End-to-end communication security

US 10,009,325 B1
Filed: 12/07/2017
Issued: 06/26/2018
Est. Priority Date: 12/07/2017
Status: Active Grant

First Claim

Patent Images

1. A method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate, the method comprising:

determining, by a first ECU in the automotive vehicle, a fingerprint for the first ECU;

generating, by the first ECU, a plurality of cryptographic keys using the fingerprint as a seed value, the plurality of cryptographic keys including, at least, a public key and a corresponding private key for the first ECU and a communications table key for the first ECU;

performing a remote attestation process with a remote computer system to validate the first ECU;

in response to passing the remote attestation process, exchanging public cryptographic keys by the first ECU locally over the CANbus with other ECUs from among the plurality of ECUs in the automotive vehicle, wherein the CANbus in the automotive vehicle has a plurality of CANbus messages with corresponding CANbus message identifiers, wherein the first ECU exchanges public cryptographic keys with the other ECUs for each of the CANbus message identifiers for which the first ECU is programmed to either transmit or listen for corresponding CANbus messages on the CANbus, wherein the first ECU is programmed to generate a plurality of symmetric keys to use for communicating using the CANbus message identifiers for communication with the other ECUs using the private key for the first ECU and the public keys received from the other ECUs;

creating, by the first ECU, a communication table that includes entries for the plurality of CANbus messages, the entries in the communication table including the corresponding CANbus message identifiers and the public keys received from the other ECUs;

encrypting, by the first ECU, the communication table using the communications table key; and

storing, by the first ECU, the encrypted communication table locally on the first ECU.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle'"'"'s operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.

Citations

20 Claims

1. A method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate, the method comprising:
- determining, by a first ECU in the automotive vehicle, a fingerprint for the first ECU;
  
  generating, by the first ECU, a plurality of cryptographic keys using the fingerprint as a seed value, the plurality of cryptographic keys including, at least, a public key and a corresponding private key for the first ECU and a communications table key for the first ECU;
  
  performing a remote attestation process with a remote computer system to validate the first ECU;
  
  in response to passing the remote attestation process, exchanging public cryptographic keys by the first ECU locally over the CANbus with other ECUs from among the plurality of ECUs in the automotive vehicle, wherein the CANbus in the automotive vehicle has a plurality of CANbus messages with corresponding CANbus message identifiers, wherein the first ECU exchanges public cryptographic keys with the other ECUs for each of the CANbus message identifiers for which the first ECU is programmed to either transmit or listen for corresponding CANbus messages on the CANbus, wherein the first ECU is programmed to generate a plurality of symmetric keys to use for communicating using the CANbus message identifiers for communication with the other ECUs using the private key for the first ECU and the public keys received from the other ECUs;
  
  creating, by the first ECU, a communication table that includes entries for the plurality of CANbus messages, the entries in the communication table including the corresponding CANbus message identifiers and the public keys received from the other ECUs;
  
  encrypting, by the first ECU, the communication table using the communications table key; and
  
  storing, by the first ECU, the encrypted communication table locally on the first ECU.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, the method further comprising:
    - receiving, at the first ECU, an indication that the first ECU is currently operating within a safe environment;
      
      wherein the remote attestation, the public cryptograph key exchange, and the communication table creation, encryption, and storage are performed in response to receiving the indication that the first ECU is operating within a safe environment.
  - 3. The method of claim 1, the method further comprising:
    - deleting, by the first ECU, the plurality of cryptographic keys and the fingerprint after storing the encrypted communication table.
  - 4. The method of claim 3, the method further comprising:
    - during runtime and after deleting the plurality of cryptographic keys and the fingerprint, performing the following;
      
      determining, independent of the first fingerprint determination, the fingerprint for the first ECU;
      
      generating, independent of the first generation of the plurality of cryptographic keys, the plurality of cryptographic keys using the fingerprint as the seed value;
      
      decrypting the encrypted communication table using the communications table key from the plurality of cryptographic keys;
      
      generating the plurality of symmetric keys for each of the entries in the communication table using the private key for the first ECU and the public keys stored in the communication table;
      
      creating a plurality of symmetric key streams for communicating with each of the plurality of other ECUs using the plurality of symmetric keys; and
      
