Communication data encryption method for automotive information security
By generating session keys with multi-dimensional constraints and encrypting frames with multi-layer verification, the problems of insufficient dynamic key management and weak anti-replay attack capability in existing automotive information security communication encryption methods are solved, achieving efficient and secure communication data encryption.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ANHUI MINGSHI ELECTRONICS CO LTD
- Filing Date
- 2025-08-07
- Publication Date
- 2026-06-19
AI Technical Summary
Existing automotive information security communication encryption methods fail to fully integrate the real-time, dynamic, and resource-constrained characteristics between intelligent devices and vehicles, resulting in defects in the encryption process, especially in dynamic key management and insufficient resistance to replay attacks.
By obtaining the mismatch bits of the bidirectional mirrored frame pair, calculating the right-hand differential vector, generating the freshness vector and salt value, combining the master key to generate the session key, and using the AES_GCM algorithm for encryption and integrity verification, the direct mapping and multi-dimensional constraints of the physical layer state to the encryption parameters in the encryption process are ensured.
It achieves efficient and highly secure communication data encryption in resource-constrained vehicle environments, enhances resistance to replay attacks and signal tampering, and ensures the uniqueness of keys and data integrity for each interaction.
Smart Images

Figure CN120896753B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of automotive information security, and more specifically to a method for encrypting communication data for automotive information security. Background Technology
[0002] The intelligent upgrade of automobiles is developing rapidly, and the integration of automobiles and smart devices is becoming more profound. Users can authenticate their identities and interact with their vehicles wirelessly by carrying smartphones or smart keys. When starting a vehicle through a smart device, the smart device and the vehicle need to complete two-way authentication to wake up the vehicle and activate the power system. This process involves multiple rounds of data exchange, including key steps such as random number generation, encryption algorithm calculation, and key negotiation. For example, some current systems use rolling code technology, dynamically updating the encryption key after each communication to prevent fixed codes from being intercepted and reused. However, such systems often face complex security challenges: on the one hand, the openness of wireless communication makes signals vulnerable to interception, tampering, or replay by malicious devices; on the other hand, the resource constraints of smart devices and vehicles require encryption algorithms to strike a balance between computational efficiency and security. For example, some systems use lightweight encryption protocols to reduce power consumption, but imperfect key update mechanisms may allow attackers to obtain valid keys through signal interference.
[0003] The core problem with current technology lies in the inadequacy of dynamic key management mechanisms and replay attack resistance. For example, when a vehicle receives a replayed old key, if the incrementing order of the key counter is not strictly verified, an attacker can bypass authentication by forging the timing relationship. The root cause of this problem is that existing encryption methods fail to fully integrate the real-time, dynamic, and resource-constrained characteristics between smart devices and vehicles, resulting in flaws in the encryption process. Summary of the Invention
[0004] To address the shortcomings of existing technologies, this invention proposes a communication data encryption method for automotive information security, which solves the problem that existing encryption methods fail to fully integrate the real-time, dynamic, and resource-constrained characteristics between intelligent devices and vehicles, resulting in defects in the encryption process.
[0005] To achieve the above objectives, the present invention provides the following technical solution:
[0006] A bidirectional mirror frame pair consisting of a wake-up frame and a response frame is obtained. The mismatch bit is obtained by marking the mismatch bit based on the bidirectional mirror frame pair. The first right-hand differential vector is calculated based on the value of the mismatch bit. The interleaved ciphertext block is obtained. The ciphertext random parameter and the interaction count parameter are obtained based on the interleaved ciphertext block.
[0007] The first right-rotation difference vector is transformed by bit to obtain the second right-rotation difference vector. The second right-rotation difference vector and the ciphertext random parameter are XORed to obtain the freshness vector. The salt value is obtained by concatenating the first right-rotation difference vector with the interaction counting parameter.
[0008] A session key is generated using an encryption algorithm based on the freshness vector and salt value. An initialization vector is then obtained. The original data is encrypted into ciphertext using the initialization vector and the session key, and an encrypted frame is generated.
