System and method for securing communication between electronic control units

The method and system generate unique encryption keys and use CRC values to secure communication between ECUs, addressing vulnerabilities and maintaining efficiency in vehicle networks.

WO2026139736A1PCT designated stage Publication Date: 2026-07-02ATHER ENERGY LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
ATHER ENERGY LTD
Filing Date
2025-09-19
Publication Date
2026-07-02

AI Technical Summary

Technical Problem

Existing encryption techniques for securing communication between electronic control units in vehicle networks are flawed, leading to vulnerabilities such as interception, manipulation, and computational overhead, which can compromise safety and efficiency.

Method used

A method and system that generates a unique encryption key based on critical operational parameters, applies a masking operation, and appends a cyclic redundancy check (CRC) value to ensure secure communication without significant computational overhead, using a lightweight protocol.

Benefits of technology

This approach provides robust protection against attack vectors, maintains operational efficiency, and ensures secure, real-time communication by generating unique encryption keys at predefined intervals, eliminating the need for key exchange and reducing latency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure IB2025059417_02072026_PF_FP_ABST
    Figure IB2025059417_02072026_PF_FP_ABST
Patent Text Reader

Abstract

A method (600) for securing communication among a plurality of Electronic Control Units (ECUs) (108) is disclosed. The method (600) includes generating a unique encryption key based on receiving critical operational parameters. Further, the method (600) includes encrypting a communication message based on masking the communication message using the unique encryption key. Further, the method (600) includes appending a cyclic redundancy check (CRC) value to the encrypted communication message. Furthermore, the method (600) includes transmitting (608) the encrypted communication message with the appended CRC value to a communication bus for distribution to at least one or more plurality of ECUs (108).
Need to check novelty before this filing date? Find Prior Art

Description

SYSTEM AND METHOD FOR SECURING COMMUNICATION BETWEEN ELECTRONIC CONTROL UNITS FIELD OF THE INVENTION

[0001] The present invention relates to vehicle systems. More particularly, the present invention relates to a system and a method for securing communication between electronic control units, computingBACKGROUND

[0002] Unencrypted messages on communication channels are a significant vulnerability in modern distributed systems, such as vehicle networks and other embedded systems. Without encryption, communication messages may be intercepted and analyzed by malicious agents, leaving the communication channel exposed to exploitation. A hacker based on observing changes in data over time, may potentially infer patterns and predict system behavior. Such insights allow attackers to spoof data packets, manipulate the system, and cause Electronic Control Units (ECUs) to behave unpredictably or dangerously in the vehicle.

[0003] The vulnerability is especially critical in systems where the communication of critical information directly impacts safety and functionality. To address this issue, data encryption and decryption mechanisms were implemented at the ECU level to protect the communication messages before and after transmission.

[0004] While encryption theoretically secures data in transit, current encryption techniques are not without flaws. Many encryption techniques rely on traditional cryptography, such as symmetric encryption with fixed keys or asymmetric encryption involving a public-private key pair. The traditional techniques introduce their own sets of vulnerabilities and inefficiencies. A limitation of symmetric encryption includes its reliance on a shared key, which, if intercepted, compromises the entire communication channels. Similarly, publicprivate key mechanisms, depend on a handshake process to exchange keys, which may add latency in real time.

[0005] Further, one of the key weaknesses in existing encryption techniques is the dependency on a handshake process. The handshake is essential for establishing communication and exchanging cryptographic keys between components. However, this process can be problematic in distributed systems, especially when a component unexpectedly resets or reboots. In such scenarios, re-establishing the handshake may take time, causing communication delays or interruptions. This delay is unacceptable in time-critical systems like automotive networks, where even a millisecond of downtime could compromise safety.

[0006] For instance, the hacker may substitute a legitimate public key with a compromised key, enabling them to decrypt critical messages or inject malicious data into the communication channel.

[0007] Another challenge with state-of-the-art encryption techniques lies in their computational overhead. For instance, algorithms like AES-128 or RSA are highly secure but require significant processing power and memory resources. For resource-constrained systems such as ECUs, this overhead can degrade performance, increase latency, or strain power budgets.

[0008] To overcome these challenges, it is advantageous to develop a more comprehensive method for securing communication among a plurality of Electronic Control Units in a more efficient manner.SUMMARY

[0009] This summary is provided to introduce a selection of concepts, in a simplified format, that are further described in the detailed description of the invention. This summary is neither intended to identify key or essential inventive concepts of the invention nor is it intended for determining the scope of the invention.

[0010] In an aspect of the present invention, a method for securing communication among a plurality of Electronic Control Units (ECUs) is disclosed. The method includes generating, by a first ECU among the plurality of ECUs a unique encryption key based on receiving critical operational parameters. Further, the method includes encrypting, by the first ECU, a communication message based on masking the communication message using the unique encryption key. Furthermore, the method includes appending, by the first ECU, a cyclic redundancy check (CRC) value to the encrypted communication message. Furthermore, the method includes transmitting, by the first ECU, the encrypted communication message with the appended CRC value to a communication bus for distribution to at least one or more plurality of ECUs.

[0011] In an aspect of the present invention, a method for securing communication among a plurality of Electronic Control Units (ECUs) is disclosed. The method includes receiving, by a second ECU among the plurality of ECUs, an encrypted communication message with an appended cyclic redundancy check (CRC) value from a communication bus. Further, the method includes generating, by the second ECU, a unique decryption key based on receiving critical operational parameters. Furthermore, the method includes verifying, by the second ECU, an integrity check of the encrypted communication message using the appended CRC value. Furthermore, the method includes decrypting, by the second ECU, theencrypted communication message based on unmasking the communication message using the unique decryption key thereby retrieving an original communication message.

