CN106850230B - A kind of data safety exchange method based on CAN network - Google Patents
A kind of data safety exchange method based on CAN network Download PDFInfo
- Publication number
- CN106850230B CN106850230B CN201710079849.6A CN201710079849A CN106850230B CN 106850230 B CN106850230 B CN 106850230B CN 201710079849 A CN201710079849 A CN 201710079849A CN 106850230 B CN106850230 B CN 106850230B
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- key
- gateway
- transmitting terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of data safety exchange method based on CAN network, sender and recipient to data carry out legitimacy certification., it is necessary to confirm that the sender of data and recipient are legal controllers, unwarranted controller will notify user in a manner of alarm if finding, the data of transmission are encrypted in transmitting terminal, and the data of reception are decrypted in receiving terminal before data exchange.
Description
Technical field
The present invention relates to automobile information security technology area, the information that in-vehicle network vehicle is joined suitable for ensure ne is pacified
Entirely, and in particular to a kind of data safety exchange method based on in-car CAN network.
Background technology
In recent years, the application in intelligent automobile is on the increase, and many applications are by in-vehicle network, using end-to-end communication
Pattern, to complete the transmission of the information between control module.On the other hand, flourishing with car networking technology, part of module
The functions such as remote monitoring can be completed by being connected into internet, automotive interior network is no longer the network of a closure.Such as
Fruit information is maliciously intercepted and captured, distorted or deleted in exchange process, it is likely that can cause immeasurable consequence.It is same with this
When, ensure that the information security of automotive interior network has become a research hotspot of industry.
The calculating and networked system used at this stage in automobile has followed existing calculating and networking framework, also inherits this
The natural safety defect of a little systems, but not existence information security mechanism, people in the CAN network of existing most automobiles
Can easily obtain CAN data and inject some data artificially changed.
The main target that the data safety of CAN network exchanges research is to ensure the privacy of automotive CAN network information transmission
And integrality, while also need to ensure that the sender of data and recipient are components by certification.Existing communication security
Mechanism is all based on greatly Encryption Algorithm and agreement, such as symmetric cryptography and rivest, shamir, adelman, is generally used only for solving computer
Information security issue, the application in automobile information security fields are less.
The content of the invention
In view of the above problems, the present invention proposes a kind of data safety exchange method based on CAN network.This method can be with
Legitimacy certification is carried out to the sender of data in CAN network and recipient by bus gateway, limits the mould in inferior grade CAN
The high-grade module of block access, and transmitted in data exchange process using ciphertext.
The present invention is a kind of data safety exchange method based on CAN network.CAN network is interspersed by CAN bus
The network of formation, CAN bus are a kind of serial data communication agreements, be integrated with its communication interface CAN protocol physical layer and
Data link layer functions, can complete the framing processing to communication data.CAN bus on automobile fills the various electronics on automobile
Put and be linked to be a network with equipment, realize mutual information sharing.The internetwork connection mode on automobile mainly uses 3 at present
Bar CAN:One high-speed CAN for being used for drive system, is mainly directed towards the higher control unit of requirement of real-time, such as starts mechanical, electrical
Motivation;One low speed CAN for being used for bodywork system, mainly for the collection of Body Control, such as car light, car door, vehicle window signal
And feedback, it is relatively low to requirement of real-time;One is low speed CAN for information entertainment, and being mainly directed towards car entertainment should
With Source Music, telecommunication are relatively low to requirement of real-time.
A kind of data safety exchange method based on CAN network is realized by following steps:
Step 1:Sender and recipient to data carry out legitimacy certification., it is necessary to confirm number before data exchange
According to sender and recipient be all legal controller, if finding, unwarranted controller will notify to use in a manner of alarm
Family.
Each controller is equipped with the certificate of a legitimacy for proving itself, certificate by the controller ID number and should
The authorisation verification Au of controller is formed, and in addition each controller i is equipped with a pair of of public key PKiWith private key SKi, certificate is by corresponding
Private key SKiData signature is carried out.Store information collection List (ID, Au, the PK of a series of legal controllers in gatewayi) and
Symmetric key SYK for subsequent exchange of data process, it was demonstrated that work is completed by bus gateway.Before data exchange, net
The legitimacy that transmitting terminal and receiving terminal certificate are verified using corresponding public key is closed, if certification success, gateway is again to transmitting terminal
Judged with the rank of receiving terminal, the module level highest in acquiescence drive system CAN, the module level in bodywork system CAN
Do not take second place, the module level in entertainment systems CAN is minimum.If transmitting terminal and receiving terminal are not the module in entertainment systems CAN,
Gateway will open the data exchange channel of both sides, otherwise will remind user by in-car alarm.
