Method for preventing electronic control unit from executing process based on malicious frame transmitted to bus
First Claim
1. A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol, the method comprising:
- determining, by an electronic controller of the plurality of electronic controllers, whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud;
transmitting, by the electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition;
recording, by the electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and
providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, whereinthe predetermined count represents a value at which a transition to a passive state specified in the CAN protocol in accordance with a rule for handling a transmission error counter is to occur, andin the providing, in a case where the number of times recorded for the ID exceeds the predetermined count, one of the electronic controllers that has transmitted a frame having the ID for which the number of times exceeds the predetermined count is determined to be a malicious electronic controller that does not transition to the passive state, and the notification notifies of a presence of the malicious electronic controller.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol includes determining whether or not content of a predetermined field in a transmitted frame meets a predetermined condition indicating fraud, transmitting an error frame before an end of the frame is transmitted in a case where it is determined that the frame meets the predetermined condition, recording a number of times the error frame is transmitted, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted, and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count.
-
Citations
12 Claims
-
1. A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol, the method comprising:
-
determining, by an electronic controller of the plurality of electronic controllers, whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud; transmitting, by the electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition; recording, by the electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, wherein the predetermined count represents a value at which a transition to a passive state specified in the CAN protocol in accordance with a rule for handling a transmission error counter is to occur, and in the providing, in a case where the number of times recorded for the ID exceeds the predetermined count, one of the electronic controllers that has transmitted a frame having the ID for which the number of times exceeds the predetermined count is determined to be a malicious electronic controller that does not transition to the passive state, and the notification notifies of a presence of the malicious electronic controller. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol, the method comprising:
-
determining, by an electronic controller of the plurality of electronic controllers, whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud; transmitting, by the electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition; recording, by the electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, wherein the predetermined field comprises a data field, in the determining, the predetermined condition includes the frame, which has started to be transmitted, being a data frame, in the determining, a message authentication code in the content of the predetermined field is verified by using a predetermined verification process procedure, and the content is determined to meet the predetermined condition in a case where a verification has failed, in a case where the data frame is transmitted by an authorized electronic controller, the data field includes a message authentication code determined in accordance with a variable that changes each time the data frame is transmitted, and in the determining, the content is determined to meet the predetermined condition in a case where the message authentication code in the content of the predetermined field does not reflect the variable that changes each time the data frame is transmitted.
-
-
9. A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol, the method comprising:
-
determining, by an electronic controller of the plurality of electronic controllers, whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud; transmitting, by the electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition; recording, by the electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, wherein the predetermined field comprises a data field, in the determining, the predetermined condition includes the frame, which has started to be transmitted, being a data frame, in the determining, a message authentication code in the content of the predetermined field is verified by using a predetermined verification process procedure, and the content is determined to meet the predetermined condition in a case where a verification has failed, in a case where the data frame is transmitted by an authorized electronic controller that includes a message authentication code key, the data field includes a message authentication code generated by using the message authentication code key, and in the determining, a verification of the message authentication code in the content of the predetermined field is performed by using a key corresponding to the message authentication code key.
-
-
10. A fraud-detection electronic controller for connection to a bus that a plurality of electronic controllers which communicate with each other in accordance with a Controller Area Network (CAN) protocol use for communication, the fraud-detection electronic controller comprising:
-
one or more memories; and circuitry which, in operation, performs operations including; receiving a frame which has started to be transmitted; determining whether or not content of a predetermined field in the frame meets a predetermined condition indicating fraud; transmitting an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition; recording a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, wherein the predetermined count represents a value at which a transition to a passive state specified in the CAN protocol in accordance with a rule for handling a transmission error counter is to occur, and in the providing, in a case where the number of times recorded for the ID exceeds the predetermined count, one of the electronic controllers that has transmitted a frame having the ID for which the number of times exceeds the predetermined count is determined to be a malicious electronic controller that does not transition to the passive state, and the notification notifies of a presence of the malicious electronic controller.
-
-
11. A network communication system, comprising:
-
a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol; and a fraud-detection electronic controller connected to the bus, wherein the fraud-detection electronic controller comprises; one or more memories; and circuitry which, in operation, performs operations including; receiving, by the fraud-detection electronic controller, a frame which has started to be transmitted; determining, by the fraud-detection electronic controller, whether or not content of a predetermined field in the frame meets a predetermined condition indicating fraud; transmitting, by the fraud-detection electronic controller, an error frame before an end of the frame is transmitted in a case where it is determined that the content of the predetermined field in the frame meets the predetermined condition; recording, by the fraud-detection electronic controller, a number of times the error frame is transmitted in the transmitting, for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted; and providing a notification in a case where the number of times recorded for an ID exceeds a predetermined count, wherein the predetermined count represents a value at which a transition to a passive state specified in the CAN protocol in accordance with a rule for handling a transmission error counter is to occur, and in the providing, in a case where the number of times recorded for the ID exceeds the predetermined count, one of the electronic controllers that has transmitted a frame having the ID for which the number of times exceeds the predetermined count is determined to be a malicious electronic controller that does not transition to the passive state, and the notification notifies of a presence of the malicious electronic controller. - View Dependent Claims (12)
-
Specification