[0012] In another aspect of the present invention, a system for securing communication among a plurality of Electronic Control Units (ECUs) is disclosed. The system includes a memory and at least one processor in communication with the memory. The at least one processor is configured to generate a unique encryption key based on receiving critical operational parameters. Further, the at least one processor is configured to encrypt a communication message based on masking the communication message using the unique encryption key. Further, the at least one processor is configured to append a cyclic redundancy check (CRC) value to the encrypted communication message. Furthermore, the at least one processor is configured to transmit the encrypted communication message with the appended CRC value to a communication bus for distribution to at least one or more plurality of ECUs.

[0013] In another aspect of the present invention, a system for securing communication among a plurality of Electronic Control Units (ECUs) is disclosed. The system includes a memory and at least one processor in communication with the memory. The at least one processor is configured to receive an encrypted communication message with an appended cyclic redundancy check (CRC) value from a communication bus. Further, the at least one processor is configured to generate a unique decryption key based on receiving critical operational parameters. Further, the at least one processor is configured to verify an integrity check of the encrypted communication message using the appended CRC value. Furthermore, the at least one processor is configured to decrypt the encrypted communication message based on unmasking the communication message using the unique decryption key thereby retrieving an original communication message.

[0014] To further clarify the advantages and features of the present invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying drawings.BRIEF DESCRIPTION OF THE DRAWINGS

[0015] These and other features, aspects, and advantages of the present invention will become better understood when the following detailed description is read with reference to the accompanying drawings in which like characters represent like parts throughout the drawings, wherein:

[0016] Figure 1 illustrates a block diagram of a system for securing communication among a plurality of Electronic Control Units (ECUs), according to an embodiment of the present disclosure;

[0017] Figure 2 illustrates a detailed block diagram of the system for securing communication among the ECUs, according to an embodiment of the present disclosure;

[0018] Figure 3 illustrates a process flow for generating a unique encryption key, by a generating module of the system, according to an embodiment of the present disclosure;

[0019] Figure 4 illustrates a process flow for encrypting a communication message with the unique encryption key and a Cyclic Redundancy Check (CRC) value, by an encrypting module of the system, according to an embodiment of the present disclosure;

[0020] Figure 5 illustrates a process flow for decrypting the encrypted message, by a decryption module of the system, according to an embodiment of the present disclosure;

[0021] Figure 6 illustrates a flowchart depicting an exemplary method for securing communication among the ECUs, according to an embodiment of the present disclosure; and

[0022] Figure 7 illustrates a flowchart depicting another exemplary method for securing communication among the ECUs, according to an embodiment of the present disclosure.

[0023] Further, skilled artisans will appreciate that elements in the drawings are illustrated for simplicity and may not have necessarily been drawn to scale. For example, the flow charts illustrate the method in terms of the most prominent steps involved to help improve understanding of aspects of the present invention. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the drawings by conventional symbols, and the drawings may show only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the drawings with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.DETAILED DESCRIPTION OF FIGURES

[0024] For the purpose of promoting an understanding of the principles of the present disclosure, reference will now be made to the various embodiments and specific language will be used to describe the same. It will nevertheless be understood that no limitation of the scope of the present disclosure is thereby intended, such alterations and further modifications in the illustrated system, and such further applications of the principles of the present disclosure as illustrated therein being contemplated as would normally occur to one skilled in the art to which the present disclosure relates.

[0025] It will be understood by those skilled in the art that the foregoing general description and the following detailed description are explanatory of the present disclosure and are not intended to be restrictive thereof.

[0026] Whether or not a certain feature or element was limited to being used only once, it may still be referred to as “one or more features” or “one or more elements” or “at least one feature” or “at least one element.” Furthermore, the use of the terms “one or more” or “at least one” feature or element do not preclude there being none of that feature or element, unless otherwise specified by limiting language including, but not limited to, “there needs to be one or more...” or “one or more elements is required.”

[0027] Reference is made herein to some “embodiments.” It should be understood that an embodiment is an example of a possible implementation of any features and / or elements of the present disclosure. Some embodiments have been described for the purpose of explaining one or more of the potential ways in which the specific features and / or elements of the proposed disclosure fulfil the requirements of uniqueness, utility, and non-obviousness.

[0028] Use of the phrases and / or terms including, but not limited to, “a first embodiment,” “a further embodiment,” “an alternate embodiment,” “one embodiment,” “an embodiment,” “multiple embodiments,” “some embodiments,” “other embodiments,” “further embodiment”, “furthermore embodiment”, “additional embodiment” or other variants thereof do not necessarily refer to the same embodiments. Unless otherwise specified, one or more particular features and / or elements described in connection with one or more embodiments may be found in one embodiment, or may be found in more than one embodiment, or may be found in all embodiments, or may be found in no embodiments. Although one or more features and / or elements may be described herein in the context of only a single embodiment, or in the context of more than one embodiment, or in the context of all embodiments, the features and / or elements may instead be provided separately or in anyappropriate combination or not at all. Conversely, any features and / or elements described in the context of separate embodiments may alternatively be realized as existing together in the context of a single embodiment.

[0029] Any particular and all details set forth herein are used in the context of some embodiments and therefore should not necessarily be taken as limiting factors to the proposed disclosure.

[0030] The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such process or method. Similarly, one or more devices or sub-systems or elements or structures or components proceeded by “comprises... a” does not, without more constraints, preclude the existence of other devices or other sub-systems or other elements or other structures or other components or additional devices or additional sub-systems or additional elements or additional structures or additional components.

[0031] Embodiments of the present disclosure will be described below in detail with reference to the accompanying drawings.

