CN111460477B - ECU security authentication method and device - Google Patents

ECU security authentication method and device Download PDF

Info

Publication number
CN111460477B
CN111460477B CN202010238122.XA CN202010238122A CN111460477B CN 111460477 B CN111460477 B CN 111460477B CN 202010238122 A CN202010238122 A CN 202010238122A CN 111460477 B CN111460477 B CN 111460477B
Authority
CN
China
Prior art keywords
authentication
data
ecu
message
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010238122.XA
Other languages
Chinese (zh)
Other versions
CN111460477A (en
Inventor
林健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingwei Hirain Tech Co Ltd
Original Assignee
Beijing Jingwei Hirain Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingwei Hirain Tech Co Ltd filed Critical Beijing Jingwei Hirain Tech Co Ltd
Priority to CN202010238122.XA priority Critical patent/CN111460477B/en
Publication of CN111460477A publication Critical patent/CN111460477A/en
Application granted granted Critical
Publication of CN111460477B publication Critical patent/CN111460477B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Lock And Its Accessories (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention provides an ECU security authentication method and device, wherein the method comprises the steps of performing access authentication on external equipment after receiving a diagnosis operation request of the external equipment; after the access authentication is passed, the ECU is controlled to enter an authentication state; after the ECU enters the authentication state, whether the authentication maintaining message sent by the external equipment accords with maintaining conditions is also judged, the maintaining conditions comprise that the authentication maintaining message is not overtime and correct, if yes, the control ECU maintains the authentication state, and if not, the control ECU exits the authentication state. According to the ECU security authentication method provided by the invention, after the ECU enters the authentication state, the external equipment also needs to send the authentication maintenance message to the ECU, and if the authentication maintenance message sent by the external equipment is overtime or incorrect, the ECU can exit the authentication state, so that the risk of the ECU being attacked is reduced, and the security of the ECU is further improved.