Authentication method is as follows:
Step 2:The data of transmission are encrypted in transmitting terminal.The effective ways of lifting communications security are exactly that data are passed
Defeated process is encrypted, and encryption method universal at present has symmetric cryptography and asymmetric encryption.In symmetric encryption system, encryption
Identical key is used with decryption.Because encryption and decryption key is identical, it is necessary to both sides' selection of communication and to preserve them common close
Key, each side, which must trust other side, to divulge a secret away key, can thus realize the confidentiality and integrity of data.Non-
In symmetric encryption system, encryption and decryption are relatively independent, and encryption conciliates secret meeting and uses two different keys, encryption key
To public, decruption key only has decryption side to know.Symmetric encipherment algorithm processing is simple, and encryption/decryption speed is fast, and key is shorter;
Rivest, shamir, adelman encryption/decryption speed is slow, and keys sizes are big.
The present invention uses cipher mode as symmetric cryptography, and symmetric key SYK is stored in a gateway, in step 1
Transmitting terminal and receiving terminal are sent to.Assuming that transmitting terminal needs to send message M, encrypted message is C, and transmission process is as follows:
Step 3:The data of reception are decrypted in receiving terminal.Receiving terminal docks received ciphertext C using symmetric key SYK
It is decrypted, receive process are as follows:
The beneficial effects of the present invention are:
(1) present invention is a kind of data safety exchange method based on CAN network, it is proposed that the automotive interior network information is pacified
Total correlation concept, proposes a kind of data safety exchange method, mainly by cryptography specific to the CAN network of intelligent vehicle
Correlation theory, the present invention can effectively lift the Information Security of automotive CAN network.
(2) present invention is a kind of data safety exchange method based on CAN network, can be used before data exchange
The mode of data signature is authenticated the sender of data and recipient, it is ensured that the legitimacy of communication ends, limit without
The module access CAN network of certification.
(3) present invention is a kind of data safety exchange method based on CAN network, can be before data exchange, logarithm
It is detected according to sending module grade, the networking module that can be limited in inferior grade entertainment systems CAN accesses high-grade module.
(4) present invention is a kind of data safety exchange method based on CAN network, using symmetrical in data exchange process
Cipher mode, relative to traditional method for interchanging data, can lift Information Security and data exchange real-time.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of data safety exchange method invention schematic diagram based on CAN network of the present invention.
Fig. 2 is a kind of data safety exchange method invention flow chart based on CAN network of the present invention.
Embodiment
The present invention is further described with reference to embodiment.
Below in conjunction with drawings and examples, the present invention is described in further detail.
It is as shown in Figure 1 the rough schematic of the present invention.Transmitting terminal S and receiving terminal R are needed by bus gateway V into line number
According to exchange, legal controller information collection List (ID, Au, PK have been stored in Vi) and symmetric key.
The idiographic flow of data exchange is as shown in Fig. 2, its specific operation is as follows:
Step 1:Sender and reception debit to data carry out legitimacy certification.Each module is equipped with one and proves certainly
The certificate of the legitimacy of body, certificate are made of the authorisation verification Au of the ID number of the module and the module, and in addition transmitting terminal is with connecing
Receiving end is equipped with a pair of of public key PKiWith private key SKi, certificate is by corresponding private key SKiData signature is carried out.Deposited in gateway
Store up information collection List (ID, Au, the PK of a series of legal controllersi) and symmetric key for subsequent exchange of data process
SYK, verification work are completed by bus gateway.Before data exchange, gateway uses corresponding public key PKiTo verify transmitting terminal
With the legitimacy of receiving terminal certificate, if certification success, gateway again judge transmitting terminal with connecing the rank at end, acquiescence driving
Module level highest in system CAN, the module level in bodywork system CAN are taken second place, and the module level in entertainment systems CAN is most
It is low.If transmitting terminal and receiving terminal are not the module in entertainment systems CAN, gateway will open the data exchange channel of both sides, no
Then user will be reminded by in-car alarm.
Authentication method is as follows:
Step 2:The data of transmission are encrypted in transmitting terminal.The present invention uses cipher mode as symmetric cryptography, symmetrically
Encryption Algorithm processing is simple, and encryption/decryption speed is fast, and key is shorter.The symmetric key SYK of use is stored in a gateway, is existed
Transmitting terminal and receiving terminal are sent in step 1 to.Assuming that transmitting terminal needs to send message M, encrypted message is C, is transmitted across
Journey is as follows:
Step 3:The data of reception are decrypted in receiving terminal.Receiving terminal docks received ciphertext C using symmetric key SYK
Decryption, receive process are as follows:
Legitimacy can be carried out to the sender of data in CAN network and recipient by bus gateway by the above method
Certification, limits the high-grade module of module accesses in entertainment systems CAN, and exchanges data using ciphertext, improves data friendship
Change security.