[0032] For the sake of clarity, the first digit of a reference numeral of each component of the present disclosure is indicative of the Figure number, in which the corresponding component is shown. For example, reference numerals starting with digit “1” are shown at least in Figure 1. Similarly, reference numerals starting with digit “2” are shown at least in Figure 2.

[0033] Embodiments of the present disclosure disclose a system for securing communication among a plurality of Electronic Control Units (hereinafter referred to as the ECUs for the sake of brevity) based on an encryption key generated in each of the ECUs simultaneously at a predefined time interval. The components of the disclosed system are configured to ensure low-weight communication protocol encryption and decryption within the vehicle communication network to ensure smarter and more responsive safety solutions.

[0034] Figure 1 illustrates a block diagram of a system 128 for securing communication among the ECUs 108 (108a, 108b, 108c, 108d....l08n) in the vehicle 100, according to an embodiment of the present disclosure. In a non-limiting example, the system 128 may be implemented in the vehicle 100, for instance, any mechanical means of transportation such as automobiles (car), motorcycles, trucks, buses, scooters, motorcycles, and bicycles. In one such embodiment, the present disclosure is explained by implementing the system 128 in saddle-type vehicles or two-wheel vehicles, such as motorbikes andscooters, used for typically commuting a short distance or a long distance within the scope of the present disclosure.

[0035] In another embodiment, the system 128 may be implemented in an Electric Vehicle (EV) or a battery powered vehicle including, but not limited to two-wheelers such as scooters, mopeds, motorbikes / motorcycles; three-wheelers such as auto-rickshaws, four-wheelers such as cars and other Light Commercial Vehicles (LCVs) and Heavy Commercial Vehicles (HCVs) primarily work on the principle of driving an electric motor using the power from the batteries provided in the EV. Furthermore, the electric vehicle may have at least one wheel which is electrically powered to traverse such a vehicle. The term ‘wheel’ may be referred to any ground-engaging member which allows traversal of the electric vehicle over a path. The types of EVs include Battery Electric Vehicle (BEV), Hybrid Electric Vehicle (HEV) and Range Extended Electric Vehicle. However, the subsequent paragraphs pertain to the different elements of a Battery Electric Vehicle (BEV).

[0036] In construction, the vehicle 100 typically comprises hardware components such as a battery or battery pack enclosed within a battery casing and includes a Battery Management System (BMS), an on-board charger, a Motor Controller Unit (MCU), an electric motor and an electric transmission system. In addition to the hardware components / elements, the vehicle 100 may be supported with software modules comprising intelligent features including and not limited to navigation assistance, hill assistance, cloud connectivity, Over-The-Air (OTA) updates, adaptive display techniques and so on. The firmware of the vehicle 100 may also comprise Artificial Intelligence (Al) & Machine Learning (ML) driven modules which enable the prediction of a plurality of parameters such as and not limited to driver / rider behavior, road condition, charging infrastructures / charging grids in the vicinity and so on. The data pertaining to the intelligent features may be displayed through a display unit or dashboard 126 present in the dashboard of the vehicle. In one embodiment, the display unit may contain a Liquid Crystal Display (LCD) screen of a predefined dimension. In another embodiment, the display unit may contain an Light-Emitting Diode (LED) screen of a predefined dimension. The display unit may be a water-resistant display supporting one or more User-Interface (UI) designs. The vehicle 100 may support multiple frequency bands such as 2G, 3G, 4G, 5G and so on. Additionally, the vehicle 100 may also be equipped with wireless infrastructure such as, and not limited to Bluetooth, WiFi and so on to facilitate wireless communication with other vehicles or a cloud 124.

[0037] Further, the vehicle 100 may include a system 128 configured to secure communication among the ECUs 108 (108a, 108b, 108c, 108d....l08n) installed in the vehicle 100. Figure 1 depicts the plurality of Electronic Control Units (ECUs) (108a, 108b, ..., 108n) as a non-limiting example. The present disclosure may comprise one or more ECUs, as would be apparent to an ordinary person skilled in the art, without departing from the scope of the present disclosure.

[0038] In an embodiment, the system 128 may include but is not limited to, the ECUs 108 installed within the vehicle 100. The ECUs 108 may be responsible for controlling various aspects of the vehicle 100. In an example, the ECUs may correspond to, but not limited to, a battery management system, a motor controller unit, a dashboard, and a body control module.

[0039] Referring to Figure 1, in an embodiment, the ECUs 108 in the system 128 may be configured to communicate with one another to enable the seamless execution of various vehicular functionalities in the vehicle 100. The vehicular functionalities may include but are not limited to starting the motor, shutting down the vehicle, turning on lights, managing the key-on / off state, monitoring vehicle speed, tracking the state of charge (SoC), checking the side stand status, and detecting conditions such as battery temperature overrun. The ECUs 108 relies on continuous data exchange to facilitate such operations, requiring the transmission of a communication message (e.g., original communication message) in the form of a transmission packet over a communication bus (not shown in Figure 1). The communication message may correspond to a critical message exchanged between the ECUs 108 often carrying critical information essential for the vehicle’s 100 safe and efficient operation. For instance, the critical message may include control commands, sensor readings, and status updates.

[0040] The communication message is openly transmitted on the communication bus and may be susceptible to interception and unauthorized manipulation. Malicious agents or hackers may exploit the vulnerability to predict data patterns, inject spoofed data, or execute replay attacks, potentially causing an ECU to perform unintended or dangerous actions. In an advantageous aspect, the system 128 incorporates a low-weight communication protocol encryption and decryption technique to secure the communication message without introducing significant computational overhead. A unique encryption key is generated using a combination of static system-specific parameters (e.g., hardware identifiers, registration numbers) and dynamic time-variant parameters (e.g., timestamps, sensor data) in each of the ECUs 108 at the predefined time-interval (e.g., ‘U). Further, the unique encryption key is then used to apply a mathematical masking operation to the communication message, ensuringthat the communication message is concealed or encrypted before being transmitted on the communication bus.

