阅读说明：本技术 用于对通过总线传输的消息进行验证的方法和装置 (Method and apparatus for being verified to the message by bus transfer ) 是由 M.奈布 C.胡特 J.普勒天克斯 于 2019-05-22 设计创作，主要内容包括：本发明涉及一种用于对通过通信信道传输的消息进行验证的方法,其特征在于以下步骤：-在所述消息的数据帧之内对重复的信号沿(20)进行采样,其中利用在所述信号沿(20)之间推迟的起始时间来获取采样值(21-29)；-从所述采样值(21-29)中重建(12)所述消息的一部分的平均的信号曲线；-从所述信号曲线(30)中计算(13)所述数据帧的信号技术上的特性；并且-借助所述特性对所述消息进行验证(14)。(The present invention relates to a kind of methods for being verified to the message by traffic channel, it is characterized in that following steps :-duplicate signal is sampled along (20) within the data frame of the message, wherein utilizing the initial time postponed between the signal edge (20) to obtain sampled value (21-29)；From the average signal curve of a part for rebuilding (12) described message in the sampled value (21-29)；Characteristic from the signalling technique for calculating (13) described data frame in the signal curve (30)；And (14) are verified to the message by the characteristic.)

1. the method (10) for being verified to the message by traffic channel,

It is characterized in that following characteristics:

(11) are sampled along (20) to duplicate signal within the data frame of the message, wherein utilizing in the signal The initial time that is staggered between (20) obtains sampled value (21-29)；

From the average signal curve (30) of a part for rebuilding (12) described message in the sampled value (21-29)；

Characteristic from the signalling technique for calculating (13) described data frame in the signal curve (30)；And

(14) are verified to the message by the characteristic.

2. method (10) according to claim 1,

It is characterized in that following characteristics:

The last sampled value (21-29) and signal level followed by of the affected data frame of arbitration will likely be passed through (31) it is compared；And

The sampled value influenced by the arbitration is abandoned before reconstruction (12) signal curve (30) in significant deviation (21-29).

3. method (10) as described in claim 2,

It is characterized in that following characteristics:

The comparison is carried out with the sample rate of the baud rate more than the communication channel.

4. it presses method described in claim 2 or 3 (10),

It is characterized in that following characteristics:

The message is transmitted as the difference of two voltage signals (32,33)；And

In view of at least one voltage signal in the voltage signal (32,33) when relatively.

5. by method (10) described in any one of claims 1 to 4,

It is characterized in that following characteristics:

The communication channel is CAN.

6. by method (10) described in any one of claims 1 to 5,

It is characterized in that at least one feature in following characteristics:

The characteristic includes average value, or

The characteristic includes standard deviation.

7. method (10) as any one of claim 1 to 6,

It is characterized in that at least one feature in following characteristics:

Classified by means of support vector machines to the characteristic to be verified (14) to the message, or

The characteristic is modeled by means of the recurrence of logic in order to be verified (14) to the message.

8. computer program, the computer program is set up to execute by method described in any one of claims 1 to 7 (10).

9. machine readable storage medium saves computer program according to claim 8 above it.

10. device (50), described device is set up to execute by method described in any one of claims 1 to 7 (10).

Technical field

The present invention relates to a kind of methods for being verified to the message by bus transfer.In addition to this, of the invention It is related to a kind of corresponding device, a kind of corresponding computer program and a kind of corresponding storage medium.

Background technique

Every kind is used for the attack for computer system or computer network (Rechnernetz) in IT safety (Angriffen) system identified is known as System for attack recognition (intrusion detection system, IDS).

A kind of attack of the event for according to event order to technological system is proposed in DE102014213752A1 The computing device identified.The computing device: there is the receiving unit for receiving event order, the event order tool Have multiple events, wherein by the specific sequence of event in received event order determine attack；And has and use In on the basis of main matter to the inspection unit that is checked of received event order, the main matter be comprised in In the specific sequence of the event, wherein the inspection unit is configured for, when there is the main matter described Implement pattern-recognition in the received event order of institute on the basis of the specific sequence of event.Because the inspection unit is only Appearance with regard to main matter check to the received event order of institute and just real only after there is the main matter More accurate pattern-recognition is applied, so can reduce required computing cost.

Summary of the invention

The present invention provide according to described in independent claims, it is a kind of for being verified to by the message of bus transfer Method, a kind of corresponding device, a kind of corresponding computer program and a kind of corresponding storage medium.

The solution that is itd is proposed based on the recognition that, it may be assumed that the essence of known IDS is, content and week to message Phase property is monitored and verifies whether that there are its significant changes.Because these features in vehicle network can otherwise periodically It ground or predicts in another manner, so such scheme can be reasonable in most cases.But there is Existing IDS can neither identify the attack for the danger (kritisch) that can not be prevented, and more specifically this point for Following two main cause: the message of vehicle interior usually not includes the information about its sender first, this becomes verifying It obtains difficult；And secondly lacking for sender information, even is all difficult or impossible to find out for modern IDS, which control Device (electronic control unit, ECU) processed has been carried out attack.

