A kind of encryption communication method of vehicle-mounted CAN bus messageTechnical field
The present invention relates to In-vehicle networking field of encryption, more particularly to a kind of encryption communication method of vehicle-mounted CAN bus message.
Background technology
Existing car model is blended with various information technologies, and more and more intelligent use components are applied in automobileOn.In these components, electronic control unit(ECU)It is the important component for controlling vehicle electronic system, a vehicle electrical subsystemIt is made of dozens of ECU as unified, each ECU passes through controller local area network(CAN)Realize communication session, CAN is in automotive fieldReference vehicle-mounted internet is developed rapidly with automatic Pilot technology, the network security of automobile is also increasingly by weightDepending on.Each vehicle-mounted ECU must be perfectly safe reliably, and then CAN bus message encryption method just becomes a kind of guarantee.It is vehicle-mounted at presentThe message data encryption of CAN bus generally has following two modes, the first is to encrypt message number using pure software security moduleAccording to the software algorithm code used in the encryption method usually can all occupy larger read-only memory(ROM)And arbitrary accessMemory(RAM)Resource there is a possibility that software code is illegally distorted, and can increase micro-control unit(MCU)OperationLoad, data encryption is less efficient, is not suitable for vehicle-mounted CAN bus message encryption scene.Second method is using band hardwareThe MCU of security module encrypts CAN message data, more using hardware security module encryption selection mode, data encryption efficiency compared withHeight, high safety and reliability are increasingly becoming the first choice of message encryption method.Based on above-mentioned band hardware security module MCU, furtherDynamic secret key is injected to ciphering process, ensures secret key uniqueness and confidentiality, bob-weight is at the same time introduced and puts aggressive mechanism, oneDetermining degree avoids CAN bus network from being invaded by rogue attacks, and the security reliability of CAN bus message has been effectively ensured, has been conducive toEnsure the network security of vehicle body.
Invention content
In order to solve the above technical problems, The present invention provides a kind of encryption communication methods of vehicle-mounted CAN bus message.
A kind of encryption communication method of vehicle-mounted CAN bus message, based on vehicle-mounted ECU, CAN Transmission systems(ControllerArea Network)And vehicle-mounted MCU secure hardware modules, specifically include following steps:
S11, sending node introduce dynamic secret key, and ID pairs of secret key holding tank and CAN message are preset in the internal security memory of ECUTable is answered, and the secret key holding tank in MCU secure hardware modules presets secret key;
S12, sending node introduce bob-weight and put aggressive mechanism, and packet counting value and CAN message are effectively using the corresponding byte number of dataCheck code anti-Replay Attack check value is calculated by special algorithm;
Calculated anti-Replay Attack check value in step S12 is integrated into the first character section of CAN message by S13, sending nodeIt forms CAN message in plain text, and CAN message plaintext and the corresponding secret keys of CAN message ID is transmitted to MCU peaces by buffer registerDevices at full hardware module is encrypted, and the encryption message formed after processing is sent to receiving node by CAN Transmission systems.
Further, further include following steps:
Whether S14, sending node real-time judgment receive specific sync message, if so then execute step S15;
Packet accouter is initialized as particular value by S15, sending node, executes step S12.
A kind of encryption communication method of vehicle-mounted CAN bus message, based on vehicle-mounted ECU, CAN Transmission systems(ControllerArea Network)And vehicle-mounted MCU secure hardware modules, specifically include following steps:
S21, receiving node introduce dynamic secret key, and ID pairs of secret key holding tank and CAN message are preset in the internal security memory of ECUTable is answered, and the secret key holding tank in MCU secure hardware modules presets secret key;
S22 receiving nodes introduce bob-weight and put aggressive mechanism, and local packet counting value and CAN message are effectively using the corresponding byte of dataSeveral check codes calculates local anti-Replay Attack check value by special algorithm;
After S23, receiving node receive encryption message, corresponding secret key is found out by CAN message ID, and will encryption message with it is secretKey is input to MCU secure hardware modules and is decrypted together, obtains CAN message in plain text, while according to the side in step S22Method calculates local anti-Replay Attack check value;
S24, judge the anti-Replay Attack that the anti-Replay Attack check value in local that receiving node is calculated is sent out with sending nodeWhether check value is consistent, if unanimously, CAN message comes into force, if inconsistent, CAN message is abandoned.
Further, when the bob-weight that the anti-Replay Attack check value in local that receiving node is calculated is sent out with sending nodePut that continuous 5 times of check value of attack is inconsistent, and receiving node can pass through specific sync message, it is desirable that sending node is packet countingDevice is initialized as particular value, realizes that sending node is synchronous with receiving node.