Claims (1)
1. a kind of data safety exchange method based on CAN network, it is characterised in that realized by following steps:
Step 1:Sender and recipient to data carry out legitimacy certification, it is necessary to confirm data before data exchange
Sender and recipient are legal controllers, if finding, unwarranted controller will notify user in a manner of alarm,
Each controller is equipped with the certificate of a legitimacy for proving itself, and certificate is by the ID number of the controller and the control
The authorisation verification Au compositions of device, in addition each controller i is equipped with a pair of public key and private key, certificate are carried out by corresponding private key
Data signature, a series of information collection List (ID, Au, PK) of legal controllers is store in gateway and is handed over for follow-up data
Change the symmetric key SYK of process, it was demonstrated that work is completed by bus gateway, and before data exchange, gateway uses corresponding public affairs
Key verifies the legitimacy of transmitting terminal and receiving terminal certificate, if certification success, gateway is again to the rank of transmitting terminal and receiving terminal
Judged, the module level highest in acquiescence drive system CAN, the module level in bodywork system CAN is taken second place, entertainment systems
Module level in CAN is minimum, if transmitting terminal and receiving terminal are not the module in entertainment systems CAN, gateway will open both sides
Data exchange channel, otherwise will by in-car alarm remind user,
Step 2:The data of transmission are encrypted in transmitting terminal, and the effective ways for lifting communications security are exactly that data are transmitted across
Journey is encrypted, and encryption method universal at present has symmetric cryptography and asymmetric encryption, and in symmetric encryption system, encryption is conciliate
It is close using identical key because encryption and decryption key is identical, it is necessary to both sides' selection of communication and preserve their common keys, respectively
Fang Bixu, which trusts other side, to divulge a secret away key, the confidentiality and integrity of data can be thus realized, asymmetric
In encryption system, encryption and decryption are relatively independent, and encryption conciliates secret meeting and uses two different keys, and encryption key is to public affairs
Crowd is open, and decruption key only has decryption side to know, symmetric encipherment algorithm processing is simple, and encryption/decryption speed is fast, and key is shorter;It is non-right
Title Encryption Algorithm encryption/decryption speed is slow, and keys sizes are big, and the symmetric key SYK of symmetric cryptography is stored in a gateway, in step
Transmitting terminal and receiving terminal have been sent in rapid 1, it is assumed that transmitting terminal needs to send message M, and encrypted message is C, transmission process
It is as follows:
Step 3:The data of reception are decrypted in receiving terminal, and receiving terminal docks received ciphertext C using symmetric key SYK and carries out
Decryption, receive process are as follows:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710079849.6A CN106850230B (en) | 2017-02-15 | 2017-02-15 | A kind of data safety exchange method based on CAN network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710079849.6A CN106850230B (en) | 2017-02-15 | 2017-02-15 | A kind of data safety exchange method based on CAN network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106850230A CN106850230A (en) | 2017-06-13 |
CN106850230B true CN106850230B (en) | 2018-04-17 |
Family
ID=59128809
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710079849.6A Active CN106850230B (en) | 2017-02-15 | 2017-02-15 | A kind of data safety exchange method based on CAN network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106850230B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109117313B (en) * | 2018-08-28 | 2022-03-18 | 成都信息工程大学 | Vehicle intelligent security gateway with disaster isolation backup management and control mechanism and management and control method |
TWI674778B (en) * | 2018-11-01 | 2019-10-11 | 財團法人資訊工業策進會 | Vehicle information security monitoring apparatus |
CN110138642B (en) * | 2019-04-15 | 2021-09-07 | 深圳市纽创信安科技开发有限公司 | CAN bus-based secure communication method and system |
CN110198314A (en) * | 2019-05-28 | 2019-09-03 | 中山安信通机器人制造有限公司 | Method, computer installation and the computer readable storage medium that the data transmitted in a kind of couple of on-vehicle machines people are encrypted |
CN110913004A (en) * | 2019-11-28 | 2020-03-24 | 乌鲁木齐明华智能电子科技有限公司 | Data security exchange method based on cloud platform |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202093389U (en) * | 2011-06-15 | 2011-12-28 | 厦门汉纳森汽车电子有限公司 | Intelligent bus control system for vehicle |