[0009] Furthermore, the sender sends a wake-up frame to the receiver, the receiver reverses the bytes in the wake-up frame, and then circularly shifts the reversed bits three positions to the right to obtain the response frame.
[0010] The receiving end sends the acknowledgment frame back to the sending end. The sending end combines the wake-up frame and the acknowledgment frame into a bidirectional mirror frame pair and adds a bit index k to each bit in the bidirectional mirror frame pair.
[0011] The sending end reverses the bytes of the wake-up frame in the bidirectional mirror frame pair, and then shifts the reversed bits three positions to the right to obtain the expected response frame.
[0012] Furthermore, based on the receiver traversing each bit of the response frame in the bidirectional mirror frame pair, it is determined whether each bit is consistent with each bit of the expected response frame at bit index k. If they are inconsistent, they are marked as mismatched and the bit is marked as 1. If they are consistent, they are marked as not mismatched and the bit is marked as 0, thus obtaining the mismatch bit marked as 1.
[0013] Using the value of bit index k as the weight, calculate the sum of the products of bit index k and the corresponding mismatch bit flag value, and then take the modulo 2 of the sum of the products. 16 This yields the first right-handed difference vector.
[0014] Furthermore, the interleaved ciphertext block is obtained, and after splitting the interleaved ciphertext block, the ciphertext random parameters and the interaction count parameters are obtained.
[0015] Furthermore, the bits of the first right-rotation difference vector are shifted to the left by n bits to obtain the second right-rotation difference vector;
[0016] The freshness vector is obtained by performing an XOR operation between the second right-rotation difference vector and the ciphertext random parameters. The specific method is as follows:
[0017] By comparing the bits of the second right-rotation difference vector with the bits of the ciphertext random parameters, marking the same bits as 0 and different bits as 1, a freshness vector with the same length as the second right-rotation difference vector and the ciphertext random parameters is obtained.
[0018] Furthermore, the bits of the first right-hand differential vector and the bits of the interactive counting parameter are concatenated in sequence, with the first right-hand differential vector first and the interactive counting parameter second, and the salt value is obtained after concatenation.
[0019] Furthermore, the master key is obtained, which is the same root key pre-stored by the sender and receiver through an offline secure channel;
[0020] The master key and the freshness vector are concatenated in order, with the master key first and the freshness vector last. The concatenation results in a composite key, which serves as the initial input data for the encryption algorithm. The composite key is used as the input data and the salt value is used as the salt to generate a pseudo-random key using the HMAC-SHA256 algorithm.
[0021] Using a pseudo-random key as the key input, setting and inputting context information, setting the target key length, generating multiple hash blocks iteratively through the HMAC-SHA256 algorithm, concatenating multiple hash blocks, and then sequentially extracting bits of the target key length to obtain the session key.
[0022] Further, a frame counter is obtained, which is the frame sequence number maintained by the sending end in a single interaction. The interaction counting parameter and the frame counter are concatenated in order, with the interaction counting parameter first and the frame counter second. The concatenation results in an initialization vector.
[0023] The original data is obtained, which is the instruction signal sent from the sender to the receiver. Based on the session key and the initialization vector, the original data is encrypted into ciphertext using the AES_GCM algorithm, wherein the length of the ciphertext is equal to that of the original data.
[0024] The first right-handed differential vector is used as the associated data input, and the integrity label is calculated using the AES_GCM algorithm.
[0025] The initialization vector, the first right-hand differential vector, the ciphertext, and the integrity tag are concatenated in sequence to obtain an encrypted frame, which is then verified by the receiving end.
[0026] Further, a sliding window offset w is defined, and the entire response frame is shifted to the right by w positions to obtain a verification response frame. A verification right-hand differential vector is generated based on the response frame and the verification response frame. The first right-hand differential vector in the encrypted frame is compared with the verification right-hand differential vector. If the first right-hand differential vector is equal to the verification right-hand differential vector, the right-hand differential vector is marked as successfully verified. Otherwise, it is determined that the current encrypted frame cannot pass the bit order synchronization correction, and the current encrypted frame is directly discarded and a renegotiation is requested.
