[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN116055181A - Data tampering behavior identification method and device based on clock synchronization technology - Google Patents

Data tampering behavior identification method and device based on clock synchronization technology Download PDF

Info

Publication number
CN116055181A
CN116055181A CN202310042286.9A CN202310042286A CN116055181A CN 116055181 A CN116055181 A CN 116055181A CN 202310042286 A CN202310042286 A CN 202310042286A CN 116055181 A CN116055181 A CN 116055181A
Authority
CN
China
Prior art keywords
data
delay time
nitrogen
ecu
oxygen sensor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310042286.9A
Other languages
Chinese (zh)
Other versions
CN116055181B (en
Inventor
李长豫
刘卫林
吴春玲
景晓军
白晓鑫
李旭
周文瑾
庞国民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CATARC Automotive Test Center Tianjin Co Ltd
Original Assignee
CATARC Automotive Test Center Tianjin Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CATARC Automotive Test Center Tianjin Co Ltd filed Critical CATARC Automotive Test Center Tianjin Co Ltd
Priority to CN202310042286.9A priority Critical patent/CN116055181B/en
Publication of CN116055181A publication Critical patent/CN116055181A/en
Application granted granted Critical
Publication of CN116055181B publication Critical patent/CN116055181B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01NINVESTIGATING OR ANALYSING MATERIALS BY DETERMINING THEIR CHEMICAL OR PHYSICAL PROPERTIES
    • G01N33/00Investigating or analysing materials by specific methods not covered by groups G01N1/00 - G01N31/00
    • G01N33/0004Gaseous mixtures, e.g. polluted air
    • G01N33/0009General constructional details of gas analysers, e.g. portable test equipment
    • G01N33/007Arrangements to check the analyser
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0638Clock or time synchronisation among nodes; Internode synchronisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/10Internal combustion engine [ICE] based vehicles
    • Y02T10/40Engine management systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Chemical & Material Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Combustion & Propulsion (AREA)
  • Food Science & Technology (AREA)
  • Medicinal Chemistry (AREA)
  • Physics & Mathematics (AREA)
  • Analytical Chemistry (AREA)
  • Biochemistry (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Immunology (AREA)
  • Pathology (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a data tampering behavior identification method and device based on a clock synchronization technology. The identification method comprises the following steps: calculating the message transmission delay time between the ECU and the nitrogen-oxygen sensor by a clock synchronization technology; for delay time t D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; encrypting the plaintext data by using an encryption algorithm to obtain ciphertext data, and transmitting the ciphertext data to a CAN bus through a custom message; after receiving ciphertext data sent by a custom message from a CAN bus, decrypting the ciphertext data by a decryption algorithm to recover the ciphertext data into plaintext data, and according to the received ciphertext dataAnd comparing the result to judge the data tampering behavior. The method and the device CAN identify possible emission information tampering behaviors in the CAN bus of the six vehicles.