      securely transmitting and listening for encrypted CANbus messages over the CANbus with symmetric encryption using the plurality of symmetric key streams.
  - 5. The method of claim 4, wherein:
    - the plurality of cryptographic keys further include an authentication key,the encrypted communication table is signed using the authentication key, anddecrypting the encrypted communication table includes authenticating the communication table using the authentication key.
  - 6. The method of claim 5, wherein the encrypted communication table is signed using a hash-based message authentication code (HMAC) generated with the authentication key and the encrypted communication table.
  - 7. The method of claim 4, wherein the plurality of symmetric keys are generated using Diffie-Helman.
  - 8. The method of claim 4, further comprising:
    - deleting, by the first ECU, the plurality of cryptographic keys and the fingerprint after generating the plurality of symmetric keys.
  - 9. The method of claim 1, wherein the fingerprint is determined from one or more physically unclonable functions (PUFs) on the first ECU, wherein values for the one or more PUFs for the first ECU are independent of and different from values for PUFs on the other ECUs in the automotive vehicle.
  - 10. The method of claim 9, wherein at least one of the one or more PUFs is determined based on RAM or SRAM characteristics of the first ECU.
  - 11. The method of claim 9, wherein at least one of the one or more PUFs is determined based processor crystal characteristics of the first ECU.
  - 12. The method of claim 4, further comprising:
    - detecting, by the first ECU, one or more communication-related errors on the first ECU; and
      
      transmitting, by the first ECU, an alert to the remote computer system.
  - 13. The method of claim 12, wherein the one or more communication-related errors include the communication table being unsuccessfully decrypted or authenticated by the first ECU.
  - 14. The method of claim 12, wherein the one or more communication-related errors include an encrypted CANbus message from at least one of the other ECUs being unsuccessfully decrypted using a corresponding symmetric key for the corresponding CANbus message identifier, andthe method further comprising:
    - in response detecting the one or more communication-related errors, dropping the message by the first ECU.
  - 15. The method of claim 14, wherein unsuccessful decryption of an encrypted message includes one or more of:
    - a message structure being incorrect, a message field being incorrect, and a data structure in the message being incorrect.
  - 16. The method of claim 15, wherein the entries in the communication table include message formats for the plurality of CANbus messages, wherein the message formats are used to determine whether the message structure is incorrect, the message field is incorrect, and the data structure of the message is incorrect.
  - 17. The method of claim 1, wherein the remote attestation process comprises:
    - receiving, at the first ECU, a challenge request with regard to one or more segments of the first ECU'"'"'s firmware;
      
      generating, by the first ECU, hash values of the one or more segments; and
      
      transmitting, by the first ECU, the hash values to the remote computer system.
  - 18. The method of claim 1, wherein the entries in the communication table include the corresponding CANbus message identifiers and the public keys received from the other ECUs, and do not include the symmetric keys.
  - 19. The method of claim 1, the method further comprising:
    - determining, by the first ECU, that the first ECU is currently operating within a safe environment;
      
      wherein the remote attestation, the public cryptograph key exchange, and the communication table creation, encryption, and storage are performed in response to receiving the indication that the first ECU is operating within a safe environment.
  - 20. The method of claim 19, wherein the determination that the first ECU is currently operating within a safe environment is based on the first ECU being booted-up for the first time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Karamba Security Ltd.
Original Assignee
Karamba Security
Inventors
David, Tal Efraim Ben, Harel, Assaf, Dotan, Amiram, Barzilai, David, Mordechai, Eli
Primary Examiner(s)
Turchen, James R

Application Number

US15/835,451
Time in Patent Office

201 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/40   Bus networks

H04L 2012/40215   Controller Area Network CAN

H04L 2209/84   Vehicles

H04L 2463/061   applying further key deriva...

H04L 63/0442   wherein the sending and rec...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/166   at the transport layer

H04L 9/08   Key distribution or managem...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0866   involving user or device id...

H04L 9/0869   involving random numbers or...

H04L 9/16   the keys or algorithms bein...

H04L 9/3242   involving keyed hash functi...

H04L 9/3278   using physically unclonable...

H04W 12/03   Protecting confidentiality,...

H04W 12/041   Key generation or derivation

H04W 12/0471   Key exchange

H04W 4/44   for communication between v...

End-to-end communication security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

End-to-end communication security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links