阅读说明：本技术 Ecb模式分组加密方法和解密方法及控制装置和车辆 (ECB mode block encryption method, ECB mode block decryption method, ECB mode block encryption control device, ECB mode block decryption control device and vehicle ) 是由 张清亮 秦帅 熊洪斌 彭邦煌 于 2020-04-30 设计创作，主要内容包括：本发明公开了一种ECB模式分组加密方法和解密方法及控制装置和车俩,其中,ECB模式分组加密方法包括：将初始化向量根据向量替换表进行替换以获得第一分组加密替换向量,其中,所述向量替换表为用于存储原始向量与替换向量对应替换关系的表格；迭代执行：将第n分组加密替换向量根据所述向量替换表进行替换以获得第n+1分组加密替换向量,其中,1≤n≤N,N为待加密明文的明文分组数量；根据每个明文分组和对应的分组加密替换向量进行异或运算,并将异或运算结果进行加密,以获得每个密文分组。本发明的ECB模式加解密方法,实现简单、加解密速度快,可以抵抗重放攻击并且不会存现重复明文导致重复密文的问题。(The invention discloses an ECB mode packet encryption method, an ECB mode packet decryption method, a control device and vehicles, wherein the ECB mode packet encryption method comprises the following steps: replacing the initialization vector according to a vector replacement table to obtain a first packet encryption replacement vector, wherein the vector replacement table is a table used for storing a corresponding replacement relation between the original vector and the replacement vector; and (3) performing iteration: replacing the N-th block encryption replacement vector according to the vector replacement table to obtain an N + 1-th block encryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of plaintext blocks of the plaintext to be encrypted; and performing XOR operation according to each plaintext block and the corresponding block encryption replacement vector, and encrypting the XOR operation result to obtain each ciphertext block. The ECB mode encryption and decryption method is simple to realize, high in encryption and decryption speed, capable of resisting replay attack and free of the problem of repeated ciphertext caused by repeated plaintext.)

1. An ECB mode packet encryption method, comprising:

replacing the initialization vector according to a vector replacement table to obtain a first packet encryption replacement vector, wherein the vector replacement table is a table used for storing a corresponding replacement relation between the original vector and the replacement vector;

and (3) performing iteration: replacing the N-th block encryption replacement vector according to the vector replacement table to obtain an N + 1-th block encryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of plaintext blocks of the plaintext to be encrypted;

and performing logic operation according to each plaintext block and the corresponding block encryption replacement vector, and encrypting the logic operation result to obtain each ciphertext block.

2. The ECB mode block encryption method according to claim 1, wherein the vector substitution table includes a character substitution table for storing a corresponding substitution relationship between original characters and substitution characters, and the replacing the n-th block encryption substitution vector according to the vector substitution table to obtain an n + 1-th block encryption substitution vector includes:

inquiring the character substitution table according to each original character in the n-th grouping encryption substitution vector to obtain a substitution character corresponding to each original character in the n-th grouping encryption substitution vector;

replacing each original character in the n-th block encryption replacement vector with the corresponding replacement character to obtain the n + 1-th block encryption replacement vector.

3. The ECB mode packet encryption method according to claim 1, wherein the vector substitution table includes a position substitution table for storing a corresponding substitution relationship between original positions and substitution positions of unit vectors, and the replacing the n-th packet encryption substitution vector according to the vector substitution table to obtain an n + 1-th packet encryption substitution vector includes:

inquiring the position substitution table according to the original position of each unit vector in the n-th grouping encryption substitution vector to determine the substitution position corresponding to each unit vector in the n-th grouping encryption substitution vector;

and exchanging the unit vector of each original position in the n packet encryption replacement vector to the corresponding replacement position to obtain the n +1 packet encryption replacement vector.

4. The ECB mode packet encryption method according to claim 2 or 3,

the character substitution table is a vector substitution table of a corresponding substitution relation between original characters with preset lengths and substitution characters which are randomly generated;

the position substitution table is a vector substitution table of a corresponding substitution relation between an original position and a substitution position of a unit vector with a preset length which is randomly generated.

5. The ECB mode packet encryption method according to any one of claims 1 to 3, further comprising:

receiving a new vector replacement table generated after the corresponding replacement relation between the original vector and the replacement vector is randomly adjusted;

and updating the vector substitution table according to the new vector substitution table.

6. An ECB mode packet decryption method, comprising:

acquiring an initialization vector and a ciphertext group;

replacing the initialization vector according to a vector replacement table to obtain a first packet decryption replacement vector, wherein the vector replacement table is a table used for storing a corresponding replacement relation between an original vector and a replacement vector;

and (3) performing iteration: replacing the N-th group decryption replacement vector according to the vector replacement table to obtain an N + 1-th group decryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of ciphertext groups of the ciphertext to be decrypted;

and decrypting each ciphertext block, and performing logic operation on a decryption result and a corresponding block decryption replacement vector to obtain each plaintext block.