Description

Data tampering behavior identification method and device based on clock synchronization technology
Technical Field
The invention belongs to the technical field of automobile CAN bus technology and engine electronic control, and particularly relates to a data tampering behavior identification method and device based on a clock synchronization technology.
Background
In recent years, the problem of environmental pollution in the atmosphere has been raised as one of the important challenges for sustainable development of the automotive industry. In particular, the implementation of the national six-emission regulations puts higher demands on the vehicle pollution emission control technology, but new and higher-level emission information tampering measures are also grown on the market.
During implementation of national fourth and fifth emission standards, the manner in which a vehicle SCR upstream temperature sensor is raised and a nitrogen-oxygen simulator is installed has become a means of tamper emission information that is disclosed in the market. The measured temperature is reduced through the heightening exhaust temperature sensor, the nitrogen-oxygen simulator replaces the nitrogen-oxygen sensor to simulate and send a lower nitrogen-oxygen concentration value to the CAN bus, the urea consumption is reduced, the whole vehicle cannot report errors because of the open-loop control of urea injection, and the actual exhaust is greatly beyond the national fourth and fifth emission standards.
Along with implementation of the national sixth standard, an upstream and downstream nitrogen-oxygen sensor is installed on the vehicle aftertreatment, nitrogen-oxygen concentration rationality monitoring logic is integrated in the ECU, and urea injection adopts closed-loop control, so that urea consumption cannot be reduced only by means of heightening a temperature discharge sensor and installing a nitrogen-oxygen simulator, and the whole vehicle can report corresponding aftertreatment faults to cause torsion and speed limitation of the whole vehicle. But the market also breeds higher emission information tampering means, and the independent serial connection of the gateway and the CAN buses of the upstream and downstream nitrogen and oxygen sensors is adopted to realize the message information exchange between the nitrogen and oxygen sensors and the gateway, and the gateway modifies the nitrogen and oxygen concentration after analyzing the nitrogen and oxygen information message and packages and sends the modified nitrogen and oxygen concentration to the CAN buses for the ECU and the T-Box to take. The method can still realize the purpose of urea injection reduction and the whole vehicle cannot report errors.
Accordingly, in order to avoid the occurrence of the above phenomenon as much as possible, patent CN202011153112.2 discloses a technique for detecting the presence of a nitrogen-oxygen simulator by detecting the rationality of the law of nitrogen-oxygen emission on a vehicle. However, the technology is not without loopholes, the nitrogen-oxygen simulator CAN acquire information such as engine rotating speed, oil quantity and torque through a CAN bus, and the built-in map is consulted to output a dynamic nitrogen-oxygen value so as to avoid being detected by an ECU rationality detection logic, and the technology is more inexpedient on equipment such as a gateway which CAN tamper with emission information. Therefore, there is currently no technology in the industry that can accurately detect tampering behavior of emission information.
Disclosure of Invention
Aiming at the technical problems in the background technology, the invention aims to provide a data tampering behavior identification method and device based on a clock synchronization technology.
In order to achieve the above purpose, the technical scheme provided by the invention is as follows:
first aspect
The invention provides a data tampering behavior identification method based on a clock synchronization technology, which comprises the following steps:
step 1: the nitrogen-oxygen sensor calculates the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and defines the delay time as t D
Step 2: delay time t of nitrogen-oxygen sensor pair D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data;
step 3: the nitrogen-oxygen sensor encrypts plaintext data by using an encryption algorithm to obtain ciphertext data, and sends the ciphertext data to the CAN bus through a custom message;
step 4: after receiving ciphertext data sent by a custom message from a CAN bus, the ECU decrypts the ciphertext data by using a decryption algorithm and restores the ciphertext data into plaintext data;
step 5: ECU obtains delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result.
Second aspect
The invention provides a data tampering behavior recognition device based on a clock synchronization technology, which comprises a nitrogen-oxygen sensor and an ECU;
the nitrogen-oxygen sensor is used for calculating the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and the delay time is defined as t D The method comprises the steps of carrying out a first treatment on the surface of the For delay time t D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; encrypting the plaintext data by using an encryption algorithm to obtain ciphertext data, and transmitting the ciphertext data to a CAN bus through a custom message;
