AUTOSAR SecOC Introduction -- Part 2

Encryption & Validation Flow

AUTOSAR SecOC Introduction -- Part 2_第1张图片

Encryption

主要分为如下几步

  1. 传输Authentic I-PDU
  2. 获取SecOC ID
  3. 获取Freshness Value
  4. 获取Key
  5. 构建Authentication data
  6. 生成MAC
  7. 构建Secured I-PDU

可以将Secured I-PDU 拆成2帧报文进行发送(通过设置SecOCTxSecuredPduCollection)

Authentic I -PDU (Including Message Link)

Truncated FV  | Truncated MAC | Message Link

因为一个Secured I-PDU 已经被拆分成2帧报文进行发送,通过比较所包含的Message Link来判断这两帧报文是由同一Secured I-PDU拆分而来

Validation

主要分为如下几步

  1. 收到的Secured I-PDU
  2. 获取SecOC ID
  3. 构建FV
  4. 构建 Authentication data
  5. 获取Key
  6. 验证MAC
  7. 比较MAC

针对验证可以配置最大尝试验证次数SecOCAuthenticationBuildAttempts

AUTOSAR SecOC Introduction -- Part 2_第2张图片

Data Transmission Flow

AUTOSAR SecOC Introduction -- Part 2_第3张图片

App Transmission

AUTOSAR SecOC Introduction -- Part 2_第4张图片

1.For each transmission request of an Authentic I-PDU, the upper layer communication module shall call the PduR module through PduR_Transmit.

2. The PduR routes this request to the SecOC module and calls SecOC_[If|Tp]Transmit.

3. The SecOC module copies the Authentic I-PDU to its own memory and returns.

4.During the next scheduled call of its main function, the SecOC module creates the Secured I-PDU by calculating the Authentication Information and initiates the transmission of the Secured I-PDU by notifying the respective lower layer module via the PduR module.

5. Thereafter, the SecOC module takes the role of an upper layer communication module and thus serves all lower layer requests to provide information on or to copy data of the Secured I-PDU.

6. Finally, the confirmation of the successful or unsuccessful transmission of the Secured I-PDU are provided to the upper layer communication module as confirmation of the successful or unsuccessful transmission of the Authentic I-PDU

TP Transmission

AUTOSAR SecOC Introduction -- Part 2_第5张图片

App Reception

AUTOSAR SecOC Introduction -- Part 2_第6张图片

1. For each indication of an incoming Secured I-PDU from a lower layer bus interface or transport protocol module, the SecOC module takes the role of an upper layer communication module and thus serves all lower layer requests that are necessary to receive the complete Secured I-PDU.

2. The SecOC module copies the Secured I-PDU into its own memory.

3. Thereafter, when the complete Secured I-PDU is available and during the next scheduled call of its main function, the SecOC module verifies the contents of the Secured I-PDU according

4. If the verification fails and the parameter SecOcIgnoreVerificationResult is configured to FALSE, the SecOC module drops the Secured I-PDU.

5. If the verification succeeds or the verification fails and the parameter SecOcIgnoreVerificationResult is configured to TRUE, the SecOC module takes the role of a lower layer communication module and calls PduR_SecOC[If|Tp]RxIndication for the Authentic I-PDU.

6. The SecOC reports the verification results

TP Reception

AUTOSAR SecOC Introduction -- Part 2_第7张图片

Freshness Handling

AUTOSAR SecOC Introduction -- Part 2_第8张图片

你可能感兴趣的