Description

ECU security authentication method and device
Technical Field
The invention relates to the field of ECUs (Electronic Control Unit, electronic control units), in particular to an ECU security authentication method and device.
Background
For safety reasons, certain data, requests, of an ECU mounted in the vehicle may be restricted from access. The external device can access the ECU only after security authentication of the ECU. At present, a Seed and Key mode, namely a Seed and Key mode, is adopted for ECU security authentication. The implementation process of the Seed & Key scheme is shown in fig. 1:
1. The external device sends an authentication request to the ECU;
2. the ECU returns the seeds to the external equipment;
3. the external equipment calculates the seed by using the same algorithm stored in the ECU to obtain a secret key and sends the secret key to the ECU;
4. and the ECU calculates the seed according to the stored same algorithm to obtain a secret key, compares the secret key calculated by the ECU with the secret key sent by the external equipment, completes security authentication, and returns an authentication result.
The inventor finds that the problem that one authentication is always valid in the security authentication of the ECU. That is, when the ECU passes the authentication of the external device, the authentication valid state is maintained until the power is turned off or the external device is actively turned off. During connection of the external device to the ECU after authentication is passed, if the external device uses the relevant instructions, it is possible to maliciously modify the key data of the ECU or perform other high security level operations. Therefore, the conventional Seed & Key scheme is likely to cause cracking of ECU internal data.
Disclosure of Invention
In view of this, the present invention provides a method and a device for authenticating security of an ECU, which are intended to reduce risk of an attack on the ECU and further improve security of the ECU.
In order to achieve the above object, the following solutions have been proposed:
In a first aspect, the present invention provides an ECU security authentication method, comprising:
after receiving a diagnosis operation request of external equipment, performing access authentication on the external equipment;
after the access authentication is passed, controlling the ECU to enter an authentication state;
after the ECU enters an authentication state, judging whether an authentication maintaining message sent by the external equipment accords with a maintaining condition, wherein the maintaining condition comprises that the authentication maintaining message is not overtime and correct, if yes, the control ECU maintains the authentication state, and if not, the control ECU exits the authentication state.
Optionally, the authenticating the external device includes:
receiving a request message sent by the external equipment, wherein the request message comprises a first random number;
generating a second random number and sending the second random number to the external device, and storing the first random number and the second random number;
receiving first authentication data sent by the external equipment;
encrypting first data to be encrypted to obtain second authentication data, wherein the first data to be encrypted comprises the first random number, first filling data and the second random number, and the ECU stores the first filling data;
And judging whether the first authentication data and the second authentication data are the same, if so, determining that the access authentication is successful, and if not, determining that the access authentication is failed.
Optionally, after determining that the first authentication data is the same as the second authentication data and before determining that the access authentication is successful, the method further includes:
encrypting second data to be encrypted to obtain third authentication data, wherein the second data to be encrypted comprises the first random number, second filling data and the second random number, and the ECU stores the second filling data;
the third authentication data is sent to the external equipment, so that after the external equipment receives the third authentication data, the second data to be encrypted is encrypted to obtain fourth authentication data, and whether the third authentication data is identical to the fourth authentication data or not is judged;
and after receiving an authentication result which is sent by the external equipment and indicates that the third authentication data is the same as the fourth authentication data, determining that the access authentication is successful.
Optionally, the authentication maintaining message includes an accumulated count value and an information abstract value;
judging whether the authentication maintaining message is correct or not, specifically comprising:
Encrypting third data to be encrypted to obtain a first intermediate data ciphertext, wherein the third data to be encrypted comprises the first random number, third filling data and the second random number, and the ECU stores the third filling data;
calculating to obtain an initial expected accumulated count value according to the first intermediate data ciphertext;
after the ECU enters an authentication state, when the authentication maintenance message is received for the first time, judging whether the difference value between the accumulated count value contained in the authentication maintenance message and the initial expected accumulated count value is smaller than a preset difference value threshold value, if not, determining that the authentication maintenance message is incorrect, and if so, encrypting fourth data to be encrypted to obtain a second intermediate data ciphertext, wherein the fourth data to be encrypted comprises the accumulated count value and fourth filling data;
calculating to obtain an expected information abstract value according to the second intermediate data ciphertext;
judging whether the information abstract value contained in the authentication maintaining message is the same as the expected information abstract value, if not, determining that the authentication maintaining message is incorrect, if so, determining that the authentication maintaining message is correct, summing the accumulated count value contained in the authentication maintaining message with a preset accumulated value, and taking the summed value as the expected accumulated count value of the authentication maintaining message received next time;
And after the ECU enters an authentication state, judging whether the difference value between the accumulated count value contained in the authentication maintaining message and the stored expected accumulated count value is smaller than a preset difference value threshold value or not when the authentication maintaining message is not received for the first time, if not, executing the step of determining that the authentication maintaining message is incorrect, and if so, executing the step of encrypting the fourth data to be encrypted to obtain a second intermediate data ciphertext.
Optionally, calculating to obtain an initial expected accumulated count value according to the first intermediate data ciphertext specifically includes:
splitting the first intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertexts included in each part to obtain a numerical value corresponding to each part;
combining the values corresponding to each portion to obtain the initial expected accumulated count value.
Optionally, calculating to obtain the expected information abstract value according to the second intermediate data ciphertext specifically includes:
splitting the second intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertexts included in each part to obtain a numerical value corresponding to each part;
And combining the numerical values corresponding to each part to obtain the expected information abstract value.
Optionally, determining whether the authentication maintenance message is overtime specifically includes:
and starting timing when the ECU enters an authentication state or receives the authentication maintaining message each time, if the authentication maintaining message is not received within a preset time, determining that the authentication maintaining message is overtime, otherwise, determining that the authentication maintaining message is not overtime.
Optionally, the ECU and the external device both generate random numbers and implement data encryption using a security chip.
In a second aspect, the present invention provides an ECU security authentication device including:
an access authentication unit, configured to perform access authentication on an external device after receiving a diagnostic operation request of the external device;
the first processing unit is used for controlling the ECU to enter an authentication state after the access authentication is passed;