[0041] In an embodiment, the system 128, particularly a transmitting ECU among the ECUs 108 may be configured to incorporate a cyclic redundancy check (CRC) value into the communication message before uploading on the communication bus. In an example, the transmitting ECU corresponds to the ECU within the system 128 that is actively sending the encrypted communication message. The transmitting ECU is in contrast to a target ECU among the ECUs 108, which is configured to receive the transmitted data (e.g., the encrypted communication message). The CRC value may be computed using a predefined polynomial applied to an encrypted communication message, providing an additional layer of integrity verification. The encrypted communication message, along with the appended CRC value, forms the transmission packet, which is then uploaded to the communication bus for distribution to the intended ECU(s).

[0042] In an embodiment, upon receiving the transmission packet (e.g., the encrypted communication message from the communication bus), the target ECU (receiver among the ECUs 108) retrieves the CRC value and verifies the integrity of the received encrypted communication message by recalculating the CRC value and comparing it with the appended value. If the CRC check is successful, the target ECU proceeds to decrypt the encrypted communication message using the unique encryption key generated at the predefined timeinterval (e.g., ‘U) and now acting or referred to as a decryption key.

[0043] The decryption key is derived from the same set of synchronized static and dynamic parameters used during the encryption step, ensuring that the unique encryption key is exclusive and consistent across the ECUs 108 without the need for external sharing. Consequently, based on applying the decryption key, the target ECU (receiver among the ECUs 108) unmasks the encrypted communication message to retrieve the communication message (e.g., the original communication message), which may then be used by the target ECU for further processing.

[0044] In an advantageous aspect, the encryption and decryption technique serve as a secure communication among the ECUs 108 providing robust protection against several attack vectors. For instance, the dynamic and time-sensitive nature of the unique encryption key generation ensures that replay attacks are rendered ineffective, as the unique encryption key generated at different intervals are distinct. In another instance, since the unique encryption key are not stored or transmitted between the ECUs 108, the risk of key interception or duplication is effectively mitigated. In another instance, the lightweight designof the secure communication protocol ensures that the computational requirements remain low, making it suitable for real-time applications in resource-constrained environments such as automotive systems. Thus, based on integrating this encryption and decryption, the system 128 secures the communication message but also maintains the operational efficiency and responsiveness of the ECUs 108, as explained in forthcoming paragraphs.

[0045] Figure 2 illustrates a detailed block diagram of the system 128 for securing communication among the ECUs 108, according to an embodiment of the present disclosure.

[0046] Referring to Figure 2, the ECUs 108 of the vehicle 100 is responsible for securing communication in the vehicle 100. The key elements present in each of the ECUs 108 typically include (i) a microcontroller core (or processor unit) or a processor 202; (ii) a memory unit or a memory 204; (iii) a set of modules 206 and (iv) communication protocols including, but not limited to CAN protocol, Serial Communication Interface (SCI) protocol and so on. The sequence of programmed instructions and data associated therewith can be stored in a non-transitory computer-readable medium such as the memory unit 204 or storage device which may be any suitable memory apparatus such as, but not limited to read-only memory (ROM), programmable read-only memory (PROM), electrically erasable programmable read-only memory (EEPROM), random-access memory (RAM), flash memory, disk drive and the like. In one or more embodiments of the disclosed subject matter, non-transitory computer-readable storage media can be embodied with a sequence of programmed instructions for monitoring and controlling the operation of different components of the vehicle 100.

[0047] The processor 202 may include any computing system which includes, but is not limited to, Central Processing Unit (CPU), an Application Processor (AP), a Graphics Processing Unit (GPU), a Visual Processing Unit (VPU), and / or an Al-dedicated processor such as a Neural Processing Unit (NPU). In an embodiment, the processor can be a single processing unit or several units, all of which could include multiple computing units. The processor 202 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and / or any devices that manipulate signals based on operational instructions. Among other capabilities, the processor is configured to fetch and execute computer-readable instructions and data stored in the memory. The instructions can be compiled from source code instructions provided in accordance with a programming language such as Java, C++, C#.net or the like. The instructions can also comprise code and data objects provided in accordance with, for example, the Visual Basic™ language, Lab VIEW, or another structuredor object-oriented programming language. The one or a plurality of processors control the processing of the input data in accordance with a predefined operating rule or artificial intelligence (Al) model stored in the non-volatile memory and the volatile memory. The predefined operating rule or artificial intelligence model is provided through training or learning algorithms which include, but are not limited to, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning.

[0048] Furthermore, the modules, processes, systems, and devices can be implemented as a single processor or as a distributed processor. Also, the processes, modules, and sub-modules described in the various figures of and for embodiments herein may be distributed across multiple computers or systems or may be co-located in a single processor or system. Further, the modules can be implemented in hardware, instructions executed by a processing unit, or by a combination thereof. The processing unit can comprise a computer, a processor, such as the processor, a state machine, a logic array, or any other suitable devices capable of processing instructions. The processing unit can be a general -purpose processor which executes instructions to cause the general -purpose processor to perform the required tasks or, the processing unit can be dedicated to performing the required functions. In another embodiment of the present disclosure, the modules may be machine-readable instructions (software) which, when executed by a processor / processing unit, perform any of the functionalities described. In an embodiment, the modules may include a generating module 210, an encrypting module 212, and a decrypting module 214. The set of modules 206 may be in communication with each other. The data serves, amongst other things, as a repository for storing data processed, received, and generated by one or more of the modules. Exemplary structural embodiment alternatives suitable for implementing the modules, sections, systems, means, or processes in a detailed work are provided in the explanation of Figures 3-5.

