Abstract: A fraud detection method for use in an in-vehicle network system including a plurality of electronic control units that communicate with one another via a bus in accordance with Controller Area Network (CAN) protocol is provided. The method includes receiving at least one data frame sent to the bus, verifying a specific identifier in the received data frame only if the received data frame does not follow a predetermined rule regarding a transmission period and a state of a vehicle having the in-vehicle network system mounted therein is a predetermined state, detecting the received data frame as an authenticated data frame if the verification is successful, and detecting the received data frame as a fraudulent data frame if the verification fails.

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange, in an in-vehicle network, data frames, each having added thereto a message authentication code (MAC). The method includes generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted to the in-vehicle network. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined ID is executed.

Abstract: An abnormality detection method is provided. The abnormality detection method is for detecting an abnormality that may be transmitted to a bus in an on-board network system. The on-board network system includes a plurality of electronic controllers that transmit and receive messages via the bus in a vehicle according to a CAN protocol. In the abnormality detection method, for example, a gateway transmits vehicle identification information to a server and receives a response determining a unit time. An operation process is performed using feature information based on a number of messages received from the bus per the determined unit time and using a model indicating a criterion in terms of a message occurrence frequency. A judgment is made as to an abnormality according to a result of the operation process.

Abstract: A communication unit receives a message in a network. A first anomaly detector detects an anomalous message by detecting values of a plurality of monitoring items from the message received by the communication unit and determining whether each of the detected values of the plurality of monitoring items is inside a corresponding first reference range and a corresponding second reference range. The second reference range is narrower than the first reference range. The first anomaly detector detects the message as the anomalous message, when any of the detected values is outside the first reference range, and detects the message as the anomalous message, when any of the detected values is inside the first reference range and is outside the second reference range and when a predetermined rule is satisfied.

Abstract: In an authentication method according to the present disclosure, (1) a device transmits device history information with a CRL added thereto (hereinafter, device history information with added CRL) to a controller, (2) the controller transmits the device history information with added CRL to a server, and (3) if the version of the CRL included in the device history information with added CRL is older than the version of the CRL stored on the server, the server judges that the controller is unauthorized.

Abstract: An unauthorized activity detection method is provided in an onboard network system having multiple electronic units (ECU) that perform communication via a bus, such that an occurrence of an unauthorized state can be detected by monitoring frames transmitted over the bus. The unauthorized activity detection method determines, by a monitoring electronic control unit using unauthorized activity detection rule information indicating a first condition, whether or not a set of frames received from the bus satisfies the first condition. The first condition being a condition regarding a relation in content between a first frame having a first identifier and a second frame having a second identifier that differs from the first identifier. And the method further detects the occurrence of the unauthorized state in a case where the first condition is not satisfied.

Abstract: An anomaly detection server is provided. The anomaly detection server is a server for counteracting an anomalous frame transmitted on an on-board network of a single vehicle. The anomaly detection server acquires information about multiple frames received on one or multiple on-board networks of one or multiple vehicles, including the single vehicle. The anomaly detection server, acting as an assessment unit that, based on the information about the multiple frames and information about a frame received on the on-board network of the single vehicle after the acquisition of the information about the multiple frames, assesses an anomaly level of the frame received on the on-board network of the single vehicle.

Abstract: A security device connected to at least one bus in a vehicle is provided. The security device determines, with regard to a frame received from the at least one bus, whether predetermined conditions are satisfied to determine whether the frame is a suspect of being an attack frame. The security device transmits, a determination request to an external device outside of the vehicle in a case where the predetermined conditions are satisfied, and obtains determination results from the external device in accordance with the determination request. The security device outputs first presentation information in the case where the predetermined conditions are satisfied, and outputs second presentation information in a case where the determination results are obtained from the external device.

Abstract: A security apparatus is provided that is connected to a bus. The security apparatus includes a receiver that receives a first frame from the bus, a memory that stores an examination parameter defining a content of an examination on the first frame, and processing circuitry that performs operations. The performed operations include first determining whether a predetermined condition is satisfied for the first frame. The performed operations also include, in a case where the first determining determined that the predetermined condition is satisfied, updating the examination parameter stored in the memory. The performed operations further include second determining whether the first frame is an attack frame based on the updated examination parameter stored in the memory.