the judging unit is used for judging whether the authentication maintaining message sent by the external equipment accords with maintaining conditions after the ECU enters an authentication state, wherein the maintaining conditions comprise that the authentication maintaining message is not overtime and correct, if so, the second processing unit is executed, and if not, the third processing unit is executed;
The second processing unit is used for controlling the ECU to maintain an authentication state;
and the third processing unit is used for controlling the ECU to exit the authentication state.
Optionally, the access authentication unit includes:
a request message receiving subunit, configured to receive a request message sent by the external device, where the request message includes a first random number;
a random number subunit, configured to generate a second random number and send the second random number to the external device, and store the first random number and the second random number;
a first authentication data receiving subunit, configured to receive first authentication data sent by the external device;
the second authentication data subunit is used for encrypting first data to be encrypted to obtain second authentication data, the first data to be encrypted comprises the first random number, first filling data and the second random number, and the ECU stores the first filling data;
the first judging subunit is used for judging whether the first authentication data and the second authentication data are the same, if so, executing the passing subunit, and if not, executing the rejecting subunit;
the pass subunit is configured to determine that the access authentication is successful;
And the rejecting subunit is used for determining that the access authentication fails.
Optionally, the access authentication unit further includes:
a third authentication data generating subunit, configured to encrypt, after the first judging subunit judges that the first authentication data is the same as the second authentication data and before executing the passing subunit, second data to be encrypted to obtain third authentication data, where the second data to be encrypted includes the first random number, second padding data, and the second random number, and the ECU stores the second padding data;
a third authentication data sending unit, configured to send the third authentication data to the external device, so that after the external device receives the third authentication data, encrypt the second data to be encrypted to obtain fourth authentication data, and determine whether the third authentication data is the same as the fourth authentication data;
and the second judging subunit is used for executing the passing subunit after receiving the authentication result which is sent by the external equipment and indicates that the third authentication data is the same as the fourth authentication data.
Optionally, the authentication maintaining message includes an accumulated count value and an information abstract value;
The judging unit specifically includes:
the first intermediate data ciphertext subunit is used for encrypting third data to be encrypted to obtain a first intermediate data ciphertext, the third data to be encrypted comprises the first random number, third filling data and the second random number, and the ECU stores the third filling data;
the initial expected accumulated count value subunit is used for calculating an initial expected accumulated count value according to the first intermediate data ciphertext;
the third judging subunit is configured to judge, when the ECU enters the authentication state and receives the authentication maintenance message for the first time, whether a difference value between the accumulated count value included in the authentication maintenance message and the initial expected accumulated count value is smaller than a preset difference value threshold, if not, execute the first determining subunit, and if yes, execute the second intermediate data ciphertext subunit;
the first determining subunit is configured to determine that the authentication maintenance message is incorrect;
the second intermediate data ciphertext subunit is configured to encrypt fourth to-be-encrypted data to obtain a second intermediate data ciphertext, where the fourth to-be-encrypted data includes the accumulated count value and fourth padding data;
The expected information abstract value subunit is used for calculating an expected information abstract value according to the second intermediate data ciphertext;
a fourth judging subunit, configured to judge whether the information summary value included in the authentication maintenance packet is the same as the expected information summary value, if not, execute the first determining subunit, and if yes, execute the second determining subunit;
the second determining subunit is configured to determine that the authentication maintaining message is correct, and sum the accumulated count value included in the authentication maintaining message with a preset accumulated value, and then use the sum as an expected accumulated count value of the authentication maintaining message received next time;
and a fifth judging subunit, configured to judge, when the ECU enters the authentication state and does not receive the authentication maintenance message for the first time, whether a difference between the accumulated count value included in the authentication maintenance message and the stored expected accumulated count value is smaller than a preset difference threshold, if not, execute the first determining subunit, and if yes, execute the second intermediate data ciphertext subunit.
Optionally, the initial expected accumulated count value subunit specifically includes:
The first splitting exclusive-or module is used for splitting the first intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertext included in each part to obtain a numerical value corresponding to each part;
and the first combination conversion module is used for combining the numerical values corresponding to each part to obtain the initial expected accumulated count value.
Optionally, the expected information summary value subunit specifically includes:
the second splitting exclusive-or module is used for splitting the second intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertext included in each part to obtain a numerical value corresponding to each part;
and the second combination conversion module is used for combining the numerical values corresponding to each part to obtain the expected information abstract value.
Optionally, the judging unit specifically includes:
and the overtime judging subunit is used for starting timing when the ECU enters an authentication state or receives the authentication maintaining message each time, determining that the authentication maintaining message overtime if the authentication maintaining message is not received within a preset time, and otherwise, determining that the authentication maintaining message is not overtime.
Optionally, the ECU and the external device both generate random numbers and implement data encryption using a security chip.
Compared with the prior art, the technical scheme of the invention has the following advantages:
the method comprises the steps of performing access authentication on external equipment after receiving a diagnosis operation request of the external equipment; after the access authentication is passed, the ECU is controlled to enter an authentication state; after the ECU enters the authentication state, whether the authentication maintaining message sent by the external equipment accords with maintaining conditions is also judged, the maintaining conditions comprise that the authentication maintaining message is not overtime and correct, if yes, the control ECU maintains the authentication state, and if not, the control ECU exits the authentication state. According to the ECU security authentication method provided by the invention, after the ECU enters the authentication state, the external equipment also needs to send the authentication maintenance message to the ECU, and if the authentication maintenance message sent by the external equipment is overtime or incorrect, the ECU can exit the authentication state, so that the risk of the ECU being attacked is reduced, and the security of the ECU is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an ECU security authentication method in the prior art;
fig. 2 is a flowchart of an ECU security authentication method provided in an embodiment of the present invention;
fig. 3 is a flowchart of a one-way authentication method of an ECU to an external device according to an embodiment of the present invention;
fig. 4 is a flowchart of a bidirectional authentication method for an ECU and an external device according to an embodiment of the present invention;
FIG. 5 is a flowchart of a method for detecting an authentication hold message according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an ECU security authentication device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 2 is a schematic diagram of an ECU security authentication method according to an embodiment of the present invention. The method comprises the following steps:
s21: a diagnostic operation request of an external device is received.
S22: and carrying out access authentication on the external equipment.
The access authentication to the external device may be one-way authentication of the external device by the ECU or two-way authentication of the ECU and the external device.
S23: after the access authentication of the external device is passed, the control ECU enters an authentication state.
After the ECU enters the authenticated state, the external device may perform diagnostic operations on the ECU, such as overwriting ECU data, accessing the protected memory area of the ECU, and the like.
S24: after the ECU enters the authentication state, judging whether an authentication maintaining message sent by the external equipment accords with maintaining conditions, wherein the maintaining conditions comprise that the authentication maintaining message is not overtime and correct, if yes, the control ECU maintains the authentication state, and if not, the control ECU exits the authentication state.
After the ECU exits the authentication state, the external device cannot perform diagnostic operations on the ECU. After the access authentication is successful, the external device also needs to periodically send an authentication maintaining message to the ECU so as to enable the ECU to maintain the authentication state. Judging whether the authentication maintaining message is overtime or not, specifically comprising: and starting timing when the ECU enters an authentication state or receives an authentication maintaining message every time, if the authentication maintaining message is not received within a preset time, determining that the authentication maintaining message is overtime, otherwise, determining that the authentication maintaining message is not overtime. If the authentication maintaining message is overtime, the control ECU exits the authentication state; if the authentication maintaining message is not overtime, judging whether the received authentication maintaining message is correct, if so, maintaining the authentication state by the control ECU, and if not, exiting the authentication state by the control ECU.
Fig. 3 is a one-way authentication process of an ECU to an external device according to an embodiment of the present invention. The one-way authentication comprises the following steps:
s31: and receiving a request message sent by external equipment, wherein the request message comprises a first random number.
The external device may generate the first random number using the security chip to improve the security of the algorithm. The security chip is used for generating true random numbers, storing keys, managing keys, encrypting and decrypting data and the like. The security chip includes a random number generator and a key management module. The security chip can integrate secret calculation commercial code methods of SM1, SM2, SM3, SM4 and the like, and simultaneously supports international common algorithms of 3DES, AES, RSA, ECDSA, SHA-1/256/384/512 and the like. The security chip is provided with a hardware module for generating random numbers and is used for generating true random numbers. The external device temporarily holds the first random number in the RAM of its MCU (Microcontroller Unit, micro control unit).
S32: and generating a second random number and sending the second random number to the external device, and storing the first random number and the second random number.
The ECU may also generate a second random number using the security chip to improve the security of the algorithm. The ECU saves the first random number and the second random number to the RAM of its MCU. In order to ensure that the access authentication of the ECU to the external equipment passes, the ECU and the external equipment can adopt the same security chip; or the secret keys and algorithms stored by the security chips adopted by the ECU and the external equipment are the same, and the random number generator meets the same specification, and the security chips of the ECU and the external equipment both store AES128bit secret keys for communication, and the random number generator meets the GMT0005-2012 randomness detection specification NIST.
S33: and receiving first authentication data sent by the external equipment.
In order to successfully access authentication, the external device needs to combine the first random number, the first filling data and the second random number together to generate first data to be encrypted, encrypt the first data to be encrypted to obtain first authentication data, and then send the first authentication data to the ECU. Illustratively, the first data to be encrypted may be: the first random number + 0x01 0x01 0x01 0x01 +the second random number 0x01 0x01 0x01 0x01 is the first padding data, and can be set in a customized manner for distinguishing the first padding data from other data to be encrypted.
S34: and encrypting the first data to be encrypted to obtain second authentication data.
The ECU also stores first filling data, and further encrypts the first data to be encrypted to obtain second authentication data.
S35: and judging whether the first authentication data and the second authentication data are the same, if so, determining that the access authentication of the external equipment is successful, and if not, determining that the access authentication of the external equipment is failed.
If the encryption algorithm and the first population data used by the external device and the ECU device are the same, the first authentication data and the second authentication data are also the same. The present invention determines whether the access authentication of the external device is successful based on the above. The authentication result may also be sent to the external device after determining whether the access authentication of the external device is successful.
Fig. 4 is a bidirectional authentication process of an ECU and an external device according to an embodiment of the present invention, compared with the unidirectional authentication process shown in fig. 3, after determining that the first authentication data is the same as the second authentication data, and before determining that the external device access authentication is successful, the method further includes the following steps:
s46: and encrypting the second data to be encrypted to obtain third authentication data.
The second data to be encrypted includes the first random number, the second padding data, and the second random number. The ECU also stores second fill data. Illustratively, the second data to be encrypted may be: the first random number + 0x02 0x02 0x02 0x02 +the second random number 0x02 0x02 0x02 0x02 is second padding data, and can be set in a self-defined manner for distinguishing the second padding data from other data to be encrypted.
S47: and sending the third authentication data to the external device.
In order to successfully access authentication, after receiving third authentication data sent by the ECU, the external device also needs to combine the first random number, the second filling data and the second random number to generate second data to be encrypted, encrypt the second data to be encrypted to obtain fourth authentication data, then judge whether the third authentication data is identical to the fourth authentication data, and send an authentication result representing the judgment result to the ECU. The external device completes authentication of the ECU by judging whether the third authentication data and the fourth authentication data are identical.
S48: and after receiving an authentication result which is sent by the external equipment and indicates that the third authentication data is the same as the fourth authentication data, determining that the access authentication of the external equipment is successful.
The authentication of the ECU to the external device is completed by executing steps S41 to S45. And the authentication of the external equipment to the ECU is completed by executing the steps S46-S48. Namely, the mutual authentication of the ECU and the external equipment is completed by executing the steps S41-S48.
In one embodiment, the authentication hold message includes an accumulated count value and a message digest value; the process of judging whether the authentication maintaining message is correct, as shown in fig. 5, specifically includes the following steps:
s51: and encrypting the third data to be encrypted to obtain a first intermediate data ciphertext.
The ECU stores third fill data. The third data to be encrypted includes the first random number, the third padding data, and the second random number. Illustratively, the third data to be encrypted may be: the first random number +0x03 0x03 0x03 0x03 +the second random number 0x03 0x03 0x03 0x03 is third padding data, and can be set in a self-defined manner for distinguishing the third padding data from other data to be encrypted.
S52: and calculating to obtain an initial expected accumulated count value according to the first intermediate data ciphertext.