7. The ECB mode packet decryption method of claim 6, wherein the vector substitution table includes a character substitution table for storing a corresponding substitution relationship between original characters and substitution characters, and the replacing the n-th packet decryption substitution vector according to the vector substitution table to obtain an n + 1-th packet decryption substitution vector includes:

inquiring the character substitution table according to each original character in the n-th grouping decryption substitution vector to obtain a substitution character corresponding to each original character in the n-th grouping encryption substitution vector;

and replacing each original character in the n-th packet decryption replacement vector with the corresponding replacement character to obtain the n + 1-th packet decryption replacement vector.

8. The ECB mode packet decryption method according to claim 6, wherein the vector substitution table includes a position substitution table for storing a corresponding substitution relationship between original positions and substitution positions of unit vectors, and the replacing the n-th packet decryption substitution vector according to the vector substitution table to obtain an n + 1-th packet decryption substitution vector includes:

inquiring the position substitution table according to the original position of each unit vector in the n-th packet decryption substitution vector to determine a substitution position corresponding to each unit vector in the n-th packet decryption substitution vector;

and exchanging the unit vector of each original position in the n packet decryption replacement vector to the corresponding replacement position to obtain the n +1 packet decryption replacement vector.

9. The ECB mode packet decryption method according to claim 7 or 8,

the character substitution table is a vector substitution table of a corresponding substitution relation between original characters with preset lengths and substitution characters which are randomly generated;

the position substitution table is a vector substitution table of a corresponding substitution relation between an original position and a substitution position of a unit vector with a preset length which is randomly generated.

10. The ECB mode packet decryption method according to any one of claims 6 to 8, wherein the packet decryption method further comprises:

receiving a new vector replacement table generated after the corresponding replacement relation between the original vector and the replacement vector is randomly adjusted;

and updating the vector substitution table according to the new vector substitution table.

11. A non-transitory computer storage medium having stored thereon a computer program, wherein the computer program when executed implements the ECB mode packet encryption method of any one of claims 1 to 5, or wherein the computer instructions when executed by the processor implement the ECB mode packet decryption method of any one of claims 6 to 10.

12. A control device, comprising:

a processor;

a memory communicatively coupled to the processor;

the memory has stored therein computer instructions executable by the processor to implement the ECB mode packet encryption method of any one of claims 1 to 5 when executed by the processor or to implement the ECB mode packet decryption method of any one of claims 6 to 10 when executed by the processor.

13. A vehicle comprising a CAN bus and a plurality of control devices according to claim 12, the plurality of control devices communicating via the CAN bus.

Technical Field

The invention relates to the field of vehicles, in particular to an ECB mode packet encryption method, an ECB mode packet decryption method, a control device and a vehicle.

Background

With the development of advanced driving assistance, domain controllers and automatic driving, the vehicle intelligentization, networking and integration degrees are higher and higher. The amount of Data on the vehicle bus is increasing, and some networks even use CAN FD (CAN with Flexible Data-Rate) of 64 bytes at maximum for communication. The vehicle control devices communicate with each other through the bus, and according to the mechanism of the bus, any node accessing the bus can receive messages on the bus and send the messages to the bus. If no encryption measure is available, an attacker can even simulate and send messages for controlling functions of vehicle torque, steering, starting and stopping and the like, so that the operation of the vehicle is influenced and even car accidents are caused. The encryption of the onboard bus is therefore increasingly important.

The encryption methods commonly used at present are mainly divided into symmetric encryption and asymmetric encryption, and symmetric encryption can be divided into block encryption and stream encryption. Block encryption is a type of encryption algorithm that can process only a block of data of a certain length at a time, where a block is referred to as a block and the number of bits of a block is referred to as a block length. If the length of plaintext to be encrypted exceeds the length of the block to be encrypted, the block encryption algorithm needs to be iterated in a specific mode so as to completely encrypt a long section of plaintext. The modes of Block Cipher iteration mainly include five modes, namely, an ECB (Electronic Codebook) mode, a CBC (Cipher Block Chaining) mode, a CFB (Cipher Feed Back) mode, an OFB (Output Feed Back) mode, and a CTR (Counter) mode. Each of these modes has its own features. Among them, the ECB mode is vulnerable to attack and decoding because it cannot withstand replay attack and repeated plaintext results in repeated ciphertext, and there is a data security risk.

