公开(公告)号：KR101371902B1

公开(公告)日：2014-03-10

申请号：KR1020120144900

申请日：2012-12-12

Applicant: 현대자동차주식회사 ,  서울대학교산학협력단 ,  조선대학교산학협력단

Inventor： 안현수 ,  이정희 ,  이병욱 ,  배현철 ,  노종선 ,  김지엽 ,  우준영 ,  조창민 ,  김영식 ,  문영식

IPC: H04L12/26 ,  H04L12/851

CPC classification number: H04L63/1425 ,  H04L67/12

Abstract: The present invention relates to a device for detecting an attack on a vehicle network and a method thereof and is to provide to a device for detecting an attack on a vehicle network and a method thereof which accumulatively counts packets by each device (ID) connected to a vehicle network bus, calculates the accumulated value by accumulating an inspected value (S) whenever accumulatively counting packets and determines that an attack is occurred if the average accumulated value calculated by dividing the accumulated value by the accumulated counting does not exceed a first threshold value. For the purpose, in a vehicle network environment in which devices, having a priority for packet transmission, connected to a vehicle network bus include: a packet collection unit for collecting packets transmitted through the vehicle network bus; a packet counting unit for accumulatively counting the number of packets collected by the packet collection unit; an inspected value calculation unit for calculating an inspected value based on a time difference between packets having the same ID; an accumulated value calculation unit for calculating an accumulated value by adding the inspected value which is calculated by the inspected value calculation unit to the previous inspected value; an average accumulated value calculation unit for calculating the average accumulated value by dividing the accumulated value calculated by the accumulated value calculation unit by accumulated counting value by the packet counting unit; and an attack determination unit for determining the existence of attack based on the average accumulated value calculated by the average accumulated value calculation unit. [Reference numerals] (10) Packet collection unit; (20) Packet counting unit; (30) Inspected value calculation unit; (40) Accumulated value calculation unit; (50) Average accumulated value calculation unit; (60) Attack determination unit; (70) Control unit

Abstract translation: 本发明涉及一种用于检测车辆网络攻击的装置及其方法，并提供给用于检测对车辆网络的攻击的装置及其方法，其中每个装置（ID）对连接到车辆网络的数据进行累积计数 车辆网络总线，每当累积计数分组时累积检查值（S）来计算累积值，并且如果通过将累加值除以累加计数而计算的平均累积值不超过第一阈值，则确定发生攻击 。 为此，在车辆网络环境中，具有连接到车辆网络总线的分组传输优先级的设备包括：分组收集单元，用于收集通过车辆网络总线传送的分组; 分组计数单元，用于累积计数由所述分组收集单元收集的分组的数量; 检查值计算单元，用于基于具有相同ID的分组之间的时间差计算检查值; 累积值计算单元，用于通过将由检查值计算单元计算的检查值与先前检查值相加来计算累积值; 平均累计值计算单元，用于通过将由累积值计算单元计算出的累积值除以累积计数值来计算平均累积值; 以及攻击确定单元，用于基于由平均累积值计算单元计算的平均累积值来确定攻击的存在。 （附图标记）（10）分组收集单元; （20）分组计数单元; （30）检验价值计算单位; （40）累计值计算单位; （50）平均累计值计算单位; （60）攻击判定单元; （70）控制单元

公开(公告)号：KR1020130016809A

公开(公告)日：2013-02-19

申请号：KR1020110078940

申请日：2011-08-09

Applicant: 현대자동차주식회사

Inventor： 안현수 ,  차강주 ,  이소진

IPC: H04L12/66 ,  H04L12/58 ,  H04L12/851 ,  H04L12/40 ,  H04L12/26

CPC classification number: H04L12/66 ,  H04L12/40143 ,  H04L43/0852 ,  H04L47/24 ,  H04L51/26