Specifically, step S52 is executed, where the first intermediate data ciphertext is split into at least two parts, and an exclusive-or operation is performed on all the data ciphertexts included in each part, so as to obtain a value corresponding to each part; the values corresponding to each portion are combined to obtain an initial expected accumulated count value. In one embodiment, the first random number and the second random number are each 6 bytes. Thus, the third data to be encrypted is 16 bytes, and the obtained first intermediate data ciphertext is 16 bytes; the ciphertext of each byte of the first intermediate data ciphertext is RC_Crypto [0] -RC_Crypto [15].
The 16-byte first intermediate data ciphertext is divided into four parts: RC_Crypto [0], RC_Crypto [1], RC_Crypto [2], RC_Crypto [3]; RC_Crypto [4], RC_Crypto [5], RC_Crypto [6], RC_Crypto [7]; RC_Crypto [8], RC_Crypto [9], RC_Crypto [10], RC_Crypto [11]; RC_Crypto [12], RC_Crypto [13], RC_Crypto [14], RC_Crypto [15].
Exclusive OR operation is performed on all data ciphertexts of each part to obtain values RC [0], RC [1], RC [2] and RC [3] corresponding to each part. RC [0] = RC_Crypto [0] xor RC_Crypto [1]xor RC_Crypto[2] xor RC_Crypto [3]; RC [1] = RC_Crypto [4]xor RC_Crypto[5] xor RC_Crypto [6]xor RC_Crypto[7]; RC [2] = RC_Crypto [8] xor RC_Crypto [9]xor RC_Crypto[10] xor RC_Crypto [11]; RC [3] = RC_Crypto [12]xor RC_Crypto[13] xor RC_Crypto [14]xor RC_Crypto[15]. RC [0], RC [1], RC [2] and RC [3] are combined together to obtain an initial desired accumulated count value = RC [3] < < 24+RC [2] < < 16+RC [1] < < 8+RC [0]. For example, if RC [3] =0x88, RC [2] =0x66, RC [1] =0x44, RC [0] =0x22, then it is initially desirable to accumulate the count value=0x 88664422.
S53: after the ECU enters the authentication state, when the authentication maintaining message is received for the first time, it is determined whether the difference between the accumulated count value included in the authentication maintaining message and the initial expected accumulated count value is smaller than a preset difference threshold, if not, step S54 is executed, and if yes, step S55 is executed.
The difference between the accumulated count value contained in the authentication maintaining message and the initial expected accumulated count value is smaller than a preset difference threshold value, and is divided into two cases. The first is that the accumulated count value is equal to the initial expected accumulated count value; the second is that the accumulated count value is not equal to the initial expected accumulated count value, and the difference value between the accumulated count value and the initial expected accumulated count value is smaller than the preset difference value threshold.
And the external equipment normally sends an authentication maintaining message to the ECU every time, and when the ECU successfully receives the authentication maintaining message sent by the external equipment every time, the accumulated count value contained in the authentication maintaining message is equal to the initial expected accumulated count value. Considering the normal frame loss condition, if the accumulated count value contained in the authentication maintaining message is not equal to the initial expected accumulated count value, the authentication maintaining message is directly determined to be incorrect, and the authentication state is exited, so that abnormal disconnection of normally used external equipment is easily caused. Therefore, in order to improve the robustness of the authentication mode, a tolerable frame loss number, namely a preset difference threshold value is set; and determining that the authentication maintaining message is incorrect when the difference value between the accumulated count value contained in the authentication maintaining message and the initial expected accumulated count value is not smaller than a preset difference value threshold, and otherwise, carrying out subsequent judgment.
In order to ensure that the authentication state is maintained, the external device needs to calculate the accumulated count value in the same way as in steps S51 and S52 when it transmits the authentication hold message for the first time. And when the authentication maintaining message is transmitted each time later, the accumulated count value in the authentication maintaining message transmitted the previous time is summed with a preset accumulated value to be used as the accumulated count value in the authentication maintaining message to be transmitted this time. When the accumulated count value exceeds 0X FFFFFFFF, the count is re-counted from 0X 00000000.
S54: and determining that the authentication maintaining message is incorrect.
S55: and encrypting the fourth data to be encrypted to obtain a second intermediate data ciphertext.
The ECU stores fourth fill data. The fourth data to be encrypted includes the current accumulated count value and fourth padding data. Illustratively, the fourth data to be encrypted may be: the current accumulated count value +0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00,0x80 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 is the fourth padding data, and can be set in a self-defined manner for distinguishing from other data to be encrypted. The accumulated count value is four bytes.
S56: and calculating to obtain the expected information abstract value according to the second intermediate data ciphertext.
Specifically, step S56 is executed, where the second intermediate data ciphertext is split into at least two parts, and an exclusive-or operation is performed on all the data ciphertexts included in each two parts, so as to obtain a value corresponding to each part; the values corresponding to each portion are combined to obtain the desired information digest value. The fourth data to be encrypted is 16 bytes, the second intermediate data ciphertext is 16 bytes, and each byte ciphertext of the second intermediate data ciphertext is M0-M15.
The 16-byte second intermediate data ciphertext is divided into four parts: m < 0 >, M < 4 >, M < 8 >, M < 12 >; m1, M5, M9, M13; m2, M6, M10, M14; m3, M7, M11, M15.
And performing exclusive OR operation on all the data ciphertexts of each part to obtain numerical values MAC [0], MAC [1], MAC [2] and MAC [3] corresponding to each part. MAC [0] =M0 ] xor M [4] xor M [8] xor M [12]; MAC [1] = M [1] xor M [5] xor M [9] xor M [13]; MAC [2] =M2 ] xor M [6] xor M [10] xor M [14]; MAC [3] =M [3] xor M [7] xor M [11] xor M [15].
S57: and judging whether the information abstract value contained in the authentication maintaining message is the same as the expected information abstract value, if not, executing the step S54, and if so, executing the step S58.
In order to ensure that the authentication state is maintained, the external device needs to calculate the information digest value by the same method as steps S55 and S56 when transmitting the authentication maintaining message.
S58: and determining that the authentication maintaining message is correct, and taking the accumulated count value contained in the authentication maintaining message and the preset accumulated value as the expected accumulated count value of the authentication maintaining message received next time.
In order to ensure that the authentication state is maintained, the accumulation values preset by the ECU and the external device need to be equal. For example, the accumulation values preset by the ECU and the external device are each 1. When the accumulated count value included in the authentication maintaining message is equal to the initial expected accumulated count value or the expected accumulated count value in the ECU, the accumulated count value included in the authentication maintaining message in step S58 may be summed with a preset accumulated value to be used as the expected accumulated count value of the authentication maintaining message received next time, or may be replaced by the expected accumulated count value of the authentication maintaining message received next time after the initial expected accumulated count value or the expected accumulated count value in the ECU is summed with the preset accumulated value.
S59: after the ECU enters the authentication state, when the authentication maintaining message is not received for the first time, it is determined whether the difference between the accumulated count value included in the authentication maintaining message and the stored expected accumulated count value is smaller than a preset difference threshold, if not, step S54 is executed, and if yes, step S55 is executed.
For the foregoing method embodiments, for simplicity of explanation, the methodologies are shown as a series of acts, but one of ordinary skill in the art will appreciate that the present invention is not limited by the order of acts, as some steps may, in accordance with the present invention, occur in other orders or concurrently.
The following are examples of the apparatus of the present invention that may be used to perform the method embodiments of the present invention. For details not disclosed in the embodiments of the apparatus of the present invention, please refer to the embodiments of the method of the present invention.