[0027] A verification session key is generated based on the successfully verified right-hand differential vector, and the process of generating the verification session key is the same as the process of generating the session key based on the first right-hand differential vector.
[0028] The initialization vector is split into an interaction count parameter and a frame counter. The interaction count parameter is verified to be equal to the interaction count parameter in the receiving end. If they are equal, the current state is marked as the initial verification success state. The encrypted frame is then parsed in the initial verification success state.
[0029] Furthermore, after successful initial verification, the verification integrity tag is calculated by inputting the verification session key, initialization vector, ciphertext, and verification right-hand differential vector through the AES_GCM algorithm. If the verification integrity tag is equal to the integrity tag in the encrypted frame, the ciphertext is parsed into the original data through the AES_GCM algorithm. If the verification integrity tag is not equal to the integrity tag, the current encrypted frame is discarded and a renegotiation is requested.
[0030] Compared with existing technologies, it has the following advantages:
[0031] The proposed communication data encryption method for automotive information security effectively addresses the shortcomings of existing technologies, such as insufficient dynamic key management, weak resistance to replay attacks, and failure to integrate real-time transmission characteristics, by deeply integrating physical layer transmission characteristics with encryption mechanisms. First, the method obtains mismatch bits through bidirectional mirrored frame pairs and calculates a first right-handed differential vector, directly mapping the weighted characteristics of the physical layer bit index to encryption parameters. This vector uniquely encodes the alignment state of the response frame; if a bit-slip attack occurs, its value changes immediately, disrupting the consistency of subsequent encryption parameters. This overcomes the limitation of traditional encryption relying solely on upper-layer protocols, achieving direct constraints from the physical layer state to the encryption process, significantly improving resistance to physical layer attacks. Second, the generation mechanism of the freshness vector and salt value achieves multi-dimensional parameter collaboration. The freshness vector is obtained by XORing the second right-handed differential vector with random ciphertext parameters, binding physical layer alignment differences bit by bit with ciphertext randomness; the salt value is generated by concatenating the first right-handed differential vector with an interactive counting parameter, simultaneously covering spatial misalignment and temporal replay risks. The combined effect of these two factors imbues the session key with triple constraints of physical, ciphertext, and time, ensuring the uniqueness of the key for each interaction. This overcomes the limitation of traditional keys having only a single dimension of attack resistance, effectively resisting replay attacks and signal tampering. The session key generation process balances security and efficiency. Based on the master key, freshness vector, and salt value, a pseudo-random key is generated, and then a session key of the target length is iteratively generated. This utilizes a strong hash algorithm to ensure security while adapting the target length to the performance of the vehicle's electronic control unit, balancing computational overhead and encryption strength. Finally, the encryption frame generation and verification mechanism achieves end-to-end security verification. The encryption frame integrates the initialization vector, the first right-hand differential vector, the ciphertext, and the integrity tag. The receiving end verifies the right-hand differential vector through sliding window offset, verifies the interaction count parameters, and compares the integrity tag, ensuring data integrity and legitimacy at multiple levels. This adapts to the bandwidth constraints of the vehicle's controller LAN bus, achieving efficient and highly secure communication data encryption in resource-constrained vehicle environments. Attached Figure Description
[0032] Figure 1 This is a schematic diagram of the method flow of the present invention; Detailed Implementation
[0033] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0034] Please see Figure 1 This application provides a method for encrypting communication data for automotive information security;
[0035] The method specifically includes the following steps:
[0036] Step 1: Obtain the 128-bit master key. Specifically, the 128-bit master key is the same 128-bit root key pre-stored by the sending end (wireless smart device supporting wireless signal transmission and encryption algorithm) and the receiving end (car equipped with keyless entry system and electronic control unit) through an offline security channel (such as burning during the production stage). The master key serves as the original entropy source for subsequent key derivation and does not directly participate in encryption operations. It is only used for the secure derivation of session keys.