[0049] Figure 3 illustrates a process flow for generating the unique encryption key, by the generating module 210 of the system 128, according to an embodiment of the present disclosure.

[0050] In an embodiment, at step 302, the generating module 210 may be configured to receive critical operational parameters necessary for generating the unique encryption key. These critical operational parameters are a combination of the static system-specific parameters and the dynamic time-variant parameters.

[0051] The static system-specific parameters are fixed and unique to the vehicle 100 or its components. The static system-specific parameters provide a stable baseline for generating the unique encryption key and ensure that the unique encryption key is specific toa particular system or vehicle 100. In a non-limiting example, the static system-specific parameters may include a Vehicle Identification Number (VIN) or a unique ECU identifier, hardware serial numbers.

[0052] The dynamic time-variant parameters vary over time, thus adding a layer of a dynamic process in the generation of the unique encryption key. The dynamic time-variant parameters thus render the unique encryption key unpredictable and resistant to duplication or replay attacks. In a non-limiting example, the dynamic time-variant parameters may include a precise timestamp (e.g., Ts) captured during key generation, sensor readings, real-time operational status, such as current vehicle speed or state of charge (SoC).

[0053] In an embodiment, the generating module 210 may be configured to ensure that the critical operational parameters are synchronized across each of the ECUs 108 in the system 128 so that each ECU has access to the same set of inputs at any given predefined time (e g., T).

[0054] In an embodiment, at step 304, the generating module 210 may be configured to apply a cryptographic algorithm to the critical operational parameters to generate the unique encryption key. In an advantageous aspect, consequently, the generating module 210 may be configured to ensure that the unique encryption key is both secure and dynamic.

[0055] In an embodiment, the cryptographic algorithm may include a hash function, a mathematical algorithm, or another lightweight cryptographic operation suitable for resource-constrained systems for instance the ECUs 108. For example, the generating module 210 may use SHA algorithm to produce a fixed-length key. Optionally, introduce a pseudorandom function (PRF) to increase key entropy.

[0056] In an embodiment, the unique encryption key may be generated at the predefined time intervals (7), consequently ensuring that the ECUs 108 in the system 128 regenerate their keys (unique encryption key) simultaneously based on the same parameters. The predefined timestamp (Ts acts as a reference point, ensuring that the dynamic timevariant parameters of the unique encryption key remain synchronized across ECUs 108.

[0057] In an embodiment, consequently, the unique encryption key is unique and time-bound i.e., valid only for the interval T during which it was generated.

[0058] In an advantageous aspect, applying the cryptographic technique to the combination of the static system-specific parameters and the dynamic time-variant parameters makes unauthorized duplication or prediction of the unique encryption key difficult without access to the same combination of parameters at the same time.

[0059] Further, in an advantageous aspect, each ECU generates the unique encryption key independently based on locally available critical operational parameters thus, there is no requirement to transmit or share the unique encryption key between ECUs 108. Consequently, eliminating the risk of interception during communication among the ECUs 108.

[0060] Furthermore, in an advantageous aspect, as the ECUs 108 uses the same set of critical operational parameters and follows the same cryptographic process, they generate the same key (e.g., the unique encryption key) at the same time (7). Consequently, eliminating the requirement for a traditional handshake to establish or synchronize keys (e.g., the unique encryption key).

[0061] Furthermore, in an advantageous aspect, the incorporation of the dynamic time-variant parameters ensures that the unique encryption key changes at every predefined timestamp (Ts). Consequently, even if a previous communication message or key (e.g., the unique encryption key) is intercepted, it cannot be reused because the key is no longer valid.

[0062] Figure 4 illustrates a process flow for encrypting the communication message with the unique encryption key and the CRC value, by the encrypting module 212 of the system 128, according to an embodiment of the present disclosure.

[0063] In an embodiment, at step 402, the encrypting module 212 may be configured to accept the communication message that needs to be securely transmitted to the target ECU. The communication message may be the critical message such as sensor data (e.g., battery voltage, speed, temperature), control commands (e.g., start motor, shutdown, or turn-on lights), and vehicle status information (e.g., SoC, side-stand status). Thus, the communication message is prepared in a format suitable for further processing by the encrypting module 212.

[0064] In an embodiment, at step 404, the encrypting module 212 may be configured to apply masking using the unique encryption key. The encrypting module 212 may use the unique encryption key to apply a masking operation to the communication message.

[0065] In an embodiment the masking includes transforming the communication message into the encrypted communication message, thereby ensuring its confidentiality. Further, the transmitting ECU among the ECUs 108 may be configured to mask the unique encryption key. In an advantageous aspect, the encrypting module 212 ensures that the encrypted communication message cannot be intercepted or understood by the malicious agent, as it is now masked using a unique, dynamically generated key that is unknown to external entities.

[0066] In an embodiment, at step 406, the encrypting module 212 (e.g. associated with the transmitting ECU) may be configured to calculate the CRC Value to ensure the integrity of the encrypted communication message. The CRC value is generated based on applying a predefined polynomial function to the encrypted communication message to compute a checksum-like value. The CRC value thus may serve as a compact representation of the encrypted communication message’s integrity. The CRC value allows the target ECU (receiver among the ECUs 108) to verify that the encrypted communication message has not been tampered with or corrupted during transmission.

[0067] In an embodiment, at step 408, the encrypting module 212 may be configured to finalize the generation of the transmission packet by appending the CRC value to the encrypted communication message. In an advantageous aspect, thus based on appending the encrypting module 212 ensures that the CRC value is transmitted along with the encrypted communication message, enabling integrity checks during decryption.

