The communication protocols used in the automotive industry for the communication between sensors and controllers contain no precautions against the manipulation of the transmitted data by hackers. These attacks include tuning engines and breaking engine immobilizers, for example. Engine tuning can result in significant financial damage on the part of the automotive manufacturer, for example. In addition, for electric road vehicles (E-car) and the networking thereof, the authentication of the communication partners, e.g. the authentication between sensors and controllers, and the protection of the integrity of the transmitted data may assume a high level of significance in the future.
In the automotive industry, both unidirectional and bidirectional protocols are used for networking sensors and controllers, for example. Known protocols in the automotive industry are the SENT protocol (SENT=single edge nibble transmission) and the PSI5 protocol (PSI5=peripheral sensor interface 5, a digital interface for sensors), for example. The SENT protocol is a unidirectional protocol which is standardized in the SAE J2716 standard and can be used as a digital sensor interface, e.g. for connecting engine pressure sensors or Hall sensors, which detect valves or pedal positions, for example, to the ECU (ECU=engine control unit, engine controller). The PSI5 protocol is a bidirectional protocol which can be used for connecting airbag sensors, for example.
Usually, the known protocols used in the automotive industry have CRC protection (CRC=cyclic redundancy check) in order to detect transmission errors which may arise particularly in the engine surroundings, which have a high level of electromagnetic noise. However, the known protocols used in the automotive industry have no protection for the transmitted data against malicious attacks, e.g. by hackers. By way of example, a hacker could manipulate the transmitted data for a pressure sensor in order to use manipulated or corrupted data at the input of the engine controller to manipulate the data at the output of the engine controller, which can achieve a power increase for the engine (tuning the engine), for example. However, as already mentioned, the CRC protection of the known protocols used in the automotive industry does not protect the transmitted data against the manipulation, since the correct CRC bits can easily be calculated for the corrupted data.
The standardized protocols in the automotive sector, which, in addition to the SENT and PSI5 protocols, also include the protocols SEC, CAN (CAN=controller area network, an ISO standard protocol for automotive applications) and FlexRay (a serial, deterministic and error-tolerant field bus system for use in automobiles), cannot be extended by the known measures for protecting integrity. By way of example, appending an MAC (MAC=message authentication code) to the data in a transmitted protocol frame or else transmitting an entire MAC in a suitable frame subsequent to the data is not possible, firstly because the protocol frames can no longer be extended—for reasons of compatibility—to the extent required by the known measures for protecting integrity, and secondly because the realtime capability means that it is not possible to transmit or insert any additional frames to this required extent.