Abstract: A gateway serving as a security apparatus connected to one or a plurality of buses includes a receiver that receives a frame from a bus, a parameter storage that stores an examination parameter defining a content of an examination of the frame, an updater configured to, in a case where a predetermined condition is satisfied for the frame received by the receiver, update the examination parameter stored in the parameter storage, and an examiner that performs an examination, based on the examination parameter stored in the parameter storage, in terms of judgment of whether or not the frame received by the receiver is an attack frame.

Abstract: A communication device includes: a communication section that transmits and receives a message in a network; an acquisition unit that acquires state information on a state of an object for which the network is provided; an estimation unit that estimates the state of the object based on the state information acquired in the acquisition unit; a setting unit that sets a filtering rule based on the state estimated in the estimation unit; and a filter unit that executes filtering processing for the message in accordance with the filtering rule set in the setting unit.

Abstract: A gateway connected to a bus used for communication by a plurality of ECUs provided on-board a vehicle is provided with: an external communication unit that receives, from a server external to the vehicle, firmware update information that includes updated firmware for one ECU from among the plurality of ECUs; an ECU information acquiring unit that acquires system configuration information indicating the type of each of the plurality of ECUs connected to the bus; and a FW update processing unit that performs a controlling operation to update firmware of the relevant ECU based on the updated firmware, after an operation verification of the updated firmware is performed using an ECU of each type indicated by the system configuration information.

Abstract: An invalidity detection electronic control unit connected to a bus used by a plurality of electronic control units (ECUs) to communicate with one another in accordance with controller area network (CAN) protocol includes a receiving unit that receives a frame for which transmission is started and a transmitting unit that transmits an error frame on the bus before a tail end of the frame is transmitted if the frame received by the receiving unit meets a predetermined condition indicating invalidity and transmits a normal frame that conforms to the CAN protocol after the error frame is transmitted. Even when a reception error counter of the ECU connected to the bus is incremented due to the impact of the error frame, the reception error counter is decremented by the normal frame.

Abstract: A gateway connected to a bus, a bus, and the like used by a plurality of electronic control units for communication includes a frame communication unit that receives a frame, a transfer control unit that removes verification information used to verify a frame from the content of the frame received by the frame communication unit and transfers the frame to a destination bus or that adds verification information to the content of the frame and transfers the frame to the destination bus, and the like.

Abstract: A misuse detection electronic control unit in a vehicle network system including a plurality of electronic control units that communicate with one another through buses in accordance with a CAN protocol includes a transceiver unit that performs a reception step of receiving a target data frame and a reference data frame transmitted through the buses, wherein the target data frame is a data frame having a first identifier and wherein the reference data frame is a data frame having a second identifier different from the first identifier and a misuse detection process unit that performs a detection step of performing, as misuse detection for the target data frame, evaluation in accordance with a reception timing of the reference data frame and a reception timing of the target data frame on the basis of a certain rule specifying a reception interval between the reference data frame and the target data frame.

Abstract: An authentication method for at least one of a plurality of devices connected to a HAN includes checking, with a first device among the plurality of devices, validity of a second device using a CRL including attribute information regarding the second device among the plurality of devices, and revoking, with the first device, the second device if a result of the checking is negative.

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange, in an in-vehicle network, data frames, each having added thereto a message authentication code (MAC). The method includes generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted to the in-vehicle network. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined ID is executed.

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via a bus includes receiving a data frame transmitted on the bus, and generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID is executed.

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via a bus includes receiving a data frame transmitted on the bus, and generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID is executed.

Abstract: An authentication system according to the present disclosure includes a first controller connected to a first server via a first network, a second controller connected to a second server via a second network, and a device. The device compares a next issue date described in a first certificate revocation list acquired from the first controller and an issue date described in a second certificate revocation list acquired from the second controller thereby determining whether the first controller is invalid or not.