[0068] Consequently, the transmission packet includes all the necessary components for secure transmission, including the encrypted communication message (ensures confidentiality) and the CRC value (ensures integrity).

[0069] Further, in an embodiment, at step 410, the encrypting module 212 may be configured to transmit the transmission packet to the communication bus 414 for distribution. Consequently, once the transmission packet is on the communication bus 414, the transmission packet becomes accessible to the intended receiving ECU(s) 108, which will then decrypt and process the encrypted communication message.

[0070] In an example scenario, the BMS (ECU) comprising the encrypting module 212 may accept the following communication message to be transmitted:“Soc=17%, Battery Temp = 15°”

[0071] Further, in the example scenario, the BMS (ECU) comprising the generating module 210 may dynamically generate the unique encryption key for the predefined timeinterval (7) based on the static system-specific parameters and the dynamic time-variant parameters with the time instance. For example, the unique encryption key may be 7F2A91C4D0B9.

[0072] Furthermore, in the example scenario, the BMS (ECU) comprising the encrypting module 212 may apply masking to the communication message using the uniqueencryption key (e.g., 7F2A91C4D0B9). For example, the masked or encrypted communication message may be E94321FA09AB.

[0073] Furthermore, in the example scenario, the BMS (ECU) comprising the encrypting module 212 may apply the predefined polynomial to the encrypted communication message. For example, using the predefined polynomial, the CRC value is computed as A2C2 and is appended to the encrypted communication message as E94321FA09AB \ A2C2. Consequently, the encrypting module 212 formats the encrypted communication message into the transmission packet suitable for the communication bus 414.

[0074] Furmore, in the example scenario, the BMS, including the encrypting module 212, ensures secure communication by measuring the time interval between two subsequent encrypted communication message with the same message ID. For instance, if the encrypted communication message with ID “A2C2” is transmitted at 07:10:00 AM, the encrypting module 212 monitors the next occurrence of the same message ID. If the time interval deviates from the expected pattern, the system may flag it as anomalous or reject it, thereby mitigating replay attacks without appending a timestamp directly to the transmission packet.

[0075] Furthermore, in the example scenario, the BMS (ECU) comprising the encrypting module 212 may transmit the final transmission packet to the shared communication bus 414.

[0076] In another example scenario, if the hacker intercepts the transmitted packet (e.g., E94321FA09AB|A2C2) and attempts to replay it later to disrupt the vehicle’s 100 operations, the VCU (ECU) uses the measured time interval between subsequent transmitted packet with the same message ID to detect the replay attempt. When the replayed packet is received, the decrypting module 214 calculates the time interval since the last valid message with ID “A2C2” was received. If the interval does not match the expected time interval, the VCU (ECU) discards the transmission packet and flags it as a potential intrusion attempt, preventing any unsafe actions.

[0077] Figure 5 illustrates a process flow for decrypting the encrypted communication message, by the decrypting module 214 of the system 128, according to an embodiment of the present disclosure.

[0078] In an embodiment, at step 502, the decrypting module 214 (e.g., associated with the target ECU) may be configured to receive the transmission packet from the communication bus 414. The transmission packet includes the encrypted communication message, the appended CRC value for integrity verification, and potentially the timestamp (7c / ) for replay protection.

[0079] In an embodiment, at step 504, the decrypting module 214 may be configured to check the validity of the delay between messages to prevent replay attacks. Further, the decrypting module 214 measures the time interval between successive messages with the same message ID. The decrypting module 214 then validates the transmission packet by ensuring that the observed delay falls within a predefined time gap or predefined validity window. If the delay exceeds the predefined time gap or deviates from expected patterns, the communication message is discarded, thereby mitigating replay attacks. In an advantageous aspect, the decrypting module 214 enhances security by ensuring communication messages are processed only when the observed timing aligns with the system’s 128 expected operational parameters (e.g., predefined time gap).

[0080] Further, in an embodiment the decrypting module 214 may be configured to fetch the unique encryption key generated at the predefined time interval (7). This unique encryption key is generated based on the combination of the static system-specific parameters and the dynamic time-variant parameters, ensuring that the same key (e.g., the unique encryption key) is generated by all ECUs 108 in synchronization. In an advantageous aspect, thus, the decrypting module 214 ensures that each ECU possesses the identical decryption key (e.g., the unique encryption key) at any given predefined interval, thereby eliminating the need for key exchange.

[0081] In an embodiment, at step 506, the decrypting module 214 may be configured to extract the appended CRC value from the encrypted communication message within the transmission packet.

[0082] In an embodiment, at step 508, the decrypting module 214 may be configured to verify the integrity of the encrypted communication message based on the appended CRC Value. Thus, the decrypting module 214 may be configured to apply the predefined polynomial to the received encrypted communication message to calculate a new CRC value. The new CRC value is then compared to the appended CRC value extracted earlier. If the two values match, it confirms the encrypted communication message’s integrity. However, if there is a mismatch, the encrypted communication message is rejected to prevent processing potentially tampered data.

[0083] In an embodiment, at step 510, the decrypting module 214 may be configured to apply the unique encryption key (which acts as a decryption key) to unmask the encrypted communication message post successful integrity verification. In an advantageous aspect, thus, the decrypting module 214 reverses the encryption, transforming the encrypted communication message back into its original, readable form. Consequently, thecommunication message is securely received by the target ECU, deciphered and ready for further validation or processing.

[0084] Figure 6 illustrates a flowchart depicting an exemplary method 600 for securing communication among the ECUs 108 of the vehicle 100, according to an embodiment of the present disclosure. The method 600 may be a computer-implemented method executed, for example, by the system 128 and the set of modules 206. For the sake of brevity, the constructional and operational features of the system 128 that are already explained in the description of Figure 1, Figure 2, Figure 3, Figure 4, and Figure 5 are not explained in detail in the description of Figures 6 and 7.

