Method for handling transmission of fraudulent frames within in-vehicle network
First Claim
1. An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus in accordance with a Controller Area Network (CAN) protocol, the anti-fraud method comprising:
- receiving a data frame transmitted on the at least one bus;
generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted;
performing verification that the data frame received has added thereto the first MAC;
incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID; and
executing, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID.
0 Assignments
0 Petitions
Accused Products
Abstract
An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via a bus includes receiving a data frame transmitted on the bus, and generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID is executed.
10 Citations
13 Claims
-
1. An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus in accordance with a Controller Area Network (CAN) protocol, the anti-fraud method comprising:
-
receiving a data frame transmitted on the at least one bus; generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted; performing verification that the data frame received has added thereto the first MAC; incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID; and executing, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus in accordance with a Controller Area Network (CAN) protocol, the in-vehicle network system comprising:
-
a first electronic control unit comprising one or more memories; and circuitry configured to; generate a first MAC using a first MAC key and a value of a first counter that counts a number of times a data frame having added thereto a MAC has been transmitted, add the first MAC to a data frame, and transmit the data frame on the at least one bus; and a second electronic control unit comprising one or more memories; and circuitry configured to; receive the data frame transmitted on the at least one bus, generate a second MAC by using a second MAC key and a value of a second counter that counts a number of times a data frame having added thereto a MAC has been received, perform verification that the data frame received has added thereto the second MAC, increment a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID, and execute, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID.
-
-
13. An electronic control unit for performing communication via a bus in accordance with a Controller Area Network (CAN) protocol, the electronic control unit comprising:
-
one or more memories; and circuitry configured to; receive a data frame from the bus, generate a first message authentication code (MAC) using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC has been received, perform verification that the data frame received has added thereto the first MAC, increment a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID, and execute, when the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID.
-
Specification