1. Technical Field
The present disclosure relates to a vehicle communication apparatus connected to an in-vehicle network and configured to transmit and receive messages (frames), a vehicle communication method, and the like.
2. Description of the Related Art
Systems in recent automobiles accommodate multiple devices called electronic control units (ECUs). A network connecting these ECUs is called an in-vehicle network. There exist multiple standards for the in-vehicle network. Among these standards, a standard called CAN (Controller Area Network) specified in ISO 11898-1 is one of the most mainstream in-vehicle network standards (see “CAN Specification 2.0 Part A”, [online], CAN in Automation (CiA), [searched Nov. 14, 2014], the Internet (URL: http://www.can-cia.org/fileadmin/cia/specifications/CAN20A.pdf)).
In CAN, each communication path is constituted by two buses, and ECUs connected to the buses are referred to as nodes. Each node connected to a bus transmits and receives a message called a frame. A transmitting node that is to transmit a frame applies a voltage to two buses to generate a potential difference between the buses, thereby transmitting the value “1” called recessive and the value “0” called dominant. When a plurality of transmitting nodes transmit recessive and dominant values at completely the same timing, the dominant value is prioritized and transmitted. A receiving node transmits a frame called an error frame if the format of a received frame is anomalous. In an error frame, 6 consecutive dominant bits are transmitted to notify the transmitting nodes or any other receiving node of frame anomaly.
In CAN, furthermore, there is no identifier that designates a transmission destination or a transmission source. A transmitting node transmits frames each assigned an ID called a message ID (that is, sends signals to a bus), and each receiving node receives only a predetermined message ID (that is, reads a signal from the bus). In addition, the Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) scheme is adopted, and arbitration based on message IDs is performed for simultaneous transmission of a plurality of nodes so that a frame with the value of message ID being small is preferentially transmitted.
Conventionally, there is known a technique in which, in a case where a message that is anomalous is transmitted to a CAN bus, a gateway device that connects buses detects the anomalous message and prevents the anomalous message from being transferred to any other bus to suppress an increase in the load on buses (see Japanese Unexamined Patent Application Publication No. 2007-38904). There is also known a technique for determining the presence of an unauthorized frame by checking the period of messages that are periodically sent (see Satoshi OTSUKA, Tasuku ISHIGOOKA, “Intrusion Detection for In-vehicle Networks without Modifying Legacy ECUs”, Technical Report Embedded Systems (EMB), Information Processing Society of Japan, Mar. 6, 2013, Vol. 2013-EMB-28, No. 6, pp. 1-5).
If ECUs connected to the CAN bus include an ECU that executes an application program acquired from an external element such as an external network or an external device, an unauthorized operation can be performed in accordance with an unauthorized application program. The unauthorized application program can generate an unauthorized frame and deliver the unauthorized frame to the bus, thereby causing unauthorized control of the vehicle. In addition, the load on the bus may be increased. This incurs an increase in the load imposed on the bus by frame monitoring (checking).