the ECU is used for decrypting the ciphertext data by using a decryption algorithm to restore the ciphertext data into plaintext data after receiving the ciphertext data sent by the custom message from the CAN bus; obtaining delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result.
Compared with the prior art, the invention has the beneficial effects that:
based on the CAN bus clock synchronization technology, the invention calculates the delay time of the emission information tampering device by utilizing the characteristics of message transmission delay caused by operations such as receiving, unpacking, processing, packing, sending a message and the like of the emission information tampering device, and sends the delay time to the ECU through the CAN bus by using an encryption algorithm, and the ECU judges whether the emission information tampering device exists on the CAN bus or not by comparing the delay time with the standard delay time, thereby realizing intelligent detection of the emission information tampering behavior of the CAN bus. Therefore, possible emission information tampering behaviors in the CAN bus of the six vehicles CAN be identified, and emission information is prevented from being tampered in the CAN bus transmission process.
Drawings
FIG. 1 is a schematic flow chart of a method according to an embodiment of the present application;
fig. 2 is a schematic diagram of a clock synchronization process in an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that the invention provides a method and a device for identifying emission information tampering behavior based on a CAN bus clock synchronization technology, which are mainly applied to a whole vehicle meeting national six emission standards.
The CAN bus clock synchronization technology is a specific application of an IEEE 1588 protocol on an automobile CAN bus, so that each node on the CAN bus CAN realize high-precision time synchronization, the synchronization precision CAN reach us level, and the delay time of receiving, processing and transmitting data of a singlechip such as a gateway is ms level, therefore, whether emission information tampering equipment such as the gateway exists in the CAN bus or not CAN be judged based on the principle of CAN bus clock synchronization.
IEEE 1588 mainly defines four clock message types: 1, synchronizing messages, sync for short; 2 Follow the message, namely Follow-Up;3, delaying a request message, namely a Relay-Req;4 response message, called Relay-Resp for short.
As shown in fig. 2, the ECU acts as a master clock node, and the nitroxide sensor as a slave clock node realizes clock synchronization with the master clock node based on the CAN bus clock synchronization technology, and the calculation of the deviation time and the delay time of the master clock node is performed in the nitroxide sensor.
T2=time offset + delay time + T1,
t4=t3-time offset+delay time;
the time deviation = [ (T2-T1) + (T4-T3) ]/2, and the time delay = [ (T2-T1) - (T4-T3) ]/2 can be derived.
In the scheme of the invention, the nitrogen-oxygen sensor acquires the message transmission delay time t between the ECU and the nitrogen-oxygen sensor in the mode D (ns level).
As shown in fig. 1, the method for identifying data tampering behavior based on clock synchronization technology provided in this embodiment includes the following steps:
step 1: the nitrogen-oxygen sensor directly calculates the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and the delay time is defined as t D The method comprises the steps of carrying out a first treatment on the surface of the Normally, the delay time is in ns level, occupies 6 bytes and has a unit of 1ns/bit.
Step 2: delay time t of nitrogen-oxygen sensor pair D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; based on the consideration that the CAN bus may be subjected to electromagnetic interference, the delay time t is set in the nitrogen-oxygen sensor D Checksum operations are performed to ensure the integrity and accuracy of the data. The first check operation result occupies 1 byte. The delay time and the first check operation result form 7 bytes of effective data, then 9 bytes of filling data with the content of 0x09 are filled by adopting a PKCS7 filling algorithm, at the moment, the effective data and the filling data jointly form 16 bytes of preprocessed data, namely each byte of preprocessed data is defined as follows: byte1-byte6 is the delay time t D The method comprises the steps of carrying out a first treatment on the surface of the byte7 is the checksum operation result; byte8-byte16 is 9 bytes in succession0x09。
Step 3: in order to prevent the plaintext data from being tampered by the emission fake-making equipment such as the gateway and the like in the CAN bus transmission process, the plaintext data needs to be encrypted. The nitrogen-oxygen sensor encrypts plaintext data by using an encryption algorithm to obtain ciphertext data, and sends the ciphertext data to the CAN bus through a custom message; for the encryption and decryption speed and the performance of the nitrogen-oxygen sensor chip, the symmetric encryption algorithm AES-128 is used for encrypting data, and the ECU and the nitrogen-oxygen sensor are both internally provided with the same secret key K. And after preprocessing, the data length accords with the minimum byte number requirement of an AES-128 encryption algorithm, the group of data is defined as plaintext data, the plaintext data is encrypted by a secret key K arranged in a nitrogen-oxygen sensor to obtain a group of 16-byte ciphertext data, and the 16-byte ciphertext data is split into byte1-byte 8-byte ciphertext data a and byte9-byte 16-byte ciphertext data b. Wherein 8-byte ciphertext data a passes the ID:0x1800E53 is sent to the CAN bus, only one frame is sent; 8-byte ciphertext data b passes the ID: the 0x1800E54 is sent to the CAN bus, sending only one frame.