Abstract: PURPOSE: A gateway data processing method of a vehicle network system is provided to transmit a searched signal by changing priority orders. CONSTITUTION: When error signals are determined, a gateway detects a module which transmits error signals(S002). The gateway detects a message receiving the module, which transmits the error signals(S003). The gateway changes the received message priority of the module which transmits the error signal(S004). When the error signal is not detected, the gateway determines a routing order according to a data input order(S010). The gateway transmits a message(S011). [Reference numerals] (AA) Start; (BB) Detecting error signals; (CC,S004,S008) Changing the received message priority of a corresponding module; (DD) End; (S002) Detecting a module which transmits error signals from a memory; (S003,S007) Detecting messages received in a corresponding module; (S005) Detecting warning signals; (S006) Detecting a module which transmits warning signals from the memory; (S009) Detecting transmission delay signals; (S010) Determining the priority according to the order of input; (S011) Transmitting messages

Abstract translation: 目的：提供车辆网络系统的网关数据处理方法，通过改变优先顺序来发送搜索到的信号。 构成：当确定错误信号时，网关检测发送错误信号的模块（S002）。 网关检测接收发送错误信号的模块的消息（S003）。 网关改变发送错误信号的模块的接收到的消息优先级（S004）。 当未检测到错误信号时，网关根据数据输入顺序确定路由顺序（S010）。 网关发送消息（S011）。 （附图标记）（AA）开始; （BB）检测误差信号; （CC，S004，S008）更改相应模块的接收到的消息优先级; （DD）结束; （S002）检测从存储器发送错误信号的模块; （S003，S007）检测相应模块中收到的消息; （S005）检测报警信号; （S006）检测从存储器发送警告信号的模块; （S009）检测传输延迟信号; （S010）根据输入顺序确定优先级; （S011）发送消息

公开(公告)号：KR100792422B1

公开(公告)日：2008-01-09

申请号：KR1020060075982

申请日：2006-08-11

Applicant: 현대자동차주식회사

Inventor： 안현수

IPC: G06Q50/30 ,  G06Q50/10 ,  G06F9/44

CPC classification number: G06Q50/30 ,  G06F9/44 ,  G06Q50/10

Abstract: A method for reprogramming a vehicle controller automatically based on a VIN(Vehicle ID number) in the network is provided to remove reprogramming manpower, remove restriction of storage capacity, and prevent omission of software to be reprogrammed by downloading the software based on the VIN included in the vehicle controller through the network connecting the vehicle controller to a database of a maker. It is checked whether a vehicle model corresponds to the model to be reprogrammed is determined by checking the VIN received from the vehicle controller embedded in a vehicle(S204). It is checked whether the software embedded in the vehicle controller is the target software(S206). The software is downloaded from an OEM(Original Equipment Manufacturer) database operated by a server of a vehicle maker(S208). Reprogramming is performed by executing the downloaded software to the vehicle controller(S210). A reprogramming history is stored to the OEM database after the target software is reprogrammed to the vehicle controller(S214).

Abstract translation: 提供一种基于网络中的VIN（车辆ID号）自动重新编程车辆控制器的方法，以消除重编程人员，消除对存储容量的限制，并通过基于包含的VIN来下载软件来防止软件重新编程 在车辆控制器中通过将车辆控制器连接到制造商的数据库的网络。 通过检查从嵌入在车辆中的车辆控制器接收到的VIN来确定车辆模型对应于要重新编程的模型是否被确定（S204）。 检查嵌入在车辆控制器中的软件是否是目标软件（S206）。 该软件从由车辆制造商的服务器操作的OEM（原始设备制造商）数据库下载（S208）。 通过将下载的软件执行到车辆控制器来执行重新编程（S210）。 在将目标软件重新编程到车辆控制器之后，将重新编程历史存储到OEM数据库（S214）。

