CAN bus authentication method and system based on broadcasting

A technology of CAN bus and authentication system, applied in the field of CAN bus authentication method and system based on broadcast, can solve the problems of neglecting the broadcast characteristics of CAN communication, high complexity of algorithm operation, low authentication efficiency, etc., and achieves good defense and complex calculation. The effect of low degree and high efficiency judgment
CN104767618AActive Publication Date: 2015-07-08TSINGHUA UNIV
2 Cites 41 Cited by

Patent Information

Authority / Receiving Office
CN ยท China
Patent Type
Applications(China)
Current Assignee / Owner
TSINGHUA UNIV
Publication Date
2015-07-08

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention relates to a CAN bus authentication method and system based on broadcasting. The method includes the steps that completeness verification is conducted on all ECUs, seed secret keys are distributed for a gateway and the ECUs passing the verification; the gateway generates an encryption sequence, and the encryption sequence is sent to the ECUs passing the verification through broadcasting; the gateway and the ECUs passing the verification generate identical message authentication code (MAC) tables and identical synchronous counters, wherein the initial value of the counters is zero; the sending ECU attaches the MAC corresponding to the value of the counter of the sending ECU to the data field of a sending data frame; the gateway and the receiving ECU judge whether the MAC in the data field is identical with the MAC in the MAC tables corresponding to the counters of the gateway and the receiving ECU or not; if yes, the data frame is judged to be safe, and if not, the data frame is judged to be the illegal frame; the values of the counters of the sending ECU, the gateway and the receiving ECU are added by one, and whether the values of the counters of the sending ECU, the gateway and the receiving ECU exceed the preset threshold value or not is judged; if yes, an MAC table is generated again; if not, the next frame of communication is conducted, and communication of a next data frame is conducted. According to the CAN bus authentication method and system, due to the fact that a message authentication code is added to the data frames in communication, the attack on the CAN bus can be defended.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of CAN bus communication security, in particular to a broadcast-based CAN bus authentication method and system. Background technique

[0002] The CAN protocol was proposed by Bosch in 1986 and formed a protocol specification in 1991. It is currently widely used in the automotive industry and other control fields. The CAN protocol was originally used to solve the problem of in-vehicle communication. Its application environment is closed, and attackers cannot access the in-vehicle network. The development of the Internet of Vehicles makes each car a node for communicating with the outside world. The network in the car is no longer closed, and attackers can access the Electronic Control Unit (ECU) and CAN bus, threatening the safety of the car. Attackers may invade the CAN bus through Bluetooth, OBD-II interface, TPMS and other systems, and control the in-vehicle communication system by sending illegal frames....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More