Search

US-12621170-B2 - Secure peer-to-peer communication protocol

US12621170B2US 12621170 B2US12621170 B2US 12621170B2US-12621170-B2

Abstract

A method for securely transmitting data between first and second processing units, each storing a shared secure key and respective first and second identifiers, includes transmitting an authentication challenge from the first processing unit to the second processing unit. The authentication challenge includes a first random number. The method includes generating a session key and an authentication key at each of the corresponding first and second processing units, based on the transmitted authentication challenge and the stored shared secure key. The method includes transmitting an authentication response including an authentication code generated from the authentication challenge based on the authentication key. The method includes verifying each processing unit by comparing a received authentication code with a locally generated authentication code. The method includes, in response to being verified, transmitting data between the first and second processing units using the corresponding session keys.

Inventors

  • Andrzej Ekiert

Assignees

  • Aptiv Technologies AG

Dates

Publication Date
20260505
Application Date
20240131
Priority Date
20230131

Claims (12)

  1. 1 . A method for securely transmitting data between a first processing unit and a second processing unit, each storing a shared secure key and respective first and second identifiers, the method comprising: transmitting a first authentication challenge from the first processing unit to the second processing unit, wherein the first authentication challenge includes a first random number; transmitting a second authentication challenge from the second processing unit to the first processing unit, wherein the second authentication challenge includes a second random number; generating a first session key and a first authentication key at the first processing unit using the first authentication challenge, the second authentication challenge, and the stored shared secure key; generating a second session key and a second authentication key at the second processing unit using the first authentication challenge, the second authentication challenge, and the stored shared secure key; transmitting a first authentication response from the first processing unit to the second processing unit, wherein the first authentication response includes a first authentication code generated from the second authentication challenge using the first authentication key; verifying the first processing unit at the second processing unit in response to the first authentication code matching a local authentication code generated from the second authentication challenge using the second authentication key; and in response to being verified, transmitting data from the second processing unit to the first processing unit using the second session key.
  2. 2 . The method of claim 1 wherein the shared secure key is a shared symmetric key (SSK).
  3. 3 . The method of claim 1 wherein generating the first session key and the second session key includes using a key derivation function (KDF) keyed with the shared secure key.
  4. 4 . The method of claim 1 wherein the first authentication key and the second authentication key are ephemeral authentication keys.
  5. 5 . The method of claim 1 wherein the first authentication code and the local authentication code are Cipher-based message authentication codes (CMAC).
  6. 6 . The method of claim 1 wherein: transmitting the first authentication challenge includes monitoring out-of-time responses where the first authentication response is not received within a timeout period, and the method further comprises, in response to identifying an out-of-time response, generating a new first authentication challenge including a new random number.
  7. 7 . The method of claim 1 wherein verifying at least one of the processing units includes monitoring out-of-sequence responses received before transmitting the respective authentication challenge.
  8. 8 . The method of claim 7 wherein, in response to identifying an out-of-sequence response, verification is prevented.
  9. 9 . A first processing unit for secure communication with a second processing unit, the first processing unit comprising: a memory storing a shared secure key, a first identifier (ID), and a second ID, wherein the second ID is associated with the second processing unit; a random number generator configured to generate a first random number; and a processor configured to: transmit a first authentication challenge to the second processing unit, wherein the first authentication challenge includes the first random number; receive a second authentication challenge from the second processing unit, wherein the second authentication challenge includes a second random number; generate a first session key and a first authentication key using the first authentication challenge, the second authentication challenge, and the shared secure key; receive a second authentication response from the second processing unit, wherein the second authentication response includes a second authentication code generated from the first authentication challenge using a second authentication key generated at the second processing unit; verify the second processing unit in response to the second authentication code matching a local authentication code generated from the first authentication challenge using the first authentication key; and in response to the second processing unit being verified, transmit data to the second processing unit using the first session key.
  10. 10 . The first processing unit of claim 9 further comprising: a timeout timer for timing receipt of the second authentication response, wherein the processor is configured to generate a new authentication challenge, including a new random number, in response to the second authentication response not being received within a timeout period.
  11. 11 . The first processing unit of claim 9 wherein the processor is configured to monitor for out-of-sequence responses received before transmitting the respective authentication challenge.
