Tamper detection for vehicle controller
First Claim
Patent Images
1. A system for detecting modification of control data in an electronically controlled engine, comprising:
- a memory containing the control data;
data storage containing a first stored value, which corresponds to the result of applying a first hash function to a first portion of said memory;
a processor;
a computer-readable medium, in communication with said processor, encoded with programming instructions executable by said processor to;
apply the first hash function to the first portion of said memory to obtain a first calculated hash value while the engine is operating; and
generate an error signal in an error log if the first calculated hash value and the first stored value are not equal.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for detecting tampering with the software, software parameters, and calibration data used by a vehicle controller. During authorized installation of controller memory images, a hash function is applied to selected regions of controller memory to obtain stored hash values. Then, periodically during operation of the vehicle, the hash function is applied to the then-current contents of the controller memory to obtain calculated hash values. If the stored hash values stored do not match the calculated hash values, a fault is logged for future retrieval by service personnel.
-
Citations
21 Claims
-
1. A system for detecting modification of control data in an electronically controlled engine, comprising:
-
a memory containing the control data;
data storage containing a first stored value, which corresponds to the result of applying a first hash function to a first portion of said memory;
a processor;
a computer-readable medium, in communication with said processor, encoded with programming instructions executable by said processor to;
apply the first hash function to the first portion of said memory to obtain a first calculated hash value while the engine is operating; and
generate an error signal in an error log if the first calculated hash value and the first stored value are not equal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
said data storage also contains a second stored value, which corresponds to the result of applying the first hash function to a second portion of said memory, the second portion being different from the first portion; and
the programming instructions are further executable by said processor to;
apply the first hash function to the second portion of said memory to obtain a second calculated hash value while the engine is operating; and
generate an error signal in the error log if the second calculated hash value and the second stored value are not equal.
-
-
3. The system of claim 2, wherein the first portion of said memory comprises a plurality of address ranges.
-
4. The system of claim 3, wherein:
-
said memory comprises a first memory device and a second memory device;
a first one of said plurality of address ranges is in a first memory device, and a second one of said plurality of address ranges is in a second memory device.
-
-
5. The system of claim 4, wherein said first memory device is a flash memory device, and said second memory device is an EEPROM.
-
6. The system of claim 1, wherein said data storage is in said memory.
-
7. The system of claim 1, wherein the first portion of said memory is defined by at least one address range data element stored in said memory.
-
8. The system of claim 7, wherein the first portion of said memory is defined by at least two address range data elements stored in said memory.
-
9. The system of claim 7, wherein:
-
said memory comprises program space and data space; and
the at least one address range data element is stored in the program space.
-
-
10. The system of claim 9, further comprising a port connectable to an external service tool for reading said error log, wherein:
-
said error log is in said data space; and
said external service tool can read from said data space, but not from said program space.
-
-
11. The system of claim 1, wherein the first hash function is a cyclic redundancy check.
-
12. The system of claim 1, wherein:
-
said data storage also contains a second stored value, which corresponds to the result of applying a second hash function to a second portion of said memory, the second portion being different from the first portion; and
the programming instructions are further executable by said processor to;
apply the second hash function to the second portion of said memory to obtain a second calculated hash value while the engine is operating; and
generate an error signal if the second calculated hash value and the second stored value are not equal.
-
-
13. The system of claim 1, further comprising an access means for enabling the detachable connection of an external apparatus that, while connected, reads at least a portion of the contents of said memory.
-
14. A method for detecting changes to control data in a vehicle'"'"'s engine control system, comprising:
-
storing in a memory a first stored hash value calculated by applying a first hash function to a first portion of the control data;
calculating a first calculated hash value by applying the first hash function to the first portion of the control data; and
if the first hash value does not equal the first calculated hash value, signaling the mismatch. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
storing in the memory a second stored hash value calculated by applying the first hash function to a second portion of the control data;
calculating a second calculated hash value by applying the first hash function to the second portion of the control data; and
if the second stored hash value does not equal the second calculated hash value, signaling the mismatch.
-
-
16. The method of claim 14, further comprising:
-
storing in the memory a second stored hash value calculated by applying a second hash function to a second portion of the control data;
calculating a second calculated hash value by applying the second hash function to the second portion of the control data; and
if the second stored hash value does not equal the second calculated hash value, signaling the mismatch.
-
-
17. The method of claim 14, wherein:
-
said calculating comprises;
executing a first phase by applying the first hash function to a first segment of the first portion of control data; and
executing a second phase by applying the first hash function to a second segment of the first portion of control data; and
said executing acts are separated in time.
-
-
18. The method of claim 17, wherein said executing acts are separated by a predetermined amount of time.
-
19. The method of claim 17, wherein:
-
said first phase is executed upon occurrence of a first trigger event; and
said second phase is executed upon occurrence of a second trigger event.
-
-
20. The method of claim 14:
-
wherein said signaling comprises recording an error log in a computer-readable medium; and
further comprising;
placing a service tool in communication with the computer-readable medium, wherein the service tool has a display;
reading the error log into the service tool; and
showing information from the error log on the display.
-
-
21. The method of claim 14, wherein the calculating step is performed upon powering-on the vehicle.
Specification