authorization to read out and/or configure the control unit by sending back a correct response to a random challenge from the control unit.
- the control unit refuses input from the diagnostic device if it receives an incorrect response.
- microcontrollers may have specialized hardware used solely for the purpose of generating random values.
- An improvement here can concern, for example, a reduction in costs and an increased randomness of the random value.
- a deterministic generation of random values can only be pseudo-random, since rule-based algorithms are combined with one another in order to generate the random values by mathematically linking the results of the algorithms. To a certain extent, the results are therefore predictable.
- an analog signal that is constantly changing to a small extent and that is continuous in time and value is digitized. Since the analog signal is constantly changing slightly, the digitized value also jumps at least every time the change in the analog signal is greater than one digitization level of digitization. The digitized value thus jumps randomly.
- a method for generating a random value using a microcontroller is proposed, with an analog analog temperature signal of an internal temperature sensor of the microcontroller being digitized using an internal analog-to-digital converter of the microcontroller to form a binary binary temperature value, with the random value being derived from the binary temperature value.
- a control unit for a vehicle is proposed, the control unit having a microcontroller with an internal temperature sensor and an internal analog/digital converter, the control unit being configured to carry out a method according to the approach presented here.
- a random value can be understood to mean a digital value.
- the random value can be represented by a sequence of bits.
- the random value can be a discrete value with fixed increments.
- the random value can be a binary value.
- a microcontroller can be referred to as a chip or integrated circuit.
- the microcontroller can have a large number of components that are encapsulated in a common housing. This protects the components from environmental influences. The components are also protected against manipulation. Among the components can be a regular temperature sensor and an analog-to-digital converter for the temperature sensor.
- the internal temperature sensor can map a temperature of the microcontroller in an analog analog temperature signal.
- the temperature sensor can be thermally coupled to the housing of the microcontroller.
- the analog temperature signal can be an electrical signal.
- an electrical voltage generated by a thermocouple of the temperature sensor can represent the temperature.
- an electrical current flow through a thermistor or PTC thermistor of the temperature sensor can represent the temperature.
- the temperature sensor can be a normal part of the microcontroller. The temperature sensor is protected from manipulation by the microcontroller housing.
- the analog-to-digital converter can digitize the analog temperature signal into a binary temperature value by converting the time-continuous and value-continuous analog analog temperature signal into a sequence of time-discrete and value-discrete digital binary temperature values.
- the analog to digital converter can be a normal part of the microcontroller.
- the analog-to-digital converter is also protected against manipulation by the housing of the microcontroller.
- the binary temperature value can be the random value since the binary temperature value also changes constantly and unpredictably due to the analog temperature signal constantly changing slightly around an average value.
- the random value can be derived from a noise component of the binary temperature value.
- the temperature sensor cannot provide a constant analog temperature signal due to the chaotic thermal motion of its molecules. So the analog temperature signal is noisy. Due to the digitization, the binary temperature value has an equally chaotic noise.
- the noise content may be an amount of change in the binary temperature value due to the noise of the analog temperature signal. The amount of noise is purely random and unpredictable.
- the random value can be derived from bits of the binary temperature value with a low bit significance. Bits with a low bit significance can be referred to as Least Significant Bits (LSB) and represent the smallest jumps in the possible resolution of a binary value. Since the analog temperature signal changes constantly with a small amount of change around the mean value, the bits with the lower bit significances change with a very high probability in the binary temperature value. In contrast, bits with a higher bit significance represent jumps in the resolution that are greater than the range of change in the analog temperature signal. The bits with the higher bit significance therefore change with a much lower probability.
- LSB Least Significant Bits
- the random value can be derived from the bits with the two lowest bit significances.
- the jumps in resolution of the two least significant bits are within the expected range of change in the analog temperature signal.
- the bits with the lowest bit values thus change completely randomly with a very high probability.
- the random value can be derived from a sequence of binary temperature values.
- the binary temperature values differ slightly from each other with a high probability. The differences are random. Using multiple binary temperature values reduces the predictability of the random value because the randomness is cumulative.
- a predetermined number of bits can be extracted for each binary temperature value.
- the random value can be assembled from the extracted bits.
- the remaining bits of the binary temperature values can be discarded.
- the bits with of the low bit significance are extracted, since these have the highest randomness.
- the extracted bits can be concatenated and used as the bits of the random binary value.
- An oldest binary temperature value of the sequence of binary temperature values can be discarded when a new binary temperature value is digitized.
- the new binary temperature value can be added to the sequence.
- the extracted bits of the oldest binary temperature value can be removed from the random binary value and replaced in their place by the extracted bits of the new binary temperature value.