  12. 12 . A non-transitory computer-readable medium comprising instructions that include: transmitting a first authentication challenge from a first processing unit to a second processing unit, wherein the first authentication challenge includes a first random number; transmitting a second authentication challenge from the second processing unit to the first processing unit, wherein the second authentication challenge includes a second random number; generating a first session key and a first authentication key at the first processing unit using the first authentication challenge, and the second authentication challenge, and a stored shared secure key; generating a second session key and a second authentication key at the second processing unit using the first authentication challenge, the second authentication challenge, and the stored shared secure key; transmitting a first authentication response from the first processing unit to the second processing unit, wherein the first authentication response includes a first authentication code generated from the second authentication challenge using the first authentication key; verifying the first processing unit at the second processing unit in response to the first authentication code matching a local authentication code generated from the second authentication challenge using the second authentication key; and in response to being verified, transmitting data from the second processing unit to the first processing unit using the second session key.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims priority to EP 23 154 110 filed Jan. 31, 2023, the entire disclosure of which is incorporated by reference. FIELD The present disclosure relates to communication between components and more particularly to encrypted point-to-point communications within vehicle electrical/electronic architectures. BACKGROUND There currently do not exist any standard solutions for authenticated encrypted reliable point-to-point communication between processors on a single PCB or, more generally, within a single device. Such entities are often communicated via media such as Serial Peripheral Interface (SPI), universal asynchronous receiver-transmitter (UART) or similar and either receive no protection at all or are protected with ad-hoc custom solutions, such as encrypting messages using a block cipher in an unauthenticated mode with an appended message authentication code (MAC). However, unprotected communication leaves systems vulnerable to allowing attackers with physical access to the device to intercept, modify and retransmit traffic, resulting in extraction of secrets, reverse engineering of device functions and serving as a steppingstone to mount more complex attacks. This is particularly a concern in automotive applications because modern vehicles' electronic control systems play a crucial role in safety, as well as often communicating data to central servers. The background description provided here is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent it is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure. SUMMARY Currently, ad-hoc solutions built upon block ciphers in unauthenticated modes are used in some circumstances. However, MAC codes carry the risk of misapplication of cryptographic primitives, resulting in protocol weaknesses that can be efficiently attacked (e.g. random or pseudo-random number reuse or using the same key for encryption and for authentication). For example, some proposed techniques reuse session keys for both encryption and MAC, which leaves communications vulnerable to attack. At the same time, there is no connection reliability guarantees. As such, any lost messages are not automatically retransmitted and are simply lost. Accordingly, there remains a need to address the above shortcomings in communications. According to a first aspect, there is provided a method for securely transmitting data between at least a first and second processing unit, each having stored a Shared Secure Key and a respective identifier, ID, and the ID of the other processing unit, the method comprising: transmitting an authentication challenge from the first processing unit to the second processing unit, comprising at least a first random number; generating a session key and an authentication key at each of the corresponding first and second processing units, based on the transmitted authentication challenge and the stored Shared Secure Key; transmitting an authentication response comprising a authentication code generated from the authentication challenge based on the authentication key; and verifying each processing unit by comparing the received authentication code with a locally generated authentication code; if verified, transmitting data between the first and second processing units using the corresponding session keys. In this way, a method for secure inter-processor communication may be provided, such as communication between processing units within a single printed circuit board or electronic control unit using simple serial links such as UART or SPI. Advantageously, by provisioning each processing unit with the Shared Secure Key, fast establishment of session keys may be achieved, even when using low performance microcontrollers. This thereby allows for a secure communication link to be established quickly (e.g. within 10 s of milliseconds) after power up. Moreover, in the arrangement, both processing units are equivalent peers, and hence the protocol may be implemented without the concept of a client and server. In embodiments, the method further comprises transmitting a second authentication challenge from the second processing unit to the first processing unit, comprising at least a second random number. In embodiments, the method further comprises generating a second session key and a second authentication key at each of the corresponding first and second processing units based on the transmitted authentication challenge and the stored Shared Secure Key; and transmitting a second authentication response comprising a second authentication code generated from the second authentication challenge based on the second authentication key, wherein the step of verifying each processing unit compri