[0037] The sending end sends a 24-bit wake-up frame to the receiving end (consisting of three bytes in sequence: the high byte of the sending end identifier, the low byte of the sending end identifier, and the function specification field). After receiving the wake-up frame, the receiving end reverses the three bytes in the wake-up frame and then circularly shifts the reversed 24 bits three bits to the right to obtain an acknowledgment frame. The receiving end sends the acknowledgment frame back to the sending end. The sending end combines the wake-up frame and the acknowledgment frame into a 24-bit bidirectional mirrored frame pair and adds a bit index k (0≤k≤23) to each bit in the 24-bit bidirectional mirrored frame pair.
[0038] The sending end also reverses the order of the wake-up frame in the 24-bit bidirectional mirrored frame pair and shifts it three bits to the right in a circular operation to obtain the expected response frame.
[0039] Based on the receiver traversing each bit of the acknowledgment frame in the 24-bit bidirectional mirror frame pair, it is determined whether each bit mismatches with each bit of the expected acknowledgment frame at bit index k (it is determined whether the bits under the same index are consistent). If there is a mismatch, the bit is marked as 1; if there is no mismatch, the bit is marked as 0. Thus, the mismatch bit caused by the physical layer transmission is obtained.
[0040] Using the value of bit index k as the weight, calculate the sum of the products of the bit index k values from bits 0 to 23 and the corresponding mismatch bit flags, and then take the modulo 2 of the sum of the products. 16 The first right-hand differential vector is obtained, which is a 16-bit right-hand differential vector. Specifically, in this example, the first right-hand differential vector is a 16-bit value. No matter how many bits are mismatched or where the mismatch is, the right-hand differential vector can uniquely encode the alignment state of the current response frame. If a bit slip attack occurs, the right-hand differential vector will change immediately, directly destroying the parameter consistency of the subsequent encryption process. The right-hand differential vector obtained by calculation breaks through the limitation of traditional encryption relying only on the upper layer protocol. It introduces the weighted characteristics of the physical layer bit index into the generation of encryption parameters, realizing the direct mapping from physical layer state to encryption parameters.
[0041] Specifically, in real-time CAN communication, the transmitting end first sends information containing two key data parts in a new communication interaction: a 24-bit wake-up frame and a 40-bit interleaved ciphertext block. The wake-up frame, which contains the transmitting end's identifier and control commands, only requires a three-byte reverse operation. After receiving the wake-up frame, the receiving end can react quickly, performing a reverse operation and a right circular shift operation, and then sending it back to the receiving end. At this point, the receiving end has received the initial request and identification from the transmitting end. The subsequent step is to verify and decrypt the encrypted data sent by the transmitting end. During the transmission of the wake-up frame, bit flips, shifts, etc., may occur, causing bit errors. If the response frame received by the transmitting end does not match the expected response frame generated by the wake-up frame in the 24-bit bidirectional mirror frame, the mismatched bits need to be marked as mismatch bits. The mismatch bits consist of 0 and 1, totaling 24 bits, and the bit index of the mismatch bits is the bit index k of the 24-bit bidirectional mirror frame pair (0≤k≤23).
[0042] The system acquires a 40-bit interleaved ciphertext block sent from the sender to the receiver for interaction. The first 24 bits of the 40-bit interleaved ciphertext block are used as ciphertext random parameters to obtain 24-bit ciphertext random parameters (the 24-bit ciphertext random parameters are pseudo-random ciphertext fields obtained by the sender after encrypting / scrambling the receiver, carrying the randomness of the ciphertext). The last 16 bits are used as interaction count parameters to obtain 16-bit interaction count parameters (increasing with the number of interactions between the sender and receiver). Specifically, the ciphertext random parameters and interaction count parameters are acquired synchronously in the same data block, avoiding the transmission of extra fields and adapting to the bandwidth limitations of the vehicle CAN bus.