- the bits of the new binary temperature value can always be inserted at a predefined position of the binary random value, with the remaining bits of the other older binary temperature values being shifted by a corresponding number of positions.
- the bits of the new binary temperature value can be used as the least significant bits, the most significant bits, or as the intermediate significant bits.
- bits of the new binary temperature value are used as the middle bit significance bits
- the bits of the other older binary temperature values can be shifted towards the higher bit significance and towards the lower bit significance, respectively. At least the bit with the highest bit significance and at least the bit with the lowest bit significance are then discarded.
- the random value can be provided with a word length of 32 bits.
- the random value can, for example, be composed of two bits each of 16 binary temperature values. Alternatively, four bits each of eight binary temperature values can also be used. One bit each of 32 binary temperature values can also be used.
- the random value can be checked for plausibility using the binary temperature value. If the binary temperature value assumes unusual values, the provision of the random value can be stopped in order to make it difficult or to prevent an analysis of the method used to generate the random value.
- the random value can be derived if the binary temperature value is within a temperature tolerance range.
- a temperature tolerance range can exclude temperatures that are too low and temperatures that are too high. This can prevent manipulations, for example caused by icing or overheating of the microcontroller.
- Several random values can be put together to form a key.
- a key can be used to encrypt and decrypt communications.
- the key can also be used for the challenge and response identification between the control unit and the diagnostic device.
- the key may have a larger word length than the random value to make unauthorized decryption more difficult.
- the key can be provided with a word length of 128 bits, for example. A word length of 128 bits can make unauthorized decryption very difficult.
- An identification number of the microcontroller can be integrated into the key. By integrating the identification number, the key can be assigned to the microcontroller. For example, the diagnostic device can recognize which microcontroller generated the random values and adapt its answer to the challenge and response accordingly.
- the key can be renewed cyclically.
- the key can be renewed regularly. By exchanging the key, communication can be protected even if a key is compromised.
- FIG. 1 shows a flowchart of a method for generating a random value according to an embodiment.
- Control unit 102 has a microcontroller 104 which has an internal temperature sensor 106 and an internal analog/digital converter 108 .
- the temperature sensor 106 maps a temperature of the microcontroller 104 in an analog electrical signal.
- the signal is referred to herein as analog temperature signal 110 .
- the analog temperature signal 110 can be in the form of an electrical current flow and/or an electrical voltage.
- the analog temperature signal 110 is read in by the analog-to-digital converter 108 .
- the analog to digital converter 108 digitizes the analog temperature signal 110 and outputs a binary binary temperature value 112 .
- the temperature of the microcontroller 104 changes depending on its load. The temperature rises or falls. The temperature is rarely constant. Even if the temperature is constant, the analog temperature signal 110 fluctuates randomly around a mean value with a very small fluctuation range. In other words, the analog temperature signal is noisy. A slightly, randomly changing binary temperature value 112 is also continuously digitized in the analog-to-digital converter 108 as a result of the essentially constantly changing analog temperature signal 110 . The random value 100 is derived from the binary temperature value 112 in the approach presented here.
- only a noise portion 114 of binary temperature value 112 is used to derive random value 100 .
- the binary temperature value 112 has a predefined word length with a predefined number of bits 116 .
- the word length determines a resolution of the digitization.
- the two bits 116 with the lowest bit significance are used as the noise component 114 . These two bits 116 are extracted and the random value 100 is derived using the extracted bits 116.
- a sequence 118 of multiple sequentially digitized binary temperature values 112 is used to generate the random value 100 .
- at least one bit 116 of the Binary temperature value 112 extracted.
- the bits 116 of all binary temperature values 112 are then assembled into the random value 100.
- the two bits 116 with the lowest bit significance are extracted for each binary temperature value 112 and combined to form the random value 100 .
- the majority of the bits 116 represent different bit weights than in the underlying binary temperature values 112, depending on where in the random value 100 they are used.
- two bits 116 are extracted from 16 binary temperature values 112 and combined to form a 32-bit random value 100 .
- the bits 116 of each binary temperature value 112 are extracted sequentially. When a number of new bits 116 are extracted from a new binary temperature value 112, a corresponding number of old bits 116 are removed from the previous random value 100 and replaced with the new bits 116. This results in a new random value 100 for each extraction of bits 116.
- the oldest bits 116 are removed and replaced with the new bits 116.
- the new bits 116 can be used in the same place, ie at the same place in the random value 100 at which the oldest bits 116 have been removed.
- the bits 116 can be shifted into the random value 100 and older bits 116 can be displaced to other places in the random value 100 .
- the oldest bits 116 are displaced to a word start and/or a word end of the random value 100 and removed there when the new bits 116 are inserted.