[0085] At step 602, the method 600 may include generating, by a first ECU among the plurality of ECUs 108 the unique encryption key based on receiving the critical operational parameters.

[0086] At step 604, the method 600 may include encrypting, by the first ECU, the communication message based on masking the communication message using the unique encryption key.

[0087] At step 606, the method 600 may include appending, by the first ECU, the CRC value to the encrypted communication message.

[0088] At step 608, the method 600 may include transmitting, by the first ECU, the encrypted communication message with the appended CRC value to the communication bus 414 for distribution to at least one or more plurality of ECUs 108.

[0089] Figure 7 illustrates a flowchart depicting an exemplary method 700 for securing communication among the ECUs 108 of the vehicle 100, according to an embodiment of the present disclosure. The method 600 may be a computer-implemented method executed, for example, by the system 128 and the set of modules 206. For the sake of brevity, the constructional and operational features of the system 128 that are already explained in the description of Figure 1, Figure 2, Figure 3, Figure 4, and Figure 5 are not explained in detail in the description of Figure 6 and 7.

[0090] At step 702, the method 700 may include receiving, by a second ECU among the plurality of ECUs 108, the encrypted communication message with the appended CRC value from the communication bus 414.

[0091] At step 704, the method 700 may include generating, by the second ECU, the unique decryption key based on receiving the critical operational parameters.

[0092] At step 706, the method 700 may include verifying, by the second ECU, the integrity check of the encrypted communication message using the appended CRC value.

[0093] At step 708, the method 700 may include decrypting, by the second ECU, the encrypted communication message based on unmasking the communication message using the unique decryption key thereby retrieving an original communication message.

[0094] While the above-discussed steps in Figures 2-7 are shown and described in a particular sequence, the steps may occur in variations to the sequence in accordance with various embodiments. Further, a detailed description related to the various steps of Figures 6-7 is already covered in the description related to Figures 2-5 and is omitted herein for the sake of brevity.

[0095] It will be appreciated that the modules, processes, systems, and devices described above can be implemented in hardware, hardware programmed by software, software instruction stored on a non-transitory computer-readable medium or a combination of the above. Embodiments of the methods, processes, modules, devices, and systems (or their sub-components or modules), may be implemented on a general-purpose computer, a specialpurpose computer, a programmed microprocessor or microcontroller and peripheral integrated circuit element, an ASIC or other integrated circuit, a digital signal processor, a hardwired electronic or logic circuit such as a discrete element circuit, a programmed logic circuit such as a programmable logic device (PLD), programmable logic array (PLA), field-programmable gate array (FPGA), programmable array logic (PAL) device, or the like. In general, any process capable of implementing the functions or steps described herein can be used to implement embodiments of the methods, systems, or computer program products (software programs stored on a non-transitory computer-readable medium).

[0096] Furthermore, embodiments of the disclosed methods, processes, modules, devices, systems, and computer program products may be readily implemented, fully or partially, in software using, for example, object or object-oriented software development environments that provide portable source code that can be used on a variety of computer platforms. Alternatively, embodiments of the disclosed methods, processes, modules, devices, systems, and computer program products can be implemented partially or fully in hardware using, for example, standard logic circuits or a very -large- scale integration (VLSI) design. Other hardware or software can be used to implement embodiments depending on the speed and / or efficiency requirements of the systems, the particular function, and / or the particular software or hardware system, microprocessor, or microcomputer being utilized.

[0097] In this application, unless specifically stated otherwise, the use of the singular includes the plural and the use of “or” means “and / or.” Furthermore, use of the terms “including” or “having” is not limiting. Any range described herein will be understood toinclude the endpoints and all values between the endpoints. Features of the disclosed embodiments may be combined, rearranged, omitted, etc., within the scope of the invention to produce additional embodiments. Furthermore, certain features may sometimes be used to advantage without a corresponding use of other features.

[0098] List of reference numerals:

Claims

WE CLAIM:

1. A method (600) for securing communication among a plurality of Electronic Control Units (ECUs) (108), the method (600) comprising:generating (602), by a first ECU among the plurality of ECUs (108) a unique encryption key based on receiving critical operational parameters;encrypting (604), by the first ECU, a communication message based on masking the communication message using the unique encryption key;appending (606), by the first ECU, a cyclic redundancy check (CRC) value to the encrypted communication message; andtransmitting (608), by the first ECU, the encrypted communication message with the appended CRC value to a communication bus for distribution to at least one or more plurality of ECUs.

2. The method (600) as claimed in claim 1, wherein generating the unique encryption key comprises:receiving the critical operational parameters comprising a combination of static system-specific parameters and dynamic time-variant parameters at a predefined timestamp; andapplying a cryptographic technique to the combination of the static systemspecific parameters and the dynamic time-variant parameters to generate the unique encryption key at a predefined time-interval.

3. The method (600) as claimed in claim 2, wherein receiving the critical operational parameters comprises:synchronizing the critical operational parameters among the plurality of ECUs thereby ensuring consistency in generating the unique encryption key.

4. The method (600) as claimed in claim 1, wherein appending the CRC value comprises:determining the CRC value based on a predefined polynomial applied to the encrypted communication message; andconcatenating the determined CRC value with the encrypted communication message to form a transmission packet for the communication bus (414).

5. The method (600) as claimed in claim 1, comprising:monitoring a frequency of the communication message and the critical operational parameters received over the communication bus;detecting if the communication message and the critical operational parameters received before or after a predefined time gap; anddiscarding the communication message and the critical operational parameters upon detecting that the communication message and the critical operational parameters are received before or after the predefined time gap, thereby preventing replay attacks.