An improved block cipher ECB mode is disclosed in the related art, which generates an encryption key for each block using an input cipher, a random number, a series of SHA encryptions and deletes the input cipher and the random number, while generating a key for the next round of encryption from the keys. However, according to the description of the public document, the input password and the random number for generating the two rounds of encryption keys are deleted immediately after being used up, so that the receiving party does not know how to decrypt the input password and the random number, and the scheme needs to perform SHA (Secure Hash Algorithm) encryption for multiple times when generating the encryption keys, so that the calculation amount is too large, and the encryption efficiency is low.

Disclosure of Invention

The present invention is directed to solving at least one of the problems of the prior art. To this end, a first object of the present invention is to propose an ECB mode block encryption method which is simple to implement, is capable of encrypting and decrypting blocks at high speed, is resistant to replay attacks, and does not suffer from the problem of repeated plaintext causing repeated ciphertext.

The second purpose of the invention is to provide an ECB mode packet decryption method.

It is a third object of the invention to propose a non-transitory computer storage medium.

A fourth object of the invention is to propose a control device.

A fifth object of the invention is to propose a vehicle.

In order to achieve the above object, an ECB mode packet encryption method according to an embodiment of the first aspect of the present invention includes: replacing the initialization vector according to a vector replacement table to obtain a first packet encryption replacement vector, wherein the vector replacement table is a table used for storing a corresponding replacement relation between the original vector and the replacement vector; and (3) performing iteration: replacing the N-th block encryption replacement vector according to the vector replacement table to obtain an N + 1-th block encryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of plaintext blocks of the plaintext to be encrypted; and performing logic operation according to each plaintext block and the corresponding block encryption replacement vector, and encrypting the logic operation result to obtain each ciphertext block.

According to the ECB mode block encryption method provided by the embodiment of the invention, the block encryption replacement vector is replaced by adopting the vector replacement table to obtain the next block encryption replacement vector, and the block encryption replacement vector corresponding to each plaintext block is different, so that different ciphertext blocks can be obtained even if the plaintext blocks are the same, the decoding difficulty of transmitted data is reduced, the data safety is improved, the vector replacement table is simple, and compared with the method of performing encryption operation by adopting the vector replacement table for multiple times, the block encryption speed is greatly increased, and the vector replacement and ECM mode data encryption are simpler and faster.

In order to achieve the above object, an ECB mode packet decryption method according to an embodiment of the second aspect of the present invention includes: acquiring an initialization vector and a ciphertext group; replacing the initialization vector according to a vector replacement table to obtain a first packet decryption replacement vector, wherein the vector replacement table is a table used for storing a corresponding replacement relation between an original vector and a replacement vector; and (3) performing iteration: replacing the N-th group decryption replacement vector according to the vector replacement table to obtain an N + 1-th group decryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of ciphertext groups of the ciphertext to be decrypted; and decrypting each ciphertext block, and performing logic operation on a decryption result and a corresponding block decryption replacement vector to obtain each plaintext block.

According to the packet decryption method provided by the embodiment of the invention, the vector substitution table shared with encryption is adopted, parallel operation is supported, and the decryption by combining the vector substitution with an ECM mode is simpler and quicker.

An embodiment of the third aspect of the present invention further provides a non-transitory computer storage medium having a computer program stored thereon, wherein the computer program is configured to implement the ECB mode packet encryption method when executed, or the computer instructions are configured to implement the ECB mode packet decryption method when executed by the processor.

In order to achieve the above object, a fourth aspect of the present invention provides a control apparatus, including: a processor; a memory communicatively coupled to the processor; the memory has stored therein computer instructions executable by the processor to implement the ECB mode packet encryption method when executed by the processor or to implement the ECB mode packet decryption method when executed by the processor.

According to the control device of the embodiment of the invention, by adopting the ECB mode packet encryption and decryption method of the embodiment, the safety and the transmission efficiency of data transmission can be improved.

In order to achieve the above object, an embodiment of a fifth aspect of the present invention provides a vehicle, including a CAN (Controller Area Network) bus and a plurality of the control devices, where the plurality of the control devices communicate with each other through the CAN bus.

According to the vehicle provided by the embodiment of the invention, the ECB mode packet encryption and decryption method of the embodiment is executed by the control device, so that the safety of CAN bus data transmission CAN be improved, the vehicle is prevented from being attacked, and the driving safety is improved.

Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.