- the random value 100 is checked for plausibility. For example, it is monitored whether the random value 100 changes over time. If the random value 100 does not change, the error signal 120 is output.
- the random value is further processed into a key 122 .
- the key is generated based on the random value 100.
- a serial number and/or an identification number 124 of the microcontroller 104 is included in the key 122 in order to be able to assign the generated key 122 to the microcontroller 102, for example.
- the key 122 is composed of multiple random values 100 .
- a new key 122 can be created for each derived random value 100 by replacing the respective oldest random value 100 with the newest random value 100 .
- the key 122 is generated with a word length of 128 bits.
- the identification number 124 and at least one random value 100 can be compressed to the 128 bits.
- the compression can be done using a Miyaguchi-Preneel algorithm 130, for example.
- the key 122 can then continue to be used.
- the key 122 can be used by an encryption algorithm 128 to generate a random output 130 .
- the key 122 can be changed with each issue 130 .
- the key 122 can also be changed using a deterministically generated random number 132 .
- the random number 132 can also be used to encode the output 130. Then, when a new key 122 has been generated, the old key 122 can be discarded and the new key 122 can be substituted.
- the thermal noise of the internal temperature sensor serves as the entropy source for the random numbers.
- the voltage at the NTC is digitized using an AD converter, the noise is then extracted from the bits with the low bit significance (LSBs) and the entropy is increased using a compression function.
- a Pseudo Random Number Generator (PRNG) can be connected downstream.
- PRNG Pseudo Random Number Generator
- the internal temperature sensors can make external manipulation difficult. Although the temperature can be influenced from the outside, this cannot be transferred one-to-one to the noise.
- the measured temperature value is also available and can be used for plausibility checks.
- the raw data of the microcontroller temperature measurement is read sixteen times in a row via the analog-to-digital converter (ADC) driver and the two least significant bits (LSBs) are combined to form a 32-bit value.
- ADC analog-to-digital converter
- LSBs least significant bits
- Several 32-bit values are compressed together with a microcontroller (ECU) individual ID (e.g. serial number) using a Miyaguchi preneel function and thus converted into a 128-bit seed.
- the seed is used to initialize a Pseudo Random Number Generator (PRNG) based on an AES-128 algorithm in order to obtain higher data rates.
- PRNG Pseudo Random Number Generator
- the Integrity Monitor monitors the entropy of the source to detect errors such as "stuck at low”.
- PRNG Pseudo Random Number Generator
- the feedback of the internal state of the Pseudo Random Number Generator (PRNG) enables a cyclic "Reseeding" to measure the entropy in the Pseudo Random Number Generator ( PRNG) to maintain. Since the devices and methods described in detail above are exemplary embodiments, they can be modified to a large extent in the customary manner by a person skilled in the art without departing from the scope of the invention. In particular, the mechanical arrangements and the size ratios of the individual elements to one another are merely exemplary.
- Miyaguchi-Preneel Algorithm 128 Encryption Algorithm 130 Output 132 Random Number
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Analogue/Digital Conversion (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202280045735.9A CN117581219A (zh) | 2021-07-01 | 2022-06-24 | 使用微控制器生成随机数的方法和控制装置 |
EP22740788.9A EP4363990A1 (de) | 2021-07-01 | 2022-06-24 | Verfahren und steuergerät zum erzeugen eines zufallswerts unter verwendung eines microcontrollers |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102021117008.7 | 2021-07-01 | ||
DE102021117008.7A DE102021117008A1 (de) | 2021-07-01 | 2021-07-01 | Verfahren und steuergerät zum erzeugen eines zufallswerts unter verwendung eines microcontrollers |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023274872A1 true WO2023274872A1 (de) | 2023-01-05 |
Family
ID=82492830
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2022/067337 WO2023274872A1 (de) | 2021-07-01 | 2022-06-24 | Verfahren und steuergerät zum erzeugen eines zufallswerts unter verwendung eines microcontrollers |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP4363990A1 (de) |
CN (1) | CN117581219A (de) |
DE (1) | DE102021117008A1 (de) |
