The present disclosure relates to a communication system including network-connected electronic control units mounted on a vehicle, for example. The present disclosure also relates to a communication method.
As is well known, in many cases, multiple electronic control units (ECUs) mounted on a vehicle are network-connected to each other to form a communication system that allows communication of information (vehicle information) held by these electronic control units. Specifically, such a communication system is configured as a vehicle network system using ECUs as communication devices. Examples of such a vehicle network system include a controller area network (CAN).
In a communication system composed of a CAN, a complicated system structure as a result for example of an increasing number of ECUs connected to the communication system tends to find difficulty in detecting or specifying an abnormality generated in the communication system or an unauthorized ECU connected to the communication system, for example. Thus, a technique of detecting an abnormality and the like generated in the communication system has conventionally been suggested, and an example of this technique is described in Japanese Laid-Open Patent Publication No. 2010-206697.
The communication system (vehicle-mounted communication network system) described in the publication is intended to detect an abnormal site in the network system. This communication system includes multiple buses connected to the system, a gateway to relay a communication message between the buses, one or more ECUs connected to each bus such that they can perform communication using a communication message, and an external diagnostic device connected to the gateway. In response to a connection confirmation request signal input from the external diagnostic device, the gateway outputs a response request signal to each ECU on each bus. In response to the received response request signal, each ECU outputs a response signal containing transmission source identifier data unique to the ECU itself to the bus to which this ECU is connected. Then, the gateway outputs to the external diagnostic device a result of comparison between this transmission source identifier data and transmission source identifier data in a response signal received for each bus or a value about each bus stored in advance, thereby specifying an ECU incapable of making communication.
In the CAN, ECUs sharing a bus, which is a communication line, can transmit messages onto the bus at their discretion, so that a message can be transmitted easily from each ECU to the bus. This makes it possible to transmit an unauthorized message to a bus in the CAN by connecting an unauthorized ECU to this bus, for example. Communication using such an unauthorized message should be prevented in real time. However, it is difficult to detect an abnormality in real time if it is to be detected in response to a connection request confirmation signal transmitted from the external diagnostic device, as in the aforementioned communication system in the Publication. Communication using an unauthorized message may be prevented by encrypting a communication message. However, performing encrypting process in real time involving a high processing load results in an increased load on an ECU, which is not negligible.
The aforementioned problems generally apply not only to the CAN but also to a communication system in which a communication message is transmitted and received to and from network-connected communication devices.