Drawings

The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:

fig. 1 (a) and (b) are schematic diagrams of an ECB mode encryption/decryption method in the related art;

FIG. 2 is a flow diagram of a method of ECB mode packet encryption according to one embodiment of the present invention;

FIG. 3 is a schematic diagram of an ECB mode packet encryption process according to one embodiment of the invention;

FIG. 4 is a flow diagram of a method of ECB mode decryption in accordance with one embodiment of the present invention;

FIG. 5 is a schematic diagram of an ECB mode decryption process according to one embodiment of the invention;

FIG. 6 is a schematic diagram of an ECB mode encryption and decryption application process according to one embodiment of the invention;

fig. 7 (a) and (b) are schematic diagrams of a CBC mode encryption/decryption process in the related art;

fig. 8 (a) and (b) are schematic diagrams of a CTR mode encryption and decryption process in the related art;

FIG. 9 is a block diagram of a control device according to one embodiment of the present invention;

FIG. 10 is a block diagram of a vehicle according to one embodiment of the present invention.

Detailed Description

Embodiments of the present invention will be described in detail below, the embodiments described with reference to the drawings being illustrative, and the embodiments of the present invention will be described in detail below.

The ECB mode is briefly explained. Fig. 1 (a) and (b) are schematic diagrams of an ECB mode encryption and decryption process in the related art.

As shown in fig. 1 (a), in the ECB mode, the result after encryption of a plaintext block becomes directly a ciphertext block, and, as shown in fig. 1 (b), at the time of decryption, a plaintext block is obtained directly after decryption of a ciphertext block. Therefore, if there are multiple identical plaintext blocks in the plaintext, these plaintext blocks will be converted into identical ciphertext blocks, so it is easy to know how many repeated combinations exist in the plaintext and can be interpreted by using this as a clue, so the ECB mode has a data security risk.

And, each plaintext block in ECB mode is independently encrypted and decrypted, which can change the order of the ciphertext blocks if an attacker is present. When the recipient decrypts the ciphertext, the order of the ciphertext blocks is changed, so the order of the corresponding plaintext blocks obtained by the recipient is also changed, i.e., the attacker can manipulate the plaintext without decoding.

In order to improve the ECB mode and improve data security, the embodiment of the invention provides an encryption and decryption method based on combination of alternative encryption and ECB. An ECB mode packet encryption method according to an embodiment of the present invention is described below with reference to fig. 2 and 3.

Fig. 2 is an ECB mode packet encryption method according to an embodiment of the present invention, and as shown in fig. 2, the ECB mode packet encryption method according to an embodiment of the present invention at least includes steps S1-S3, which are described in detail as follows.

In step S1, the initialization vector is replaced according to the vector replacement table to obtain a first packet encryption replacement vector.

Specifically, each frame of plaintext to be transmitted is divided into a plurality of plaintext packets, and the number of bits of one packet is referred to as a packet length. The plaintext block may refer to a plaintext to be an encrypted object in a block encryption algorithm, and the length of the plaintext block is equal to the block length of the block encryption algorithm; ciphertext blocks refer to ciphertext generated after encrypting plaintext blocks using a block cipher algorithm.

In the embodiment, each time of encryption, a bit sequence with a packet length is randomly generated and is called an initialization vector, the initialization vectors corresponding to each frame of data are different, and thus, ciphertext obtained when plaintext is the same is different.

The vector replacement table may be understood as a table for storing a corresponding replacement relationship between an original vector and a replacement vector, for example, the vector replacement table may be a character replacement table that is a table of a corresponding relationship between characters before and after replacement, may also be a position replacement table that is a corresponding table of vector position replacement in a packet, or may also be a table of a classical password such as a Vigenere password. The vector substitution tables are randomly generated and are respectively provided for the sender and the receiver to share, and for the vehicles, different vector substitution tables can be written in different vehicles to improve safety.

The purpose of adopting the vector substitution table is that a plurality of different grouping substitution vectors can be generated according to the initialization vector, if the vector substitution table is unknown, the substitution vector of each grouping cannot be obtained according to the initialization vector, and therefore data safety can be improved.

As shown in fig. 3, when performing encryption, the initialization vector is replaced according to a vector replacement table shared by the sender and the receiver to obtain a first packet encryption replacement vector, for example, the packet 1 encryption replacement vector in fig. 3.

Step S2, iteratively performing: replacing the N-th block encryption replacement vector according to a vector replacement table to obtain an N + 1-th block encryption replacement vector, wherein N is more than or equal to 1 and less than or equal to N, and N is the number of plaintext blocks of the plaintext to be encrypted;

the block encryption can only process the block data with a specific length each time, and when the length of the plaintext to be encrypted exceeds the block length of the block encryption, the block encryption algorithm needs to be iterated by adopting a specific mode so as to completely encrypt the plaintext with a longer frame.

