Conventionally, a plurality of ECUs (Electronic Control Units) are installed in vehicles, and are connected to each other via a network such as a CAN (Controller Area Network). The plurality of ECUs exchange information via the network and perform individual processes. In recent years, the size of networks in vehicles tends to increase. As an attack against such a vehicular network, for example, injection of a malicious program into an ECU is conceivable. The ECU into which a malicious program has been injected may transmit an unauthorized message to the network of the vehicle, causing the risk that another ECU connected to the network may malfunction, for example.
JP 2013-98719A has proposed a communication system in which message authentication is performed based on a MAC (Message Authentication Code) without changing a CAN protocol. In this communication system, each ECU counts, for each CAN-ID, the number of times when a message is transmitted. A transmission node generates a MAC based on the data field, the CAN-ID, and the count value of a main message, and transmits the generated MAC as a MAC message. A reception node generates a MAC based on the data field, the CAN-ID, and the count value that are contained in the received main message, and determines whether or not the generated MAC matches the MAC contained in the MAC message.
“How to Stop Unauthorized Transmission in Controller Area Network” presented by Hata et al. at the Computer Security Symposium in 2001, has proposed a communication system in which ECUs monitor a message transmitted in a network, and an ECU determines, if a message with a CAN-ID that should be transmitted by it has been transmitted from another ECU, that message as an unauthorized message, and the ECU that has detected the unauthorized message transmits an error frame before the transmission of the unauthorized message is complete to prevent the transmission.    Non-Patent Document 1: Masato Hata, Masato Tanabe, Katsunari Yoshioka, Kazuomi Oishi, and Tsutomu Matsumoto, “How to Stop Unauthorized Transmission in Controller Area Network”, Computer Security Symposium, Octover, 2011
In the communication system described in “How to Stop Unauthorized Transmission in Controller Area Network”, an ECU that has detected an unauthorized message transmits an error frame to prevent the transmission of the unauthorized message. However, an ECU (unauthorized ECU) that has failed to transmit a message will repeatedly retransmit the message until the message is transmitted without error. If such repetition of retransmission of the message is continued, then there is the risk that the communication line may be occupied and transmission of authorized messages by other ECUs may be impaired.
The present invention was made in view of such circumstances, and it is an object thereof to provide an on-board communication system that can prevent a communication line from being occupied due to repetitive transmission of an unauthorized message.