Various methods are used to prevent unauthorized manipulation of a control program stored in a control device of a motor vehicle or data stored from this program. The control program controls or regulates specific functions in the motor vehicle, for example an internal combustion engine, a driving dynamics regulator, a stop control system (SCS), or an electronic steering system (steer-by-wire). A defect and/or a change in the mode of operation of the controlled or regulated unit of the motor vehicle may occur due to a manipulation of the control program. Therefore, manipulation of the control program or the data is to be prevented as much as possible, but the manipulation is at least to be detectable afterwards, so that the cause of a defect of a controlled or regulated unit may be established or so that warranty claims may be pursued correctly.
In spite of the danger of manipulation of the control program or the data by unauthorized persons, it is usually not advisable to prevent access to the storage assembly of the control device completely. In order to, for example, perform reprogramming of the control device, it must be possible for an authorized user group to access the storage assembly. Specifically, it may be necessary from time to time to store a new version of a control program or new parameters or limiting values in the control device in order to, for example, remove errors in the software or to take new legal requirements into account.
Control devices can be protected against manipulation of the control program by asymmetrically encrypting the data in which the control program and the data are stored in a storage assembly of the control device. The asymmetrical encryption method is also referred to as a public key encryption method and is used by BMW AG, whose main office is in Munich, Germany, and by Siemens AG, whose main offices are in Munich and Berlin, Germany, for encrypting or marking a control program stored in a control device of a motor vehicle and/or of data stored therein.
In the conventional asymmetric encryption method, a hash value is formed from the control program and/or the data to be marked with the aid of a hash function. A hash value is a type of check-sum of fixed length having special properties which are a function of the hash function used. The hash value is encrypted with the aid of a private key, which is not freely accessible. The encrypted hash value is referred to as a signature. The signature is appended to the program and/or the data to be marked and is transmitted to the motor vehicle control device together with them and stored there in the storage assembly.
In the control device, the signature is decrypted with the aid of a freely accessible public key. In this way, the decrypted hash value is obtained. In addition, with the aid of the same hash function which was also used in the course of encryption to obtain the hash value, an additional hash value is determined from the control program and/or data received. Subsequently, it is checked whether the decrypted hash value is identical to the additional hash value. If this is the case, the execution of the control program transmitted and/or the use of the data transmitted is enabled. Otherwise, the execution of the control program and/or the use of the data is blocked.
A problem of the conventional method lies in the management of the private key. This key is available to multiple persons at a control device developer or a motor vehicle developer, each user being assigned his own private key. If a private key—for whatever reason—falls into the hands of unauthorized persons, they may misuse the private key for reprogramming a whole series of control devices of the same type, without the control device manufacturer or the motor vehicle manufacturer being capable of preventing this and without the manipulation of the control program and/or the data by unauthorized persons being capable of being recognized afterward. In the conventional method, a compromised private key may not be detected as such and, if necessary, blocked.