In the embodiment of the present invention, the previous block encryption replacement vector is replaced according to the vector replacement table to obtain a block encryption replacement vector, as shown in fig. 3, the block 1 encryption replacement vector is replaced according to the vector replacement table to obtain a block 2 encryption replacement vector, and the block 2 encryption replacement vector is replaced according to the vector replacement table to obtain a block 3 encryption replacement vector, and thus, after iteration, each plaintext block will obtain its respective block encryption replacement vector.

The block encryption replacing vector is obtained by taking the previous block encryption replacing vector as output, and the block encryption replacing vector of each plaintext block is different, so that the same ciphertext block can not be generated even if the same plaintext block is used, the data transmission rule is not easy to find, the data decoding difficulty is improved, and the data transmission is safer.

Step S3, perform a logical operation according to each plaintext block and the corresponding block encryption replacement vector, and encrypt the logical operation result to obtain each ciphertext block.

As shown in fig. 3, when encryption is performed, a plaintext block and a block encryption replacement vector of the plaintext block are subjected to an exclusive or operation, and a ciphertext block is obtained as an encryption input as a result of the exclusive or operation.

According to the ECB mode block encryption method provided by the embodiment of the invention, the block encryption replacement vector is replaced by adopting the vector replacement table to obtain the next block encryption replacement vector, and the block encryption replacement vector corresponding to each plaintext block is different, so that different ciphertext blocks can be obtained even if the plaintext blocks are the same, the decoding difficulty of transmitted data is reduced, the data security is improved, and the block encryption speed is greatly accelerated by adopting the vector replacement table for encryption operation compared with the case of performing SHA encryption for multiple times, and the vector replacement is simpler and quicker by combining with the ECM mode encryption.

In some embodiments, the vector substitution table includes a character substitution table for storing a corresponding substitution relationship between the original character and the substitution character, and the process of obtaining the block encryption substitution vector may include: inquiring a character substitution table according to each original character in the nth grouping encryption substitution vector to obtain a substitution character corresponding to each original character in the nth grouping encryption substitution vector; and replacing each original character in the n-th block encryption replacement vector with a corresponding replacement character to obtain an n + 1-th block encryption replacement vector.

The character substitution table may be a vector substitution table of a corresponding substitution relationship between an original character with a preset length and a substitution character, which is randomly generated. For example, the following table 1 is a character replacement table in units of 4 bits according to an embodiment, for example, when the packet length is 128 bits (16 bytes), the initialization vector is: 661F 98 CD 37 a 38B 4B 0000000000000001, then the packet 1 encrypted replacement vector is: FF AC 47E 986B 871D 1222222222222222A; lease 2 encryption replacement vectors are: CC BE D6547F 176A 9A 000000000000000B; with the iteration, a block encryption replacement vector corresponding to each plaintext block is obtained.

TABLE 1

Replacing previous characters	Character after replacement	Replacing previous characters	Character after replacement
				0	2	8	7
1	A	9	4
				2	0	A	B
3	8	B	1
				4	D	C	E
5	3	D	9
				6	F	E	5
7	6	F	C

Further, when the replacement is performed in units of 4 bits, the value of each 4 bits of the initialization vector becomes its initial value after the replacement is performed at most 16 times, and different loops are formed according to table 1. Assuming that the initial value is 0, the value becomes 2 after the 1 st replacement, and the value becomes 0 again after the 2 nd replacement, that is, the initial value becomes after two replacements; assuming that the initial value is 1, the value becomes a after the 1 st replacement, and becomes B after the 2 nd replacement, the value becomes 1 again after the 3 rd replacement, that is, the initial value becomes three times. As long as the replacement vector is obtained equal to its initial value when the number of replacements is a common multiple of all the loop numbers. Therefore, when the number of packets is too large, the character substitution table can be generated in units of bytes, so as to avoid generating the same ciphertext from the same plaintext due to the occurrence of the same packet substitution vector.

In other embodiments, the vector replacement table may be a location replacement table for storing a corresponding replacement relationship between an original location and a replacement location of the unit vector, and obtaining the block encryption replacement vector may include: inquiring a position substitution table according to the original position of each unit vector in the nth grouping encryption substitution vector to determine a substitution position corresponding to each unit vector in the nth grouping encryption substitution vector; and exchanging the unit vector of each original position in the n packet encryption replacement vector to the corresponding replacement position to obtain an n +1 packet encryption replacement vector.

