Method for preventing electronic control unit from executing process based on malicious frame transmitted to bus

US 10,454,957 B2
Filed: 09/26/2016
Issued: 10/22/2019
Est. Priority Date: 04/03/2014
Status: Active Grant

First Claim

Patent Images

1. A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol, the method comprising:

determining, by an electronic controller of the plurality of electronic controllers, whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud;

transmitting, by the electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition;

recording, by the electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and

providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, whereinthe predetermined count represents a value at which a transition to a passive state specified in the CAN protocol in accordance with a rule for handling a transmission error counter is to occur, andin the providing, in a case where the number of times recorded for the ID exceeds the predetermined count, one of the electronic controllers that has transmitted a frame having the ID for which the number of times exceeds the predetermined count is determined to be a malicious electronic controller that does not transition to the passive state, and the notification notifies of a presence of the malicious electronic controller.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol includes determining whether or not content of a predetermined field in a transmitted frame meets a predetermined condition indicating fraud, transmitting an error frame before an end of the frame is transmitted in a case where it is determined that the frame meets the predetermined condition, recording a number of times the error frame is transmitted, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted, and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count.

Citations

12 Claims

1. A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol, the method comprising:
- determining, by an electronic controller of the plurality of electronic controllers, whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud;
  
  transmitting, by the electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition;
  
  recording, by the electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and
  
  providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, whereinthe predetermined count represents a value at which a transition to a passive state specified in the CAN protocol in accordance with a rule for handling a transmission error counter is to occur, andin the providing, in a case where the number of times recorded for the ID exceeds the predetermined count, one of the electronic controllers that has transmitted a frame having the ID for which the number of times exceeds the predetermined count is determined to be a malicious electronic controller that does not transition to the passive state, and the notification notifies of a presence of the malicious electronic controller.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, whereinin the transmitting, transmission of the error frame is performed before an end of a Cyclic Redundancy Check sequence in the frame is transmitted.
  - 3. The method according to claim 1, whereinthe predetermined field comprises the ID field, andin the determining, an ID represented by the content of the predetermined field is compared with one or more IDs indicated by predetermined ID-list information to perform a determination of whether or not the predetermined condition is met.
  - 4. The method according to claim 1, whereinthe predetermined field comprises a control field, andin the determining, a determination of whether or not a data length represented by the content of the predetermined field is included in a predetermined range is performed to determine whether or not the content meets the predetermined condition.
  - 5. The method according to claim 1, whereinthe predetermined field comprises a data field, andin the determining, the predetermined condition includes the frame, which has started to be transmitted, being a data frame.
  - 6. The method according to claim 5, whereinin the determining, a determination of whether or not a data value representing the content of the predetermined field is included in a predetermined range is performed to determine whether or not the content meets the predetermined condition.
  - 7. The method according to claim 5, whereinin the determining, a message authentication code in the content of the predetermined field is verified by using a predetermined verification process procedure, and the content is determined to meet the predetermined condition in a case where a verification has failed.

8. A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol, the method comprising:
- determining, by an electronic controller of the plurality of electronic controllers, whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud;
  
  transmitting, by the electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition;
  
  recording, by the electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and
  
  providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, whereinthe predetermined field comprises a data field,in the determining, the predetermined condition includes the frame, which has started to be transmitted, being a data frame,in the determining, a message authentication code in the content of the predetermined field is verified by using a predetermined verification process procedure, and the content is determined to meet the predetermined condition in a case where a verification has failed,in a case where the data frame is transmitted by an authorized electronic controller, the data field includes a message authentication code determined in accordance with a variable that changes each time the data frame is transmitted, andin the determining, the content is determined to meet the predetermined condition in a case where the message authentication code in the content of the predetermined field does not reflect the variable that changes each time the data frame is transmitted.

