A network technology that is called a CAN (controller area network) may be used for performing transmission and reception of data or control information between devices that are used for an on-board network of a vehicle or a factory automation. A system in which the CAN is used includes a plurality of ECUs (electronic control units). The ECUs communicate with one another by performing transmission and reception of a frame. In the CAN, a data-frame that is used for communication includes identification information (ID) used for identifying a frame. Further, each of the ECUs has stored therein an ID of a frame to be received. In CAN, a frame is broadcasted, and each of the ECUs receives a frame that includes an ID that is set to be received by the ECU but discards a frame that includes an ID that is not set to be received.
However, when an attack has been performed on a network using a frame including an ID that has been set to be received by an ECU, the ECU will receive the frame used for the attack. Thus, in order to prevent such an attack, a verification method has been proposed that uses a message authentication code (MAC) generated from data, an ID, and a counter value corresponding to the ID. A communication system has been devised that an ECU transmits an error-frame before an end portion of a transmitted frame is transmitted, if the content in a prescribed field in the transmitted frame satisfies a prescribed condition that indicates incorrectness. Further, a system has also been proposed wherein, when it fails in performing authentication using information for authentication included in data that is transmitted by a device from among a plurality of devices connected to one another through a bus, the system determines that a transmission source of the data has spoofed another device to transmit improper data, and invalidates the data.
For example, the documents such as International Publication Pamphlet No. WO 2013/065689, International Publication Pamphlet No. 2015/151418, and Japanese Laid-open Patent Publication No. 2015-114907 are known.
When a MAC authentication is performed every time each device in a CAN system receives a frame, all of the devices in the system each transmit and receive both a frame that includes data and a frame that includes a MAC, so the devices in the network are under heavy load. Even if any of the technologies described above are used, processing such as authentication will be performed on a frame for which an attack has not been detected in addition to a frame for which an attack has been detected.