Further, when the bob-weight that the anti-Replay Attack check value in local that receiving node is calculated is sent out with sending nodeIt is inconsistent to put attack continuous 20 appearance of check value, receiving node stops message and receives, and records fault code indications.
Further, fault code indications are uploaded to the server-side of manufacturer by the receiving node.
Further, described secret for calculating the special algorithm of anti-Replay Attack check value by manufacturer's Uniform provisionsKey holding tank table corresponding with CAN message ID and secret key are also provided by manufacturer, ID pairs of the secret key holding tank and CAN messageAnswer table and secret key that can modify in such a way that CAN diagnoses calibration, and by the unified modification configuration of manufacturer.
Further, the secret key holding tank number is determined by MCU secure hardware modules.
Further, for the packet counting value by packet accouter by counting gained, the packet counting value can be in ECU0 is initialized as when electrification reset.
Further, secret key holding tank table corresponding with CAN message ID indicates CAN message ID by 4 byte and 1Indicate the byte composition of secret key holding tank ID.
The advantageous effects that the present invention is played are as follows:
Compared with prior art, the invention discloses a kind of encryption communication methods of vehicle-mounted CAN bus message, by ECUInternal security memory preset secret key holding tank table corresponding with CAN message ID, the secret key in MCU secure hardware modules storesSlot presets secret key, realizes the introducing of dynamic secret key, ensure that the uniqueness and confidentiality of secret key, improves CAN Transmission systemsSafety.It is effective to avoid CAN Transmission systems by non-in addition, CAN Transmission systems, which also introduce bob-weight, puts aggressive mechanismMethod attack invasion, it is more preferable to ensure that vehicle body network safety.
Description of the drawings
Fig. 1 is the encryption communication method schematic diagram of vehicle-mounted CAN bus message of the present invention.
Fig. 2 is secret key holding tank of the present invention table corresponding with CAN message ID and the default process schematic of secret key.
Fig. 3 is the composition schematic diagram of secret key holding tank of the present invention table corresponding with CAN message ID.
Fig. 4 is the front and back comparison diagram of CAN message of the present invention encryption.
Fig. 5 is the process chart of sending node of the present invention.
Fig. 6 is the process chart of receiving node of the present invention.
Specific implementation mode
The preferred embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings, so that advantages and features of the invention are moreIt is easily readily appreciated by one skilled in the art, to make apparent define to protection scope of the present invention.
Embodiment 1:
A kind of encryption communication method of vehicle-mounted CAN bus message is present embodiments provided, based on vehicle-mounted ECU, CAN Transmission systems(Controller Area Network)And vehicle-mounted MCU secure hardware modules, specifically include following steps:
S11, sending node introduce dynamic secret key, and ID pairs of secret key holding tank and CAN message are preset in the internal security memory of ECUTable is answered, and the secret key holding tank in MCU secure hardware modules presets secret key, the same CAN message ID or same groups of CAN messageCAN message encryption is carried out using the secret key inside the same secret key holding tank;
S12, sending node introduce bob-weight and put aggressive mechanism, and packet counting value and CAN message are effectively using the corresponding byte number of dataCheck code anti-Replay Attack check value is calculated by special algorithm;
Calculated anti-Replay Attack check value in step S12 is integrated into the first character section of CAN message by S13, sending nodeIt forms CAN message in plain text, and CAN message plaintext and the corresponding secret keys of CAN message ID is transmitted to MCU peaces by buffer registerDevices at full hardware module is encrypted, and the encryption message formed after processing is sent to receiving node by CAN Transmission systems.
In addition, sending node also needs to judge whether to need that packet accouter is accordingly arranged, specific deterministic processInclude the following steps:
Whether S14, sending node real-time judgment receive specific sync message, if so then execute step S15, if otherwise sendingNode is not necessarily to any operation;
Packet accouter is initialized as particular value by S15, sending node, executes step S12.
It is above-mentioned be related to for calculating the special algorithm of anti-Replay Attack check value by manufacturer's Uniform provisions, and it is eachECU suppliers uniformly maintain secrecy, and are passed through by packet accouter for calculating the packet counting value used in anti-Replay Attack check valueCounting gained is crossed, the packet counting value generally can be initialized as 0 in ECU electrification resets.Above-mentioned secret key holding tank is reported with CANLiterary ID corresponds to the byte that table indicates CAN message ID by 4 and 1 indicates that the byte of secret key holding tank ID forms.The secret key is depositedStorage tank table corresponding with CAN message ID and secret key are also provided by manufacturer, and detailed process is downloaded by manufacturer's server-sideAfter be burned onto CAN diagnostic tools, then by CAN diagnostic tools by the order of CAN diagnostic services secret key holding tank and CAN message IDCorresponding table is introduced in the internal security memory of ECU, secret key holding tank secret key being introduced in MCU secure hardware modules.Wherein, secret key holding tank number is determined by MCU secure hardware modules.Secret key holding tank table corresponding with CAN message ID is introducedTo in the internal security memory of ECU it is possible to prevente effectively from data are distorted by malice.Above-mentioned secret key holding tank and CAN messageID corresponds to table and secret key and can modify in such a way that CAN diagnoses calibration, and relevant configuration is also unified by manufacturerModification.
