In communications networks, as are used in modern vehicles, for example, various communication partners, such as control units, communicate with one another. In the process, messages are sent by a transmitter and received by at least one receiver.
To provide a secure communication, it is expedient that the messages transmitted via the communication network be protected, i.e., reliably protected against manipulation. For this purpose, it is useful that both a transmitter be authenticated to a receiver, and that the integrity of the transmitted data be ensured over the course of time.
German Published Patent Application No. 10 2009 002 396 describes a method for protecting against manipulation in the transmission of data in a communication network, in particular in vehicles. In this case, a transmitter is authenticated to a receiver via a challenge-response authentication, i.e., the transmitter authenticates itself to the receiver by solving a task set by the receiver and, in the process, uses means only known to the transmitter and the receiver. The receiver generates a random number of a 64-bit length and transmits this, together with its identification number of a 32-bit length, to the transmitter. The transmitter receives this message and uses a key known to the transmitter and the receiver to calculate a code therefrom. The transmitter subsequently transmits at least a portion of the 64-bit length of this code, together with its identification number, to the receiver. The receiver can calculate the same code and compare it to the code received by the transmitter. If the two match, and the receiver also recognizes that the identification number of the transmitter is correct, the transmitter has thus authenticated itself to the receiver.
Following the authentication to the receiver, the transmitter can transmit protected messages containing useful data to the receiver. For that purpose, in addition to the useful data, the messages also include a further code that is calculated from the data and a counter. To ensure the integrity of the messages, the counter changes in the process following each transmitted message.
An authentication in accordance with the above method requires at least one message from the receiver to the transmitter and at least one message from the transmitter to the receiver. Thus, for communication networks where the maximum length of the message is less than 96 bits, such as the Controller Area Network (CAN), for example, altogether at least four messages are needed for one authentication.
In the case of a time-critical transmission of data, such as safety-critical control interventions in a vehicle, for example, a shortest possible time duration (latency time) is desired between the first transmission of a message, i.e., the start of the authentication, and the first possible utilization of a message, i.e., the first transmission of useful data.
The above method does not make it possible to ensure an appropriately short time duration for all states of the communication network, such as for initializing the communication network.
Therefore, there is a need for a method that will make it possible to reduce the latency time in the context of the protected transmission of data.