Step 4: after receiving ciphertext data sent by a custom message from a CAN bus, the ECU decrypts the ciphertext data by using a decryption algorithm and restores the ciphertext data into plaintext data; step 4 and step 5 occur inside the ECU and are processed accordingly by the ECU chip. Specifically, the ECU receives the ID:0x1800E53 message and ID: after 0x1800E54 message, recombining ciphertext data a and ciphertext data b into 16-byte ciphertext data, and decrypting the 16-byte ciphertext data by using the built-in key K to obtain 16-byte plaintext data. Taking 16 bytes of plaintext data byte1-byte6 for checksum operation, comparing with byte7, and if the checksum operation result comparison is unequal, considering that the current frame data is invalid and not carrying out the next operation; if the comparison of the c checksum operation results is equal, the current frame data is considered to be accurate and effective, then 16 bytes of plaintext data byte1-byte6 are taken for analysis, and the delay time t is calculated D
Step 5: ECU obtains delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, and performing checksum operation on the second checksum operation result and the first checksum operation result in the plaintext dataIf the frame data are not equal, the current frame data are considered to be invalid, and the next operation is not performed; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result. The method comprises the following steps:
if delay time t D And a standard delay time t SD The comparison result is within the allowable tolerance range, the counter C num Subtracting 1 from the value;
if delay time t D And a standard delay time t SD The counter C is used for comparing the result with the allowable tolerance range num The value is added with 1;
when the counter C num When the value reaches the maximum value, judging that the suspected emission fake-making equipment exists between the ECU and the nitrogen-oxygen sensor, reporting that the suspected emission information is tampered with faults, and triggering a driver alarm system and a speed limit torsion limiter according to the national sixth OBD monitoring rule;
wherein the allowable tolerance range is 0 < t D ≤2t SD The maximum value is 255.
Wherein, the counter C for the first power-on of the whole vehicle num The initial value of the value is set to 0, the minimum value is 0, and the counter C is used after the whole car is powered down num The value is automatically stored in the ECU cache and is continuously accumulated or subtracted after the next whole vehicle is powered on.
In addition, the embodiment further includes the following steps:
step 01: powering up the whole vehicle and waiting for the initialization of the nitrogen-oxygen sensor to finish;
step 02: the ECU is used as a master clock node to send a Relay-Req message to a slave clock node nitrogen-oxygen sensor; the message can be sent after the whole vehicle is electrified for 10 s.
Step 03: the nitrogen-oxygen sensor responds to the Relay-Resp message and executes the steps 1-3;
step 04: the ECU judges whether a response Relay-Resp message of the nitrogen-oxygen sensor is received, if not, the ECU jumps to the step 05; if yes, executing the step 4;
step 05: repeatedly sending a Relay-Req message n times in a custom period (n is defined in an ECU program for a limited number of times and can be defined as 3); judging whether a Relay-Resp message is received within n times, if not, jumping to the step 06, if yes, executing the step 4;
step 06: judging whether the CAN bus or the nitrogen-oxygen sensor node reports a DSM error, if so, jumping to the step 07, and if not, jumping to the step 08;
step 07: stopping sending a Relay-Req message in the current driving cycle until the fault is eliminated;
step 08: and judging that the suspected emission fake-making equipment or the Relay-Req and Relay-Resp messages exist between the ECU and the nitrogen-oxygen sensor, wherein the suspected emission fake-making equipment is suspected to be intercepted by the emission fake-making equipment, the ECU reports that the suspected emission information is tampered with faults, and triggers a driver alarm system and a speed limit torque limiter.
The checksum operation is to prevent errors in message analysis content caused by inaccurate bus differential voltage values when the CAN bus is subjected to electromagnetic interference, thereby affecting the judgment of the ECU. The ECU and the nitrogen-oxygen sensor use the same checksum algorithm to carry out comparison and verification on plaintext data byte1-byte6, so that the integrity and accuracy of transmitted data are improved.
The symmetric encryption algorithm AES128 is a widely applied encryption technology, and because of the symmetric encryption algorithm, the encryption and decryption used secret key K is the same, and the secret key K cannot be transmitted in a network in a public way for confidentiality, so that the secret key K is generated for the negotiation of the ECU and the nitrogen-oxygen sensor and is built in a chip in advance in the scheme of the invention.