Fig. 6 is a schematic diagram of an ECU security authentication device according to an embodiment of the present invention, which includes an access authentication unit, a first processing unit, a judgment unit, a second processing unit, and a third processing unit.
And the access authentication unit is used for carrying out access authentication on the external equipment after receiving the diagnosis operation request of the external equipment.
And the first processing unit is used for controlling the ECU to enter an authentication state after the access authentication is passed.
And the judging unit is used for judging whether the authentication maintaining message sent by the external equipment accords with maintaining conditions after the ECU enters the authentication state, wherein the maintaining conditions comprise that the authentication maintaining message is not overtime and correct, if so, the second processing unit is executed, and if not, the third processing unit is executed.
A second processing unit for controlling the ECU to maintain an authentication state;
and the third processing unit is used for controlling the ECU to exit the authentication state.
Optionally, the access authentication unit includes a request message receiving subunit, a random number subunit, a first authentication data receiving subunit, a second authentication data subunit, a first judging subunit, a passing subunit and a rejecting subunit.
The request message receiving subunit is configured to receive a request message sent by an external device, where the request message includes a first random number.
And the random number subunit is used for generating a second random number and sending the second random number to the external equipment, and storing the first random number and the second random number.
And the first authentication data receiving subunit is used for receiving the first authentication data sent by the external equipment.
And the second authentication data subunit is used for encrypting the first data to be encrypted to obtain second authentication data, the first data to be encrypted comprises a first random number, first filling data and a second random number, and the ECU stores the first filling data.
And the first judging subunit is used for judging whether the first authentication data and the second authentication data are the same, if so, executing the passing subunit, and if not, executing the rejecting subunit.
And the sub-unit is used for determining that the access authentication is successful.
And the rejecting subunit is used for determining the access authentication failure.
Optionally, the access authentication unit further includes a third authentication data generation subunit, a third authentication data sending unit, and a second judging subunit.
And the third authentication data generation subunit is used for encrypting the second data to be encrypted to obtain third authentication data after the first judgment subunit judges that the first authentication data is the same as the second authentication data and before the execution of the passing subunit, wherein the second data to be encrypted comprises a first random number, second filling data and a second random number, and the ECU stores the second filling data.
And the third authentication data sending unit is used for sending the third authentication data to the external equipment, so that the external equipment encrypts the second data to be encrypted to obtain fourth authentication data after receiving the third authentication data, and judges whether the third authentication data and the fourth authentication data are the same.
And the second judging subunit is used for executing the passing subunit after receiving the authentication result which is sent by the external equipment and indicates that the third authentication data is the same as the fourth authentication data.
Optionally, the authentication maintaining message includes an accumulated count value and an information abstract value; the judging unit specifically includes: the system comprises a first intermediate data ciphertext subunit, an initial expected accumulated count value subunit, a third judging subunit, a first determining subunit, a second intermediate data ciphertext subunit, an expected information abstract value subunit, a fourth judging subunit, a second determining subunit and a fifth judging subunit.
The first intermediate data ciphertext subunit is configured to encrypt third data to be encrypted to obtain a first intermediate data ciphertext, where the third data to be encrypted includes a first random number, third filling data and a second random number, and the ECU stores the third filling data.
And the initial expected accumulated count value subunit is used for calculating an initial expected accumulated count value according to the first intermediate data ciphertext.
And the third judging subunit is used for judging whether the difference value between the accumulated count value contained in the authentication maintaining message and the initial expected accumulated count value is smaller than a preset difference value threshold value or not when the ECU enters the authentication state and receives the authentication maintaining message for the first time, if not, executing the first determining subunit, and if so, executing the second intermediate data ciphertext subunit.
And the first determining subunit is used for determining that the authentication maintaining message is incorrect.
And the second intermediate data ciphertext subunit is used for encrypting fourth data to be encrypted to obtain a second intermediate data ciphertext, and the fourth data to be encrypted comprises an accumulated count value and fourth filling data.
And the expected information abstract value subunit is used for calculating an expected information abstract value according to the second intermediate data ciphertext.
And the fourth judging subunit is configured to judge whether the information digest value included in the authentication maintenance message is the same as the expected information digest value, if not, execute the first determining subunit, and if yes, execute the second determining subunit.
And the second determining subunit is used for determining that the authentication maintaining message is correct, and taking the sum of the accumulated count value contained in the authentication maintaining message and the preset accumulated value as the expected accumulated count value of the authentication maintaining message received next time.
And the fifth judging subunit is used for judging whether the difference value between the accumulated count value contained in the authentication maintaining message and the stored expected accumulated count value is smaller than a preset difference value threshold value or not when the ECU does not receive the authentication maintaining message for the first time after entering the authentication state, if not, executing the first determining subunit, and if so, executing the second intermediate data ciphertext subunit.
Optionally, the initial expected accumulated count value subunit specifically includes a first split exclusive-or module and a first combination conversion module.
The first splitting exclusive-or module is used for splitting the first intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertext included in each part to obtain a numerical value corresponding to each part.
And the first combination conversion module is used for combining the numerical values corresponding to each part to obtain an initial expected accumulated count value.
Optionally, the expected information summary value subunit specifically includes a second splitting exclusive-or module and a second combination conversion module.
And the second splitting exclusive-or module is used for splitting the second intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertext included in each part to obtain a numerical value corresponding to each part.
And the second combination conversion module is used for combining the numerical values corresponding to each part to obtain the expected information abstract value.
Optionally, the judging unit specifically includes: and the overtime judging subunit is used for starting timing when the ECU enters an authentication state or receives the authentication maintaining message every time, determining that the authentication maintaining message overtime if the authentication maintaining message is not received within a preset time, and otherwise, determining that the authentication maintaining message is not overtime.
Alternatively, both the ECU and the external device generate random numbers using the security chip and implement data encryption.
The apparatus embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, all embodiments are mainly described and are different from other embodiments, and the same similar parts between the embodiments are mutually referred to.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (8)

1. An ECU security authentication method, characterized by comprising:
after receiving a diagnosis operation request of external equipment, performing access authentication on the external equipment;
after the access authentication is passed, controlling the ECU to enter an authentication state;
after the ECU enters an authentication state, judging whether an authentication maintaining message sent by the external equipment accords with a maintaining condition, wherein the maintaining condition comprises that the authentication maintaining message is not overtime and correct, if so, the control ECU maintains the authentication state, and if not, the control ECU exits the authentication state;
the authentication maintaining message comprises an accumulated count value and an information abstract value, and the method comprises the steps of judging whether the authentication maintaining message is correct or not, and specifically comprises the following steps:
encrypting third data to be encrypted to obtain a first intermediate data ciphertext, wherein the third data to be encrypted comprises a first random number, third filling data and a second random number, and the ECU stores the third filling data;
splitting the first intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertexts included in each part to obtain a numerical value corresponding to each part;
combining the values corresponding to each part to obtain an initial expected accumulated count value;
After the ECU enters an authentication state, when the authentication maintenance message is received for the first time, judging whether the difference value between the accumulated count value contained in the authentication maintenance message and the initial expected accumulated count value is smaller than a preset difference value threshold value, if not, determining that the authentication maintenance message is incorrect, and if so, encrypting fourth data to be encrypted to obtain a second intermediate data ciphertext, wherein the fourth data to be encrypted comprises the accumulated count value and fourth filling data;
splitting the second intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertexts included in each part to obtain a numerical value corresponding to each part;
combining the values corresponding to each part to obtain a desired information abstract value;
judging whether the information abstract value contained in the authentication maintaining message is the same as the expected information abstract value, if not, determining that the authentication maintaining message is incorrect, if so, determining that the authentication maintaining message is correct, and summing the accumulated count value contained in the authentication maintaining message with a preset accumulated value to be used as the expected accumulated count value of the authentication maintaining message received next time.
2. The ECU security authentication method according to claim 1, characterized in that the access authentication of the external device includes:
receiving a request message sent by the external equipment, wherein the request message comprises a first random number;
generating a second random number and sending the second random number to the external device, and storing the first random number and the second random number;
receiving first authentication data sent by the external equipment;
encrypting first data to be encrypted to obtain second authentication data, wherein the first data to be encrypted comprises the first random number, first filling data and the second random number, and the ECU stores the first filling data;
and judging whether the first authentication data and the second authentication data are the same, if so, determining that the access authentication is successful, and if not, determining that the access authentication is failed.
3. The ECU security authentication method according to claim 2, characterized by further comprising, after determining that the first authentication data is the same as the second authentication data, and before determining that the access authentication is successful:
encrypting second data to be encrypted to obtain third authentication data, wherein the second data to be encrypted comprises the first random number, second filling data and the second random number, and the ECU stores the second filling data;
The third authentication data is sent to the external equipment, so that after the external equipment receives the third authentication data, the second data to be encrypted is encrypted to obtain fourth authentication data, and whether the third authentication data is identical to the fourth authentication data or not is judged;
and after receiving an authentication result which is sent by the external equipment and indicates that the third authentication data is the same as the fourth authentication data, determining that the access authentication is successful.
4. The ECU security authentication method according to claim 1, characterized by further comprising:
and after the ECU enters an authentication state, judging whether the difference value between the accumulated count value contained in the authentication maintaining message and the stored expected accumulated count value is smaller than a preset difference value threshold value or not when the authentication maintaining message is not received for the first time, if not, executing the step of determining that the authentication maintaining message is incorrect, and if so, executing the step of encrypting the fourth data to be encrypted to obtain a second intermediate data ciphertext.
5. The ECU security authentication method according to claim 1, wherein determining whether the authentication hold message is timeout specifically includes:
And starting timing when the ECU enters an authentication state or receives the authentication maintaining message each time, if the authentication maintaining message is not received within a preset time, determining that the authentication maintaining message is overtime, otherwise, determining that the authentication maintaining message is not overtime.
6. The ECU security authentication method according to any one of claims 1 to 5, wherein the ECU and the external device both generate random numbers and implement data encryption using a security chip.
7. An ECU security authentication device, characterized by comprising:
an access authentication unit, configured to perform access authentication on an external device after receiving a diagnostic operation request of the external device;
the first processing unit is used for controlling the ECU to enter an authentication state after the access authentication is passed;
the judging unit is used for judging whether the authentication maintaining message sent by the external equipment accords with maintaining conditions after the ECU enters an authentication state, wherein the maintaining conditions comprise that the authentication maintaining message is not overtime and correct, if so, the second processing unit is executed, and if not, the third processing unit is executed;
the second processing unit is used for controlling the ECU to maintain an authentication state;
The third processing unit is used for controlling the ECU to exit the authentication state;
the authentication maintaining message includes an accumulated count value and an information abstract value, and the judging unit judges whether the authentication maintaining message is correct or not, specifically including:
encrypting third data to be encrypted to obtain a first intermediate data ciphertext, wherein the third data to be encrypted comprises a first random number, third filling data and a second random number, and the ECU stores the third filling data;
splitting the first intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertexts included in each part to obtain a numerical value corresponding to each part;
combining the values corresponding to each part to obtain an initial expected accumulated count value;
after the ECU enters an authentication state, when the authentication maintenance message is received for the first time, judging whether the difference value between the accumulated count value contained in the authentication maintenance message and the initial expected accumulated count value is smaller than a preset difference value threshold value, if not, determining that the authentication maintenance message is incorrect, and if so, encrypting fourth data to be encrypted to obtain a second intermediate data ciphertext, wherein the fourth data to be encrypted comprises the accumulated count value and fourth filling data;
Splitting the second intermediate data ciphertext into at least two parts, and performing exclusive-or operation on all the data ciphertexts included in each part to obtain a numerical value corresponding to each part;
combining the values corresponding to each part to obtain a desired information abstract value;
judging whether the information abstract value contained in the authentication maintaining message is the same as the expected information abstract value, if not, determining that the authentication maintaining message is incorrect, if so, determining that the authentication maintaining message is correct, and summing the accumulated count value contained in the authentication maintaining message with a preset accumulated value to be used as the expected accumulated count value of the authentication maintaining message received next time.
8. The ECU security authentication device according to claim 7, wherein the access authentication unit includes:
a request message receiving subunit, configured to receive a request message sent by the external device, where the request message includes a first random number;
a random number subunit, configured to generate a second random number and send the second random number to the external device, and store the first random number and the second random number;
a first authentication data receiving subunit, configured to receive first authentication data sent by the external device;
The second authentication data subunit is used for encrypting first data to be encrypted to obtain second authentication data, the first data to be encrypted comprises the first random number, first filling data and the second random number, and the ECU stores the first filling data;
the first judging subunit is used for judging whether the first authentication data and the second authentication data are the same, if so, executing the passing subunit, and if not, executing the rejecting subunit;
the pass subunit is configured to determine that the access authentication is successful;
and the rejecting subunit is used for determining that the access authentication fails.
CN202010238122.XA 2020-03-30 2020-03-30 ECU security authentication method and device Active CN111460477B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010238122.XA CN111460477B (en) 2020-03-30 2020-03-30 ECU security authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010238122.XA CN111460477B (en) 2020-03-30 2020-03-30 ECU security authentication method and device

Publications (2)

Publication Number Publication Date
CN111460477A CN111460477A (en) 2020-07-28
CN111460477B true CN111460477B (en) 2023-08-11

Family

ID=71681524

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010238122.XA Active CN111460477B (en) 2020-03-30 2020-03-30 ECU security authentication method and device

Country Status (1)

Country Link
CN (1) CN111460477B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045333A (en) * 2010-06-29 2011-05-04 北京飞天诚信科技有限公司 Method for generating safety message process key

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102013101508A1 (en) * 2012-02-20 2013-08-22 Denso Corporation A data communication authentication system for a vehicle, a network coupling device for a vehicle, a data communication system for a vehicle, and a data communication device for a vehicle

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045333A (en) * 2010-06-29 2011-05-04 北京飞天诚信科技有限公司 Method for generating safety message process key

Also Published As

Publication number Publication date
CN111460477A (en) 2020-07-28

Similar Documents

Publication Publication Date Title
US20140301550A1 (en) Method for recognizing a manipulation of a sensor and/or sensor data of the sensor
US8526606B2 (en) On-demand secure key generation in a vehicle-to-vehicle communication network
US5297208A (en) Secure file transfer system and method
US8417936B2 (en) Node apparatus, method and storage medium
CN109218825B (en) Video encryption system
CN101448130B (en) Method, system and device for protecting data encryption in monitoring system
JP2013048374A (en) Protection communication method
CN110896387B (en) Data transmission method, battery management system and storage medium
EP3462747A1 (en) Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device
US11303453B2 (en) Method for securing communication without management of states
CN113114621B (en) Communication method for bus dispatching system and bus dispatching system
CN111614621A (en) Internet of things communication method and system
KR20150135032A (en) System and method for updating secret key using physical unclonable function
US12021999B2 (en) Devices and methods for the generating and authentication of at least one data packet to be transmitted in a bus system (BU), in particular of a motor vehicle
US8631491B2 (en) Replay attack protection with small state for use in secure group communication
US8793505B2 (en) Encryption processing apparatus
CN111460477B (en) ECU security authentication method and device
KR102523416B1 (en) Security Device providing Security function for image, Camera Device having the same and System on Chip controlling Camera Device
CN116055141A (en) Data security transmission method, system, device and storage medium
CN114448607A (en) Offline device security authentication system based on PUF technology and implementation method
KR20150109202A (en) Method and system for authenticating communication data of vehicle
CN110890959A (en) Account password changing method, system and device
CN112039663A (en) Data transmission method and system
KR20160038935A (en) Secure communication apparatus and method of distribute network protocol message
CN116684870B (en) Access authentication method, device and system of electric power 5G terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 4 / F, building 1, No.14 Jiuxianqiao Road, Chaoyang District, Beijing 100020

Applicant after: Beijing Jingwei Hirain Technologies Co.,Inc.

Address before: 8 / F, block B, No. 11, Anxiang Beili, Chaoyang District, Beijing 100101

Applicant before: Beijing Jingwei HiRain Technologies Co.,Ltd.

GR01 Patent grant
GR01 Patent grant