Embodiment 2
The present embodiment is similar with embodiment, further, a kind of encryption communication method of vehicle-mounted CAN bus message, based on vehicle-mountedECU, CAN Transmission system(Controller Area Network)And vehicle-mounted MCU secure hardware modules, specifically include following stepSuddenly:
S21, receiving node introduce dynamic secret key, and ID pairs of secret key holding tank and CAN message are preset in the internal security memory of ECUTable is answered, and the secret key holding tank in MCU secure hardware modules presets secret key;
S22 receiving nodes introduce bob-weight and put aggressive mechanism, and local packet counting value and CAN message are effectively using the corresponding byte of dataSeveral check codes calculates local anti-Replay Attack check value by special algorithm;
After S23, receiving node receive encryption message, corresponding secret key is found out by CAN message ID, and will encryption message with it is secretKey is input to MCU secure hardware modules and is decrypted together, obtains CAN message in plain text, while according to the side in step S22Method calculates local anti-Replay Attack check value;
S24, judge the anti-Replay Attack that the anti-Replay Attack check value in local that receiving node is calculated is sent out with sending nodeWhether check value is consistent, if unanimously, CAN message comes into force, if inconsistent, CAN message is abandoned.
When the anti-Replay Attack school that the anti-Replay Attack check value in local that receiving node is calculated is sent out with sending nodeIt is inconsistent to test continuous 5 times of value, receiving node can pass through specific sync message, it is desirable that sending node initializes packet accouterFor particular value, once sending node receives sync message is just initialized as particular value by packet accouter, and then realizes and send sectionPoint is synchronous with receiving node.
When the anti-Replay Attack school that the anti-Replay Attack check value in local that receiving node is calculated is sent out with sending nodeIt is inconsistent to test continuous 20 appearance of value, receiving node stops message and receives, and records fault code indications.The case where conditions permitUnder, fault message code can be uploaded to the server-side of manufacturer by receiving node, be safeguarded by manufacturer.
The complete transmission process of CAN message is as follows:
By taking the CAN message of standard as an example, sending node adds message data using the mode of symmetric cryptography with receiving nodeIt is close, and sending node is identical as the secret key that receiving node uses, it is unified to be provided by manufacturer.The CAN message of standard includes 8As anti-Replay Attack check value, remaining 7 bytes are above-mentioned as application function data for a byte, wherein first character sectionAnti- Replay Attack check value is by the CRC-8 check codes of packet counting value and the remaining 7 byte application data of CAN message by specialDifferent algorithm obtains.Sending node will form CAN message in plain text after anti-Replay Attack check value and application function Data Integration, by instituteIt states CAN message and is input to MCU secure hardware modules in plain text, while according to CAN message ID in ID pairs of secret key holding tank and CAN messageIt answers and maps out corresponding secret key holding tank in table, find out and be stored in MCU secure hardware modules further according to secret key holding tankSecret key, and secret key and CAN message are formed into encryption message after Encryption Algorithm together in plain text, encryption message is controlled by CANDevice and CAN transceiver are uploaded to CAN transfer bus, and receiving node is delivered to by message is encrypted by CAN transfer bus.The receptionNode receives the encryption message on CAN transfer bus by CAN transceiver and CAN controller, and encryption message is uploaded to MCUSecure hardware module also needs first to map out correspondence in secret key holding tank table corresponding with CAN message ID according to CAN message IDSecret key holding tank, find out corresponding secret key further according to secret key holding tank, then for secret key with encryption message together with carry outDecipherment algorithm obtains CAN message in plain text, according to remaining 7 byte applications of the local packet counting value and CAN message of receiving nodeThe CRC-8 check codes of data calculate local anti-Replay Attack check value, further judge the local that receiving node is calculatedWhether anti-Replay Attack check value and the anti-Replay Attack check value that sending node is sent out are consistent, if unanimously, CAN message lifeEffect, completes the transmission of CAN message, if inconsistent, CAN message is abandoned.
Embodiments of the present invention are explained in detail above in conjunction with attached drawing, but the present invention is not limited to above-mentioned implementationsMode within the knowledge of a person skilled in the art can also be without departing from the purpose of the present inventionVarious changes can be made.