[0043] Step 2: Shift the entire 16-bit right-rotated differential vector 8 bits to the left to obtain the second right-rotated differential vector, which is the 24-bit right-rotated differential vector. (Pad the last 8 bits of the newly obtained 24-bit right-rotated differential vector with 0, and retain the first 16 bits as a 16-bit right-rotated differential vector. For example, shifting the 16-bit right-rotated differential vector 0x0042 8 bits to the left results in the 24-bit right-rotated differential vector 0x004200. This step allows the length of the right-rotated differential vector to match the 24-bit ciphertext random parameters.)
[0044] Perform an XOR operation between the 24-bit right-rotated difference vector and the 24-bit ciphertext random parameters to obtain a 24-bit freshness vector. Specifically, compare the bits of the 24-bit right-rotated difference vector and the 24-bit ciphertext random parameters bit by bit, marking the same bits as 0 and different bits as 1, thus obtaining a freshness vector with the same length as the 24-bit right-rotated difference vector and the 24-bit ciphertext random parameters. For example, 0x004200 ⊕ 0x56789A = 0x563A9A.
[0045] Specifically, the freshness vector realizes the bit-by-bit binding of physical layer alignment difference and ciphertext randomness. If the right-handed differential vector or the ciphertext random parameter is changed arbitrarily, the freshness vector will change immediately, realizing the inseparability of the two, so that the key generation process is deeply integrated with the physical layer transmission state, rather than relying solely on upper layer protocol data.
[0046] The bits of the 16-bit right-rotation difference vector and the bits of the 16-bit interaction counting parameter are concatenated sequentially (16-bit right-rotation difference vector first, 16-bit interaction counting parameter second) to obtain a 32-bit salt value. For example, the salt value of 0x0042 and 0x0013 is 0x00420013. Specifically, in the same interaction frame, the right-rotation difference vector and the interaction counting parameter are generated synchronously. The salt value obtained by concatenating the two simultaneously covers the requirements for combating spatial misalignment risk and temporal replay risk, and ensures the uniqueness of each frame concatenation (i.e., the salt value is unique for each interaction). By concatenating the two, the limitation of traditional salt values relying only on timestamps or random numbers is overcome, and a single salt value can simultaneously combat displacement attacks and replay attacks, and provides a unique two-dimensional context for subsequent key derivation.
[0047] Step 3: By concatenating the bits of the 128-bit master key and the 24-bit freshness vector in sequence (master key first, freshness vector last), a 152-bit composite cipher is obtained. Specifically, the composite cipher obtained by concatenating the master key and the freshness vector is the product of concatenating the static root key and the dynamic physical layer features. It provides the initial input for the encryption algorithm and is the raw material for key derivation. The composite cipher breaks through the limitation of traditional key derivation where key materials only rely on static keys. The composite cipher based on the freshness vector injection has the constraint of the current frame's physical alignment state, which makes the subsequent key derivation process deeply integrated with the physical layer transmission state.
[0048] Using a 152-bit composite key as input and a 32-bit salt value as salt, a 256-bit pseudo-random key is generated using the HMAC-SHA256 algorithm.
[0049] Using a pseudo-random key as the key input and the information string "MICE" as the context information input, the target key length is set to 128 bits. Multiple hash blocks are generated through HMAC-SHA256 iteration. The session key is obtained by concatenating the multiple hash blocks and extracting the first 128 bits, which is the target key length. Specifically, in this example, the information string "MICE" is only used as a key usage identifier to avoid confusion between the session key and the keys of other encryption systems, thereby enhancing security. Setting the target key length to 128 bits meets the performance requirements of the vehicle electronic control unit, reduces computational overhead, and ensures computational efficiency.
[0050] Specifically, by coordinating the spatial dimension (right-rotation differential vector), the ciphertext dimension (ciphertext random parameters), and the temporal dimension (interaction counting parameters), the generated session key is made unique. When the system is subjected to a bit-slip attack, the change in the right-rotation differential vector will directly lead to session key mismatch. When the system is subjected to a replay attack, the salt value corresponding to the old interaction counting parameters cannot be reused. The final generated session key is a dynamic key with triple constraints of physical, ciphertext, and time, which solves the technical defect of the traditional key's single anti-attack dimension.