The position replacement table may be a vector replacement table of a corresponding replacement relationship between an original position and a replacement position of a randomly generated unit vector with a preset length. For example, the following table 2 is a random position replacement table of an embodiment, for example, when the packet length is 128 bits (16 bytes), for convenience of description, the replacement is performed in units of bytes, and as shown in table 2, the initialization vector is set as: 661F 98 CD 37 a 38B 4B 0000000000000001, the packet 1 encrypted replacement vector is CD 0098 a 3006600008B 004B 37001F 0100, and the packet 2 encrypted replacement vector is: and A38B 98661F CD 3701000000000000004B, and obtaining a block encryption replacement vector corresponding to each plaintext block according to the iteration.

TABLE 2

Further, when replacing a certain number of times, the obtained replacement vector will be equal to the initialization vector. For example, the position replacement table of table 2 obtains a replacement vector equal to the initialization vector after 12 times of replacement. Therefore, when the number of packets is too large, the position substitution table can be generated in units of bytes, so as to avoid generating the same ciphertext from the same plaintext due to the occurrence of the same packet substitution vector.

In some embodiments, a key management device, such as an in-vehicle control unit or an independently provided management module, randomly scrambles the correspondence between original vectors and replacement vectors in an original vector replacement table, generates a new vector replacement table, and distributes the scrambled vector replacement table to a sender and a receiver.

For example, table 1 in the above text is used as an original vector substitution table, where a character before substitution is an original vector, a character after substitution is a substitution vector, and the key management module randomly scrambles the arrangement order of the character after substitution, or table 2 is used as an original vector substitution table, and the key management module randomly scrambles the arrangement order of the character after substitution, so that the vector substitution relationship between the original vector and the substitution vector in the original vector substitution table is randomly adjusted, a new vector substitution table is generated, and the vector substitution table is sent to a sender, and when the sender encrypts, each block encryption substitution vector can be obtained based on the vector substitution table.

Because the vector substitution table is obtained by randomly adjusting the corresponding relation between the original vector and the substitution vector, an attacker is not easy to decode the vector substitution table, the difficulty of obtaining the vector substitution table can be further improved, and the safety of data transmission is improved.

In some embodiments, the vector substitution table may be updated periodically, for example, a management terminal, such as a key management module, may randomly generate a new vector substitution table and a new key again every week or every month, and share the new vector substitution table and the new key after asymmetric encryption to both the sender and the receiver of the communication. And the receiver and the sender receive a vector substitution table generated after the corresponding substitution relation between the original vector and the substitution vector is randomly adjusted, and the existing vector substitution table is updated according to the new vector substitution table. By updating the vector substitution table at regular time or at irregular time, the difficulty of obtaining the vector substitution table can be further improved, and the safety of data transmission is improved.

In the embodiment of the invention, the sender and the receiver share the vector substitution table, the sender encrypts the data to be sent in the above mode and sends the initialization vector and the ciphertext, and the receiver receives the ciphertext and decrypts the ciphertext to obtain the final plaintext. An ECB mode packet decryption method according to an embodiment of the present invention is described below with reference to fig. 4 and 5.

The packet decryption method and the encryption method of the embodiment of the invention correspond to an ECB mode which is replaced based on a vector replacement table. Fig. 4 is a flowchart of an ECB mode packet decryption method according to an embodiment of the present invention, and as shown in fig. 4, the ECB mode packet decryption method of an embodiment of the present invention includes at least steps S100 to S130.

S100, acquiring an initialization vector and a ciphertext block.

Specifically, after encrypting plaintext data to be transmitted, the sender sends a corresponding initialization vector and an encrypted ciphertext to the receiver. For example, the control unit of the vehicle may obtain the initialization vector and the encrypted ciphertext transmitted by the transmitting side through a CAN bus of the vehicle.

And S110, replacing the initialization vector according to the vector replacement table to obtain a first packet decryption replacement vector.

The vector replacement table is a table for storing a corresponding replacement relationship between the original vector and the replacement vector. The sender and the receiver share the vector substitution table, so the same vector substitution table is used for decryption and encryption, for example, the vector substitution table may be a character substitution table as shown in table 1 or a position substitution table as shown in table 2, and the substitution rule is the same as that of encryption. Fig. 5 is a schematic diagram of an ECB mode packet decryption method according to an embodiment of the present invention, and as shown in fig. 5, the initialization vector is replaced according to the vector replacement table to obtain a packet 1 decryption replacement vector.

S120, iteratively executing: and replacing the n-th packet decryption replacement vector according to the vector replacement table to obtain an n + 1-th packet decryption replacement vector.

The ciphertext block and the plaintext block correspond to each other, and the number of the ciphertext block and the plaintext block are the same as each other in number and length. For example, the number of plaintext blocks and ciphertext blocks is set to N, 1 is less than or equal to N, the block decryption replacement vector of each ciphertext block is obtained through iteration of vector replacement, and the block decryption replacement vectors are different. For example, as shown in fig. 5, the packet 1 replacement vector replaces the previous vector as the packet 2 decryption replacement vector, and the packet 2 decryption replacement vector replaces the previous vector as the packet 3 decryption replacement vector, so that each replacement vector is different.