CN102658801A (en) * | 2012-04-28 | 2012-09-12 | 浙江吉利汽车研究院有限公司杭州分公司 | Controller area network (CAN) system network management method for new energy vehicle |
CN104767618A (en) * | 2015-04-03 | 2015-07-08 | 清华大学 | CAN bus authentication method and system based on broadcasting |
CN105893844A (en) * | 2015-10-20 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Method and device for sending messages of vehicle bus networks |
CN106027244A (en) * | 2016-07-22 | 2016-10-12 | 北京航空航天大学 | Integrated distributed electric automobile controller secure communication method and system |
CN106357681A (en) * | 2016-11-02 | 2017-01-25 | 合肥工业大学 | Security access and secret communication method of vehicle-mounted remote diagnostic services |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11165851B2 (en) * | 2015-06-29 | 2021-11-02 | Argus Cyber Security Ltd. | System and method for providing security to a communication network |
-
2017
- 2017-02-15 CN CN201710079849.6A patent/CN106850230B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202093389U (en) * | 2011-06-15 | 2011-12-28 | 厦门汉纳森汽车电子有限公司 | Intelligent bus control system for vehicle |
CN102658801A (en) * | 2012-04-28 | 2012-09-12 | 浙江吉利汽车研究院有限公司杭州分公司 | Controller area network (CAN) system network management method for new energy vehicle |
CN104767618A (en) * | 2015-04-03 | 2015-07-08 | 清华大学 | CAN bus authentication method and system based on broadcasting |
CN105893844A (en) * | 2015-10-20 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Method and device for sending messages of vehicle bus networks |
CN106027244A (en) * | 2016-07-22 | 2016-10-12 | 北京航空航天大学 | Integrated distributed electric automobile controller secure communication method and system |
CN106357681A (en) * | 2016-11-02 | 2017-01-25 | 合肥工业大学 | Security access and secret communication method of vehicle-mounted remote diagnostic services |
Also Published As
Publication number | Publication date |
---|---|
CN106850230A (en) | 2017-06-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106850230B (en) | A kind of data safety exchange method based on CAN network | |
CN107105060B (en) | Method for realizing information security of electric automobile | |
CN106330910B (en) | Strong secret protection double authentication method in car networking based on node identities and prestige | |
CN110535868A (en) | Data transmission method and system based on Hybrid Encryption algorithm | |
CN104683359B (en) | A kind of safe channel establishing method and its data guard method and escape way key update method | |
CN106603485A (en) | Secret key negotiation method and device | |
CN105635147A (en) | Vehicle-mounted-special-equipment-system-based secure data transmission method and system | |
CN110020524B (en) | Bidirectional authentication method based on smart card | |
CN112636923B (en) | Engineering machinery CAN equipment identity authentication method and system | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN102984196B (en) | A kind of car-mounted terminal of vehicle authentication of identity-based certification | |
CN107017997A (en) | A kind of auth method, reader and label | |
KR101481403B1 (en) | Data certification and acquisition method for vehicle | |
CN113452764B (en) | SM 9-based vehicle networking V2I bidirectional authentication method | |
CN108933665B (en) | Method for applying lightweight V2I group communication authentication protocol in VANETs | |
CN109639438A (en) | A kind of SCADA network industries information ciphering method based on digital signature | |
CN113207322B (en) | Communication method and communication device | |
CN112491550A (en) | Mobile terminal equipment credibility authentication method and system based on Internet of vehicles | |
CN114599030A (en) | Vehicle, remote control method thereof, storage medium and terminal device | |
CN107896369A (en) | A kind of message efficient devolved authentication method based on mobile vehicle ad-hoc network | |
CN109379372B (en) | A kind of condition anonymous authentication method without certificate and signature towards VANET | |
CN103152326A (en) | Distributed authentication method and authentication system | |
CN113115309B (en) | Data processing method and device for Internet of vehicles, storage medium and electronic equipment | |
CN106911655A (en) | A kind of method of vehicle communication, car-mounted terminal and intelligent automobile | |
CN108600240A (en) | A kind of communication system and its communication means |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20211104 Address after: 017000 north of Tuanjie street and 40m west of Haoyang highway, Shagedu Town, Shagedu Economic Development Zone, Jungar banner, Ordos City, Inner Mongolia Autonomous Region Patentee after: Inner Mongolia Tiechen Intelligent Equipment Co.,Ltd. Address before: 100191 No. 37, Haidian District, Beijing, Xueyuan Road Patentee before: BEIHANG University |
|
TR01 | Transfer of patent right |