Security system and method for protecting a vehicle electronic system
First Claim
1. An Electronic Control Unit (ECU) for exchanging messages with other ECUs in a vehicle over a vehicle communication bus under control of a data unit, each of the messages is composed of multiple parts, the ECU comprising in a single enclosure:
- a first port;
a first transceiver coupled to the first port for transmitting messages to, and for receiving messages from, the first port;
a second physical port for connecting to the communication bus;
a second transceiver coupled to the second physical port for transmitting messages to, and for receiving messages from, the communication bus;
a processor coupled for controlling the first and second transceivers;
a first memory coupled to the processor and storing a rule; and
a second memory coupled to the processor for storing data,wherein the ECU is operative to receive messages from the first port, and responsive to the rule stored in the first memory, to pass, to block, or to change and then pass, the received messages to the communication bus via the second physical port,wherein the ECU is operative to receive messages from the communication bus via the second physical port, and responsive to the rule, to pass, to block, or to change and then pass, the received messages to the first port,wherein all the messages received from the first port and from the communication bus are associated with a timing information, wherein the rule includes one or more timing values,wherein a specific received message is passed, blocked, or changed and then passed, in response to a comparison of the specific message timing information to the one or more timing values,and wherein the ECU is operative for logging in the second memory a metadata that pertains to a message received from the first port and an action associated with the received message.
3 Assignments
0 Petitions
Accused Products
Abstract
Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.
-
Citations
70 Claims
-
1. An Electronic Control Unit (ECU) for exchanging messages with other ECUs in a vehicle over a vehicle communication bus under control of a data unit, each of the messages is composed of multiple parts, the ECU comprising in a single enclosure:
-
a first port; a first transceiver coupled to the first port for transmitting messages to, and for receiving messages from, the first port; a second physical port for connecting to the communication bus; a second transceiver coupled to the second physical port for transmitting messages to, and for receiving messages from, the communication bus; a processor coupled for controlling the first and second transceivers; a first memory coupled to the processor and storing a rule; and a second memory coupled to the processor for storing data, wherein the ECU is operative to receive messages from the first port, and responsive to the rule stored in the first memory, to pass, to block, or to change and then pass, the received messages to the communication bus via the second physical port, wherein the ECU is operative to receive messages from the communication bus via the second physical port, and responsive to the rule, to pass, to block, or to change and then pass, the received messages to the first port, wherein all the messages received from the first port and from the communication bus are associated with a timing information, wherein the rule includes one or more timing values, wherein a specific received message is passed, blocked, or changed and then passed, in response to a comparison of the specific message timing information to the one or more timing values, and wherein the ECU is operative for logging in the second memory a metadata that pertains to a message received from the first port and an action associated with the received message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
-
Specification