公开(公告)号：KR101831134B1

公开(公告)日：2018-02-26

申请号：KR1020160060261

申请日：2016-05-17

Applicant: 현대자동차주식회사 ,  기아자동차주식회사 ,  주식회사 유라코퍼레이션

Inventor： 조아람 ,  정호진 ,  안현수 ,  권영훈 ,  김수미

IPC: H04L9/06 ,  H04L9/08 ,  H04L12/40

CPC classification number: H04L9/3247 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/3242 ,  H04L9/3268 ,  H04L9/3271 ,  H04L2209/08 ,  H04L2209/84

Abstract: 본발명은보다신뢰성있는제어기관리방법에관한것으로, 보다상세히는암호화알고리즘을활용한차량제어기, 게이트웨이및 진단기상호간의설치/사용/제거시의인증및 데이터교환에대한것이다. 본발명의일 실시예에따른차량에서게이트웨이가제어기를인증하는방법은, 제 1 조건만족시, 제 1 난수를포함하는제 1 메시지를상기제어기로전송하는단계; 상기제어기의개인키로전자서명된제 1 난수를포함하는제 2 메시지를상기제어기로부터수신하는단계; 상기전자서명된제 1 난수를상기제어기의공개키로복호화하는단계; 및상기복호화에성공한경우, 상기제어기의공개키로암호화된대칭키를상기제어기로전송하는단계를포함할수 있다.

公开(公告)号：KR101759133B1

公开(公告)日：2017-07-18

申请号：KR1020150036940

申请日：2015-03-17

Applicant: 현대자동차주식회사 ,  기아자동차주식회사 ,  조선대학교산학협력단 ,  서울대학교산학협력단

Inventor： 안현수 ,  정호진 ,  우준영 ,  김호연 ,  이강석 ,  윤종윤 ,  노종선 ,  김영식

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/0869 ,  H04L9/3273 ,  H04L2209/84

Abstract: 본발명은비밀정보기반의상호인증방법및 장치에관한것이다. 본발명의일 실시예에따른외부장치와연동되는차량제어기에서의상호인증방법은상기외부장치로부터의수신된인증요청메시지에따라난수를상기외부장치에전송하는제1 단계와상기난수를매개변수로하는제1 함수를이용하여변수를생성하는제2 단계와상기변수및미리저장된보안키를매개변수로하는제2함수를이용하여제1 세션키를생성하는제3 단계와상기외부장치로부터제1 응답키를수신하는제4 단계와상기난수, 상기변수, 상기제1 세션키를매개변수로하는제3함수를이용하여제2 응답키를생성하는제5 단계와상기제1 응답키와상기제2 응답키의일치여부에기반하여상기외부장치를인증하는제6 단계를포함하여구성될수 있다. 따라서, 본발명은보안정보에기반하여외부장치와차량제어기사이의상호인증을가능하게하는장점이있다.

公开(公告)号：KR1020160111789A

公开(公告)日：2016-09-27

申请号：KR1020150036940

申请日：2015-03-17

Applicant: 현대자동차주식회사 ,  기아자동차주식회사 ,  조선대학교산학협력단 ,  서울대학교산학협력단

Inventor： 안현수 ,  정호진 ,  우준영 ,  김호연 ,  이강석 ,  윤종윤 ,  노종선 ,  김영식

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/0869 ,  H04L9/3273 ,  H04L2209/84

Abstract: 본발명은비밀정보기반의상호인증방법및 장치에관한것이다. 본발명의일 실시예에따른외부장치와연동되는차량제어기에서의상호인증방법은상기외부장치로부터의수신된인증요청메시지에따라난수를상기외부장치에전송하는제1 단계와상기난수를매개변수로하는제1 함수를이용하여변수를생성하는제2 단계와상기변수및미리저장된보안키를매개변수로하는제2함수를이용하여제1 세션키를생성하는제3 단계와상기외부장치로부터제1 응답키를수신하는제4 단계와상기난수, 상기변수, 상기제1 세션키를매개변수로하는제3함수를이용하여제2 응답키를생성하는제5 단계와상기제1 응답키와상기제2 응답키의일치여부에기반하여상기외부장치를인증하는제6 단계를포함하여구성될수 있다. 따라서, 본발명은보안정보에기반하여외부장치와차량제어기사이의상호인증을가능하게하는장점이있다.