Therefore, as the countermeasure for preventing the attack to vehicle network, the alternative side of information authentication is pursued according to the present invention Case.Although the information authentication a degree of safety is provided and is confirmed for internet security be it is effective, Be use-in its network system inside the vehicle such as by Message Authentication Code (message authentication, MAC) it is additional-due to vehicle interior message restricted transmittability and to the high of real-time processing and real time communication It is required that so far it would be better to say that being insecure.

And in the range of dialect is referred to as " fingerprint (Fingerprinting) " processing mode, with high-speed to institute Received data frame (frames) is sampled, with the characteristic for that can accurately detect signal or each.For this institute The sample rate needed is typically changed between 1,000 ten thousand and 2,000 ten thousand per second samplings (Stichproben) by bus topology.It is real It tests it has been shown that if only consider the single position of the data frame, such as the position with rising edge and the position with failing edge, It then can also obtain good result.Then the position observed by the two is handled, method is: such as being calculated as average value Or the same feature of standard deviation and the classification for being used for transmission-ECU.For this purpose, use again as logic recurrence or The learning algorithm of the traditional machine of support vector machines (support vector machines, SVMs) equally.By for list A observation and generate less data, this make significantly further handle becomes easier to.

Now by the solution of the present invention based on following understanding, it may be assumed that have multiple rising edges and failing edge in CAN frame. These duplicate signals can be used in reducing the required digital analog converter (analog-digital for sampling Converter, ADC) sample rate requirement.For this purpose, with the initial time being slightly staggered relative to previous edge to each edge It is sampled.

The advantages of this solution, is the change of (er ffneten) is presented realization CAN fingerprint having more advantages The feasible program of type scheme, because being able to use the ADC with the sample rate that may be significantly smaller.In addition, common for multiple Observation processing of the simplification for measured value significantly, be used to handle data and the side without additional hardware Method can be realized only with software.

Other than the reduction of sample rate, another advantage of this method is that generated position is included corresponding to all Position a kind of average value.In this regard, the position generated in this way represents entirely in the characteristic of its signalling technique All observed positions of data frame.

By measure cited in the dependent claims, can be realized illustrated basic in the independent claim The advantageous expansion scheme and improvement project of design.

Detailed description of the invention

The embodiment of the present invention is shown in the accompanying drawings and is explained in detail in the following description.

Fig. 1 shows the flow chart of the method according to the first embodiment.

Fig. 2 shows the diagrams of duplicate sampling.

Fig. 3 shows the position (Bit) the first combined type (zusammengesetztes).

Fig. 4 shows the second combined type position.

Fig. 5 schematically shows the controller according to second of embodiment.

Specific embodiment

Fig. 1 shows the basic process of (10) in the present inventive method, is now to the oscillogram by means of Fig. 2 (Oszillogramms) the method is explained.Therefore, to duplicate signal within the data frame for the message transmitted It is sampled along (20), wherein the initial time of (versetzen) of being slightly staggered between (20) in signal is utilized to adopt to obtain Sample value (21-29) (process 11).The average signal curve of the position of the message is then rebuild from the sampled value (21-29) (30) (process 12).On the basis of the signal curve (30), and the characteristic (mistake on the signalling technique of data frame can be calculated Journey 13), (verworfen) described message (process 14) is finally verified or abandoned by the characteristic on the signalling technique.

If such as need 40 measured values, for being able to carry out sufficient classification, then can such as not use 500, The ADC with 20 MS/s when symbol rate (Symbolrate) of 000 baud, according to the above method (10) with only 1MS/s's Sample rate samples 20 signals along (20).In this way, twice using rising signals edge (20) to described 20 Each position in observed position is sampled.Finally, the sampled value (21-29) of (gewonnenen) group each other will be obtained so Altogether, with for generating complete position, the complete position is made of 40 measurement points, can be counted from the measurement point Calculate feature.Its signal curve (30) is shown in FIG. 3.

The rising edge or dropping signal that this method needs minimal amount are along (20), for obtaining required sampled value (21-29).Unfortunately be likely to occur following situations, it may be assumed that such as if user data (Nutzdaten) that transmission is greatly reduced or Then only there is seldom usable signal along (20) in a data frame in prevailing transmission zero.In order to extraly using may pass through Arbitration along (20), can be utilized relative to the propagation time by the affected signal of message identifier (identifier, ID) The sampling rate of at least double baud rate checks, whether the signal is along can be used in classifying.For this purpose, will likely be by The signal level (31) of the position of the last sampled point of the data frame of influence and first non-critical (unkritischen) carries out Compare.If there is marked difference, then abandons affected position and be otherwise used for classifying.

A kind of example for such difference in the range of arbitration can be learnt from Fig. 4.But it is to be able to These difference are studied, it is necessary that individually leading to signal for the transmission of the signal of difference (differenzieller) Body-such as CAN-Low(32 herein) and CAN-High(33) observed, because higher voltage usually mutually compensates.

As indicated in the schematic diagram of Fig. 5, this method (10) such as can with software or hardware or with by The mixed form that software and hardware is constituted is realized such as in controller (50).