t SD Before the whole vehicle leaves the factory (at this time, the CAN bus arrangement mode between the ECU and the nitrogen-oxygen sensor is determined), the engineer measures and writes the message transmission delay time between the ECU and the nitrogen-oxygen sensor under the standard state of the ECU program.
The counter C num The initial value is set to 0 when the whole vehicle is electrified for the first time, and the current driving cycle C is carried out after the whole vehicle is electrified every time num The accumulated values are automatically stored in an ECU cache, and the ECU reads the cache C after the power is on again num Cumulative value as current driving cycle C num An initial value. Counter C num Minimum value is 0, maximum value is 255, when counter C num Occurrence of cumulative valueWhen less than 0, C num And then reset to 0.
Corresponding to the method, the embodiment also provides a data tampering behavior recognition device based on a clock synchronization technology, which comprises a nitrogen-oxygen sensor and an ECU;
the nitrogen-oxygen sensor is used for calculating the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and the delay time is defined as t D The method comprises the steps of carrying out a first treatment on the surface of the For delay time t D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; encrypting the plaintext data by using an encryption algorithm to obtain ciphertext data, and transmitting the ciphertext data to a CAN bus through a custom message;
the ECU is used for decrypting the ciphertext data by using a decryption algorithm to restore the ciphertext data into plaintext data after receiving the ciphertext data sent by the custom message from the CAN bus; obtaining delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result.
The ECU judges the data tampering behavior according to the comparison result, and specifically comprises the following steps:
if delay time t D And a standard delay time t SD The comparison result is within the allowable tolerance range, the counter C num Subtracting 1 from the value;
if delay time t D And a standard delay time t SD The counter C is used for comparing the result with the allowable tolerance range num The value is added with 1;
when the counter C num When the value reaches the maximum value, judging that the suspected emission fake-making equipment is suspected to exist between the ECU and the nitrogen-oxygen sensor, reporting that the suspected emission information is tampered with faults by the ECU, and triggering a driver alarming systemThe system and the speed and torque limiting are carried out;
wherein, the counter C for the first power-on of the whole vehicle num The initial value of the value is set to 0, the minimum value is 0, and the counter C is used after the whole car is powered down num The value is automatically stored in the ECU cache and is continuously accumulated or subtracted after the next whole vehicle is powered on.
The ECU is further used for sending a Relay-Req message to the nitrogen-oxygen sensor of the slave clock node as a master clock node after the whole vehicle is electrified and waiting for the initialization of the nitrogen-oxygen sensor to be completed, repeatedly sending the Relay-Req message n times in a self-defined period if the nitrogen-oxygen sensor responds to the Relay-Resp message, judging whether a CAN bus or the nitrogen-oxygen sensor node reports a DSM error or not if the CAN bus or the nitrogen-oxygen sensor node does not receive the Relay-Resp message yet, and stopping sending the Relay-Req message until the fault is eliminated if the DSM error exists; if the DSM error does not exist, judging that the suspected emission fake-making equipment or the Relay-Req and Relay-Resp messages are suspected to be intercepted by the emission fake-making equipment between the ECU and the nitrogen-oxygen sensor, and the ECU reports that the suspected emission information is tampered with the fault and triggers a driver alarm system and a speed limit torsion limiter;
the nitrogen-oxygen sensor is also used for responding to a Relay-Resp message;
wherein, each byte of the plaintext data is defined as follows: byte1-byte6 is the delay time t D The method comprises the steps of carrying out a first treatment on the surface of the byte7 is the result of the first check operation; byte8-byte16 is consecutive 9 bytes 0x09.
The method comprises the steps that a nitrogen-oxygen sensor encrypts plaintext data by utilizing a symmetric encryption algorithm AES-128, the same secret key K is built in each of an ECU and the nitrogen-oxygen sensor, the plaintext data is encrypted by the secret key K built in the nitrogen-oxygen sensor to obtain a group of 16-byte ciphertext data, the ciphertext data are split into byte1-byte 8-byte ciphertext data a and byte9-byte 16-byte ciphertext data b, and the 8-byte ciphertext data a are transmitted through an ID:0x1800E53 is sent to the CAN bus, only one frame is sent; 8-byte ciphertext data b passes the ID: the 0x1800E54 is sent to the CAN bus, sending only one frame.
It should be noted that other functions of the apparatus are described with reference to the method.
The foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the above-described embodiments, and that the above-described embodiments and descriptions are only preferred embodiments of the present invention, and are not intended to limit the invention, and that various changes and modifications may be made therein without departing from the spirit and scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (10)

