KR20170043778A - Vehicle Internal Network Security Method and System using OTP - Google Patents

Vehicle Internal Network Security Method and System using OTP Download PDF

Info

Publication number
KR20170043778A
KR20170043778A KR1020150143267A KR20150143267A KR20170043778A KR 20170043778 A KR20170043778 A KR 20170043778A KR 1020150143267 A KR1020150143267 A KR 1020150143267A KR 20150143267 A KR20150143267 A KR 20150143267A KR 20170043778 A KR20170043778 A KR 20170043778A
Authority
KR
South Korea
Prior art keywords
control unit
data
otp
authentication code
vehicle network
Prior art date
Application number
KR1020150143267A
Other languages
Korean (ko)
Other versions
KR101792341B1 (en
Inventor
신대교
임기택
윤상훈
정한균
진성근
Original Assignee
전자부품연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 전자부품연구원 filed Critical 전자부품연구원
Priority to KR1020150143267A priority Critical patent/KR101792341B1/en
Publication of KR20170043778A publication Critical patent/KR20170043778A/en
Application granted granted Critical
Publication of KR101792341B1 publication Critical patent/KR101792341B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

An intra-vehicle network security method and system using OTP are provided. A vehicle network according to an embodiment of the present invention includes a control unit for transmitting an authentication code generated by using a secret key to data, and an authentication unit for authenticating the control unit using the authentication code. Thus, the security function of the in-vehicle network is added, so that the risk and damage due to the hacking of the vehicle network can be prevented in advance.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an internal network security method and system using OTP,

The present invention relates to a vehicle network, and more particularly, to a method and system for securing an intra-vehicle network.

The existing in-vehicle network is vulnerable to hacking because there is no separate device or protocol for security.

With the explosive growth of IoT, attacks on security are expected to increase. In particular, hacking on automobiles is very serious, both economically and socially, and lethal. In fact, security for automobiles is helpless to try hacking from outside.

At the Hacker Conference in August 2013, Nintendo demonstrated a 2010 Toyota Prius and Ford escape hacking with its portable gaming console. Infected smartphone that downloaded malicious apps, and drove apps in the car through wireless communication network, causing acceleration, engine closure, RPM manipulation, steering control, and jitter during driving.

Tesla, an electric car maker, was hacked by a Chinese hacker in a day after declaring that he would pay $ 10,000 if he succeeded in hacking his car at the Electronic Device Security Conference on the 16th, 2014.

Accordingly, it is expected that damage to the car security can be generated by smart key hacking and CAN data hacking, and it is urgent to provide security technology to prevent this.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a method and a system for securing a vehicle internal network so as to be robust against hacking.

According to an aspect of the present invention, there is provided a vehicle network including a control unit for transmitting an authentication code generated by using a secret key to data, and transmitting the authentication code; And an authentication unit authenticating the control unit using the authentication code.

The authentication unit may instruct the destination control unit of the data to process the data when the control unit is determined to be an authenticated control unit.

The authentication unit may instruct the destination control unit of the data to discard the data if the control unit is determined to be an unauthenticated control unit.

The control unit generates the authentication code using a client implemented in hardware that generates the authentication code using at least one of time information and event information and the secret key, The authentication code can be verified using a hardware implemented server that generates the authentication code using at least one of the authentication information, the authentication information, the event information, and the secret key, and compares the authentication code with the authentication code received from the control unit.

Further, the control units constituting the vehicle network are assigned one of a plurality of security levels, and the control unit can be given a specific security level.

The control unit may determine a period in which the authentication code is added to the data to transmit the data according to the type of the security class.

The authentication unit may receive the identification information from the control unit and obtain the secret key from the server using the received identification information.

According to another aspect of the present invention, there is provided a security method for a vehicle network, comprising: transmitting, by a control unit constituting the vehicle network, an authentication code generated by using a secret key to data; And an authentication unit provided in the vehicle network, authenticating the control unit using the authentication code.

As described above, according to the embodiments of the present invention, the security function of the in-vehicle network is added, so that the risk and damage due to the hacking of the vehicle network can be prevented in advance.

In particular, according to embodiments of the present invention, security / authentication that is optimal for high-speed communication of the vehicle internal network can be performed, and differential and efficient operation can be performed according to the security level.

