1. Technical Field
The present disclosure relates to a gateway device that conducts frame forwarding and the like in a vehicle network over which electronic control units communicate.
2. Description of the Related Art
Recently, in systems inside automobiles, devices called electronic control units (ECUs) are being disposed in large numbers. A network joining these ECUs is called a vehicle network. Various standards exist for vehicle networks. One of the most prevalent vehicle network standards is called a controller area network (CAN) prescribed in ISO 11898-1.
In a CAN, communication links are formed using two buses, and an ECU connected to a bus is called a node. Each node connected to a bus transmits and receives messages called frames. A transmitting node that transmits a frame applies a voltage to the two buses, and by producing a potential difference between the buses, transmits a value of “1”, called recessive, and a value of “0”, called dominant. When multiple transmitting nodes transmit recessive and dominant at the exact same timing, the dominant is prioritized for transmission. When there is an abnormality in the format of a received frame, the receiving node transmits a frame called an error frame. In an error frame, dominant is transmitted for 6 bits in succession, thereby notifying the transmitting node and other receiving nodes of the abnormality in the frame.
In addition, in a CAN, identifiers that indicate the destination and the source of a transmission do not exist, and instead, the transmitting node transmits (in other words, sends out signals on the buses) while attaching an ID called a message ID to each frame, while each receiving node receives (in other words, reads signals from the buses) only frames with a predetermined ID. Also, carrier sense multiple access with collision avoidance (CSMA/CA) is adopted, whereby mediation according to message ID is conducted when multiple nodes transmit simultaneously, and the frame whose message ID has the smaller value is prioritized for transmission.
For a CAN vehicle network system, there exists a threat whereby an attacker fraudulently controls an ECU by accessing the buses and transmitting fraudulent frames. Security countermeasures are being investigated.
For example, for the gateway (GW) described in Japanese Unexamined Patent Application Publication No. 2014-146868, which forwards frames between buses in a vehicle network, if the gateway detects an abnormality in the periodicity of a frame transmitted to a bus, the gateway discards that frame without forwarding the frame to the other bus, thereby minimizing fraudulent control (Japanese Unexamined Patent Application Publication No. 2014-146868).