Abstract: The present disclosure relates to a vehicle, a device, a computer program and a method for loading data, e.g., during a boot-up process. The method includes a reception of at least one character string for the verification of data. The method further includes a verification of data, wherein the verification of data includes a comprehensive check of the entire character string. The method further provides for a loading of data based on the check of the character string.

Abstract: The present disclosure relates to authenticity and data security for bus-based communication networks in a vehicle. The present disclosure teaches a protocol frame, a sender on data link layer, and a receiver on data link layer providing such authenticity and data security as well as a communication network in a vehicle employing the protocol frame, the sender and the receiver according to the present disclosure.

Abstract: A controller may receive a message provided by a network node included in an in-vehicle communication network. The controller may identify one or more characteristics of the message, the one or more characteristics indicating at least one of a message type of the message, a security property of the message, or a secure zone (SZ) associated with the message. The controller may determine a priority of the message based at least in part on the one or more characteristics. The controller may provide the message to an output buffer based at least in part on the priority of the message, the output buffer being one of a plurality of output buffers.

Abstract: An electronic anomaly detection unit for use in a vehicle includes an input component for capturing an input variable, wherein the input variable contains state information for at least one component of the vehicle, a memory component for storing state values based on the input variable, a selection component for selecting selected state values from the stored state values, an association component for associating the selected state values with predefined values, wherein the predefined values define a normal state of the component of the vehicle, and a decision component for deciding whether there is an anomalous behavior in the at least one component of the vehicle, based on the association, wherein one or more of the input component, the memory component, the selection component, the association component and the decision component are implemented in hardware.

Abstract: A redundancy system includes a first computational device and a second computational device each configured to receive at least one input and to generate a first output and a second output, respectively, based on the at least one input; a random sequence generator configured to generate a random bit sequence; a random delay selector configured to determine a random delay based on the random bit sequence; a first random delay circuit configured to delay outputting the at least one input to the first computational device based on the random delay; a second random delay circuit configured to delay outputting the second output based on the random delay; and a fault detection circuit configured to receive the first output and the delayed second output, and to generate a comparison result based on comparing the first input to the delayed second output.

Abstract: A device is suggested for processing input data including a hardware accelerator generating a first hash value based on a first portion of the input data and a second hash value based on a second portion of the input data, wherein the first hash value is generated based on a first configuration of the hardware accelerator and wherein the second hash value is generated based on a second configuration of the hardware accelerator. Also, a method for operating such device is provided.

Abstract: The present disclosure relates to authenticity and data security for bus-based communication networks in a vehicle. The present disclosure teaches a protocol frame, a sender on data link layer, and a receiver on data link layer providing such authenticity and data security as well as a communication network in a vehicle employing the protocol frame, the sender and the receiver according to the present disclosure.

Abstract: A sender device includes: a first sequence generator configured to generate a first sequence of bits having a bit pattern that incudes first bit values and second bit values; a first parsing processor configured to receive a first plurality of data blocks and the first sequence of bits, and select a first subset of data blocks and a second subset of data blocks from the first plurality of data blocks based on the bit pattern; an encryption processor configured to encrypt the selected first subset of data blocks received from the first parsing processor to generate encrypted data blocks and output the encrypted data blocks to an output terminal that is configured to output the encrypted data blocks and the selected second subset of data blocks as unencrypted data blocks from the sender device.

Abstract: A transmitter device of a bus-based communication system may add one or more padding bits, associated with providing traffic flow confidentiality for communication of a payload on a communication bus, either to the payload on a transport layer, or to one or more first frames on a data link layer. The one or more first frames may include a transport layer payload associated with the payload. The transmitter device may transmit one or more second frames, including a data link layer payload associated with the one or more first frames, on the communication bus. A receiver device of the bus-based communication system may receive the one or more second frames on the communication bus. The receiver device may process the one or more padding bits from either the one or more first frames on the data link layer, or from the payload on the transport layer.

Abstract: In different example embodiments, a system-on-chip is provided.

Abstract: A transmitter device of a bus-based communication system may add one or more padding bits, associated with providing traffic flow confidentiality for communication of a payload on a communication bus, either to the payload on a transport layer, or to one or more first frames on a data link layer. The one or more first frames may include a transport layer payload associated with the payload. The transmitter device may transmit one or more second frames, including a data link layer payload associated with the one or more first frames, on the communication bus. A receiver device of the bus-based communication system may receive the one or more second frames on the communication bus. The receiver device may process the one or more padding bits from either the one or more first frames on the data link layer, or from the payload on the transport layer.