S130, each ciphertext block is decrypted, and the decrypted result and the corresponding block decryption replacement vector are subjected to logic operation to obtain each plaintext block.

For example, as shown in fig. 5, the result of decrypting the ciphertext block is xored with the replacement vector of the block, thereby obtaining a plaintext block.

According to the packet decryption method provided by the embodiment of the invention, the vector substitution table shared with encryption is adopted, parallel operation is supported, and the decryption by combining the vector substitution with an ECM mode is simpler and quicker.

As in the vector replacement process in the block encryption method, in some embodiments, the vector replacement table includes a character replacement table, such as table 1, for storing a corresponding replacement relationship between the original characters and the replacement characters, and the character replacement table is queried according to each original character in the n-th block decryption replacement vector to obtain a replacement character corresponding to each original character in the n-th block encryption replacement vector; replacing each original character in the n-th packet decryption replacement vector with a corresponding replacement character to obtain an n + 1-th packet decryption replacement vector, which may refer to an example of an encryption process using a character replacement table. For example, the vector substitution table may be a vector substitution table of a corresponding substitution relationship between an original character with a preset length and a substitution character, which is randomly generated, for example, the above table 1 is a character substitution table with 4 bits as a unit.

In other embodiments, the vector replacement table includes a location replacement table for storing a corresponding replacement relationship between the original location of the unit vector and the replacement location, and the location replacement table is queried according to the original location of the unit vector in the n-th packet decryption replacement vector to determine the replacement location corresponding to each unit vector in the n-th packet decryption replacement vector; the unit vector of each original position in the n-th packet decryption replacement vector is swapped to the corresponding replacement position to obtain the n + 1-th packet decryption replacement vector, which may refer to an example of an encryption process using a position replacement table. For example, the vector replacement table may be a randomly generated vector replacement table with a replacement relationship between the original position and the replacement position obtained by the unit vector with the preset length, and as shown in the above table 2, the vector replacement table is a random position replacement table.

In other embodiments, the key management device, such as an in-vehicle control unit or an independently arranged management module, randomly scrambles the correspondence between the original vectors and the replacement vectors in the original vector replacement table, generates a new vector replacement table, and distributes the scrambled vector replacement table to the sender and the receiver. Because the vector substitution table is obtained by randomly adjusting the corresponding relation between the original vector and the substitution vector, an attacker is not easy to decode the vector substitution table, the difficulty of obtaining the vector substitution table can be further improved, and the safety of data transmission is improved.

Similarly, the sender and the receiver share the vector substitution table, the receiver can also update the vector substitution table, the receiver receives a new vector substitution table generated after randomly adjusting the corresponding substitution relationship between the original vector and the substitution vector, updates the vector substitution table according to the new vector substitution table, and the safety of data transmission can be further improved by regularly or irregularly updating the vector substitution table.

Fig. 6 is a schematic diagram of an ECB mode packet encryption/decryption application according to an embodiment of the present invention, and as shown in fig. 6, the key management module transmits a random vector replacement table and a key to a sender and a receiver of a communication by using asymmetric encryption. Since the random vector substitution table and the key are written without ensuring the real-time property, the security can be ensured by using a non-heap encryption method such as RAS. In order to further ensure the security of the secret key, the secret key management module can perform identity authentication with both communication parties before writing in the random vector replacement table and the secret key. In addition, the key management module can be used for generating the vector substitution table and the key again every week or every month, and sharing the vector substitution table and the key after asymmetric encryption to both communication parties. During normal communication, the sender replaces the plaintext into the ciphertext by using the block encryption method of the above embodiment according to the shared vector substitution table and the secret key, and sends the ciphertext, and the receiver restores the plaintext by combining the shared vector substitution table and the secret key and the block decryption method of the above embodiment after receiving the ciphertext, so that the safe transmission of data is realized.

The ECB mode block encryption or decryption method provided by the embodiment of the invention can avoid the problem that ciphertext blocks are the same when plaintext blocks are the same in the conventional ECB mode because the block replacement vectors are different, so that data transmission is not easy to attack and is safer, and the method is superior to the CBC mode and the CTR mode.

