Hardware module-based authentication in intra-vehicle networks
US10701102B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 2, 2018 |
| Grant date | Jun 30, 2020 |
| Priority date | — |
| Expiry date | Oct 2, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04W4/48
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A secure hardware-based module or Security Electronic Control Unit (SECU) for a Controller Area Network (CAN) prevents an attacker from sending malicious messages through the CAN bus to take over control of a vehicle. The SECU shares a unique key and counter with each ECU on the CAN bus. When a legitimate ECU sends a message, it first compresses the message and then generates a MAC of the counter and a secret key. The counter is increased by one for each transmitted message. The ECU then fits the compressed message and the MAC into one CAN frame and sends it onto the CAN bus. The SECU performs the message verification on behalf of the intended receiver(s) of the message. If the verification passes, the receiver(s) simply decompress the message and use it as a normal CAN message. If the verification fails, the SECU will corrupt the CAN frame before it is fully received by the intended receiver(s). The corrupted CAN frame will be ignored by the intended receiver(s) as if it was never received. Therefore, a malicious message generated by an attacker will inflict no damage on the system.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.