1. Technical Field
The present invention relates to a technique for detecting and dealing with unauthorized frames transmitted in a vehicle network in which electronic control units perform communication.
2. Description of the Related Art
These days, a large number of devices called “electronic control units (ECUs)” are provided in a system inside an automobile. A network connecting these ECUs with one another is called a “vehicle network”. A lot of standards exist for vehicle networks. A standard called a “controller area network (CAN)” specified in International Organization for Standardization (ISO) 11898-1 exists for one of principal vehicle networks.
In the CAN, a communication path is configured by two buses, and ECUs connected to the buses are called “nodes”. The nodes connected to the buses communicate messages called “frames”. A transmission node, which transmits a frame, applies voltage to the two buses to generate a potential difference between the buses and transmit a value of 1 called a “recessive” and a value of 0 called a “dominant”. If a plurality of transmission nodes transmit a recessive and a dominant at exactly the same timing, the dominant takes priority in transmission. If a format of a received frame is abnormal, a reception node transmits a frame called an “error frame”. An error frame refers to successive transmission of 6 bits of dominants for notifying a transmission node and other reception nodes of an abnormality in a frame.
In the CAN, there are no identifiers identifying destinations and sources. A transmission node transmits each frame with an identifier (ID) called a “message ID” attached (that is, transmits a signal to the buses), and a reception node receives only a predetermined message ID (that is, reads a signal from the buses). In addition, a carrier sense multiple access with collision avoidance (CSMA/CA) method is employed, and when a plurality of nodes simultaneously perform transmission, mediation is performed using message IDs. That is, a frame whose message ID is smaller takes priority in transmission.
In vehicle networks, there is a threat that an attacker accesses buses and transmits an unauthorized frame (unauthorized data frame) in order to misuse an ECU, and security measures are being examined.
T. Matsumoto, et al., “A Method of Preventing Unauthorized Data Transmission in controller area network—Yokohama National University: Vehicular Technology Conference”, 2012, for example, discloses a technique for preventing transmission of an unauthorized data frame using an error frame if transmission of a data frame having an ID that is to be transmitted by an own node is detected on an assumption that a plurality of nodes existing in the same network do not transmit data frames having the same ID.