Abstract translation: 本发明涉及一种基于机密信息进行相互认证的方法和装置。 根据本发明的实施例的与外部设备结合操作的车辆控制器中的相互认证方法可以包括：响应于从外部接收到的认证请求消息将随机数S发送到外部设备的第一步骤 设备; 通过使用使用随机数S作为参数的第一函数来生成变量i的第二步骤; 通过使用使用变量i和先前存储的秘密密钥K作为参数的第二函数来生成第一会话密钥Ks的第三步骤; 从外部设备接收第一响应密钥的第四步骤; 通过使用使用随机数S，变量i和第一会话密钥Ks的第三函数作为参数来生成第二响应密钥的第五步骤; 以及第六步骤，基于第一响应密钥是否与第二响应密钥相同，来认证外部设备。 因此，可以根据机密信息相互认证外部装置和车辆控制装置的优点。

公开(公告)号：KR1020140078431A

公开(公告)日：2014-06-25

申请号：KR1020120147782

申请日：2012-12-17

Applicant: 현대자동차주식회사

Inventor： 이병욱 ,  안현수 ,  이정희 ,  배현철

IPC: G06F21/30 ,  G06F9/44 ,  G06F15/16

CPC classification number: G06F21/30 ,  G06F9/44 ,  G06F15/16 ,  G06F21/305 ,  G06F21/41

Abstract: The present invention relates to a firmware update system and a firmware update method. The system includes a server which generates a firmware update program for a controller, generates a signature according to the firmware update program, and transmits the signature with the unique ID of the controller to a central gateway; the central gateway which transmits the firmware update program to the controller if the signature is correct by verifying the signature for the transmitted firmware; and a client terminal comprising the controller which receives the firmware update program with the verified signature and updates the firmware.

Abstract translation: 本发明涉及固件更新系统和固件更新方法。 该系统包括生成用于控制器的固件更新程序的服务器，根据固件更新程序生成签名，并将具有控制器的唯一ID的签名发送到中央网关; 如果通过验证所发送的固件的签名是否正确地将固件更新程序发送到控制器的中央网关; 以及客户终端，其包括控制器，其接收具有所验证的签名的固件更新程序并更新固件。

公开(公告)号：KR1020100041574A

公开(公告)日：2010-04-22

申请号：KR1020080100823

申请日：2008-10-14

Applicant: 현대자동차주식회사 ,  기아자동차주식회사 ,  주식회사 지. 아이. 티

Inventor： 손우혁 ,  안현수 ,  김성구 ,  천재호 ,  권영대 ,  장식원 ,  조영민

IPC: G06Q50/30 ,  G06Q10/10

CPC classification number: G06Q50/30 ,  G06Q10/10

Abstract: PURPOSE: An automatic diagnosis information message generating system for generating a diagnosis program for a car and a method thereof are provided to automatically generate a car diagnosis program, thereby increasing convenience of a user. CONSTITUTION: A user input unit(210) inputs data for generating a diagnosis information management document and system standard information. A database(230) stores a diagnosis information message. A controller(220) generates or searches the diagnosis information management document according to a request of a user. The controller decides whether the system standard information is matched with standard information for standardization. The controller generates a diagnosis information message for generating a diagnosis program.

Abstract translation: 目的：提供一种用于生成汽车诊断程序的自动诊断信息消息产生系统及其方法，以自动生成汽车诊断程序，从而增加用户的便利性。 构成：用户输入单元（210）输入用于生成诊断信息管理文档和系统标准信息的数据。 数据库（230）存储诊断信息消息。 控制器（220）根据用户的请求生成或搜索诊断信息管理文档。 控制器决定系统标准信息是否与标准化标准信息相匹配。 控制器产生用于生成诊断程序的诊断信息消息。