Vehicle network authentication system, and vehicle network authentication method

摘要

Provided is a vehicle network authentication system such that processing by a vehicle control device can be smoothed while security of communication using dummy data is maintained. A vehicle control device as an authenticating entity is provided with an authentication unit that allocates authority in accordance with the amount of authentication of data for authentication transmitted from a vehicle control device as an authenticated entity. The vehicle control device includes an authentication data generation unit that generates the data for authentication, a data division unit that divides the generated data for authentication, and a dummy data addition unit that adds dummy data as data that is transmitted to a vehicle network together with the data for authentication.

主权项

1. A vehicle network authentication system in which communication data is transmitted and received by use of communication specified based on a communications protocol of a vehicle network, the vehicle network authentication system comprising:
a data dividing section that divides authentication data for authenticating a communication target; a dummy data addition section that adds dummy data for a dummy representation of the divided authentication data, the dummy data being used as data to be transmitted to the vehicle network together with the authentication data; and an authentication section that verifies the divided authentication data and the dummy data by use of a plurality of pieces of verification data for verifying the divided authentication data, wherein the vehicle network is provided with a plurality of vehicle control devices including a first electronic control unit (first ECU) and a second electronic control unit (second ECU), the first ECU configured to authenticate the second ECU, the data dividing section and the dummy data addition section are constructed by the second ECU and the authentication section is constructed by the first ECU, wherein the authentication section is configured to obtain an authentication rate by at least one of i) dividing a number of pieces of authentication data that have succeeded in authentication by a division number of the authentication data and ii) dividing a data amount of authentication data that have succeeded in authentication by a total data amount of the authentication data, and the authentication section is configured to increase functions capable of being used by the second ECU according to the authentication rate.