Method for handling transmission of fraudulent frames within in-vehicle network

US 10,137,862 B2
Filed: 01/11/2018
Issued: 11/27/2018
Est. Priority Date: 05/08/2014
Status: Active Grant

First Claim

Patent Images

1. An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), in an in-vehicle network, the anti-fraud method comprising:

receiving a data frame transmitted to the in-vehicle network, the data frame having added thereto a MAC;

generating a first MAC by using a MAC key and a value of a counter that counts a number of times the data frame is transmitted to the in-vehicle network;

performing verification that the data frame received has added thereto the first MAC;

incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined ID; and

executing, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined ID.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange, in an in-vehicle network, data frames, each having added thereto a message authentication code (MAC). The method includes generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted to the in-vehicle network. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined ID is executed.

7 Citations

View as Search Results

13 Claims

1. An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), in an in-vehicle network, the anti-fraud method comprising:
- receiving a data frame transmitted to the in-vehicle network, the data frame having added thereto a MAC;
  
  generating a first MAC by using a MAC key and a value of a counter that counts a number of times the data frame is transmitted to the in-vehicle network;
  
  performing verification that the data frame received has added thereto the first MAC;
  
  incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined ID; and
  
  executing, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined ID.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, whereinwhen the predetermined ID is identical to any of one or more IDs indicated in a predetermined fraudulent-ID list, the process associated in advance with the predetermined ID comprises adding the predetermined ID to the fraudulent-ID list.
  - 3. The method according to claim 1, whereinthe process associated in advance with the predetermined ID comprises transmitting a frame including information indicating that a fraudulent frame has been transmitted.
  - 4. The method according to claim 1, whereinthe process associated in advance with the predetermined ID comprises a control for imposing certain limitations on a function of a vehicle in which the in-vehicle network system is installed to bring the vehicle to a predetermined specific state.
  - 5. The method according to claim 4, whereinthe control comprises a control for limiting a speed of the vehicle to a certain speed or less.
  - 6. The method according to claim 4, whereinthe control comprises generating a predetermined frame for changing a state of the vehicle to the predetermined specific state, and transmitting the predetermined frame.
  - 7. The method according to claim 1, further comprising:
    - when an ID of a data frame that has started to be transmitted to the in-vehicle network is identical to any of one or more IDs indicated in a predetermined fraudulent-ID list, transmitting an error frame before the data frame that has started to be transmitted has completed being transmitted, whereinthe process associated in advance with the predetermined ID comprises adding the predetermined ID to the fraudulent-ID list.
  - 8. The method according to claim 1, whereinthe process associated in advance with the predetermined ID comprises recording log information indicating the predetermined ID on a recording medium.
  - 9. The method according to claim 1, whereineach of the plurality of electronic control units belonging to a group among a plurality of types of groups, andthe method further comprises executing, when the verification has failed, by each of the plurality of electronic control units, a process determined in advance in association with a group to which an electronic control unit belongs.
  - 10. The method according to claim 1, whereinan ID of a data frame that has started to be transmitted to the in-vehicle network belongs to a group among a plurality of types of groups, andthe method further comprises executing, when a number of times the verification has failed for a data frame including a predetermined ID belonging to a predetermined group exceeds a predetermined threshold, a process associated in advance with the predetermined group.
  - 11. The method according to claim 1, further comprising:
    - transmitting, to the in-vehicle network, a counter-reset frame indicating a request for resetting the counter in response to a failure of re-verification performed using a second MAC, the second MAC being generated using a MAC key before updating of the MAC key, when the verification has failed; and
      
      resetting the counter in response to transmission of the counter-reset frame.

12. An in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), in an in-vehicle network, the in-vehicle network system comprising:
- a first electronic control unit comprisingone or more memories; and
  
  circuitry configured to;
  
  generate a first MAC using a first MAC key and a value of a first counter that counts a number of times a data frame having added thereto a MAC has been transmitted to the in-vehicle network,add the first MAC to the data frame, andtransmit the data frame to the in-vehicle network; and
  
  a second electronic control unit comprisingone or more memories; and
  
  circuitry configured to;
  
  receive the data frame transmitted to the in-vehicle network,generate a second MAC by using a second MAC key and a value of a second counter that counts a number of times the data frame having added thereto a MAC has been received from the in-vehicle network,perform verification that the data frame received has added thereto the second MAC,increment a number of error occurrences when the verification has failed for the data frame received, the data frame including a predetermined ID, andexecute, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined ID.

13. An electronic control unit for performing communication in an in-vehicle network, the electronic control unit comprising:
- one or more memories; and
  
  circuitry configured to;
  
  receive a data frame from the in-vehicle network, the data frame having added thereto a MAC,generate a first message authentication code (MAC) using a MAC key and a value of a counter that counts a number of times the data frame has been received from the in-vehicle network,perform verification that the data frame received has added thereto the first MAC,increment a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined ID, andexecute, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Original Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Inventors
Haga, Tomoyuki, Matsushima, Hideki, Maeda, Manabu, Unagami, Yuji, Ujiie, Yoshihiro, Kishikawa, Takeshi
Primary Examiner(s)
Hunnings, Travis R

Application Number

US15/868,663
Publication Number

US 20180126954A1
Time in Patent Office

320 Days
Field of Search
US Class Current
CPC Class Codes

B60R 2325/108   Encryption

B60R 25/307   using data concerning maint...

H04L 2209/84   Vehicles

H04L 67/12   specially adapted for propr...

H04L 9/0891   Revocation or update of sec...

H04L 9/3242   involving keyed hash functi...

Method for handling transmission of fraudulent frames within in-vehicle network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for handling transmission of fraudulent frames within in-vehicle network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links