[0051] Step 4: Obtain the 80-bit frame counter. The 80-bit frame counter is the frame sequence number maintained by the sending end within a single interaction. Concatenate the 16-bit interaction count parameter and the frame counter in sequence (16-bit interaction count parameter first, 80-bit frame counter second) to obtain a 96-bit initialization vector. Specifically, the frame counter is 80 bits. When the interaction count parameter increments (marking the start of a new interaction), the sending end initializes the frame counter to 0. In a new interaction, the value of the frame counter is automatically incremented by 1 for each frame sent. The receiving end maintains the frame counter synchronously through the interaction timing and frame reception order (no explicit transmission is required, reducing bandwidth overhead). The 96-bit initialization vector obtained by concatenation has global uniqueness (the initialization vector is different for different interactions and different frames). If an attacker reuses a historical frame, the initialization vector will fail the uniqueness check, directly causing decryption anomalies. 96 bits is the recommended initialization vector length for the AES_GCM algorithm, which can avoid additional nonce processing overhead and reduce the computational latency of the vehicle system.
[0052] The system acquires raw data (command signals sent from the sender to the receiver, such as control signals to unlock the doors). Based on the session key and initialization vector, it encrypts the raw data into ciphertext (of the same length as the raw data) using the AES_GCM algorithm. A 16-bit right-hand differential vector is used as the associated data input, and a 128-bit integrity tag is calculated using the AES_GCM algorithm (if the right-hand differential vector, ciphertext, or initialization vector is tampered with, the integrity tag verification will fail). Specifically, the physical layer alignment parameter (right-hand differential vector) is integrated into the AES_GCM algorithm, enabling the encryption system to directly detect physical layer transmission anomalies (such as bit misalignment). This overcomes the limitation of traditional automotive information communication encryption, which only verifies data content and does not perceive the physical transmission status. Furthermore, the AES_GCM algorithm completes both encryption and integrity verification steps, reducing protocol overhead and adapting to the low bandwidth requirements of the vehicle CAN bus (no additional MAC field transmission is required).
[0053] The 96-bit initialization vector, 16-bit right-hand differential vector, ciphertext, and 128-bit integrity tag are concatenated in sequence to obtain an encrypted frame. The 16-bit right-hand differential vector is both the associated data (participating in encryption verification) and an explicit field of the encrypted frame (directly transmitted). There is no need to define an additional alignment state field. The frame length is compressed to ensure adaptation to the bandwidth constraints of the vehicle CAN bus. After the 16-bit right-hand differential vector is extracted at the receiving end, it can be directly used for the associated data verification of AES_GCM algorithm decryption. If the 16-bit right-hand differential vector is tampered with during transmission, the integrity tag verification will fail immediately.
[0054] The sending end transmits the encrypted frame to the receiving end via the vehicle's CAN bus;
[0055] Step 5: The receiving end verifies and parses the encrypted frame transmitted from the sending end to the receiving end, as follows:
[0056] Define a sliding window offset w (set according to the system's acceptable offset range; if the sliding window offset is greater than the offset range, it indicates data failure or potential attack; in this example, 0≤w≤3). Offset the entire response frame to the right by w bits to obtain a verification response frame. Generate a verification right-handed differential vector based on the response frame and the verification response frame (the process is the same as generating the 16-bit right-handed differential vector in step one). Compare the 16-bit right-handed differential vector in the encrypted frame with the verification right-handed differential vector. If the 16-bit right-handed differential vector equals the verification right-handed differential vector, then it is considered that... If the forward offset w is successfully aligned, otherwise w+1 is obtained to get a new w. The right-hand differential vector is repeatedly calculated and compared with the 16-bit right-hand differential vector until w=3. If the right-hand differential vector is equal to the 16-bit right-hand differential vector in 0≤w≤3, the right-hand differential vector is marked as successfully verified and subsequent calculations are performed. If not found, it is determined that the current encrypted frame cannot be corrected by bit order synchronization. The current encrypted frame is discarded and renegotiation is requested. Specifically, in this example, the alignment error of the receiving end is controlled within 3 bits, which can be self-corrected and reduce the handshake failure rate.