1. The data tampering behavior identification method based on the clock synchronization technology is characterized by comprising the following steps of:
step 1: the nitrogen-oxygen sensor calculates the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and defines the delay time as t D
Step 2: delay time t of nitrogen-oxygen sensor pair D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data;
step 3: the nitrogen-oxygen sensor encrypts plaintext data by using an encryption algorithm to obtain ciphertext data, and sends the ciphertext data to the CAN bus through a custom message;
step 4: after receiving ciphertext data sent by a custom message from a CAN bus, the ECU decrypts the ciphertext data by using a decryption algorithm and restores the ciphertext data into plaintext data;
step 5: ECU obtains delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result.
2. The method for identifying data tampering behavior based on clock synchronization technology as defined in claim 1, wherein in step 5, the data tampering behavior is determined according to the comparison result, specifically as follows:
if delay time t D And a standard delay time t SD The comparison result is within the allowable tolerance range, the counter C num Subtracting 1 from the value;
if delay time t D And a standard delay time t SD The counter C is used for comparing the result with the allowable tolerance range num The value is added with 1;
when the counter C num When the value reaches the maximum value, judging that the suspected emission fake-making equipment exists between the ECU and the nitrogen-oxygen sensor, and the ECU reports that the suspected emission information is tampered with faults and triggers a driver alarm system and a speed limiting torque limiter;
wherein, the counter C for the first power-on of the whole vehicle num The initial value of the value is set to 0, the minimum value is 0, and the counter C is used after the whole car is powered down num The value is automatically stored in the ECU cache and is continuously accumulated or subtracted after the next whole vehicle is powered on.
3. The method for identifying data tampering behavior based on clock synchronization technology as defined in claim 1, further comprising the steps of:
step 01: powering up the whole vehicle and waiting for the initialization of the nitrogen-oxygen sensor to finish;
step 02: the ECU is used as a master clock node to send a Relay-Req message to a slave clock node nitrogen-oxygen sensor;
step 03: the nitrogen-oxygen sensor responds to the Relay-Resp message and executes the steps 1-3;
step 04: judging whether a response Relay-Resp message of the nitrogen-oxygen sensor is received, if not, jumping to the step 05; if yes, executing the step 4;
step 05: repeatedly sending a Relay-Req message n times in a self-defined period; judging whether a Relay-Resp message is received within n times, if not, jumping to the step 06, if yes, executing the step 4;
step 06: judging whether the CAN bus or the nitrogen-oxygen sensor node reports a DSM error, if so, jumping to the step 07, and if not, jumping to the step 08;
step 07: stopping sending the Relay-Req message until the fault is eliminated;
step 08: and judging that the suspected emission fake-making equipment or the Relay-Req and Relay-Resp messages exist between the ECU and the nitrogen-oxygen sensor, wherein the suspected emission fake-making equipment is suspected to be intercepted by the emission fake-making equipment, the ECU reports that the suspected emission information is tampered with faults, and triggers a driver alarm system and a speed limit torque limiter.
4. The method for recognizing data tampering behavior based on clock synchronization technique as defined in claim 1, wherein in step 2, each byte of plaintext data is defined as follows: byte1-byte6 is the delay time t D The method comprises the steps of carrying out a first treatment on the surface of the byte7 is the result of the first check operation; byte8-byte16 is consecutive 9 bytes 0x09.
5. The method for recognizing data tampering behavior based on clock synchronization technology as claimed in claim 1, wherein in step 3, encryption processing is performed on plaintext data by using symmetric encryption algorithm AES-128, the same secret key K is built in both ECU and nitrogen-oxygen sensor, the plaintext data is encrypted by the secret key K built in the nitrogen-oxygen sensor to obtain a group of 16-byte ciphertext data, the ciphertext data is split into byte1-byte 8-byte ciphertext data a and byte9-byte 16-byte ciphertext data b, and the 8-byte ciphertext data a is obtained by ID:0x1800E53 is sent to the CAN bus, only one frame is sent; 8-byte ciphertext data b passes the ID: the 0x1800E54 is sent to the CAN bus, sending only one frame.
6. The data tampering behavior recognition device based on the clock synchronization technology is characterized by comprising a nitrogen-oxygen sensor and an ECU;
the nitrogen-oxygen sensor is used for calculating the message transmission delay time between the ECU and the nitrogen-oxygen sensor through a clock synchronization technology, and the delay time is defined as t D The method comprises the steps of carrying out a first treatment on the surface of the For delay time t D Performing checksum operation to obtain a first checksum operation result, and delaying for a time t D And the first check operation result forms plaintext data; encryption algorithm is utilized to encrypt plaintext data to obtainCiphertext data is sent to the CAN bus through a custom message;
