Abstract: An authentication method is used by an automated driving system that includes a vehicle and an external device, the external device communicating with the vehicle to cause the vehicle to implement automated driving. The vehicle holds a first certificate that certifies validity of the vehicle. The external device holds a second certificate that certifies validity of the external device. The authentication method includes: validating a third certificate that certifies validity of a combination of the vehicle and the external device, in accordance with a result of device authentication performed between the vehicle and the external device by reference to the first certificate and the second certificate.

Abstract: A vehicle surveillance device for an in-vehicle network system that includes one or more electronic control units includes: a frame transmitter and receiver that receives a frame flowing over the in-vehicle network system; and a score calculator that detects a suspicious behavior different from a normal driving behavior based on the frame received by the frame transmitter and receiver and vehicle data including information on one or more frames received by the frame transmitter and receiver prior to receiving the frame, and calculates, based on a detection result, a score indicating a likelihood that reverse engineering has been performed on a vehicle provided with the in-vehicle network system.

Abstract: An unauthorized frame detection device that can keep an unauthorized ECU from spoofing as a legitimate server or client while suppressing an overhead during communication is provided. The unauthorized frame detection device includes a plurality of communication ports corresponding to the respective of networks, a communication controller, and an unauthorized frame detector. The plurality of communication ports are each connected to a corresponding predetermined network among the plurality of networks and each transmit or receive a frame via the predetermined network. The unauthorized frame detector determines whether an identifier of a service, a type of the service, and port information that are each included in the frame match a permission rule set in advance and outputs a result of the determination.

Abstract: A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol determines whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud. In a case where the content of the predetermined field meets the predetermined condition, a frame including predetermined consecutive dominant bits for notifying an anomaly is transmitted before an end of the frame is transmitted. A number of times the frame including the predetermined consecutive dominant bits is transmitted is recorded for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted. A malicious electronic controller is determined in accordance with the number of times recorded for each ID.

Abstract: An anomaly detection device (IDS ECU) includes a detection rule generator that monitors a communication establishment frame flowing over Ethernet in a communication establishment phase of service-oriented communication and that generates, for each communication ID, a detection rule including the communication ID written in the communication establishment frame and a server (or client) address written in the communication establishment frame; an anomaly detector that monitors a communication frame flowing over the Ethernet in a communication phase of the service-oriented communication and that, by referring to a detection rule that includes a communication ID written in the communication frame, detects the communication frame as an anomalous frame when a server (or client) address written in the communication frame differs from a server (or client) address included in the detection rule; and an anomaly notifier that provides a notification of an anomaly in response to the anomalous frame being detected.

Abstract: A vehicle network system employing a controller area network protocol includes a bus, a first electronic control unit, and a second electronic control unit. The first electronic control unit transmits, via the bus, at least one data frame including an identifier relating to data used for a calculation for obtaining a message authentication code indicating authenticity of transmission content. The second electronic control unit receives the at least one data frame transmitted via the bus and verifies the message authentication code in accordance with the identifier included in the at least one data frame.

Abstract: In an anti-fraud control system, a first error monitoring device includes a first frame transmitting and receiving unit that receives a frame flowing on the on-board network; and a first error detector that causes transmission of an error notification frame for notifying of an occurrence of an error in the frame when detecting the occurrence of the error in the frame received by the first frame transmitting and receiving unit. Each of second error monitoring devices includes: a second frame transmitting and receiving unit that receives the error notification frame; and a second error detector that regards, as a frame to be invalidated, the frame subjected to the error and included in the received error notification frame, and shifts the second error monitoring device to an invalidation mode for invalidating reception of subsequent frames, if no error is detected in an own branch with respect to the frame.

Abstract: An abnormality detection method is provided. The abnormality detection method is for detecting an abnormality that may be transmitted to a bus in an on-board network system. The on-board network system includes a plurality of electronic controllers that transmit and receive messages via the bus in a mobility entity. In the abnormality detection method, for example, a gateway transmits identification information to a server and receives a response determining a unit time. An operation process is performed using feature information based on a number of messages received from the bus per the determined unit time and using a model indicating a criterion in terms of a message occurrence frequency. A judgment is made as to an abnormality according to a result of the operation process.

Abstract: A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol determines whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud. In a case where the content of the predetermined field meets the predetermined condition, an error frame is transmitted before an end of the frame is transmitted. A number of times the error frame is transmitted is recorded for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted. A malicious electronic controller is determined in accordance with the number of times recorded for each ID.

Abstract: A gateway device for a vehicle network system installed in a vehicle is provided. The vehicle network system includes a network, an electronic control unit connected to the network, and the gateway device connected to the first network and configured to communicate outside the vehicle. The gateway device receives a first frame from outside the vehicle; determines whether or not the first frame is appropriate; generates a second frame when the first frame is not determined to be appropriate; and transmits the second frame to the network. The second frame includes control information and additional information based on content of the first frame. The control information restricts processing of the additional information included in the second frame by the electronic control unit, after the second frame is received by the electronic control unit.