[0057] The verification session key is regenerated based on the successfully verified right-handed differential vector (the generation process is the same as that for generating the session key based on the 16-bit right-handed differential vector).
[0058] The 96-bit initialization vector is split into a 16-bit interaction count parameter and an 80-bit frame counter. The 16-bit interaction count parameter is verified to be equal to the interaction count parameter in the receiving end. If they are equal, the current state is marked as the initial verification success state (if the attacker reuses the encrypted frame to carry out a re-defense attack, the initial verification fails).
[0059] After successful initial verification, the AES_GCM algorithm is used to calculate the verification integrity tag by inputting the verification session key, 96-bit initialization vector, ciphertext, and verification right-hand differential vector. If the verification integrity tag is equal to the integrity tag in the encrypted frame, the ciphertext is parsed into the original data using the AES_GCM algorithm. If the verification integrity tag is not equal to the integrity tag, the current encrypted frame is discarded and a renegotiation is requested.
[0060] The above embodiments are only used to illustrate the technical methods of the present invention and are not intended to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical methods of the present invention without departing from the spirit and scope of the technical methods of the present invention.
Claims
1. A method for encrypting communication data for automotive information security, characterized in that, include: A bidirectional mirror frame pair consisting of a wake-up frame and a response frame is obtained. The mismatch bit is obtained by marking the mismatch bit based on the bidirectional mirror frame pair. The first right-hand differential vector is calculated based on the value of the mismatch bit. The interleaved ciphertext block is obtained. The ciphertext random parameter and the interaction count parameter are obtained based on the interleaved ciphertext block. The first right-rotation difference vector is transformed by bit to obtain the second right-rotation difference vector. The second right-rotation difference vector and the ciphertext random parameter are XORed to obtain the freshness vector. The salt value is obtained by concatenating the first right-rotation difference vector with the interaction counting parameter. A session key is generated using an encryption algorithm based on the freshness vector and salt value. An initialization vector is then obtained. The original data is encrypted into ciphertext using the initialization vector and the session key, and an encrypted frame is generated. Methods for obtaining ciphertext random parameters and interaction count parameters include: Obtain the interleaved ciphertext block, and then split the interleaved ciphertext block to obtain the ciphertext random parameters and the interaction count parameters; Methods for generating encrypted frames include: Obtain the frame counter, which is the frame sequence number maintained by the sender within a single interaction. Concatenate the interaction count parameter and the frame counter in order, with the interaction count parameter first and the frame counter second. The concatenation results in the initialization vector. The original data is obtained, which is the instruction signal sent from the sender to the receiver. Based on the session key and initialization vector, the original data is encrypted into ciphertext using the AES_GCM algorithm, where the length of the ciphertext is equal to that of the original data. The first right-handed differential vector is used as the associated data input, and the integrity label is calculated using the AES_GCM algorithm. The initialization vector, the first right-hand differential vector, the ciphertext, and the integrity tag are concatenated in sequence to obtain an encrypted frame, which is then verified by the receiving end.
2. The method for encrypting communication data for automotive information security according to claim 1, characterized in that, Methods for obtaining bidirectional mirrored frame pairs include: The sender sends a wake-up frame to the receiver. The receiver reverses the bytes in the wake-up frame and then circularly shifts the reversed bits three positions to the right to obtain the response frame. The receiving end sends the acknowledgment frame back to the sending end. The sending end combines the wake-up frame and the acknowledgment frame into a bidirectional mirror frame pair and adds a bit index k to each bit in the bidirectional mirror frame pair. The sending end reverses the bytes of the wake-up frame in the bidirectional mirror frame pair, and then shifts the reversed bits three positions to the right to obtain the expected response frame.