6. The method (600) as claimed in claim 5, wherein upon discarding, the method comprises:flagging a potential intrusion attempt, thereby enabling fail-safe by rejecting the communication message and the critical operational parameters received before or after a predefined time gap.

7. The method (600) as claimed in claim 1, wherein the communication message is a critical message.

8. A method (700) for securing communication among a plurality of Electronic Control Units (ECUs) (108), the method comprising:receiving (702), by a second ECU among the plurality of ECUs (108), an encrypted communication message with an appended cyclic redundancy check (CRC) value from a communication bus (414);generating (704), by the second ECU, a unique decryption key based on receiving critical operational parameters;verifying (706), by the second ECU, an integrity check of the encrypted communication message using the appended CRC value; anddecrypting (708), by the second ECU, the encrypted communication message based on unmasking the communication message using the unique decryption key thereby retrieving an original communication message.

9. The method (700) as claimed in claim 8, wherein generating the unique decryption key comprises:receiving the critical operational parameters comprising a combination of static system-specific parameters and dynamic time-variant parameters at a predefined timestamp; andapplying a cryptographic technique to the combination of the static systemspecific parameters and the dynamic time-variant parameters to generate the unique decryption key at a predefined time-interval.

10. The method (700) as claimed in claim 9, wherein receiving the critical operational parameters comprises:synchronizing the critical operational parameters among the plurality of ECUs thereby ensuring consistency in generating the unique decryption key.

11. The method (700) as claimed in claim 8, wherein verifying the integrity of the encrypted communication message comprises:determining the CRC value appended to the encrypted communication message; andapplying a predefined polynomial to verify the CRC value matches the received message, ensuring the message integrity prior to decryption.

12. The method (700) as claimed in claim 8, wherein decrypting the encrypted communication message comprises:applying the unique decryption key to unmask the encrypted message, thereby retrieving the original communication message.

13. A system (128) for securing communication among a plurality of Electronic Control Units (ECUs) (108), the system (128) comprising:a memory (204);at least one processor (202) in communication with the memory (204), the at least one processor (202) configured to:generate a unique encryption key based on receiving critical operational parameters;encrypt a communication message based on masking the communication message using the unique encryption key;append a cyclic redundancy check (CRC) value to the encrypted communication message; andtransmit the encrypted communication message with the appended CRC value to a communication bus for distribution to at least one or more plurality of ECUs (108).

14. The system (128) as claimed in claim 13, wherein to generate the unique encryption key, the at least one processor (202) is configured to:receive the critical operational parameters comprising a combination of static system-specific parameters and dynamic time-variant parameters at a predefined timestamp; andapply a cryptographic technique to the combination of the static systemspecific parameters and the dynamic time-variant parameters to generate the unique encryption key at a predefined time-interval.

15. The system (128) as claimed in claim 14, wherein to receive the critical operational parameters, the at least one processor (202) is configured to:synchronize the critical operational parameters among the plurality of ECUs thereby ensuring consistency in generating the unique encryption key.

16. The system (128) as claimed in claim 13, wherein to append the CRC value the at least one processor (202) is configured to:determine the CRC value based on a predefined polynomial applied to the encrypted communication message; andconcatenate the determined CRC value with the encrypted communication message to form a transmission packet for the communication bus (414).

17. The system (128) as claimed in claim 13, the at least one processor (202) is configured to:monitor a frequency of the communication message and the critical operational parameters received over the communication bus;detect if the communication message and the critical operational parameters received before or after a predefined time gap; anddiscard the communication message and the critical operational parameters upon detecting that the communication message and the critical operational parameters are received before or after the predefined time gap, thereby preventing replay attacks.

18. The system (128) as claimed in claim 17, wherein upon discarding, the at least one processor (202) is configured to:flag a potential intrusion attempt, thereby enabling fail-safe by rejecting the communication message and the critical operational parameters received before or after a predefined time gap.

19. The system (128) as claimed in claim 13, wherein the communication message is a critical message.

20. A system (128) for securing communication among a plurality of Electronic Control Units (ECUs) (108), the system (128) comprising:a memory (204);at least one processor (202) in communication with the memory (204), the at least one processor (202) configured to:receive an encrypted communication message with an appended cyclic redundancy check (CRC) value from a communication bus (414);generate a unique decryption key based on receiving critical operational parameters;verify an integrity check of the encrypted communication message using the appended CRC value; anddecrypt the encrypted communication message based on unmasking the communication message using the unique decryption key thereby retrieving an original communication message.

21. The system (128) as claimed in claim 20, wherein to generate the unique decryption key, the at least one processor (202) is configured to:receive the critical operational parameters comprising a combination of static system-specific parameters and dynamic time-variant parameters at a predefined timestamp; andapply a cryptographic technique to the combination of the static systemspecific parameters and the dynamic time-variant parameters to generate the unique decryption key at a predefined time-interval.

22. The system (128) as claimed in claim 21, wherein to receive the critical operational parameters, the at least one processor (202) is configured to:synchronize the critical operational parameters among the plurality of ECUs thereby ensuring consistency in generating the unique decryption key.

23. The system (128) as claimed in claim 20, wherein to verify the integrity of the encrypted communication message, the at least one processor (202) is configured to:determine the CRC value appended to the encrypted communication message; andapply a predefined polynomial to verify the CRC value matches the received message, ensuring the message integrity prior to decryption.

24. The system (128) as claimed in claim 20, wherein to decrypt the encrypted communication message, the at least one processor (202) is configured to:apply the unique decryption key to unmask the encrypted message, thereby retrieving the original communication message.