WO (1) | WO2023274872A1 (de) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8015224B1 (en) * | 2006-12-27 | 2011-09-06 | Marvell International Ltd. | Entropy source for random number generation |
US20180123607A1 (en) * | 2016-11-01 | 2018-05-03 | Texas Instruments Incorporated | Digital Modulator Entropy Source |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3558488B2 (ja) | 1997-05-20 | 2004-08-25 | エニー株式会社 | 暗号通信システム |
DE102013004795A1 (de) | 2012-03-21 | 2013-09-26 | Gabriele Trinkel | System und Verfahren zum erzeugen von thermische Hot Spot zur Generierung von Zufallszahlen mit thermischen Rauschquellen im Cloud Computing |
US9542156B2 (en) | 2013-05-15 | 2017-01-10 | Synopsys, Inc. | Automatic control system and method for a true random number generator |
DE102018100357A1 (de) | 2018-01-09 | 2019-07-11 | Infineon Technologies Ag | Chip und verfahren zum sicheren speichern von geheimen daten |
-
2021
- 2021-07-01 DE DE102021117008.7A patent/DE102021117008A1/de active Pending
-
2022
- 2022-06-24 CN CN202280045735.9A patent/CN117581219A/zh active Pending
- 2022-06-24 WO PCT/EP2022/067337 patent/WO2023274872A1/de active Application Filing
- 2022-06-24 EP EP22740788.9A patent/EP4363990A1/de active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8015224B1 (en) * | 2006-12-27 | 2011-09-06 | Marvell International Ltd. | Entropy source for random number generation |
US20180123607A1 (en) * | 2016-11-01 | 2018-05-03 | Texas Instruments Incorporated | Digital Modulator Entropy Source |
Also Published As
Publication number | Publication date |
---|---|
DE102021117008A1 (de) | 2023-01-05 |
CN117581219A (zh) | 2024-02-20 |
EP4363990A1 (de) | 2024-05-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE102012110499B9 (de) | Sicherheitszugangsverfahren für elektronische Automobil-Steuergeräte | |
DE102013203415B4 (de) | Erstellen eines abgeleiteten Schlüssels aus einem kryptographischen Schlüssel mittels einer physikalisch nicht klonbaren Funktion | |
EP2899714B1 (de) | Gesichertes Bereitstellen eines Schlüssels | |
DE102013206202A1 (de) | Sensormodul und Verfahren zum Betreiben eines Sensorsmoduls | |
DE19744961A1 (de) | Erzeugen eindeutiger und unvorhersagbarer Werte | |
EP2891266A1 (de) | Verfahren und anordnung zur sicheren kommunikation zwischen netzwerkeinrichtungen in einem kommunikationsnetzwerk | |
DE102012209404A1 (de) | Vorrichtung zur Ausführung eines kryptographischen Verfahrens und Betriebsverfahren hierfür | |
DE102012217716A1 (de) | Selbst-Test einer Physical Unclonable Function | |
DE102018212833A1 (de) | Vorrichtung und verfahren zur erzeugung physikalisch unklonbarer funktionen | |
DE202017103778U1 (de) | Kommunikationssicherungseinrichtung und -system für eine OBD-II-Schnittstelle eines Elektrokraftfahrzeuges | |
EP3709516B1 (de) | Vorrichtung und verfahren zur hardware-basierten datenverschlüsselung mit komplementären widerstandsschaltern | |
DE102013205542A1 (de) | Vorrichtung und Verfahren zur Verarbeitung von Daten | |
EP4363990A1 (de) | Verfahren und steuergerät zum erzeugen eines zufallswerts unter verwendung eines microcontrollers | |
DE102015001847A1 (de) | Einmalverschlüsselung von Zählerdaten | |
EP4059204B1 (de) | Vorrichtungen, system, verfahren und computerprogramm zur hardware-basierten datenverschlüsselung mit impedanzschalter | |
WO2018114119A1 (de) | Verfahren, vorrichtung und computerlesbares speichermedium mit instruktionen zum signieren von messwerten eines sensors | |
EP3371733B1 (de) | Verschlüsseln des speicherinhalts eines speichers in einem eingebetteten system | |
WO2012028391A1 (de) | Verfahren zum bereitstellen von informationen für ein steuergerät | |
DE102014008654A1 (de) | Temporäre Berechtigung | |
EP2288073A1 (de) | Vorrichtung zur Verschlüsselung von Daten | |
EP1455312A1 (de) | Verfahren und Einrichtung zur Wartung von sicherheitsrelevanten Programmcode eines Kraftfahrzeuges | |
DE102016219207A1 (de) | Verfahren und vorrichtung zum zertifizieren einer sicherheitskritischen funktionskette | |
WO2023066721A1 (de) | Verfahren zur gewährleistung einer it-sicherheit einer automatisierungsanlage und sicherheitssystem | |
EP4397004A1 (de) | Verfahren zur gewährleistung einer it-sicherheit einer automatisierungsanlage und sicherheitssystem | |
DE102007023206B4 (de) | Verfahren und Einrichtung zur sicheren Erzeugung und Verwaltung von Schlüsseln und deren Nutzung in Netzwerken zur sicheren Übertragung von Daten |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22740788 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 202280045735.9 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2022740788 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2022740788 Country of ref document: EP Effective date: 20240201 |