the ECU is used for decrypting the ciphertext data by using a decryption algorithm to restore the ciphertext data into plaintext data after receiving the ciphertext data sent by the custom message from the CAN bus; obtaining delay time t in plaintext data D Performing checksum operation to obtain a second checksum operation result, comparing the second checksum operation result with the first checksum operation result in the plaintext data, and if the second checksum operation result is not equal to the first checksum operation result, considering that the current frame data is invalid and performing no next operation; if the frame data are equal, the current frame data are considered to be accurate and effective, and the delay time t is taken D The method comprises the steps of carrying out a first treatment on the surface of the Will delay time t D And a standard delay time t SD And comparing, and judging the data tampering behavior according to the comparison result.
7. The device for identifying data tampering behavior based on clock synchronization technology as defined in claim 6, wherein the ECU determines the data tampering behavior according to the comparison result, specifically as follows:
if delay time t D And a standard delay time t SD The comparison result is within the allowable tolerance range, the counter C num Subtracting 1 from the value;
if delay time t D And a standard delay time t SD The counter C is used for comparing the result with the allowable tolerance range num The value is added with 1;
when the counter C num When the value reaches the maximum value, judging that the suspected emission fake-making equipment exists between the ECU and the nitrogen-oxygen sensor, and the ECU reports that the suspected emission information is tampered with faults and triggers a driver alarm system and a speed limiting torque limiter;
wherein, the counter C for the first power-on of the whole vehicle num The initial value of the value is set to 0, the minimum value is 0, and the counter C is used after the whole car is powered down num The value is automatically stored in the ECU cache and is continuously accumulated or subtracted after the next whole vehicle is powered on.
8. The device for recognizing data tampering behavior based on clock synchronization technology as claimed in claim 6, wherein the ECU is further configured to, after the entire vehicle is powered on and waiting for initialization of the nitroxide sensor to complete, send a Relay-Req message to the nitroxide sensor of the slave clock node as the master clock node, if the nitroxide sensor response Relay-Resp message is not received, repeat the sending of the Relay-Req message n times in a custom period, if the Relay-Resp message is not received yet, determine whether the CAN bus or the nitroxide sensor node reports a DSM error, and if the DSM error exists, stop sending the Relay-Req message until the fault is eliminated; if the DSM error does not exist, judging that the suspected emission fake-making equipment or the Relay-Req and Relay-Resp messages are suspected to be intercepted by the emission fake-making equipment between the ECU and the nitrogen-oxygen sensor, and the ECU reports that the suspected emission information is tampered with the fault and triggers a driver alarm system and a speed limit torsion limiter;
the nitrogen-oxygen sensor is also used for responding to a Relay-Resp message.
9. The apparatus for recognizing tampering behavior of data based on clock synchronization technique as defined in claim 6, wherein each byte of said plaintext data is defined as follows: byte1-byte6 is the delay time t D The method comprises the steps of carrying out a first treatment on the surface of the byte7 is the result of the first check operation; byte8-byte16 is consecutive 9 bytes 0x09.
10. The device for recognizing data tampering behavior based on clock synchronization technology as defined in claim 6, wherein the nitrogen-oxygen sensor encrypts plaintext data by symmetric encryption algorithm AES-128, the ECU and the nitrogen-oxygen sensor each have the same secret key K built therein, the plaintext data is encrypted by the secret key K built in the nitrogen-oxygen sensor to obtain a group of 16-byte ciphertext data, the ciphertext data is split into byte1-byte 8-byte ciphertext data a and byte9-byte 16-byte ciphertext data b, and the 8-byte ciphertext data a is obtained by ID:0x1800E53 is sent to the CAN bus, only one frame is sent; 8-byte ciphertext data b passes the ID: the 0x1800E54 is sent to the CAN bus, sending only one frame.
CN202310042286.9A 2023-01-28 2023-01-28 Data tampering behavior identification method and device based on clock synchronization technology Active CN116055181B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310042286.9A CN116055181B (en) 2023-01-28 2023-01-28 Data tampering behavior identification method and device based on clock synchronization technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310042286.9A CN116055181B (en) 2023-01-28 2023-01-28 Data tampering behavior identification method and device based on clock synchronization technology

