CN-122027201-A - Message transmission method and device

Abstract

The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for transmitting a message. The transmission method comprises the steps of determining service data and time slice numbers corresponding to the service data, obtaining historical time slice numbers and corresponding historical request numbers, determining request numbers based on the time slice numbers corresponding to the service data, the historical time slice numbers and the corresponding historical request numbers, determining freshness values based on the time slice numbers and the request numbers, conducting encryption processing on the time slice numbers to generate derivative keys, conducting encryption processing on message heads and freshness values corresponding to the service data and the service data by taking the derivative keys as keys to obtain first message authentication codes, constructing messages according to the sequence of the message heads, the service data, the freshness values and the message authentication codes corresponding to the service data, and sending the messages to corresponding receiving ends. The method has the characteristics of high counterfeiting resistance, high tamper resistance, high compatibility, low transformation cost and easy deployment.

Inventors

• WU HANWEN

Assignees

• 中汽创智科技有限公司

Dates

Publication Date

20260512

Application Date

20251229

Claims (10)

1. 1. The message transmission method is characterized by being applied to a transmitting end and comprises the following steps: determining service data and a time slice number corresponding to the service data, and acquiring a historical time slice number and a corresponding historical request number; Determining a request number corresponding to the service data based on the time slice number corresponding to the service data, the historical time slice number and the corresponding historical request number; Determining a freshness value based on a time slice number and a request number corresponding to the service data; Encrypting the time slice number corresponding to the service data to generate a derivative key; The derivative key is used as a key to encrypt the service data, the message header corresponding to the service data and the freshness value, so as to obtain a first message authentication code; and constructing a message according to the sequence of the message header, the service data, the freshness value and the message authentication code corresponding to the service data, and sending the message to a corresponding receiving end.
2. 2. The transmission method according to claim 1, wherein the determining the request number corresponding to the service data based on the time slice number corresponding to the service data, the historical time slice number, and the corresponding historical request number includes: When a target historical time number consistent with the time slice number corresponding to the service data exists in the historical time slice numbers; determining a target historical request number corresponding to the target historical time number from request numbers corresponding to the historical time numbers based on the target historical time number; Judging whether the target historical request number is smaller than a preset request number or not, if so, determining the sum of the target historical request number and a preset step length as a request number corresponding to the service data, and if not, generating alarm information; And determining a preset initial number as a request number corresponding to the service data when the target historical time number consistent with the time slice number corresponding to the service data does not exist in the historical time slice numbers.
3. 3. The transmission method according to claim 1, wherein the method for determining the time slice number corresponding to the service data comprises: acquiring global time corresponding to the service data; determining the ratio of the global time corresponding to the service data to the time slice length as an intermediate time slice value; And performing downward integer processing on the intermediate time slice value to obtain a time slice number corresponding to the service data.
4. 4. A transmission method according to any one of claims 1 to 3, wherein the encrypting the service data, the header of the message corresponding to the service data, and the freshness value with the derivative key as a key to obtain a first message authentication code includes: The derivative key is used as a key to encrypt the service data, the message header corresponding to the service data and the freshness value, and an initial message authentication code is generated; and carrying out truncation processing on the initial message authentication code to obtain the first message authentication code with preset byte capacity.
5. 5. The message transmission method is characterized by being applied to a receiving end and comprises the following steps: Obtaining a message, analyzing and extracting the message, and generating service data, a message header and a freshness value corresponding to the message; determining the number of the current time slice; Generating a time screening result based on the freshness value, the current time slice number and a preset time threshold; when the time screening result indicates that the freshness value belongs to a valid value, encrypting a time slice number in the freshness value to generate a derivative key; The derivative key is used as a key to encrypt the service data, the message header corresponding to the service data and the freshness value, so as to obtain a second message authentication code; judging whether the second message authentication code is consistent with the first message authentication code in the message, if so, transmitting the service data, and if not, discarding the message.
6. 6. The transmission method according to claim 5, wherein the performing transmission processing on the service data includes: Judging whether the time slice number in the freshness value is larger than the historical time slice number or not, if so, updating the sliding window corresponding to the time slice number, otherwise, not updating the sliding window corresponding to the time slice number; Judging whether the request number in the freshness value is smaller than a preset threshold value, if so, carrying out bitmap setting processing on the request number, otherwise, discarding the message.
7. 7. The transmission method of claim 5, wherein the predetermined time threshold comprises a first time threshold and a second time threshold, and wherein the generating a time screening result based on the freshness value, the current time slice number, and the predetermined time threshold comprises: determining a time slice number from the freshness value; Determining the sum of the current time slice number and the first time threshold value as a first time slice number; determining a difference between the current time slice number and the first time threshold as a second time slice number; Generating a first screening result when the time slice number is smaller than the first time slice number and larger than or equal to the second time slice number or the time slice number is equal to the second time slice number, wherein the first screening result represents that the freshness value belongs to an effective value; and generating a second screening result under the condition that the time slice number is larger than the first time slice number or smaller than the second time slice number, wherein the second screening result represents that the freshness value does not belong to a valid value.
8. 8. The transmission method according to any one of claims 5-7, wherein before generating a time screening result based on the freshness value, the current time slice number and a preset time threshold, the method further comprises: determining the length of a message body corresponding to the message from the message head; Judging whether the length of the message body corresponding to the message is larger than a first length value and smaller than or equal to a second length value, if so, executing the subsequent step of generating a time screening result based on the freshness value, the current time slice number and a preset time threshold value, and if not, discarding the message, wherein the first length value is equal to the length of the freshness value and the length of a first message authentication code in the message.
9. 9. The message transmission device is characterized by being deployed at a transmitting end and comprises: the first determining module is used for determining service data and time slice numbers corresponding to the service data, and acquiring historical time slice numbers and corresponding historical request numbers; The second determining module is used for determining a request number corresponding to the service data based on the time slice number corresponding to the service data, the historical time slice number and the corresponding historical request number; the third determining module is used for determining a freshness value based on the time slice number and the request number corresponding to the service data; The first generation module is used for carrying out encryption processing on the time slice number corresponding to the service data to generate a derivative key; the first encryption module is used for encrypting the service data, the message header corresponding to the service data and the freshness value by taking the derivative key as a key to obtain a first message authentication code; the construction module is used for constructing a message according to the sequence of the message head corresponding to the service data, the freshness value and the message authentication code, and sending the message to a corresponding receiving end.
10. 10. The message transmission device is characterized by being deployed at a receiving end and comprises: the acquisition module is used for acquiring the message, analyzing and extracting the message and generating service data, a message head and a freshness value corresponding to the message; a fourth determining module, configured to determine a current time slice number; the second generation module is used for generating a time screening result based on the freshness value, the current time slice number and a preset time threshold; The second encryption module is used for carrying out encryption processing on the time slice number in the freshness value to generate a derivative key under the condition that the time screening result indicates that the freshness value belongs to a valid value; the third encryption module is used for encrypting the service data, the message header corresponding to the service data and the freshness value by taking the derivative key as a key to obtain a second message authentication code; The judging module is used for judging whether the second message authentication code is consistent with the first message authentication code in the message, if so, transmitting the service data, and if not, discarding the message.