3. The method for encrypting communication data for automotive information security according to claim 2, characterized in that, The calculation method for the first right-handed difference vector includes: Based on the receiver traversing each bit of the response frame in the bidirectional mirror frame pair, it is determined whether each bit is consistent with each bit of the expected response frame at bit index k. If they are inconsistent, they are marked as mismatched and the bit is marked as 1. If they are consistent, they are marked as not mismatched and the bit is marked as 0, thus obtaining the mismatch bit marked as 1. Using the value of bit index k as the weight, calculate the sum of the products of the value of bit index k and the corresponding mismatch bit flag value, and then take the modulus of the sum of the products by 2^16 to obtain the first right-handed difference vector.
4. The method for encrypting communication data for automotive information security according to claim 1, characterized in that, Methods for obtaining the freshness vector include: The bits of the first right-rotation difference vector are shifted to the left by n bits to obtain the second right-rotation difference vector. The freshness vector is obtained by performing an XOR operation between the second right-rotation difference vector and the ciphertext random parameters. The specific method is as follows: By comparing the bits of the second right-rotation difference vector with the bits of the ciphertext random parameters, marking the same bits as 0 and different bits as 1, a freshness vector with the same length as the second right-rotation difference vector and the ciphertext random parameters is obtained.
5. The method for encrypting communication data for automotive information security according to claim 4, characterized in that, Methods for obtaining salinity include: The bits of the first right-hand differential vector and the bits of the interactive counting parameter are concatenated in sequence, with the first right-hand differential vector first and the interactive counting parameter second. The concatenation yields the salt value.
6. The method for encrypting communication data for automotive information security according to claim 5, characterized in that, Methods for generating session keys include: Obtain the master key, which is the same root key that is pre-stored by the sender and receiver through an offline secure channel; The master key and the freshness vector are concatenated in order, with the master key first and the freshness vector last. The concatenation results in a composite key, which serves as the initial input data for the encryption algorithm. The composite key is used as the input data and the salt value is used as the salt to generate a pseudo-random key using the HMAC-SHA256 algorithm. Using a pseudo-random key as the key input, setting and inputting context information, setting the target key length, generating multiple hash blocks iteratively through the HMAC-SHA256 algorithm, concatenating multiple hash blocks, and then sequentially extracting bits of the target key length to obtain the session key.
7. The method for encrypting communication data for automotive information security according to claim 1, characterized in that, The specific methods for verifying encrypted frames include: Define a sliding window offset w, shift the entire response frame to the right by w positions to obtain a verification response frame; generate a verification right-hand differential vector based on the response frame and the verification response frame; compare the first right-hand differential vector in the encrypted frame with the verification right-hand differential vector; if the first right-hand differential vector is equal to the verification right-hand differential vector, mark the right-hand differential vector as successfully verified; otherwise, determine that the current encrypted frame cannot pass the bit order synchronization correction, discard the current encrypted frame directly and request renegotiation. A verification session key is generated based on the successfully verified right-hand differential vector. The process of generating the verification session key is the same as that of generating the session key based on the first right-hand differential vector. The initialization vector is split into an interaction count parameter and a frame counter. The interaction count parameter is verified to be equal to the interaction count parameter in the receiving end. If they are equal, the current state is marked as the initial verification success state. The encrypted frame is then parsed in the initial verification success state.
8. The method for encrypting communication data for automotive information security according to claim 7, characterized in that, The specific methods for parsing encrypted frames include: After successful initial verification, the verification integrity tag is calculated by inputting the verification session key, initialization vector, ciphertext, and verification right-hand differential vector using the AES_GCM algorithm. If the verification integrity tag is equal to the integrity tag in the encrypted frame, the ciphertext in the encrypted frame is parsed into the original data using the AES_GCM algorithm. If the verification integrity tag is not equal to the integrity tag, the current encrypted frame is discarded and a renegotiation is requested.