Abstract: A device is suggested including a cryptographic module, wherein the device is operable in a secure mode and in a non-secure mode, wherein the cryptographic module is configured in the secure mode by storing a secret key and a seed value in the cryptographic module, and wherein the device is operable in the non-secure mode to generate a signature based on input data utilizing the secret key and the seed value. Also, a method for operating such device is provided.

Abstract: A device is suggested for processing input data including a hardware accelerator generating a first hash value based on a first portion of the input data and a second hash value based on a second portion of the input data, wherein the first hash value is generated based on a first configuration of the hardware accelerator and wherein the second hash value is generated based on a second configuration of the hardware accelerator. Also, a method for operating such device is provided.

Abstract: A sender configured to participate in an in-vehicle network is configured to receive a request for transmitting a payload and generate, in response, a first header in a transport layer and/or a network layer. The sender is further configured to access a key of k bytes length and to generate an authentication tag using the key and at least the first header as additional authentication data. The authentication tag serves to indicate an authenticity of a first frame on the transport and/or network layer as an original frame sent from the sender to a receiver. The sender is configured to generate the first frame comprising the first header, a transport layer payload, and the authentication tag and forward the first frame to the data link layer. The data link layer generates a second frame on the data link layer and transmits the second frame to the in-vehicle network.

Abstract: A data cryptographic device may include a pre-tweak generator to generate pre-tweak values, a pre-tweak value cache memory to store one or more pre-tweak values generated by the pre-tweak generator, and a pre-tweak value selector to check whether a pre-tweak value for an input memory address is stored in the pre-tweak value cache memory. The data cryptographic device may further include a tweak generator to generate a tweak value based on the selected pre-tweak value, and a block cipher to perform at least one block cipher algorithm to at least one of encrypt data, encrypt and authenticate data, decrypt encrypted data, decrypt and verify encrypted and authenticated data, using a cryptographic key and the generated tweak value.

Abstract: A chip device with a logic circuitry (105) protected by a randomized logic encryption based on a key (K) for preventing a designated usage of the logic circuitry (105) by an unauthorized user comprises: a physically unclonable function, PUF, (110), a storage (120), and a chip enabler (130) with one or more registers (132). The physically unclonable function, PUF, (110) is configured to generate a device-individual response (Re) based on a challenge (Ch). The storage (120) has stored the challenge (Ch) and a data element (C), the data element (C) being an encryption of the key (K) with the response (Re) of the PUF (110) as encryption key. The enabler (130) is configured to enable the logic circuitry (105) for the designated usage only, when the key (K) is transferred to the register(s) (132), the key (K) being a decryption of the data element (C) with the response (Re) as the encryption key.

Abstract: The present disclosure relates to authenticity and data security for bus-based communication networks in a vehicle. The present disclosure teaches a protocol frame, a sender on data link layer, and a receiver on data link layer providing such authenticity and data security as well as a communication network in a vehicle employing the protocol frame, the sender and the receiver according to the present disclosure.

Abstract: The present disclosure relates to authenticity and data security for bus based communication networks in a vehicle. The present disclosure teaches a protocol frame, a sender on data link layer, and a receiver on data link layer providing such authenticity and data security as well as a communication network in a vehicle employing the protocol frame, the sender and the receiver according to the present disclosure.

Abstract: A device is suggested for processing input data including a hardware accelerator generating a first hash value based on a first portion of the input data and a second hash value based on a second portion of the input data, wherein the first hash value is generated based on a first configuration of the hardware accelerator and wherein the second hash value is generated based on a second configuration of the hardware accelerator. Also, a method for operating such device is provided.

Abstract: A method for providing a Proof-of-Work concept in a vehicle is provided. The vehicle includes a network including at least three control units, where a first control unit sends a first message to a second control unit, the second control unit sends a second message including the first message to a third control unit, and the third control unit determines a Proof-of-Work for the second message based on at least one vehicle-specific characteristics of the network. Also, an corresponding system as well as a vehicle including such system are provided.