Method for handling transmission of fraudulent frames within in-vehicle network

US 9,902,370 B2
Filed: 06/28/2017
Issued: 02/27/2018
Est. Priority Date: 05/08/2014
Status: Active Grant

First Claim

Patent Images

1. An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus in accordance with a Controller Area Network (CAN) protocol, the anti-fraud method comprising:

receiving a data frame transmitted on the at least one bus;

generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted;

performing verification that the data frame received has added thereto the first MAC;

incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID; and

executing, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via a bus includes receiving a data frame transmitted on the bus, and generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID is executed.

10 Citations

View as Search Results

13 Claims

1. An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus in accordance with a Controller Area Network (CAN) protocol, the anti-fraud method comprising:
- receiving a data frame transmitted on the at least one bus;
  
  generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted;
  
  performing verification that the data frame received has added thereto the first MAC;
  
  incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID; and
  
  executing, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, whereinwhen the predetermined message ID is identical to any of one or more message IDs indicated in a predetermined fraudulent-ID list, the process associated in advance with the predetermined message ID comprises adding the predetermined message ID to the fraudulent-ID list.
  - 3. The method according to claim 1, whereinthe process associated in advance with the predetermined message ID comprises transmitting a frame including information indicating that a fraudulent frame has been transmitted.
  - 4. The method according to claim 1, whereinthe process associated in advance with the predetermined message ID comprises a control for imposing certain limitations on a function of a vehicle in which the in-vehicle network system is installed to bring the vehicle to a predetermined specific state.
  - 5. The method according to claim 4, whereinthe control comprises a control for limiting a speed of the vehicle to a certain speed or less.
  - 6. The method according to claim 4, whereinthe control comprises generating a predetermined frame for changing a state of the vehicle to the predetermined specific state, and transmitting the predetermined frame.
  - 7. The method according to claim 1, further comprising:
    - transmitting, when a message ID of a data frame that has started to be transmitted on the at least one bus is identical to any of one or more message IDs indicated in a predetermined fraudulent-ID list, an error frame before an end of the data frame is transmitted, whereinthe process associated in advance with the predetermined message ID comprises adding the predetermined message ID to the fraudulent-ID list.
  - 8. The method according to claim 1, whereinthe process associated in advance with the predetermined message ID comprises recording log information indicating the predetermined message ID on a recording medium.
  - 9. The method according to claim 1, whereinthe at least one bus includes a plurality of buses, each of the plurality of buses belonging to any group among a plurality of types of groups, andthe method further comprises executing, when the verification has failed, by each of the plurality of electronic control units, a process determined in advance in association with a group to which one of the plurality of buses that is connected with the electronic control unit belongs.
  - 10. The method according to claim 1, whereina message ID of a data frame that has started to be transmitted on the bus belongs to any group among a plurality of types of groups, andthe method further comprises executing, when a number of times the verification has failed for a data frame including a predetermined message ID belonging to a predetermined group exceeds a predetermined threshold, a process associated in advance with the predetermined group.
  - 11. The method according to claim 1, further comprising:
    - transmitting, via the at least one bus, a counter-reset frame indicating a request for resetting the counter in response to a failure of re-verification performed using a second MAC, the second MAC being generated using a MAC key before updating of the MAC key, when the verification has failed; and
      
      resetting the counter in response to transmission of the counter-reset frame.

12. An in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus in accordance with a Controller Area Network (CAN) protocol, the in-vehicle network system comprising:
- a first electronic control unit comprisingone or more memories; and
  
  circuitry configured to;
  
  generate a first MAC using a first MAC key and a value of a first counter that counts a number of times a data frame having added thereto a MAC has been transmitted,add the first MAC to a data frame, andtransmit the data frame on the at least one bus; and
  
  a second electronic control unit comprisingone or more memories; and
  
  circuitry configured to;
  
  receive the data frame transmitted on the at least one bus,generate a second MAC by using a second MAC key and a value of a second counter that counts a number of times a data frame having added thereto a MAC has been received,perform verification that the data frame received has added thereto the second MAC,increment a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID, andexecute, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID.

13. An electronic control unit for performing communication via a bus in accordance with a Controller Area Network (CAN) protocol, the electronic control unit comprising:
- one or more memories; and
  
  circuitry configured to;
  
  receive a data frame from the bus,generate a first message authentication code (MAC) using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC has been received,perform verification that the data frame received has added thereto the first MAC,increment a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID, andexecute, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Original Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Inventors
Haga, Tomoyuki, Matsushima, Hideki, Maeda, Manabu, Unagami, Yuji, Ujiie, Yoshihiro, Kishikawa, Takeshi
Primary Examiner(s)
HUNNINGS, TRAVIS R

Application Number

US15/636,007
Publication Number

US 20170361808A1
Time in Patent Office

244 Days
Field of Search
US Class Current
CPC Class Codes

B60R 2325/108   Encryption

B60R 25/307   using data concerning maint...

H04L 2209/84   Vehicles

H04L 67/12   specially adapted for propr...

H04L 9/0891   Revocation or update of sec...

H04L 9/3242   involving keyed hash functi...

Method for handling transmission of fraudulent frames within in-vehicle network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for handling transmission of fraudulent frames within in-vehicle network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links