CAN bus authentication method and system based on broadcasting

Abstract

The invention relates to a CAN bus authentication method and system based on broadcasting. The method includes the steps that completeness verification is conducted on all ECUs, seed secret keys are distributed for a gateway and the ECUs passing the verification; the gateway generates an encryption sequence, and the encryption sequence is sent to the ECUs passing the verification through broadcasting; the gateway and the ECUs passing the verification generate identical message authentication code (MAC) tables and identical synchronous counters, wherein the initial value of the counters is zero; the sending ECU attaches the MAC corresponding to the value of the counter of the sending ECU to the data field of a sending data frame; the gateway and the receiving ECU judge whether the MAC in the data field is identical with the MAC in the MAC tables corresponding to the counters of the gateway and the receiving ECU or not; if yes, the data frame is judged to be safe, and if not, the data frame is judged to be the illegal frame; the values of the counters of the sending ECU, the gateway and the receiving ECU are added by one, and whether the values of the counters of the sending ECU, the gateway and the receiving ECU exceed the preset threshold value or not is judged; if yes, an MAC table is generated again; if not, the next frame of communication is conducted, and communication of a next data frame is conducted. According to the CAN bus authentication method and system, due to the fact that a message authentication code is added to the data frames in communication, the attack on the CAN bus can be defended.

Description

technical field [0001] The invention relates to the technical field of CAN bus communication security, in particular to a broadcast-based CAN bus authentication method and system. Background technique [0002] The CAN protocol was proposed by Bosch in 1986 and formed a protocol specification in 1991. It is currently widely used in the automotive industry and other control fields. The CAN protocol was originally used to solve the problem of in-vehicle communication. Its application environment is closed, and attackers cannot access the in-vehicle network. The development of the Internet of Vehicles makes each car a node for communicating with the outside world. The network in the car is no longer closed, and attackers can access the Electronic Control Unit (ECU) and CAN bus, threatening the safety of the car. Attackers may invade the CAN bus through Bluetooth, OBD-II interface, TPMS and other systems, and control the in-vehicle communication system by sending illegal frames....

AI Technical Summary

Problems solved by technology

[0003] The existing CAN bus authentication technology ignores the broadcast characteristics of CAN communication, and the authentication efficiency is low; the algorithm operation complexity is high and the delay is large, so it is not suitable for application in in-vehicle communication

Images