Conventionally, CAN (Controller Area Network) known as one communication network installed in vehicles has been used for communications between various types of ECU (Electronic Control Unit) in vehicles. As technologies permitting message authentication in CAN, for example, technologies disclosed in Non-Patent Literatures 1, 2 and Patent Literature 1 have been known.
According to the conventional technology disclosed in Non-Patent Literature 1, a real ECU detects a spoofed message adopting its own ID due to an attack, in which a false ECU connected to CAN transmits a spoofed message, so as to transmit abnormality notifying message adopting its own ID, thus notifying an abnormality to a reception-side ECU.
According to the conventional technology disclosed in Non-Patent Literature 2, the information stored in an error correcting (Cyclic Redundancy Check: CRC) field of a CAN frame is changed with MAC (Message Authentication Code). In the conventional technology, a transmission side generates 64-bit MAC based on data (64×4=256 bits) of data fields in four CAN frames N to N+3, divides MAC into four sections each having 16 bits, store four sections in CRC fields (16 bits) of four CAN frames N+4 to N+7, and then transmits those CAN frames. A reception side acquires MAC from CRC fields of CAN frames N+4 to N+7 so as to determine whether or not acquired MAC matches MAC generated based on data fields of CAN frames N to N+3, thus determining whether CAN frames N to N+3 are authentic or not. Thus, it is possible to determine that any one of CAN frames N to N+3 is inauthentic when MAC obtained from CRC fields differs from MAC calculated based on data fields.
The technology disclosed in Patent Literature 1 counts the number of times each ECU transmits messages for each CAN ID. Upon transmitting a main message, a transmission node transmits a MAC message including a data field and CAN ID of a main message and a count value associated to CAN ID. Upon receiving a main message, a reception node generates MAC based on a data field and CAN ID of a main message and a count value associated to CAN ID so as to determine whether or not MAC matches MAC included in the received MAC message.