METHOD FOR HANDLING TRANSMISSION OF FRAUDULENT FRAMES WITHIN IN-VEHICLE NETWORK

US 20160297401A1
Filed: 06/15/2016
Published: 10/13/2016
Est. Priority Date: 05/08/2014
Status: Active Grant

First Claim

Patent Images

1. An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus in accordance with a Controller Area Network (CAN) protocol, the anti-fraud method comprising:

receiving a data frame transmitted on the bus;

generating a first message authentication code by using a MAC key and a value of a counter that counts the number of times a data frame having added thereto a message authentication code is transmitted;

verifying that the received data frame has added thereto the generated first message authentication code;

generating, in a case where the verification has failed, a second message authentication code by using a MAC key before update of the MAC key;

re-verifying, in a case where the verification has failed, that the received data frame has added thereto the generated second message authentication code;

transmitting, in a case where the re-verification has succeeded, via the bus a key-update frame indicating a request for updating the MAC key; and

updating the MAC key in response to the transmission of the key-update frame.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus includes: receiving a data frame transmitted on the bus; generating a first MAC by using a MAC key and a value of a counter that counts the number of times a data frame having added thereto a MAC is transmitted; in a case where the verification has failed, (i) generating as second MAC by using an old MAC key; (ii) re-verifying that the received data frame has added thereto the generated second MAC; transmitting, in a case where the re-verification has succeeded, via the bus a key-update frame indicating a request for updating the MAC key; and updating the MAC key in response to the transmission of the key-update frame.

Citations

9 Claims

1. An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus in accordance with a Controller Area Network (CAN) protocol, the anti-fraud method comprising:
- receiving a data frame transmitted on the bus;
  
  generating a first message authentication code by using a MAC key and a value of a counter that counts the number of times a data frame having added thereto a message authentication code is transmitted;
  
  verifying that the received data frame has added thereto the generated first message authentication code;
  
  generating, in a case where the verification has failed, a second message authentication code by using a MAC key before update of the MAC key;
  
  re-verifying, in a case where the verification has failed, that the received data frame has added thereto the generated second message authentication code;
  
  transmitting, in a case where the re-verification has succeeded, via the bus a key-update frame indicating a request for updating the MAC key; and
  
  updating the MAC key in response to the transmission of the key-update frame.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, whereinthe at least one bus includes a plurality of buses, each of the plurality of buses belonging to any group among a plurality of types of groups, andthe method further comprisesexecuting, in a case where the verification has failed, by each of the plurality of electronic control units, a process determined in advance in association with a group to which a bus to which the electronic control unit is connected among the plurality of buses belongs.
  - 3. The method according to claim 1, further comprising:
    - executing, in a case where the number of times the verification has failed for a data frame including a predetermined message ID exceeds a predetermined threshold, a process associated in advance with the predetermined message ID.
  - 4. The method according to claim 3, whereinthe process associated in advance with the predetermined message ID comprises control for imposing certain limitations on a function of a vehicle in which the in-vehicle network system is installed to bring the vehicle into a predetermined specific state.
  - 5. The method according to claim 3, further comprising:
    - transmitting, in a case where a message ID of a data frame that has started to be transmitted on the bus is identical to any of one or more message IDs indicated in a predetermined fraudulent-ID list, an error frame before an end of the data frame is transmitted, whereinthe process associated in advance with the predetermined message ID comprises adding the predetermined message ID to the fraudulent-ID list.
  - 6. The method according to claim 3, whereinthe process associated in advance with the predetermined message ID comprises recording log information indicating the predetermined message ID on a recording medium.
  - 7. The method according to claim 1, further comprising:
    - transmitting via the bus a counter-reset frame indicating a request for resetting the counter in response to failure of re-verification performed using the second message authentication code; and
      
      resetting the counter in response to transmission of the counter-reset frame.

8. An in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus in accordance with a Controller Area Network (CAN) protocol, the in-vehicle network system comprising:
- a first electronic control unit comprising one or more memories; and
  
  circuitry which, in operation;
  
  generates a third message authentication code by using a first MAC key and a value of a first counter that counts the number of times a data frame having added thereto a message authentication code has been transmitted,adds the generated third message authentication code to a data frame, andtransmits the data frame on the bus; and
  
  a second electronic control unit comprising one or more memories; and
  
  circuitry which, in operation;
  
  receives a data frame transmitted on the bus,generates a first message authentication code by using a second MAC key and a value of a second counter that counts the number of times a data frame having added thereto a message authentication code has been received,verifies that the received data frame has added thereto the first message authentication code,generates, in a case where the verification has failed, a second message authentication code by using a MAC key before update of the MAC key,re-verifies, in a case where the verification has failed, that the received data frame has added thereto the generated second message authentication code,transmits, in a case where the re-verification has succeeded, via the bus a key-update frame indicating a request for updating a MAC key, andupdates the second MAC key in response to the transmission of the key-update frame,wherein the first electronic control unit updates the first MAC key in response to receipt of the key-update frame.

9. An electronic control unit for performing communication via a bus in accordance with a Controller Area Network (CAN) protocol, the electronic control unit comprising one or more memories;
- and circuitry which, in operation;
  
  receives a data frame from the bus,generates a first message authentication code by using a MAC key and a value of a counter that counts the number of times a data frame having added thereto a message authentication code has been received,verifies that the received data frame has added thereto the generated first message authentication code (MAC),generates, in a case where the verification has failed, a second message authentication code by using a MAC key befor update of the MAC key,re-verifies, in a case where the verification has failed, that the received data frame has added thereto the generated second message authentication code,transmits, in a case where the re-verification has succeeded, via the bus a key-update frame indicating a request for updating the MAC key, andupdates the MAC key in response to the transmission of the key-update frame.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Original Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Inventors
HAGA, TOMOYUKI, MATSUSHIMA, HIDEKI, MAEDA, MANABU, UNAGAMI, YUJI, UJIIE, YOSHIHIRO, KISHIKAWA, TAKESHI

Granted Patent

US 9,725,073 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

B60R 2325/108   Encryption

B60R 25/307   using data concerning maint...

H04L 2209/84   Vehicles

H04L 67/12   specially adapted for propr...

H04L 9/0891   Revocation or update of sec...

H04L 9/3242   involving keyed hash functi...

METHOD FOR HANDLING TRANSMISSION OF FRAUDULENT FRAMES WITHIN IN-VEHICLE NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR HANDLING TRANSMISSION OF FRAUDULENT FRAMES WITHIN IN-VEHICLE NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links