Fig. 7 (a) and (b) are schematic diagrams of a CBC mode packet encryption/decryption process in the related art, and as shown in fig. 7, ciphertext packets of the CBC mode are linked to each other like a chain. In the CBC mode, the plaintext block is first xored with the previous ciphertext block and then encrypted. As shown in fig. 7 (a), during encryption, a plaintext block is xored with a previous ciphertext block as an encrypted input to obtain a ciphertext block; as shown in fig. 7 (b), in the decryption, the result of the decryption of the ciphertext block is exclusive-ored with the previous ciphertext block to obtain a plaintext block. In the CBC mode, since a ciphertext block obtained by previous encryption is input for subsequent encryption, a plurality of block encryptions cannot be performed simultaneously, and the encryption speed is slow.

However, in the ECB mode block encryption method and the ECB mode block decryption method according to the embodiments of the present invention, since each block replacement vector is very simple, parallel computation is supported by encryption and decryption, and the operation speed is much faster than that in the CBC mode.

Fig. 8 (a) and (b) are schematic diagrams of a CRT mode encryption and decryption process in the related art, as shown in fig. 8, in the CTR mode, as shown in fig. 8 (a), in the encryption, a result after encrypting a counter value of each block is exclusive-ored with a plaintext block to obtain a ciphertext block; as shown in fig. 8 (b), in the decryption, the result of encrypting the counter value of each block is exclusive-ored with the ciphertext block to obtain a plaintext block. The length of the counter value is the same as the packet length and consists of an initial value and a packet sequence number. A different initial value is randomly generated for each encryption and the packet sequence numbers are progressively accumulated with the packets. However, when an attacker inverts some bits in the ciphertext block, the corresponding bits in the plaintext block are also inverted, and are easy to manipulate and not particularly secure.

However, the ECB mode block encryption and decryption method according to the embodiment of the present invention does not have the defect that the corresponding plaintext is inverted when the ciphertext is inverted because the output is the result of block encryption, and the data transmission is safe.

In summary, the ECB mode block encryption and decryption method in the embodiment of the present invention has the advantages of simplicity and rapidness of the common ECB mode, and parallel operation is supported by encryption and decryption, and can avoid the disadvantages that the common ECB mode cannot withstand replay attacks and repeated plaintext causes repeated ciphertext, and can greatly accelerate the block encryption speed while ensuring data security. Therefore, the ECB mode packet encryption and decryption method provided by the embodiment of the invention is superior to the current ECB mode, CBC mode and CTR mode, and has great significance.

An embodiment of the present invention further provides a non-transitory computer storage medium having a computer program stored thereon, where the computer program is executed to implement the ECB mode packet encryption method of the above embodiment, or the computer instructions are executed by the processor to implement the ECB mode packet decryption method of the above embodiment.

Based on the ECB mode packet encryption method and the ECB mode packet decryption method of the above embodiments, a control apparatus according to an embodiment of the present invention is described below.

Fig. 9 is a block diagram of a control apparatus according to an embodiment of the present invention, and as shown in fig. 9, a control apparatus 10 according to an embodiment of the present invention includes a processor 11 and a memory 12 communicatively connected to the processor 11; the memory 12 stores therein computer instructions executable by the processor 11, the computer instructions when executed by the processor 11 implementing the ECB mode packet encryption method of the above embodiment, or the computer instructions when executed by the processor 11 implementing the ECB mode packet decryption method of the above embodiment.

According to the control device 10 of the embodiment of the present invention, by adopting the ECB mode packet encryption and decryption method of the above embodiment, the security and transmission efficiency of data transmission can be improved.

As shown in fig. 10, a vehicle 100 according to an embodiment of the present invention includes a CAN bus 20 and a plurality of control devices 10 according to the above embodiments, and the plurality of control devices 10 communicate with each other through the CAN bus 20.

In the embodiment, the control device 10 may be a receiving party in a communication network or a transmitting party, for example, a plurality of control devices 10 are connected to a node of the vehicle CAN bus 20, each control device 10 may transmit or receive related data through the CAN bus 20, and if there is no encryption measure, an attacker may even send a message for controlling functions of vehicle torque, steering, start and stop, etc. in a mode, which affects the operation of the vehicle 100 and even causes a car accident. The control device 10 of the embodiment of the present invention encrypts the transmission data by using the encryption and decryption method of the above embodiment, so as to improve the security and transmission speed of data transmission, prevent an attacker from controlling the vehicle, and improve the driving security.

According to the vehicle 100 of the embodiment of the present invention, the control device 10 executes the ECB mode packet encryption and decryption method of the above embodiment, so that the security of CAN bus data transmission CAN be provided, the vehicle 100 CAN be prevented from being attacked, and the driving security CAN be improved.

In the description herein, references to the description of the term "one embodiment," "some embodiments," "an illustrative embodiment," "an example," "a specific example," or "some examples" or the like mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example.

While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.