9. A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol, the method comprising:
- determining, by an electronic controller of the plurality of electronic controllers, whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud;
  
  transmitting, by the electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition;
  
  recording, by the electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and
  
  providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, whereinthe predetermined field comprises a data field,in the determining, the predetermined condition includes the frame, which has started to be transmitted, being a data frame,in the determining, a message authentication code in the content of the predetermined field is verified by using a predetermined verification process procedure, and the content is determined to meet the predetermined condition in a case where a verification has failed,in a case where the data frame is transmitted by an authorized electronic controller that includes a message authentication code key, the data field includes a message authentication code generated by using the message authentication code key, andin the determining, a verification of the message authentication code in the content of the predetermined field is performed by using a key corresponding to the message authentication code key.

10. A fraud-detection electronic controller for connection to a bus that a plurality of electronic controllers which communicate with each other in accordance with a Controller Area Network (CAN) protocol use for communication, the fraud-detection electronic controller comprising:
- one or more memories; and
  
  circuitry which, in operation, performs operations including;
  
  receiving a frame which has started to be transmitted;
  
  determining whether or not content of a predetermined field in the frame meets a predetermined condition indicating fraud;
  
  transmitting an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition;
  
  recording a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and
  
  providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, whereinthe predetermined count represents a value at which a transition to a passive state specified in the CAN protocol in accordance with a rule for handling a transmission error counter is to occur, andin the providing, in a case where the number of times recorded for the ID exceeds the predetermined count, one of the electronic controllers that has transmitted a frame having the ID for which the number of times exceeds the predetermined count is determined to be a malicious electronic controller that does not transition to the passive state, and the notification notifies of a presence of the malicious electronic controller.

11. A network communication system, comprising:
- a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol; and
  
  a fraud-detection electronic controller connected to the bus,wherein the fraud-detection electronic controller comprises;
  
  one or more memories; and
  
  circuitry which, in operation, performs operations including;
  
  receiving, by the fraud-detection electronic controller, a frame which has started to be transmitted;
  
  determining, by the fraud-detection electronic controller, whether or not content of a predetermined field in the frame meets a predetermined condition indicating fraud;
  
  transmitting, by the fraud-detection electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition;
  
  recording, by the fraud-detection electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and
  
  providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, whereinthe predetermined count represents a value at which a transition to a passive state specified in the CAN protocol in accordance with a rule for handling a transmission error counter is to occur, andin the providing, in a case where the number of times recorded for the ID exceeds the predetermined count, one of the electronic controllers that has transmitted a frame having the ID for which the number of times exceeds the predetermined count is determined to be a malicious electronic controller that does not transition to the passive state, and the notification notifies of a presence of the malicious electronic controller.
- View Dependent Claims (12)
- - 12. The network communication system according to claim 11, whereina plurality of buses is used for communication by the plurality of electronic controllers,the network communication system further comprises:
    - a gateway device having a function of transferring a frame between the plurality of buses; and
      
      a plurality of fraud-detection electronic controllers each connected to a different bus,the predetermined field comprises the ID field,in the determining, an ID represented by the content of the predetermined field is compared with one or more IDs indicated by predetermined ID-list information to perform a determination of whether or not the predetermined condition is met, andthe ID-list information is different for each of the plurality of fraud-detection electronic controllers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Original Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Inventors
Ujiie, Yoshihiro, Matsushima, Hideki, Haga, Tomoyuki, Maeda, Manabu, Unagami, Yuji, Kishikawa, Takeshi
Primary Examiner(s)
Pwu, Jeffrey C
Assistant Examiner(s)
Truong, Thong P

Application Number

US15/275,860
Publication Number

US 20170013006A1
Time in Patent Office

1,121 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/40   Bus networks

H04L 12/40006   Architecture of a communica...

H04L 12/6418   Hybrid transport

H04L 2012/40215   Controller Area Network CAN

H04L 2012/40273   the transportation system b...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

Method for preventing electronic control unit from executing process based on malicious frame transmitted to bus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method for preventing electronic control unit from executing process based on malicious frame transmitted to bus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links