Description

Message transmission method and device Technical Field The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for transmitting a message. Background In the aspect of communication in a vehicle, the aspect of a vehicle-mounted controller area network (Controller Area Network, CAN for short) has the function of safety carrier board communication (Automotive Open System Arichitecture Secure Onboard Communication, AUTOSAR SecOC for short) of an open system architecture of the vehicle to carry out integrity and source authentication on a message, while the aspect of a vehicle-mounted Ethernet has no corresponding integrity and source authentication. The current "trusted bus" assumption is no longer true. The attacker has the capabilities of passive eavesdropping, active tampering and cross-time/cross-source replay, and the isolation by the link layer alone cannot meet the requirements of functions and safety. The hardware cost and resource consumption required for asymmetric encryption and digital signature employed by mainstream internet is too heavy for each controller in the vehicle to be popularized. The main stream of industry is to superimpose the integrity and freshness protection (such as AUTOSAR SecOC) of the message level on the transmission layer to resist tampering and replay, but the real conditions of high frequency, disorder, power failure and multi-source concurrency of the vehicle network make the simple addition of MAC not enough to fall to the ground. The existing SOME/IP protocol is widely applied in a vehicle-mounted network, but lacks a unified message authentication and freshness verification mechanism, so that messages are easy to forge, tamper and replay, and the requirements of vehicle function safety and network safety are difficult to meet, and meanwhile, the existing safety enhancement scheme often needs to modify protocol header fields or introduce additional encapsulation and connection state mechanisms, so that the problems of poor compatibility, high transformation cost, high bandwidth and time delay expenditure, poor adaptability to disorder and packet loss and the like exist. Disclosure of Invention In order to solve the problems in the prior art, the embodiment of the application provides a message transmission method and device. The technical scheme is as follows: In one aspect, a method for transmitting a message is provided, which is applied to a transmitting end, and the method includes: determining service data and a time slice number corresponding to the service data, and acquiring a historical time slice number and a corresponding historical request number; Determining a request number corresponding to the service data based on the time slice number corresponding to the service data, the historical time slice number and the corresponding historical request number; Determining a freshness value based on a time slice number and a request number corresponding to the service data; Encrypting the time slice number corresponding to the service data to generate a derivative key; The derivative key is used as a key to encrypt the service data, the message header corresponding to the service data and the freshness value, so as to obtain a first message authentication code; and constructing a message according to the sequence of the message header, the service data, the freshness value and the message authentication code corresponding to the service data, and sending the message to a corresponding receiving end. In an exemplary embodiment, the determining the request number corresponding to the service data based on the time slice number corresponding to the service data, the historical time slice number, and the corresponding historical request number includes: When a target historical time number consistent with the time slice number corresponding to the service data exists in the historical time slice numbers; determining a target historical request number corresponding to the target historical time number from request numbers corresponding to the historical time numbers based on the target historical time number; Judging whether the target historical request number is smaller than a preset request number or not, if so, determining the sum of the target historical request number and a preset step length as a request number corresponding to the service data, and if not, generating alarm information; And determining a preset initial number as a request number corresponding to the service data when the target historical time number consistent with the time slice number corresponding to the service data does not exist in the historical time slice numbers. In an exemplary embodiment, the method for determining the time slice number corresponding to the service data includes: acquiring global time corresponding to the service data; determining the ratio of the global time corresponding to the service data to the time slic