Abstract: A gateway connected to a bus, a bus, and the like used by a plurality of electronic control units for communication includes a frame communication unit that receives a frame, a transfer control unit that removes verification information used to verify a frame from the content of the frame received by the frame communication unit and transfers the frame to a destination bus or that adds verification information to the content of the frame and transfers the frame to the destination bus, and the like.

Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of networks, a plurality of fraud-detection ECUs each connected to a different one of the networks, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a network connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The gateway device receives updated rule information transmitted to a first network among the networks, selects a second network different from the first network, and transfers the updated rule information only to the second network. A fraud-detection ECU connected to the second network acquires the updated rule information and updates the rule information stored therein by using the updated rule information.

Abstract: A communication device is a communication device connected to a mobility network which is a network mounted in a mobility and which is used by a plurality of electronic control devices for communication. The communication device includes: a holding unit which holds range information indicating a transferable path range determined for a message on the mobility network; a receiving unit which receives the message on the mobility network; and a determining unit which determines validity of the received message by using the range information.

Abstract: A security apparatus includes a receiver that receives a frame front at least one network, a parameter storage that stores at least one examination parameter defining a content of an examination on a frame, and processing circuitry that performs operations. The operations include judging whether a predetermined condition is satisfied for the frame received by the receiver. When the predetermined condition is satisfied, updating the stored at least one examination parameter, and when the predetermined condition is not satisfied, not updating the stored at least one examination parameter. The operations also include executing an examination, based on the stored at least one examination parameter, as to whether the frame received by the receiver is an attack frame, and performing a process depending on a result of the execution of the examination such that an influence of an attack frame on at least one electronic control unit is suppressed.

Abstract: A misuse detection method used in an electronic control unit in a vehicle network system including multiple electronic control units that communicate with one another through networks. The misuse detection method includes receiving a target data frame at one time point, and receiving a reference data frame at another time point different than the one time point. The misuse detection method further includes performing, as misuse detection for the target data frame based on a certain rule specifying a reception interval between the one time point at which the target data frame is received and the other time point at which the reference data frame is received, and determining the target data frame received is for misuse based on a length of the reception interval.

Abstract: An unauthorized activity detection method is provided in an onboard network system having multiple electronic units (ECU) that perform communication via a bus, such that an occurrence of an unauthorized state can be detected by monitoring frames transmitted over the bus. The unauthorized activity detection method determines, by a monitoring electronic control unit using unauthorized activity detection rule information indicating a first condition, whether or not a set of frames received from the bus satisfies the first condition. The first condition being a condition regarding a relation in content between a first frame having a first identifier and a second frame having a second identifier that differs from the first identifier. And the method further detects the occurrence of the unauthorized state in a case where the first condition is not satisfied.

Abstract: A method used in an on-board network system, having electronic controllers that exchange messages and a fraud detecting electronic controller. The method includes determining whether a message transmitted conforms to fraud detection rules, and querying an external device whether there is delivery data for updating the fraud detection rules. When there is the delivery data for updating the fraud detection rules, receiving from an external device the delivery data, including updated fraud detection rules and network type information indicating a network type that the updated fraud detection rules are to be applied. The method also includes determining whether a vehicle in which the on-board network system is installed is running, and whether the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle. When the network type information does not indicate the drive network, updating the fraud detection rules.

Abstract: An abnormality detection method is provided. The abnormality detection method is for detecting an abnormality that may be transmitted to a bus in an on-board network system. The on-board network system includes a plurality of electronic controllers that transmit and receive messages via the bus in a vehicle according to a CAN protocol. In the abnormality detection method, for example, a gateway transmits vehicle identification information to a server and receives a response determining a unit time. An operation process is performed using feature information based on a number of messages received from the bus per the determined unit time and using a model indicating a criterion in terms of a message occurrence frequency. A judgment is made as to an abnormality according to a result of the operation process.

Abstract: A gateway connected to a bus, a bus, and the like used by a plurality of electronic control units for communication includes a frame communication unit that receives a frame, a transfer control unit that removes verification information used to verify a frame from the content of the frame received by the frame communication unit and transfers the frame to a destination bus or that adds verification information to the content of the frame and transfers the frame to the destination bus, and the like.

Abstract: A gateway device for a vehicle network system is provided. The vehicle network system includes a first network, a second network, a first electronic control unit connected to the first network, a second electronic control unit connected to the second network, and the gateway device connected to the first network and the second network. The gateway device receives a first frame transmitted to the first network by the first electronic control unit; determines whether or not the first frame is appropriate; generates a second frame when the first frame is not determined to be appropriate; and transmits the second frame to the second network. The second frame includes control information and additional information based on content of the first frame. The control information restricts processing of the additional information included in the second frame by the second electronic control unit.