Publications (2)

Publication Number Publication Date
CN116055181A true CN116055181A (en) 2023-05-02
CN116055181B CN116055181B (en) 2023-07-11

Family

ID=86117744

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310042286.9A Active CN116055181B (en) 2023-01-28 2023-01-28 Data tampering behavior identification method and device based on clock synchronization technology

Country Status (1)

Country Link
CN (1) CN116055181B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH053481A (en) * 1991-06-25 1993-01-08 Toyota Central Res & Dev Lab Inc Serial multiplex communication system
US20130104638A1 (en) * 2010-07-08 2013-05-02 Hirotaka Takahashi NOx SENSOR DIAGNOSIS DEVICE AND SELECTIVE CATALYTIC REDUCTION SYSTEM
CN108924098A (en) * 2018-06-14 2018-11-30 北京汽车股份有限公司 Vehicle and the method and system for preventing vehicle data to be tampered
US20190156600A1 (en) * 2006-11-16 2019-05-23 Ge Global Sourcing Llc Locomotive sensor system for monitoring engine and lubricant health
CN110427783A (en) * 2019-08-01 2019-11-08 南京信业能源科技有限公司 A method of the anti-data tampering of weighing system is measured for supervision
CN113794734A (en) * 2021-09-26 2021-12-14 上汽通用五菱汽车股份有限公司 Vehicle-mounted CAN bus encryption communication method, control device and readable storage medium
US20220119020A1 (en) * 2016-08-08 2022-04-21 Transportation Ip Holdings, Llc Vehicle Control System

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH053481A (en) * 1991-06-25 1993-01-08 Toyota Central Res & Dev Lab Inc Serial multiplex communication system
US20190156600A1 (en) * 2006-11-16 2019-05-23 Ge Global Sourcing Llc Locomotive sensor system for monitoring engine and lubricant health
US20130104638A1 (en) * 2010-07-08 2013-05-02 Hirotaka Takahashi NOx SENSOR DIAGNOSIS DEVICE AND SELECTIVE CATALYTIC REDUCTION SYSTEM
US20220119020A1 (en) * 2016-08-08 2022-04-21 Transportation Ip Holdings, Llc Vehicle Control System
CN108924098A (en) * 2018-06-14 2018-11-30 北京汽车股份有限公司 Vehicle and the method and system for preventing vehicle data to be tampered
CN110427783A (en) * 2019-08-01 2019-11-08 南京信业能源科技有限公司 A method of the anti-data tampering of weighing system is measured for supervision
CN113794734A (en) * 2021-09-26 2021-12-14 上汽通用五菱汽车股份有限公司 Vehicle-mounted CAN bus encryption communication method, control device and readable storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李孟良;聂彦鑫;: "装配SCR系统的混合动力公交车排放特征研究", 汽车技术, no. 03 *
陈永标;方兴其;岑宗浩;: "IEEE 1588-协议中时钟同步性能的影响因素以及时间戳的生成方式分析", 微型电脑应用, no. 04 *

Also Published As

Publication number Publication date
CN116055181B (en) 2023-07-11

Similar Documents

Publication Publication Date Title
US11595422B2 (en) Method for preventing electronic control unit from executing process based on malicious frame transmitted to bus
Ueda et al. Security authentication system for in-vehicle network
US20200067958A1 (en) System and method for detection and prevention of attacks on in-vehicle networks
US20160323287A1 (en) Method for detecting and dealing with unauthorized frames in vehicle network system
US10012154B2 (en) Reduced power consumption with sensors transmitting data using current modulation
US11838303B2 (en) Log generation method, log generation device, and recording medium
JP4195272B2 (en) Method for recognizing error in data transmission inside CAN-controller, CAN-controller, program, recording medium, and control device
CN109076001A (en) Frame transmission prevents device, frame transmission prevention method and vehicle netbios
US11075927B2 (en) Fraud detection electronic control unit, electronic control unit, and non-transitory recording medium in which computer program is described
EP3249855B1 (en) Invalid frame handling method, invalidity detection electronic-control unit and vehicle-mounted network system
Lee et al. TTIDS: Transmission-resuming time-based intrusion detection system for controller area network (CAN)
US12124578B2 (en) System and method for identifying compromised electronic controller using intentionally induced error
US11394726B2 (en) Method and apparatus for transmitting a message sequence over a data bus and method and apparatus for detecting an attack on a message sequence thus transmitted
CN116055181B (en) Data tampering behavior identification method and device based on clock synchronization technology
US10348746B2 (en) Incident detection system including gateway device and server
CN111614531A (en) Monitoring a LIN node
CN112615766A (en) Safety monitoring device and method for vehicle network
CN113219210A (en) Vehicle speed sensor signal rationality diagnosis method and system
CN110572296A (en) Internet of things terminal equipment communication protocol consistency safety detection method
US10666671B2 (en) Data security inspection mechanism for serial networks
US20220006822A1 (en) Method for monitoring a data transmission system, data transmission system and motor vehicle
US20150220755A1 (en) Solution for security, safe and time integrity communications in automotive environments
CN115016426A (en) fail-safe system, method, storage and automobile
CN114760085A (en) System and method for detecting malicious CAN controller behavior from hostile clock control
CN115230772B (en) Urban rail train speed and distance measurement redundancy protection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant