KR102400260B1 - In-vehicle communication system based on edge computing using attribute-based access control and method thereof - Google Patents

Abstract

The present invention relates to an edge computing-based in-vehicle communication system and method using attribute-based access control, and the in-vehicle communication system according to an embodiment generates a cipher text for a message, and A transmission-ECU that generates a shuffled ciphertext by performing a shuffle operation, a security agent that generates a partially decrypted ciphertext by performing a partial decryption operation on the shuffled ciphertext, and a partially decrypted ciphertext It may include a receive-ECU that obtains a message by performing a decryption operation.

Description

Edge computing-based in-vehicle communication system using attribute-based access control and method therefor

The present invention relates to an in-vehicle communication system and method, and more particularly, to a technical idea of sharing a security key based on attribute-based access control and edge computing.

Due to the rapid development of vehicle technology, the need for data sharing between internal devices of a vehicle is increasing. Sharing data means improving data processing performance. For example, electronic control units (ECUs) provided in a vehicle may exchange information with each other to make important decisions.

However, in in-vehicle communications, there is a possibility that there are attackers who want to eavesdrop on important data and unauthorized users of data. The confidentiality of

In general, in-vehicle communication protocols such as the CAN (controller area network) protocol do not provide data encryption, decryption, and other cryptography, which are the most basic requirements for secure communication. Vulnerable to eavesdropping attacks.

Accordingly, efforts to improve the security problem of the protocol have been continued, but the existing studies for improving the security problem are having difficulties in implementation due to several problems.

Specifically, in previous studies, complex tasks had to be performed to meet the security requirements in in-vehicle communication, but typical ECUs cannot handle complex security operations due to their low computing power, so additional equipment had to be provided. That is, in the previous study, additional cost was caused by the addition of a device for secure operation.

In addition, existing studies tried to configure the protocol considering the real-time constraint of in-vehicle communication, but in the end, low-level basic security requirements (symmetric encryption, hash algorithm) were used using symmetric-based cryptographic schemes. etc.) were satisfied.

Korean Patent Registration No. 10-1882694, "Method and system for transmitting and receiving CAN messages including MAC"

S. Woo, H. J. Jo, I. S. Kim, and D. H. Lee, "A practical security architecture for in-vehicle CAN-FD," IEEE Trans. Intel. Transp. Syst., vol. 17, no. 8, pp. 2248-2261, Aug 2016. B. Groza and P.-S. Murvay, "Identity-based key exchange on in-vehicle networks: CAN-FD & FlexRay," Sensors, vol. 19, no. 22, p. 4919, 2019.

An object of the present invention is to provide an in-vehicle communication system and method capable of securing confidentiality and integrity of data without additional devices through secure operation processing based on edge computing.

Another object of the present invention is to provide an in-vehicle communication system and method capable of achieving a higher level of security requirements by achieving attribute-based access control and attribute/policy privacy through attribute-based encryption.

An in-vehicle communication system according to an embodiment of the present invention generates a cipher text for a message and performs a shuffle operation on the cipher text to generate a shuffled cipher text and a transmission-ECU, the shuffled cipher text It may include a security agent for generating a partially decrypted ciphertext by performing a partial decryption operation on the ciphertext, and a receiving-ECU for obtaining a message by performing a decryption operation on the partially decrypted ciphertext.

According to one side, the transmit-ECU may generate a data sharing key and generate a ciphertext for the data sharing key.

According to one side, at least one of the transmit-ECU and the receive-ECU may generate a time key through an operation based on a pre-stored group key and time slot information.

According to one side, the transmit-ECU may generate a ciphertext through an operation based on at least one of a time key, a pre-stored master public key, and a pre-stored policy set.

According to one side, the transmit-ECU may generate a shuffled ciphertext through a shuffle operation based on at least one of a time key and a pre-stored attribute index.

According to one side, the receiving-ECU transmits a request message for receiving the partially decrypted ciphertext to the security agent, and the security agent may perform a partial decryption operation upon receiving the request message.

According to one side, the security agent may generate a converted ciphertext from the shuffled ciphertext through an operation based on a pre-stored transformation secret key.

According to one side, the security agent may generate a ciphertext extracted from the converted ciphertext through an operation based on an inverse permuted attribute indices set for the receiving-ECU.

According to one side, the security agent partially decrypts the ciphertext from the ciphertext extracted through an operation based on at least one of the conversion secret key, the pre-stored re-encryption key, and the converted user attribute keys. can create

According to one side, the receiving-ECU may generate a transformed user attribute key based on the pre-stored user attribute key and time key, and transmit the inverse-permutation attribute index set and the transformed user attribute key to the security agent.

According to one side, the reception-ECU is obtained from a partially decrypted ciphertext through an operation based on at least one of decryption materials calculated through a partial decryption operation and a pre-stored attribute indices set for the reception-ECU. message can be obtained.

According to one side, each of the transmission-ECU, the security agent, and the reception-ECU may generate a signature and a nonce value, and perform mutual authentication based on the signature and the nonce value.

According to one side, the transmit-ECU may store the ID (identity) of the receive-ECU that obtained the message in a key table.

According to one side, the security agent may be an on-board unit (OBU) provided in-vehicle.

The security agent of the in-vehicle communication system according to an embodiment of the present invention includes a cipher text receiving unit that receives a cipher text, and a cipher text conversion that generates a cipher text converted from the cipher text through an operation based on a pre-stored transformation secret key. A ciphertext extractor that generates a ciphertext extracted from a ciphertext converted through an operation based on a copy and a pre-stored inverse permuted attribute indices set, and a partial decryption operation for the extracted ciphertext It may include a partial decryption unit for generating a partially decrypted ciphertext by performing the ciphertext.

According to one side, the cipher text includes a data sharing key and may be a cipher text shuffled through a shuffle operation.

According to one side, the security agent of the in-vehicle communication system further includes a message receiving unit for receiving a request message for receiving the partially decrypted cipher text, and the cipher text extracting unit generates the extracted cipher text when the request message is received can do.

In-vehicle communication method according to an embodiment of the present invention comprises the steps of generating, in a transmission-ECU, a cipher text for a message, and performing a shuffle operation on the cipher text to generate a shuffled cipher text; In the security agent, performing a partial decryption operation on the shuffled ciphertext to generate a partially decrypted ciphertext, and in the receiving-ECU, performing a decryption operation on the partially decrypted ciphertext to obtain a message may include

According to one embodiment, according to the present invention, the confidentiality and integrity of data can be secured without additional devices through secure operation processing based on edge computing.

In addition, the present invention can achieve a higher level of security requirements by achieving attribute-based access control and attribute/policy privacy through attribute-based encryption.

1 is a view for explaining an in-vehicle communication system according to an embodiment.
2 is a diagram for explaining a security agent of an in-vehicle communication system according to an embodiment.
3 is a diagram for explaining an implementation example of an in-vehicle communication system according to an embodiment.
4 is a diagram for explaining a process of managing a secret key used in an in-vehicle communication system according to an embodiment.
5A to 5E are diagrams for explaining a characteristic test result of an in-vehicle communication system according to an exemplary embodiment.
6 is a diagram for explaining an in-vehicle communication method according to an embodiment.
7 is a diagram for explaining an implementation example of an in-vehicle communication method according to an embodiment.

Hereinafter, various embodiments of the present document will be described with reference to the accompanying drawings.

Examples and terms used therein are not intended to limit the technology described in this document to a specific embodiment, but it should be understood to include various modifications, equivalents, and/or substitutions of the embodiments.

In the following, when it is determined that a detailed description of a known function or configuration related to various embodiments may unnecessarily obscure the gist of the present invention, a detailed description thereof will be omitted.

In addition, the terms to be described later are terms defined in consideration of functions in various embodiments, which may vary according to intentions or customs of users and operators. Therefore, the definition should be made based on the content throughout this specification.

In connection with the description of the drawings, like reference numerals may be used for like components.

The singular expression may include the plural expression unless the context clearly dictates otherwise.

In this document, expressions such as “A or B” or “at least one of A and/or B” may include all possible combinations of items listed together.

Expressions such as "first," "second," "first," or "second," can modify the corresponding elements regardless of order or importance, and to distinguish one element from another element. It is used only and does not limit the corresponding components.

When an (eg, first) component is referred to as being “connected (functionally or communicatively)” or “connected” to another (eg, second) component, a component is referred to as that other component. It may be directly connected to the element, or may be connected through another element (eg, a third element).

As used herein, "configured to (or configured to)" according to the context, for example, hardware or software "suitable for," "having the ability to," "modified to ," "made to," "capable of," or "designed to" may be used interchangeably.

In some circumstances, the expression “a device configured to” may mean that the device is “capable of” with other devices or parts.

For example, the phrase "a processor configured (or configured to perform) A, B, and C" refers to a dedicated processor (eg, an embedded processor) for performing the corresponding operations, or by executing one or more software programs stored in a memory device. , may refer to a general-purpose processor (eg, a CPU or an application processor) capable of performing corresponding operations.

Also, the term 'or' means 'inclusive or' rather than 'exclusive or'.

That is, unless stated otherwise or clear from context, the expression 'x employs a or b' means any one of natural inclusive permutations.

In the above-described specific embodiments, elements included in the invention are expressed in the singular or plural according to the specific embodiments presented.

However, the singular or plural expression is appropriately selected for the situation presented for convenience of description, and the above-described embodiments are not limited to the singular or plural component, and even if the component is expressed in plural, it is composed of the singular or , even a component expressed in the singular may be composed of a plural.

On the other hand, although specific embodiments have been described in the description of the invention, various modifications are possible without departing from the scope of the technical idea contained in the various embodiments.

Therefore, the scope of the present invention should not be limited to the described embodiments, but should be defined by the claims described below as well as the claims and equivalents.

1 is a view for explaining an in-vehicle communication system according to an embodiment.

The in-vehicle communication system described below may be implemented not only in the form of a system but also in the form of a protocol.

In addition, the user may mean all entities (eg, ECU, OBU) provided in the vehicle, but preferably may mean an entity that receives an encrypted message.

In addition, the attacker can be divided into a passive attacker and an active attacker. The passive attacker refers to a device connected to the CAN bus to eavesdrop on messages from CAN, and the active attacker is transmitted from a normal ECU and OBU. It can mean a device that causes serious problems with the vehicle by modifying one data or sending the wrong key.

Referring to FIG. 1 , all entities included in a vehicle may be connected to a CAN bus, which is a multi-master network, to perform mutual communication.

For example, each of a plurality of ECUs provided in the vehicle may share data (messages) with other ECUs and/or an on-board unit (OBU) through mutual communication.

However, since a typical ECU has low computing power, it is limited in advanced encryption processing that provides a high-level of security. In addition to normal users, the CAN bus can be accessed by attackers who want to eavesdrop on data and unauthorized users of data, resulting in security vulnerabilities.

In order to solve this problem, the in-vehicle communication system 100 according to an embodiment is data confidentiality, authentication (authentication), integrity (integrity), fine-grained access control (finegrained access control), policies and credentials Privacy (policy and credential privacy) can be supported.

In addition, the in-vehicle communication system 100 may perform edge computing-based security operation processing by using a security agent (SA) that processes an encryption operation on behalf of an ECU having low computing performance.

For example, the security agent may be an OBU. In other words, the in-vehicle communication system 100 performs an off-road encryption operation using the OBU provided in the vehicle without a separate additional device for complex security calculation processing (edge computing). implementation), it is possible to achieve high security requirements at low latency without incurring additional costs.

In addition, the in-vehicle communication system 100 provides an enhanced attribute-based encryption technology through a hidden policy and credential, and through this, data confidentiality for the security agent ( Attribute-based access control based on data confidentiality and policy privacy can be achieved.

Specifically, since all messages transmitted and received through the CAN bus are broadcast due to the characteristics of in-vehicle communication, attackers can easily eavesdrop on messages. Accordingly, the in-vehicle communication system 100 can guarantee the confidentiality of the message by providing a function that only the intended recipient can obtain the plaintext of the message. For example, the intended recipient may be a receive-ECU described below.

An attacker can impersonate a legitimate device by retransmitting messages exchanged between entities in a previous session. Accordingly, the in-vehicle communication system 100 may provide an authentication function between entities performing mutual communication.

Most of the data transmitted from the vehicle is for a specific ECU, not all ECUs, and if an in-vehicle communication node (e.g. ECU or OBU) is compromised by an attacker or some malicious node is connected to the CAN bus, CAN Messages sent over the bus can be exposed without access control. Accordingly, the in-vehicle communication system 100 may provide a detailed access control function.

In the in-vehicle communication system 100, a sender encrypts a message in which information about an intended recipient is reflected by using a policy specified according to an attribute for access control of message exchange, and at this time, the message is encrypted And in the decryption process, in order to avoid potential analysis or attacks that interfere with normal communication, it is possible to provide an enhanced attribute-based encryption function so that information about the sender and/or intended recipient is not exposed. For example, the sender may be a transmit-ECU described below.

On the other hand, the in-vehicle communication system 100 may use the Oracle model to capture the attacker's ability to access the CAN bus. Hereinafter, the Oracle model used to capture the function of the attacker will be described.

이라 할때, 통신 세션(communication sessions) t₁과 t₂에서 사용자 A와 B간에 수행되는 통신을 각각

및

이라 정의하며, 정의된

및

를 이용하여 어태커의 기능을 포착하는 오라클 모델들에 대하여 설명하기로 한다. Hereinafter, a protocol according to the in-vehicle communication system 100 is

In the communication sessions t ₁ and t ₂ , the communication performed between users A and B is

and

is defined as

and

We will explain the Oracle models that capture the attacker's function using .

오라클 모델은

와

사이의 모든 데이터를 도청 할 수 있는 모든 종류의 패시브 어태커를 모델링할 수 있다.

Oracle model is

Wow

You can model any kind of passive attacker that can eavesdrop on any data in between.

오라클 모델은

를 통해 송신되는 메시지 M을 보내는 액티브 어태커를 모델링할 수 있다.

Oracle model is

We can model an active attacker that sends a message M sent through

오라클 모델은 통신 세션 t₁에서 사용자A의 세션키(session key)를 노출하여 사용자 B와 공유할 수 있다.

Oracle model exposes user A's session key in communication session t ₁ and can share it with user B.

오라클 모델은 통신 세션 t₁에서 사용자 A의 장기 비밀키(long-term secret key)를 노출하여 사용자 B와 공유할 수 있다.

The oracle model exposes user A's long-term secret key in communication session t ₁ and can share it with user B.

오라클 모델은 세션키 보안(session key security)을 테스트할 수 있다. 프로토콜에서 이 오라클 모델과 두 사용자 A 및 B를 쿼리하면 임의의 비트에 따라 실제 세션키(session key) 또는 임의의 문자열(random string)을 반환(return)하며, 그렇지 않으면 유효하지 않은 출력을 반환할 수 있다.

The Oracle model can test session key security. Querying this Oracle model and two users A and B in the protocol will return the actual session key or a random string according to a random bit, otherwise it will return an invalid output. can

오라클 모델은 주어진 암호화 정책에 대한 프라이버시(privacy)를 테스트할 수 있다. 일례로 주어진 두 가지 정책 P₀ 및 P₁과 메시지 M을 이용하여 이 오라클 모델을 쿼리하면, 임의로 선택된(randomly selected) 랜덤 비트

에 따라 정책 P_b(P₀ 및 P₁)를 통해 메시지 M을 암호화하여 출력할 수 있다.

The Oracle model can test privacy for a given encryption policy. As an example, if we query this Oracle model using the given two policies P ₀ and P ₁ and message M, we get a randomly selected random bit

According to the policy P _b (P ₀ and P ₁ ), the message M can be encrypted and output.

오라클 모델은 사용자 크리덴셜(credential)의 프라이버시(privacy)를 테스트할 수 있다.

와 타겟 정책(target policy)(시스템의 정책)

을 입력으로 쿼리할 때,

의 크리덴셜 또는 두 크리덴셜의 특성이 정책

를 만족하거나, 만족하지 않는다는 제한이 있는 임의로 선택된 크리덴셜을 출력할 수 있다.

The Oracle model can test the privacy of user credentials.

and the target policy (the policy of the system)

When querying as input,

The credential of or two credential attributes of this policy

It is possible to output an arbitrarily selected credential that satisfies or is not satisfied.

Hereinafter, an encryption algorithm used in the in-vehicle communication system 100 according to an embodiment will be described.

The in-vehicle communication system 100 transmits/receives using a hash function and symmetric encryption using a pseudo random function (PRF) and a pseudo random permutation (PRP), respectively You can encrypt/decrypt the received message.

PRF is an efficient function defined by (K; X; Y), and may return a pseudo random output sequence as shown in Equation 1 below.

[Equation 1]

는 입력 공간(input space)이며,

를 만족할 수 있다. Here, K _H is a key space,

is the input space,

can be satisfied with

를 포함할 수 있다. PRP is an efficient inversion algorithm.

may include

The in-vehicle communication system 100 may use a shuffle function, which is a pseudo random permutation, for attribute-based encryption enhanced through a hidden policy and credentials.

Since the shuffle function has the same input and output space, it can return a pseudo random output sequence as shown in Equation 2 below.

[Equation 2]

는 입력 및 출력 공간(input and output space)일 수 있으며, 셔플 함수에 대한 반전 알고리즘(inversion algorithm)은

로 표현될 수 있다. Here, K _SH is a key space,

can be an input and output space, and the inversion algorithm for the shuffle function is

can be expressed as

As described above, in order to utilize edge computing resources, the in-vehicle communication system 100 may perform an offloaded encryption operation using a security agent that utilizes computing resources more advanced than the ECU.

Here, since the security agent must consider the honest-but-curious characteristic, the in-vehicle communication system 100 provides a confidentiality against property of the security agent for proxy decryption, a hidden property of the security agent (hidden attributes) and hidden policies characteristics must be satisfied.

과 사용자 비밀키(secret keys)

로 'ProxyDecrypt1' 알고리즘을 수행할 수 있다. 여기서,

는 셔플 함수(shuffle function)를 통해 셔플 연산이 수행된 암호문으로, 셔플 연산은 각 타임 슬롯(time slot) k에서의 타임키(time key)

가 사용될 수 있다. Specifically, the in-vehicle communication system 100 is a cipher text designated to preserve confidentiality of an encrypted message with respect to a security agent (proxy).

and user secret keys

'ProxyDecrypt1' algorithm can be executed. here,

is a ciphertext in which a shuffle operation is performed through a shuffle function, and the shuffle operation is a time key in each time slot k.

can be used.

를 알 수 없으므로, 보안 에이전트는 암호문

에서 원래의 암호 텍스트

를 복구하고 암호 텍스트

를 완벽하게 복호화할 수 없다.At this time, in the security agent, the time key

is unknown, so the security agent

original cipher text from

Recover and cipher text

cannot be completely decrypted.

가 사용자 비밀키 AK_Ur에 포함된 비밀을 보호하기 위해 도입되므로 사용자 비밀키 AK_Ur가 노출이 되더라도 기밀성에는 영향을 미치지 않는다. 즉, 타임키

를 알지 못하면 보안 에이전트는 암호문에서 메시지를 차단하는 팩터(factor)

를 제거하여 기밀성을 침해할 수 없다.Specifically, the in-vehicle communication system 100 is an additional secret key unknown to the security agent, the time key.

is introduced to protect the secret contained in the user secret key AK _Ur , so even if the user secret key AK _Ur is exposed, the confidentiality is not affected. i.e. time key

Without knowing the factor, the security agent blocks the message in the ciphertext.

Confidentiality cannot be infringed by removing

In order to hide the encrypted policy from security agents and outsiders, the in-vehicle communication system 100 may use a message tuple, which is a divided partial message, in an encryption process.

More specifically, the in-vehicle communication system 100 generates a policy based on three criteria: a required attribute, an unsolicited attribute, and an irrelevant attribute for exchanging a session key for data exchange between entities, and Data can be encrypted based on An example of performing key exchange in the in-vehicle communication system 100 will be described in more detail with reference to FIG. 3 in the following embodiment.

That is, if an attacker attempts to identify whether a ciphertext is encrypted using at least one of two policies P ₀ and P ₁ , the attacker must first decrypt the encrypted message tuple, otherwise all encrypted messages in the ciphertext Tuples can be treated as random variables. If the confidentiality of the message tuple is guaranteed based on ElGamal encryption, the attacker may not be able to learn any policy information.

Meanwhile, since the in-vehicle communication system 100 needs to know attribute indices of each receiving entity (eg, receiving-ECU) for a partial decryption operation using the ProxyDecrypt1 algorithm, user attribute information (user attribute information) can be exposed.

를 부분 복호화 연산을 위해 프록시에 제공할 수 있다.For example, the in-vehicle communication system 100 is an inverse permuted attribute indices set for receive-ECU r.

can be provided to the proxy for partial decryption operation.

를 사용하므로, 알고리즘의 출력은 각 메시지 튜플에 대하여

로 유지될 수 있다. 여기서,

는 메시지 튜플,

는 제너레이터(generator),

는 속성 인덱스와 순열 속성 인덱스 및 역-순열 속성 인덱스,

는 셔플함수

를 이용하여 치환된

일 수 있다. The ProxyDecrypt1 algorithm, which performs partial decryption operations, is an inverse-permutation attribute index set.

, so the output of the algorithm is for each message tuple

can be maintained as here,

is the message tuple,

is a generator,

is the attribute index and permutation attribute index and inverse-permutation attribute index,

is the shuffle function

replaced with

can be

를 알고 있는 수신 엔티티(일례로, 수신-ECU)는 역-순열 속성 인덱스

를 연산하고, 튜플(복호화 자료)

을 사용하여

를 캔슬(cancel)하여, ProxyDecrypt2 알고리즘에 의한 복호화 연산(decryption procedure) 동안 각 메시지 튜플

을 복구할 수 있다. Therefore, the time key

A receiving entity (e.g., receiving-ECU) that knows

, and tuple (decrypted data)

using

By canceling , each message tuple during the decryption procedure by the ProxyDecrypt2 algorithm

can be restored

The in-vehicle communication system 100 may use at least one or more algorithms to perform the above-described communication process. Hereinafter, an algorithm used in the above-described communication process will be described.

알고리즘은 제너레이터(generator)를 갖는 프라임 오더(prime order) p의 사이클릭 그룹(cyclic group)

를 선택할 수 있다. 다음으로, 시스템의 모든 속성에 대해

및 랜덤 넘버(random numbers)

가 되도록 큰 프라임 넘버(prime number) q를 선택할 수 있다. 여기서,

는 시스템에 대한 속성 인덱스(attribute indices)의 범용 세트(universal set)이고, N은 속성의 개수(number of system attributes)일 수 있다.

The algorithm is a cyclic group of prime order p with a generator

can be selected. Next, for all properties of the system

and random numbers

We can choose a prime number q that is large so that here,

is a universal set of attribute indices for the system, and N may be the number of system attributes.

알고리즘은 하기 수학식3과 같은 시스템의 마스터 공개키(master public key) MPK를 생성할 수 있다.after

The algorithm may generate a master public key MPK of the system as shown in Equation 3 below.

[Equation 3]

를 만족할 수 있다.Here, Equation 3 is

can be satisfied with

를 생성할 수 있으며, 여기서 변환 비밀키 TK는 모든

에 대해

을 만족할 수 있다. Then, randomly select the master secret key MSK = K _S and set the transformation secret key

, where the transformation secret key TK is all

About

can be satisfied with

알고리즘은 시스템의 모든 사용자에 대한 그룹키(group key) K_group를 생성할 수 있다. Finally,

The algorithm can generate a group key K _group for all users of the system.

알고리즘은 사용자 속성키(user attribute keys)

를 생성할 수 있으며, 여기서

는 사용자 j의 속성 인덱스 세트(attributes indices set)일 수 있다.

Algorithms are user attribute keys

can be created, where

may be an attribute indices set of user j.

알고리즘은 모든 속성 인덱스 세트 I_j에 대하여 재암호화키(re-encryption key)

(여기서,

)를 생성할 수 있으며,

은 최종적으로 사용자 j에 대한 사용자 속성키 SK_UJ 및 재암호화키 RK_UJ를 출력할 수 있다. to the next,

The algorithm uses a re-encryption key for all attribute index sets I _j .

(here,

) can be created,

can finally output the user attribute key SK _UJ and the re-encryption key RK _UJ for user j.

알고리즘은 그룹키 K_group 및 타임 슬롯 t_k를 입력으로 수신하여, 타임키

를 출력하며, 여기서 r_k는 랜덤하게 선택되는 임의의 값으로, 다른 타임 슬롯 t_k과 구분되는 값일 수 있다.

The algorithm receives the group key K _group and time slot t _k as inputs, and the time key

, where r _k is a randomly selected value and may be a value differentiated from other time slots t _k .

알고리즘은 타임키

및 사용자 속성키 SK_Uj를 입력으로 수신하여, 변환된 사용자 속성키(transformed user attribute key)

를 출력할 수 있다.

Algorithm is time key

And by receiving the user attribute key SK _Uj as an input, a transformed user attribute key (transformed user attribute key)

can be printed out.

알고리즘은 마스터 공개키 MPK, 정책 세트(policy set) T(여기서

), 타임키

및 메시지 M을 입력으로 수신하여, 메시지 M의 암호문(ciphertext)

을 출력할 수 있다.

The algorithm is the master public key MPK, policy set T (where

), time key

and receiving the message M as input, the ciphertext of the message M

can be printed out.

가 요구되는 경우에는

으로 결정되고, 속성

가 요구되지 않는 경우에는

으로 결정되며, 속성

와 상관 없는 경우에는

으로 결정될 수 있다. On the other hand, each policy t _i constituting the policy set T has an attribute

If is required

is determined by the property

If is not required

is determined by the property

In case it has nothing to do with

can be determined as

알고리즘은 하기 수학식4와 같이, 각 속성

에 따라 메시지 튜플

을 생성할 수 있다. Specifically,

Algorithm as shown in Equation 4 below, each attribute

message tuple according to

can create

[Equation 4]

는

조건을 만족할 수 있다. Here, an arbitrarily selected value

Is

condition can be satisfied.

알고리즘은 무작위로

를 선택하고,

를 이용하여, 하기 수학식5와 같이 각 메시지 튜플

을 암호화하여 암호문

을 출력할 수 있다. to the next,

Algorithm is random

select and

Using , each message tuple as shown in Equation 5 below

by encrypting the ciphertext

can be printed out.

[Equation 5]

는 시퀀스(sequence)일 수 있다. here,

may be a sequence.

알고리즘은 하기 수학식6과 같이 의사 난수 순열(pseudo random permutation)을 통해 튜플의 순서(order)를 순열하여 셔플된 암호문을 출력할 수 있다.

The algorithm may output a shuffled ciphertext by permuting the order of tuples through pseudo random permutation as shown in Equation 6 below.

[Equation 6]

는 셔플 함수로서, 타임키

및 속성 인덱스

를 입력으로 수신하여, 치환된

를 출력할 수 있다.here,

is a shuffle function, the time key

and attribute index

by receiving as input, the substituted

can be printed out.

알고리즘은 변환 비밀키(transformation secret key) TK를 사용하여 셔플된 암호문

을 하기 수학식7과 같이 변환하고, 변환된 암호문

를 출력할 수 있다.

The algorithm uses the transformation secret key TK to shuffle the ciphertext

is converted as in Equation 7 below, and the converted ciphertext

can be printed out.

[Equation 7]

알고리즘은 변환된 암호문

및 역-순열 속성 인덱스 세트

를 입력으로 수신하여 하기 수학식8과 같이 암호문

을 출력할 수 있다.

Algorithm converted ciphertext

and inverse-permutation attribute index set

by receiving as an input, the cipher text as shown in Equation 8 below

can be printed out.

[Equation 8]

알고리즘은 추출된 암호문

, 변환된 사용자 속성키 AK_Ur, 재암호화키 RK_Ur 및 변환 비밀키 TK를 입력으로, 하기 수학식9와 같이 부분 복호화된 암호문(partial decrypted ciphertext)

및 복호화 자료(decryption materials) AM_rj를 출력할 수 있다.

Algorithm is the extracted ciphertext

, the converted user attribute key AK _Ur , the re-encryption key RK _Ur and the converted secret key TK as inputs, a partially decrypted ciphertext as shown in Equation 9 below

and decryption materials AM _rj may be output.

[Equation 9]

,

일 수 있다. here,

,

can be

알고리즘은 부분 복호화된 암호문

, 복호화 자료 AM_rj를 사용자(수신 엔티티)의 속성 인덱스 세트

을 입력으로 수신하여, 하기 수학식10과 같이 메시지 M을 출력할 수 있다.

Algorithm is a partially decrypted ciphertext

, the decrypted data AM _rj , the set of attribute indexes of the user (receiving entity)

By receiving as an input, it is possible to output a message M as shown in Equation 10 below.

[Equation 10]

An encryption/decryption process performed in the in-vehicle communication system 100 according to an embodiment will be described in more detail later with reference to FIG. 3 according to the embodiment.

2 is a diagram for explaining a security agent of an in-vehicle communication system according to an embodiment.

In other words, FIG. 2 is a view for explaining an example of an in-vehicle communication system according to an embodiment described with reference to FIG. 1 , and the description overlaps with the content described with reference to FIG. 1 among the contents described with reference to FIG. 2 to be omitted.

Referring to FIG. 2 , a security agent 300 according to an embodiment may include a cipher text receiving unit 210 , a cipher text converting unit 220 , a cipher text extracting unit 230 , and a partial decrypting unit 240 . can

The cipher text receiving unit 210 according to an embodiment receives the cipher text, and the cipher text converting unit 220 according to an embodiment is the cipher text converted from the cipher text through an operation based on a pre-stored transformation secret key. can create

According to one side, the cipher text includes a data sharing key and may be a cipher text shuffled through a shuffle operation.

Preferably, the encrypted text receiving unit 210 may receive the shuffled encrypted text from at least one transmission-ECU provided in the vehicle.

The ciphertext extractor 230 according to an embodiment may generate a ciphertext extracted from the converted ciphertext through an operation based on a pre-stored inverse permuted attribute indices set.

For example, the ciphertext extracting unit 230 may be an inverse-permutation attribute index set for the receiving-ECU that receives the partially decrypted ciphertext to be described below and performs a decryption operation.

According to one side, the security agent 200 may further include a message receiving unit 250 for receiving a request message for receiving the partially decrypted ciphertext.

In addition, the ciphertext extraction unit 230 may generate the extracted ciphertext when the request message is received.

For example, the message receiving unit 250 may be at least one receiving-ECU to which the transmission-ECU intends to transmit the data sharing key.

The partial decryption unit 240 according to an embodiment may generate a partially decrypted ciphertext by performing a partial decryption operation on the extracted ciphertext.

For example, the partial decryption unit 240 may deliver the partially decrypted ciphertext to at least one receiving-ECU that has transmitted the request message, and the receiving-ECU performs a decryption operation on the partially decrypted ciphertext to perform a data sharing key can be obtained.

The security agent 200 according to an embodiment will be described in more detail with reference to FIG. 3 in the following embodiment.

3 is a diagram for explaining an implementation example of an in-vehicle communication system according to an embodiment.

In other words, FIG. 3 is a view for explaining an example of an in-vehicle communication system according to an embodiment described with reference to FIGS. 1 and 2 , and among the contents described with reference to FIG. 3 , it has been described with reference to FIGS. 1 and 2 A description that overlaps with the content will be omitted.

Referring to FIG. 3 , the in-vehicle communication system 300 according to an embodiment may secure confidentiality and integrity of data through secure operation processing based on edge computing without additional devices.

In addition, the in-vehicle communication system 300 according to an embodiment may achieve a higher level of security requirements by achieving attribute-based access control and attribute/policy privacy through attribute-based encryption.

To this end, the in-vehicle communication system 300 may include a sender-ECU (ECU) 310 , a security agent 320 , and a receiver-ECU 330 . .

For example, the in-vehicle communication system 300 may be a system for controlling in-vehicle communication based on a controller area network (CAN) protocol.

In addition, the transmit-ECU 310 may be an ECU that generates a policy among a plurality of ECUs provided in the vehicle and broadcasts an encrypted message based on the generated policy, and the receive-ECU 330 is the vehicle It may mean at least one ECU that meets a policy corresponding to an encrypted message among a plurality of ECUs included in the ECU. In other words, the receive-ECU 330 may mean a single or a plurality of target ECUs that want to receive a message from the transmit-ECU 310 .

을 생성하고, 암호문

에 대한 셔플(shuffle) 연산을 수행하여 셔플된 암호문

을 생성할 수 있다. Transmission-ECU 310 according to an embodiment is a cipher text for message M

generate a ciphertext

The ciphertext shuffled by performing a shuffle operation on

can create

According to one side, the transmit-ECU 310 may generate a data sharing key and generate a cipher text for the data sharing key. For example, the data sharing key may be a session key for data sharing between the transmit-ECU 310 and the receive-ECU 330 .

In other words, the in-vehicle communication system 300 may be a system that supports key exchange between the transmit-ECU 310 and the receive-ECU 330 .

According to one side, the transmit-ECU 310 generates a policy through three criteria of a required attribute, a non-required attribute, and an irrelevant attribute for exchanging a session key, and generates a ciphertext based on these policies, but a security agent From 320, a group key K _group and a shuffle operation can be used to protect data confidentiality, policy, and personal information.

를 생성할 수 있다. Specifically, the transmit-ECU 310 performs an operation based on the pre-stored group key K _group and time slot information t _k to obtain a time key.

can create

를 생성할 수 있다. Preferably, the transmit-ECU 310 is a time key through an operation based on the TimeKeyGen algorithm that takes the group key K _group and time slot information t _k as inputs.

can create

, 기저장된 마스터 공개키(master public key) MPK 및 기저장된 정책 세트(policy set) T 중 적어도 하나에 기초한 연산을 통해 암호문

을 생성할 수 있다. Next, the transmit-ECU 310 is a time key

, ciphertext through an operation based on at least one of a prestored master public key MPK and a prestored policy set T

can create

및 메시지 M을 입력으로 수신하는 Encrypt 알고리즘에 기초한 연산을 통해 메시지 M의 암호문

을 생성할 수 있다. Preferably, the transmit-ECU 310 has a master public key MPK, a policy set T, a time key

and the ciphertext of the message M through an operation based on the Encrypt algorithm that receives the message M as input.

can create

및 기저장된 속성 인덱스(attribute index)

중 적어도 하나에 기초한 셔플 연산을 통해 셔플된 암호문

을 생성할 수 있으며, 셔플된 암호문

을 보안 에이전트(320)에 송신할 수 있다.Next, the transmit-ECU 310 is a time key

and a pre-stored attribute index.

ciphertext shuffled through a shuffle operation based on at least one of

can generate, and the shuffled ciphertext

may be sent to the security agent 320 .

및 속성 인덱스

를 입력으로 수신하는 Shuffle 알고리즘에 기초한 연산을 통해 셔플된 암호문

을 생성할 수 있다. Preferably, the transmit-ECU 310 is a time key

and attribute index

Shuffled ciphertext through an operation based on the Shuffle algorithm that receives as input

can create

에 대한 부분 복호화(partial decryption) 연산을 수행하여 부분 복호화된 암호문

을 생성할 수 있다. The security agent 320 according to an embodiment is a shuffled ciphertext

Partially decrypted ciphertext by performing a partial decryption operation on

can create

For example, the security agent 320 may be an on-board unit (OBU) provided in the Charang.

을 수신하기 위한 요청 메시지(request message)를 보안 에이전트에 전달하고, 보안 에이전트(320)는 요청 메시지를 수신하면, 부분 복호화 연산을 수행할 수 있다. According to one side, the receiving-ECU 330 is partially decrypted ciphertext.

A request message for receiving is transmitted to the security agent, and upon receiving the request message, the security agent 320 may perform a partial decryption operation.

이 보안 에이전트(320)로 전달되는 것을 인지할 수 있으며 이를 통해 요청 메시지를 전달할 수 있다. Specifically, the receive-ECU 330 transmits the ciphertext shuffled in the transmit-ECU 310 via the CAN bus.

It can recognize that it is delivered to the security agent 320 and can deliver the request message through this.

으로부터 변환된 암호문

을 생성할 수 있다. According to one side, the security agent 320 is a ciphertext that is shuffled through an operation based on a pre-stored transformation secret key TK.

ciphertext converted from

can create

를 입력으로 수신하는 TransformCiperText 알고리즘에 기초한 연산을 통해 변환된 암호문

을 생성할 수 있다. Preferably, the security agent 320 includes the transformation secret key TK and the shuffled ciphertext.

Cipher text transformed through an operation based on the TransformCiperText algorithm that receives as input

can create

에 기초한 연산을 통해 변환된 암호문

으로부터 추출된 암호문

을 생성할 수 있다. According to one side, the security agent 320 for the receive-ECU 330 - inverse permuted attribute index set (inverse permuted attribute indices set)

A ciphertext converted through an operation based on

ciphertext extracted from

can create

및 변환된 암호문

을 입력으로 수신하는 Extract 알고리즘에 기초한 연산을 통해 암호문

을 추출할 수 있다. Preferably, the security agent 320 sets the inverse-permutation attribute index

and the converted ciphertext

ciphertext through an operation based on the Extract algorithm that receives as input

can be extracted.

으로부터 부분 복호화된 암호문

을 생성하고, 부분 복호화된 암호문

을 수신-ECU(330)에 송신할 수 있다. According to one side, the security agent 320 extracts through an operation based on at least one of the conversion secret key TK, the pre-stored re-encryption key RK _Ur , and the converted user attribute keys AK _Ur . ciphertext

Partially decrypted ciphertext from

generates a partially decrypted ciphertext

may be transmitted to the receive-ECU 330 .

, 변환된 사용자 속성키 AK_Ur, 재암호화키 RK_Ur 및 변환 비밀키 TK를 입력으로 수신하는 ProxyDecrypt1 알고리즘에 기초한 연산을 통해 부분 복호화된 암호문

및 복호화 자료(decryption materials) AM_rj를 생성할 수 있으며, 부분 복호화된 암호문

및 복호화 자료 AM_rj를 수신-ECU(330)에 송신할 수 있다.Preferably, the security agent 320 is the extracted ciphertext.

, partially decrypted ciphertext through an operation based on the ProxyDecrypt1 algorithm that receives the transformed user attribute key AK _Ur , the re-encryption key RK _Ur and the transformed secret key TK as inputs

And it is possible to generate a decryption material (decryption materials) AM _rj , the partially decrypted ciphertext

and decoded data AM _rj may be transmitted to the receive-ECU 330 .

과 이후 수신-ECU(330)에서 수행될 제2 복호화 연산(복호화 연산) 과정에서 필요한 복호화 자료 AM_rj를 수신-ECU(330)에 송신할 수 있다.In other words, the security agent 320 is a partially decrypted ciphertext that has undergone a first decryption operation (partial decryption operation).

Decoding data AM _rj required in the second decoding operation (decryption operation) to be performed by the reception-ECU 330 may be transmitted to the reception-ECU 330 .

에 대한 복호화 연산을 수행하여 메시지 M를 획득할 수 있다. Receiving-ECU 330 according to an embodiment is partially decrypted ciphertext

A message M may be obtained by performing a decryption operation on .

를 생성할 수 있다.According to one side, the reception-ECU 330 is a time key (time key) through an operation based on the pre-stored group key K _group and time slot information t _k

can create

에 기초한 연산을 통해 변환된 사용자 속성키 AK_Uj를 생성하고, 기저장된 역-순열 속성 인덱스 세트

와 변환된 사용자 속성키 AK_Uj를 보안 에이전트(320)에 전달할 수 있다. In addition, the reception-ECU 330 has a pre-stored user attribute key SK _Uj and a time key.

A transformed user attribute key AK _Uj is generated through an operation based on

and the converted user attribute key AK _Uj may be transmitted to the security agent 320 .

및 부분 복호화된 암호문

에 필요한 역-순열 속성 인덱스 세트

와 변환된 사용자 속성키 AK_Uj를 보안 에이전트(320)에 전달할 수 있다. That is, the receiving-ECU 330 is the extracted cipher text.

and partially decrypted ciphertext

set of inverse-permutation attribute indices required for

and the converted user attribute key AK _Uj may be transmitted to the security agent 320 .

가 사용될 수 있다. In other words, the receiving-ECU 330 may transmit its key to the security agent 320 to request decryption, and in this process, time to hide the key of the receiving-ECU 330 from the security agent 320 . key

can be used.

및 사용자 속성키 SK_Uj를 입력으로 수신하는 TransformUserKey 알고리즘에 기초한 연산을 통해 변환된 사용자 속성키 AK_Uj를 생성할 수 있다. Preferably, the receive-ECU 330 is a time key

And it is possible to generate a transformed user attribute key AK _Uj through an operation based on the TransformUserKey algorithm that receives the user attribute key SK _Uj as an input.

중 적어도 하나에 기초한 연산을 통해 부분 복호화된 암호문으로부터 메시지를 획득할 수 있다. According to one side, the reception-ECU 330 is the decoded data AM _rj and the pre-stored reception-ECU attribute index set (attribute indices set)

A message may be obtained from the partially decrypted ciphertext through an operation based on at least one of

, 복호화 자료 AM_rj 및 수신-ECU에 대한 속성 인덱스 세트

를 입력으로 수신하는 ProxyDecrypt2 알고리즘에 기초한 복호화 연산(제2 복호화 연산)을 통해 송신-ECU(310)로부터 수신한 원문 메시지 M을 획득할 수 있다. Preferably, the receive-ECU 330 is a partially decrypted ciphertext.

, the set of attribute indexes for the decrypted data AM _rj and the receive-ECU

The original message M received from the transmit-ECU 310 may be obtained through a decryption operation (second decryption operation) based on the ProxyDecrypt2 algorithm that receives as an input.

According to one side, the transmission-ECU 310 , the security agent 320 and the reception-ECU 330 each generate a signature and a nonce value, and based on the generated signature and the nonce value, mutually authentication can be performed.

In other words, each of the transmission-ECU 310, the security agent 320, and the reception-ECU 330 may be preceded by a mutual authentication process based on the generated signature and nonce value in each of the above-described mutual communication processes. .

In addition, the transmit-ECU 310 may store the ID (identity) of the receive-ECU 330 that obtained the message M in a key table.

More specifically, the transmit-ECU 310 may receive the ID of the receive-ECU 330 that has received the data sharing key of the message M from the receive-ECU 330, and store the received ID in the provided key table. there is.

That is, the descriptions described above in FIG. 3 may be performed at the vehicle starting time, and then, during the driving time of the vehicle, the transmitting-ECU 310 and the receiving-ECU 320 sharing the data sharing key are the security agents 320 . It is also possible to communicate with each other using the data sharing key without the intervention of the user.

An authentication process and an ID storage process performed through the in-vehicle communication system 300 according to an embodiment will be described in more detail later with reference to FIG. 6 of the embodiment.

Meanwhile, the in-vehicle communication system 300 according to an exemplary embodiment transmits keys and information necessary for the operation process of each of the transmission-ECU 310 , the security agent 320 , and the reception-ECU 330 to a trust authority. ) can be obtained from

According to one side, the trusted authority may be provided inside or outside the vehicle in which the in-vehicle communication system 300 is mounted.

A trusted authority according to an embodiment will be described in more detail with reference to FIG. 4 in the following embodiment.

4 is a diagram for explaining a process of managing a secret key used in an in-vehicle communication system according to an embodiment.

Referring to FIG. 4 , reference numeral 400 illustrates an example of generating and distributing a long-term secret key by a trust authority (TA) according to an embodiment.

를 생성할 수 있다. Referring to reference numeral 400, the trusted authority according to an embodiment uses a setup algorithm, a master secret key MSK, a master public key MPK, a conversion secret key TK, a group key K _group , and a long-term key exchanged between each ECU ( long-term key)

can create

Next, the trusted authority may generate a user attribute key SK _Uj and a re-encryption key RK _Uj for each ECU _j by using the KeyGen algorithm.

를 대응되는 ECU_j 각각에 제공할 수 있다. The trusted authority publishes the master public key MPK, keeps the master secret key MSK secretly,

is the corresponding ECU _j can be provided for each.

를 보안 에이전트에 제공하고, 그룹키 K_group를 각 ECU_j에 제공할 수 있다. In addition, the trusted authority is responsible for the re-encryption key RK _Uj , the transformation secret key TK and all ECU _j

can be provided to the security agent, and the group key K _group can be provided to each ECU _j .

5A to 5E are diagrams for explaining a characteristic test result of an in-vehicle communication system according to an exemplary embodiment.

및 수신 속성의 개수

에 따른 데이터 위상 비트율(data phase bit rate) 및 실행 시간(execution time) 특성을 도시한다. 5A to 5E, reference numeral 510 denotes the number of receive-ECUs when the number of system attributes is 16.

and the number of received attributes.

The data phase bit rate and execution time characteristics are shown according to

및 수신 속성의 개수

에 따른 데이터 위상 비트율 및 실행 시간 특성을 도시한다.Reference numeral 520 denotes the number of receive-ECUs when the number of system attributes is 32.

and the number of received attributes.

The data phase bit rate and execution time characteristics according to

가 10개일 때, 시스템 속성의 개수

에 따른 수신 속성의 개수

및 실행 시간 특성을 도시하며, 여기서 각각의 Reference numeral 530 denotes the number of receive-ECUs.

When is 10, the number of system properties

Number of reception properties according to

and run time characteristics, where each

및 송신-ECU의 개수

에 따른 시스템 속성의 개수

및 실행 시간 특성을 도시하며, 여기서 송신-ECU 각각은 10개의 수신-ECU가 할당될 수 있다.Reference numeral 540 denotes the number of receive-ECUs.

and number of transmit-ECUs

number of system properties according to

and run-time characteristics, where each transmit-ECU may be assigned 10 receive-ECUs.

및 송신-ECU의 개수

에 따른 데이터 위상 비트율 및 실행 시간 특성을 도시하며, 여기서 송신-ECU 각각은 10개의 수신-ECU가 할당될 수 있다. Reference numeral 550 denotes the number of receive-ECUs.

and number of transmit-ECUs

It shows the data phase bit rate and execution time characteristics according to , where 10 receive-ECUs may be allocated to each transmit-ECU.

Reference numerals 510 to 550 show results derived from the in-vehicle communication system according to an embodiment implemented in the form of a protocol.

Referring to reference numerals 510 to 520, in the in-vehicle communication system according to an embodiment, it can be seen that the data phase bit rate increases as the communication delay on the CAN bus decreases, and thus the execution time decreases.

는 프로토콜 실행 시간에 거의 영향을 미치지 않지만, 시스템 속성의 개수

는 실행시간에 크게 영향을 미친다는 것을 확인할 수 있다. In addition, the number of reception attributes

has little effect on the protocol execution time, but the number of system properties

It can be seen that this significantly affects the execution time.

However, even if it is assumed that 32 system properties exist because there are a plurality of ECUs with overlapping roles inside the vehicle, the execution time appears to be less than 1 second, which means that the in-vehicle communication system according to an embodiment requires actual security. This means that the requirements can be satisfied.

는 프로토콜 실행 시간에 거의 영향을 미치지 않지만, 시스템 속성의 개수

는 실행시간에 크게 영향을 미친다는 것을 확인할 수 있다.According to reference numeral 530, as described above, the number of reception attributes

has little effect on the protocol execution time, but the number of system properties

It can be seen that this significantly affects the execution time.

에 영향을 받는 연산(Extract 알고리즘 및 ProxyDecrypt1 알고리즘 등)이 고성능 장치인 보안 에이전트에서 수행되기 때문이다. This is the number of received attributes

This is because operations (such as the Extract algorithm and ProxyDecrypt1 algorithm) that are affected by

의 변화는 프로토콜 실행 시간의 차이에 약간의 영향만을 미친다는 것을 확인할 수 있다. According to reference numeral 540, when ten receive-ECUs access a message from one transmit-ECU, the number of system attributes

It can be seen that the change of , only slightly affects the difference in protocol execution time.

와 관련된 암호화 알고리즘 실행 시간이 일반적으로 통신 지연보다 훨씬 길기 때문이다. 즉, 메시지를 동시에 전송하는 송신-ECU의 개수가 증가함에 따라 통신 지연이 증가함을 확인할 수 있다. This is the number of system attributes when the priority of the message is determined.

This is because the cryptographic algorithm execution time associated with it is usually much longer than the communication delay. That is, it can be seen that the communication delay increases as the number of transmit-ECUs simultaneously transmitting messages increases.

Further, according to reference numerals 540 to 550, if the data phase bit rate is sufficiently high, the execution time of the in-vehicle communication system according to an embodiment in all ECUs of the vehicle depends on the network size (eg, the number of transmission-ECUs, It can be seen that it is not significantly affected by the number of receive-ECUs).

That is, it can be confirmed that the in-vehicle communication system according to an embodiment can be driven within a reasonable execution time.

6 is a diagram for explaining an in-vehicle communication method according to an embodiment.

In other words, FIG. 6 is a view of a communication method using an in-vehicle communication system according to an embodiment described with reference to FIGS. 1 to 5E . Among the contents described later with reference to FIG. 6 , FIG. 1 to FIG. 5E . A description that overlaps with the content will be omitted.

Referring to FIG. 6, in step 610, the in-vehicle communication method according to an embodiment generates a cipher text for a message in the transmit-ECU, and performs a shuffle operation on the cipher text to be shuffled. You can create a ciphertext.

Next, in step 620, in the in-vehicle communication method according to an embodiment, the security agent may perform a partial decryption operation on the shuffled encrypted text to generate a partially decrypted encrypted text.

Next, in step 630, the in-vehicle communication method according to an embodiment may obtain the message by performing a decryption operation on the partially decrypted ciphertext in the receiving-ECU.

An in-vehicle communication method according to an embodiment will be described in more detail later with reference to FIG. 6 .

7 is a diagram for explaining an implementation example of an in-vehicle communication method according to an embodiment.

Steps 710 to 790 described below with reference to FIG. 7 may be performed in steps 610 to 630 of FIG. 6 .

Referring to FIG. 7 , in step 710 , the in-vehicle communication method according to an embodiment may perform mutual authentication between the transmission-ECU (ECU _S ) and the security agent (SA).

및 제1 서명(signature)

을 생성하고, 생성된

를 보안 에이전트(SA)로 전달할 수 있다. 예를 들면, 제1 서명

는 송신-ECU(ECU_S)의 ID 정보 ID_S를 포함할 수 있다. Specifically, the transmit-ECU (ECU _S ) is a first nonce value (nonce)

and a first signature

created, and created

can be forwarded to the security agent (SA). For example, the first signature

may include ID information ID _S of the transmit-ECU (ECU _S ).

을 검증(verify)하고, 제2 넌스값

및 제2 서명

을 생성하며, 생성된

를 송신-ECU(ECU_S)에 전달할 수 있다. 이후, 송신-ECU(ECU_S)는 제2 서명

를 검증할 수 있다. Next, the security agent (SA) first sign

verify (verify), and the second nonce value

and a second signature

create, and

may be transmitted to the transmit-ECU (ECU _S ). Then, the transmit-ECU (ECU _S ) is the second signature

can be verified.

을 생성하고, 암호문

에 대한 셔플(shuffle) 연산을 수행하여 셔플된 암호문

을 생성할 수 있다. In step 720, in the in-vehicle communication method according to an embodiment, in the transmission-ECU, a cipher text for a data sharing key K

generate a ciphertext

The ciphertext shuffled by performing a shuffle operation on

can create

에 대한 검증 결과가 패스(pass)되면, 타임키

를 생성하고, 데이터 공유키(data sharing key)

를 생성하며, 생성된 데이터 공유키 K를

으로 암호화할 수 있다. Specifically, the transmit-ECU (ECU _S ) is the second signature

If the verification result is passed, the time key

and create a data sharing key

, and the generated data sharing key K

can be encrypted with

을 생성할 수 있다. Next, the transmit-ECU (ECU _S ) is the ciphertext for the data sharing key K

can create

, 송신 비밀 서명키

및 제3 서명

을 생성하고, 생성된

를 보안 에이전트(SA)에 전달할 수 있다. Then, the transmit-ECU (ECU _S ) is the shuffled ciphertext

, sending secret signing key

and a third signature

created, and created

can be delivered to the security agent (SA).

으로부터 변환된 암호문

를 생성할 수 있다. In step 730, the in-vehicle communication method according to an embodiment is a shuffled encrypted text in the security agent (SA).

ciphertext converted from

can create

를 생성하고, 제3 서명

을 검증한 이후, 변환된 암호문

를 생성할 수 있으며, 이후 요청 메시지(request message)를 수신하기 위한 대기 모드에 진입할 수 있다. Specifically, the security agent (SA) transmits a secret signing key

create a third signature

After verifying the converted ciphertext

may be generated, and then may enter a standby mode for receiving a request message.

및 변환된 사용자 속성키

를 생성하고, 변환된 사용자 속성키

를 데이터 공유키 K를 요청하는 메시지

와 함께 보안 에이전트(SA)에 전달할 수 있다. In step 740, the in-vehicle communication method according to an embodiment is received-ECU (ECU _Rj ), time key

and the converted user attribute key

Create and convert user attribute key

A message requesting the data sharing key K

along with the security agent (SA).

를 생성하고, 변환된 사용자 속성키

를 생성할 수 있다. Specifically, the receive-ECU (ECU _Rj ) is a time key

Create and convert user attribute key

can create

및 제4 서명

를 생성하고,

를 보안 에이전트(SA)에 전달할 수 있다. 여기서, ID_Rj는 수신-ECU(ECU_Rj)의 ID 정보일 수 있다.Next, the receive-ECU (ECU _Rj ) is the third nonce value

and the fourth signature

create,

can be delivered to the security agent (SA). Here, ID _Rj may be ID information of the receiving-ECU (ECU _Rj ).

을 검증하고, 검증 결과가 패스(pass)이면, 제5 서명

을 생성하며,

를 보안 에이전트(SA)에 전달하는 상호 인증 절차를 수행할 수 있다. In step 750, the in-vehicle communication method according to an embodiment is a fourth signature

, and if the verification result is pass, the fifth signature

creates,

can perform a mutual authentication procedure of delivering to the security agent (SA).

및 변환된 사용자 속성키

를 보안 에이전트(SA)에 전달할 수 있다. In step 760, the in-vehicle communication method according to an embodiment receives-ECU (ECU _Rj ), inverse-permutation attribute index

and the converted user attribute key

can be delivered to the security agent (SA).

를 검증하고 수신 비밀 서명키

를 생성할 수 있다. Specifically, the receiving-ECU (ECU _Rj ) is the fifth signature

Validate and receive secret signing key

can create

를 이용하여

를

로 암호화 하고, 제6 서명

를 생성한 이후,

를 보안 에이전트(SA)에 전달할 수 있다. Next, the receiving-ECU (ECU _Rj ) is the receiving secret signing key.

using

cast

Encrypted with the 6th signature

After creating

can be delivered to the security agent (SA).

를 수신한 후, 부분 복호화(partial decryption) 연산을 수행하여 부분 복호화된 암호문

을 생성할 수 있다. In step 770, the in-vehicle communication method according to an embodiment is performed by the security agent (SA), a request message

After receiving the partially decrypted ciphertext by performing a partial decryption operation

can create

를 수신한 후, 수신 비밀 서명키

를 생성하고,

를 수신 비밀 서명키

로 복호화(decrypts)하여

를 획득할 수 있다. Specifically, the security agent (SA) is

After receiving the Receive Secret Signing Key

create,

receive secret signing key

by decrypting

can be obtained.

을 검증하고, 추출된 암호문

를 생성한 후, 부분 복호화된 암호문 및 복호화 자료

를 생성할 수 있다. 여기서 rs는 Encrypt 알고리즘 수행 동안 송신-ECU(ECU_S)에 의해 생성된 랜덤 넘버(random number)일 수 있다.Next, the security agent (SA) has a sixth signature

verify the extracted ciphertext

After generating the partially decrypted ciphertext and decrypted data

can create Here, rs may be a random number generated by the transmit-ECU (ECU _S ) during execution of the Encrypt algorithm.

로

를 암호화하여

를 생성하고, 제7 서명

를 생성하며,

를 수신-ECU(ECU_Rj)에 전달할 수 있다. Then, the security agent (SA) receives the secret signing key

as

by encrypting

to create a seventh signature

creates,

may be delivered to the receiving-ECU (ECU _Rj ).

에 대한 복호화 연산을 수행하여 데이터 공유키 K를 획득하고, 송신-ECU(ECU_S)에서, 데이터 공유키 K를 획득한 수신-ECU(ECU_Rj)의 ID를 키 테이블에 저장할 수 있다. In steps 780 to 790, the in-vehicle communication method according to an embodiment is a receive-ECU (ECU _Rj ), partially decrypted ciphertext

The data sharing key K may be obtained by performing a decryption operation on , and the ID of the receiving-ECU (ECU _Rj ) that obtained the data sharing key K may be stored in the key table in the transmission-ECU (ECU _S ).

을 생성하여 수신-ECU(ECU_Rj)에 전달할 수 있다. Specifically, the sending-ECU (ECU _S ) receives a verification signature to verify that the correct data sharing key K has been received from the receiving-ECU (ECU _Rj ).

can be created and delivered to the receiving-ECU (ECU _Rj ).

를 획득하기 위해

를 복호화하고, 제7 서명

한 후, 암호화된 데이터 공유키

를 획득할 수 있다. Next, the receive-ECU (ECU _Rj ) is

to obtain

Decrypt the 7th signature

After that, encrypted data sharing key

can be obtained.

Thereafter, the encrypted data sharing key K' may be decrypted using the group key K _group to obtain the data sharing key K.

을 검증하고,

및 제8 서명

을 생성한 후,

를 송신-ECU(ECU_S)에 전달할 수 있다. Next, the receive-ECU(ECU _Rj ) receives the verification signature from the transmit-ECU(ECU _S )

to verify,

and the eighth signature

After creating

may be transmitted to the transmit-ECU (ECU _S ).

을 검증하고, 수신-ECU(ECU_Rj)의 ID_Rj를 획득하기 위해 데이터 공유키 K로

를 복호화한 후, 복호화를 통해 획득된 ID_Rj를 구비된 키 테이블에 저장할 수 있다. Next, the transmit-ECU (ECU _S ) is the eighth signature

with the data sharing key K to verify and obtain the ID _Rj of the receiving-ECU (ECU _Rj )

After decrypting , the ID _Rj obtained through decryption may be stored in the provided key table.

로 암호화하고, 제9 서명

을 생성하며,

를 수신-ECU(ECU_Rj)에 전달할 수 있다. Next, the transmit-ECU (ECU _S ) is the ID of all receive-ECUs (ECU _R )

Encrypted with the ninth signature

creates,

may be delivered to the receiving-ECU (ECU _Rj ).

을 검증하고,

를 복호화 하여 자신의 ID를 획득함으로써, 송신-ECU(ECU_S)와 수신-ECU(ECU_Rj)간의 상호 인증 과정을 완료할 수 있다. Then, the receiving-ECU (ECU _Rj ) is the ninth signature

to verify,

By decrypting and obtaining its own ID, it is possible to complete the mutual authentication process between the transmit-ECU (ECU _S ) and the receive-ECU (ECU _Rj ).

As a result, by using the present invention, confidentiality and integrity of data can be secured without additional devices through secure operation processing based on edge computing.

In addition, higher level security requirements can be achieved by achieving attribute-based access control and attribute/policy privacy through attribute-based encryption.

As described above, although the embodiments have been described with reference to the limited drawings, various modifications and variations are possible by those skilled in the art from the above description. For example, the described techniques are performed in an order different from the described method, and/or the described components of the system, structure, apparatus, circuit, etc. are combined or combined in a different form than the described method, or other components Or substituted or substituted by equivalents may achieve an appropriate result.

Therefore, other implementations, other embodiments, and equivalents to the claims are also within the scope of the following claims.

300: in-vehicle communication system 310: transmit-ECU
320: security agent 330: receive-ECU

Claims (18)

Generates a ciphertext for a message and shuffles the ciphertext using a shuffle function that is a pseudo random permutation for attribute-based encryption enhanced through hidden policies and credentials ) to generate a shuffled ciphertext by performing an operation -ECU;
a security agent for generating a partially decrypted ciphertext by performing a partial decryption operation on the shuffled ciphertext; and
Receiving-ECU to obtain the message by performing a decryption operation on the partially decrypted ciphertext
including,
The receiving-ECU is
When the shuffled ciphertext is transmitted to the security agent through a CAN bus, a request message for receiving the partially decrypted ciphertext is transmitted to the security agent;
The security agent is
It is implemented as an on-board unit (OBU) provided in the vehicle, and performs the partial decoding operation upon receiving the request message.
In-vehicle communication system. According to claim 1,
The transmit-ECU is
generating a data sharing key and generating the ciphertext for the data sharing key
In-vehicle communication system. According to claim 1,
At least one of the transmit-ECU and the receive-ECU,
It generates a time key through an operation based on the pre-stored group key and time slot information.
In-vehicle communication system. 4. The method of claim 3,
The transmit-ECU is
generating the ciphertext through an operation based on at least one of the time key, a pre-stored master public key, and a pre-stored policy set
In-vehicle communication system. 4. The method of claim 3,
The transmit-ECU is
generating the shuffled ciphertext through a shuffle operation based on at least one of the time key and a pre-stored attribute index
In-vehicle communication system. delete 4. The method of claim 3,
The security agent is
Generating a converted cipher text from the shuffled cipher text through an operation based on a pre-stored transformation secret key
In-vehicle communication system. 8. The method of claim 7,
The security agent is
To generate a ciphertext extracted from the converted ciphertext through an operation based on an inverse permuted attribute indices set for the receiving-ECU
In-vehicle communication system. 9. The method of claim 8,
The security agent is
To generate the partially decrypted ciphertext from the extracted ciphertext through an operation based on at least one of the converted secret key, the pre-stored re-encryption key, and the converted user attribute keys.
In-vehicle communication system. 9. The method of claim 8,
The receiving-ECU is
generating the transformed user attribute key based on the pre-stored user attribute key and the time key, and passing the inverse-permutation attribute index set and the transformed user attribute key to the security agent
In-vehicle communication system. According to claim 1,
The receiving-ECU is
Obtaining the message from the partially decrypted ciphertext through an operation based on at least one of decryption materials calculated through the partial decryption operation and a pre-stored set of attribute indices for receiving-ECU
In-vehicle communication system. According to claim 1,
each of the transmit-ECU, the security agent and the receive-ECU,
generating a signature and a nonce value, and performing mutual authentication based on the signature and the nonce value
In-vehicle communication system. According to claim 1,
The transmit-ECU is
Storing the ID (identity) of the receiving-ECU that obtained the message in a key table
In-vehicle communication system. delete A security agent implemented as an on-board unit (OBU) provided in a vehicle, the security agent comprising:
a cipher text receiving unit for receiving the cipher text;
a ciphertext conversion unit for generating a ciphertext converted from the ciphertext through an operation based on a pre-stored transformation secret key;
A ciphertext extractor for generating a ciphertext extracted from the converted ciphertext through an operation based on a pre-stored inverse permuted attribute indices set, and
A partial decryption unit generating a partially decrypted ciphertext by performing a partial decryption operation on the extracted ciphertext
including,
The cipher text is
It is a ciphertext that is shuffled through a shuffle operation using a shuffle function, a pseudo random permutation, for attribute-based encryption strengthened through hidden policies and credentials.
Further comprising a message receiving unit for receiving a request message (request message) for receiving the partially decrypted cipher text from the receiving-ECU provided in the vehicle,
The cipher text extraction unit,
When the request message is received, the extracted cipher text is generated,
The receiving-ECU is
When the cipher text is transmitted to the cipher text receiver through the CAN bus, the request message is transferred to the message receiver
Security agent for in-vehicle communication systems. 16. The method of claim 15,
The cipher text is
A cipher text containing a data sharing key
Security agent for in-vehicle communication systems. delete In the transmit-ECU, a cipher text for a message is generated, and the cipher text is generated using a shuffle function that is a pseudo random permutation for attribute-based encryption enhanced through hidden policies and credentials. generating a shuffled ciphertext by performing a shuffle operation on the ciphertext;
generating, in the security agent, a partially decrypted ciphertext by performing a partial decryption operation on the shuffled ciphertext; and
In the receiving-ECU, performing a decryption operation on the partially decrypted ciphertext to obtain the message
including,
The receiving-ECU is
When the shuffled ciphertext is transmitted to the security agent through a CAN bus, a request message for receiving the partially decrypted ciphertext is transmitted to the security agent;
The security agent is
It is implemented as an on-board unit (OBU) provided in the vehicle, and performs the partial decryption operation upon receiving the request message.
In-vehicle communication methods.

Images