1 is a diagram illustrating an in-vehicle network according to an embodiment of the present invention;
2 is a diagram provided in the description of an OTP client,
3 is a detailed block diagram of an OTP client,
4 shows a message format in which OTP is added to the rear of CAN data which is vehicle network data,
5 is a detailed block diagram of an OTP server,
6 is a diagram schematically showing a procedure in which authentication for an ECU is performed,
7 is a diagram illustrating a process in which an OTP server and an OTP client share the same secret key.

In the embodiment of the present invention, a method of enhancing communication security between ECUs (Electronic Control Units) using OTP (One Time Password) is proposed.

To this end, the ECUs constituting the internal network of the vehicle are classified according to the security grade, and the ECUs included in the class requiring security are added with the OTP generated by the secret key of the ECUs to the rear end of the data.

Then, the security platform of the in-vehicle network generates an OTP using the secret key of the ECU which is possessed by the vehicle, compares the generated OTP with the OTP added to the data received from the ECU, and authenticates the ECU.

When it is determined that the data is generated / transmitted by an authenticated (validated or legitimate) ECU, the destination ECU performs an instruction / request operation through the data.

However, the data generated / transmitted by the unauthorized ECU is discarded, and the destination ECU does not perform the operation (hacking operation) for instructing / requesting through the data. Further, the security platform guides the user (driver) that an unauthenticated ECU is included in the vehicle internal network, and remotely alerts the manager (such as the AS center).

Hereinafter, the present invention will be described in detail with reference to the drawings.

1 is a diagram illustrating an in-vehicle network according to an exemplary embodiment of the present invention. An in-vehicle network according to an embodiment of the present invention includes a security platform 110 and a plurality of ECUs as shown in FIG.

Also, as shown in FIG. 1, the ECUs are classified according to the security level. Specifically, ECUs (eg, ECUs related to vehicle operation / control) that can significantly affect the safety of the driver are classified as "Security High" and 2) can affect the safety of the driver ECUs (eg, ECUs related to vehicle status monitoring) are classified as "Security Medium", and 3) ECUs not related to driver safety (such as ECUs for multimedia systems) "

The ECUs included in the "Security High" group 210 and the ECUs included in the "Security Medium" group 220 must add an OTP to the subsequent stage when transmitting data. Accordingly, the ECUs included in the groups 210 and 220 are added to the OTP client 200.

As shown in FIG. 2, the OTP client 200 is configured with hardware separate from the ECU. Hereinafter, the OTP client 200 will be described in detail with reference to FIG.

3 is a detailed block diagram of the OTP client 200. As shown in FIG. The OTP client 200 includes an OTP generation module 200a, a time timer 200b and an event counter 200c as shown in FIG. 3, and stores the secret key 200d.

The OTP generation module 200a receives the time information generated in the time timer 200b and the event information generated in the event counter 200c together with the secret key 200d to generate an OTP.

The ECU adds the OTP generated by the OTP generation module 200a to its rear end and transmits it. FIG. 4 shows a message format in which OTP is added to the rear of CAN data which is vehicle network data.

The ECUs can transmit data to the ECUs included in the same group as well as to the ECUs included in the same group. That is, as shown in FIG. 1, it is possible for the ECU 211 included in the "Security High" group 210 to transmit data to the ECU 221 included in the "Security Medium" group 220.

The OTP server 100 of the security platform 110 performs an authentication procedure for data transmitted from the ECU included in the groups 210 and 220 requiring security so that the data generated / transmitted by the authenticated ECU Or not.

Hereinafter, the OTP server 100 will be described in detail with reference to FIG. 5 is a detailed block diagram of the OTP server 100. As shown in FIG. 5, the OTP server 100 includes an OTP generation module 100a, a time timer 100b, an event counter 100c, and an OTP comparator 100e. The OTP server 100 includes a secret key table 100d .

The OTP generation module 100a generates the OTP using the secret information stored in the secret key table 100d together with the time information generated in the time timer 100b and the event information generated in the event counter 100c. The secret key used is the secret key of the ECU to be authenticated among the secret keys stored in the secret key table 100d.

The OTP comparator 100e compares the OTP generated by the OTP generation module 100a with the OTP added to the data received from the ECU, and performs an ECU authentication procedure. FIG. 6 schematically shows a procedure in which the authentication of the ECU is performed by the OTP server 100 of the security platform 110.

If the OTP is found to be the same by the OTP comparator 100e, the security platform 110 treats the data generation / transmission from the authenticated ECU as being made, and commands the destination ECU to process the data.

However, if the OTP is determined to be different by the OTP comparator 100e, the security platform 110 treats the data generation / transmission from the unauthenticated ECU as being made and instructs the destination ECU to discard the data and discard it . In addition, the security platform 110 notifies the user (driver) to stop the operation by generating an alarm, and remotely notifies the manager (remote AS center) of the hacking.

Although it has been assumed that the OTP server 100 and the OTP client 200 use time information and event information for OTP generation, they are merely illustrative. That is, it is possible not only to generate the OTP using only one of the time information and the event information, but also to use other information.

Hereinafter, a process in which the OTP server 100 and the OTP client 200 share the same secret key will be described in detail with reference to FIG. The OTP server 100 of the security platform 110 receives the same secret key as the OTP client 200 attached to / connected to the ECU 211 in the situation where the ECU 211 is incorporated in the vehicle network due to addition / .

7, when the ECU 211 newly incorporated into the vehicle network is determined to be an ECU to be included in the "Security High" group 210 or the "Security Medium" group 220, the security platform 110, (Serial Number) to the ECU 211. The ECU 211 receives the S / N (Serial Number).

Then, the security platform 110 requests the secret key while transmitting the S / N received from the ECU 211 to the key issuing server 300. The key issuing server 300 matches and holds the secret keys of authenticated (genuine) ECUs with S / Ns.

Accordingly, the key issuing server 300 transmits the secret key matched with the S / N received from the security platform 110 to the security platform 110, and the security platform 110 transmits the received secret key to the OTP server 100).

The communication between the key issuing server 300 and the security platform 110 is performed through a security-enabled network.

The above procedure applies only when the ECU has been added / replaced after the vehicle has been shipped. At the time of shipment of the vehicle, the secret keys for each of the ECUs mounted on the vehicle are stored in the OTP server 100.

Up to now, a detailed description has been made of a preferred embodiment of intra-vehicle network security using OTP.

The OTP is an example of the authentication code generated using the secret key. Therefore, the OTP can be replaced with other kinds of secret key based authentication codes. Compared with the public key & private key method, the secret key type encryption is simple because the algorithm is simple, and the client and the server can be implemented in hardware.

On the other hand, the OTP addition by the ECUs is most preferably performed for all data, but may be performed periodically to reduce the overhead. At this time, the addition period can be determined according to the security level. For example, an ECU with a high security level can add an OTP to every 10 data, and an ECU with a medium security level can add an OTP to every 100 data.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the present invention.

100: OTP server
200: OTP client
110: Security Platform
211, 212, 221: ECU
300: key issuing server

Claims (8)

In a vehicle network,
A control unit for adding and transmitting an authentication code generated by using a secret key to data; And
And an authentication unit for authenticating the control unit using the authentication code.
The method according to claim 1,
Wherein,
And instructs the destination control unit of the data to process the data if the control unit is found to be an authenticated control unit.
The method of claim 2,
Wherein,
And instructs the destination control unit of the data to discard the data if the control unit is determined to be an unauthenticated control unit.
The method according to claim 1,
The control unit includes:
Generating the authentication code using at least one of time information and event information and a client implemented in hardware that generates the authentication code using the secret key,
Wherein,
The authentication code is generated using at least one of the time information and the event information and the secret key and is compared with the authentication code received from the control unit to verify the authentication code using a hardware implemented server .
The method according to claim 1,
The control units constituting the vehicle network are assigned one of a plurality of security levels,
Wherein the control unit is assigned a specific security level.
The method of claim 5,
The control unit includes:
Wherein the period for transmitting the data by adding the authentication code to the data is determined according to the type of the security class.
The method according to claim 1,
Wherein,
Receives the identification information from the control unit, and obtains the secret key from the server using the received identification information.
A method for securing a vehicle network,
The control unit constituting the vehicle network adding the authentication code generated by using the secret key to the data and transmitting the authentication code; And
And authenticating the control unit using the authentication code, wherein the authentication unit is provided in the vehicle network.
KR1020150143267A 2015-10-14 2015-10-14 Vehicle Internal Network Security Method and System using OTP KR101792341B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150143267A KR101792341B1 (en) 2015-10-14 2015-10-14 Vehicle Internal Network Security Method and System using OTP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150143267A KR101792341B1 (en) 2015-10-14 2015-10-14 Vehicle Internal Network Security Method and System using OTP

Publications (2)

Publication Number Publication Date
KR20170043778A true KR20170043778A (en) 2017-04-24
KR101792341B1 KR101792341B1 (en) 2017-11-01

Family

ID=58704329

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150143267A KR101792341B1 (en) 2015-10-14 2015-10-14 Vehicle Internal Network Security Method and System using OTP

Country Status (1)

Country Link
KR (1) KR101792341B1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101965613B1 (en) * 2017-10-26 2019-04-05 주식회사 미래테크놀로지 Shared Automobile Control Method Using Split Type OTP
US10507795B1 (en) 2018-08-06 2019-12-17 Ford Global Technologies, Llc Vehicle-based password
WO2020139400A1 (en) * 2018-12-27 2020-07-02 Didi Research America, Llc Trusted platform protection in an autonomous vehicle
WO2020139399A1 (en) * 2018-12-27 2020-07-02 Didi Research America, Llc Repair management system for autonomous vehicle in a trusted platform

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101965613B1 (en) * 2017-10-26 2019-04-05 주식회사 미래테크놀로지 Shared Automobile Control Method Using Split Type OTP
US10507795B1 (en) 2018-08-06 2019-12-17 Ford Global Technologies, Llc Vehicle-based password
WO2020139400A1 (en) * 2018-12-27 2020-07-02 Didi Research America, Llc Trusted platform protection in an autonomous vehicle
WO2020139399A1 (en) * 2018-12-27 2020-07-02 Didi Research America, Llc Repair management system for autonomous vehicle in a trusted platform
US11290437B2 (en) 2018-12-27 2022-03-29 Beijing Voyager Technology Co., Ltd. Trusted platform protection in an autonomous vehicle
US11888833B2 (en) 2018-12-27 2024-01-30 Beijing Voyager Technology Co., Ltd. Trusted platform protection in an autonomous vehicle

Also Published As

Publication number Publication date
KR101792341B1 (en) 2017-11-01

Similar Documents

Publication Publication Date Title
CN106533655B (en) Method for safe communication of ECU (electronic control Unit) in vehicle interior network
CN106101111B (en) Vehicle electronics safe communication system and communication means
US9460567B2 (en) Establishing secure communication for vehicle diagnostic data
US9015489B2 (en) Securing passwords against dictionary attacks
EP2887576B1 (en) Software key updating method and device
CN106257861B (en) By control equipment come the authentication method and its system with auto communication
US20120155636A1 (en) On-Demand Secure Key Generation
US11757911B2 (en) Method and system for providing security on in-vehicle network
CN105635147A (en) Vehicle-mounted-special-equipment-system-based secure data transmission method and system
KR101792341B1 (en) Vehicle Internal Network Security Method and System using OTP
CN107733636B (en) Authentication method and authentication system
CN115396121B (en) Security authentication method for security chip OTA data packet and security chip device
CN112396735B (en) Internet automobile digital key safety authentication method and device
CN105743638A (en) System client authorization authentication method based on B/S framework
CN105187442A (en) Vehicle authorization method, device, vehicle-mounted terminal, terminal and system
GB2516939A (en) Access authorisation system and secure data communications system
CN109711218B (en) Lightweight RFID (radio frequency identification device) rapid authentication method
CN106027473A (en) Identity card reading terminal and cloud authentication platform data transmission method and system
CN111740825A (en) CAN bus multi-network node authentication method and system
CN113839782B (en) Light-weight safe communication method for CAN (controller area network) bus in vehicle based on PUF (physical unclonable function)
CN103152326A (en) Distributed authentication method and authentication system
US9485229B2 (en) Object level encryption system including encryption key management system
US9038143B2 (en) Method and system for network access control
CN117439740A (en) In-vehicle network identity authentication and key negotiation method, system and terminal
CN111274570A (en) Encryption authentication method and device, server, readable storage medium and air conditioner

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)
GRNT Written decision to grant