Okuqukethwe fihla
1 ANALOG DEVICES DS28C40 DeepCover Automotive I2C Authenticator
2 Isingeniso
3 Amadokhumenti / Izinsiza
3.1 Izithenjwa
4 Okuthunyelwe Okuhlobene

i-analog-devices-logo

ANALOG DEVICES DS28C40 DeepCover Automotive I2C Authenticator

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator

Isingeniso

Imboni yezimoto ibhekene noshintsho enanini lezinto ezintsha ezitholakala kumakhasimende, emgwaqeni wokuba nezimoto ezizimele kuwo wonke amagaraji abashayeli. Lezi zici zifaka isandla ku-automation enemibandela yesiteringi, ukusheshisa, kanye nokubhuleka. Ngesikhathi esifanayo, izici zesevisi nezinsiza ziyatholakala ngokuthinta isikrini noma ngomyalo wezwi. Namuhla, imoto inobuhlakani bokwenza okwengeziwe iyodwa, kusukela ekushintsheni ngokuzenzekelayo ama-beam aphezulu iye endaweni yokupaka ngokwayo, ukuthola izindawo ezingaboni ngaso linye, kanye ne-pre-emptive braking ukuze igweme ukushayisana. Ukwenza lawa makhono enzeke amayunithi okulawula e-elekthronikhi (ECUs) axhumeka ku-electronics wezingxenye zemoto ngayinye. Lezi zinto zikagesi zisekela izinto ezifana nesistimu yokusiza abashayeli (ADAS), ukuphathwa kwamandla, imoto kagesi (EV) powertrain, i-infotainment, ukukhanya kwe-LED, i-body electronics, uxhumo lweselula, nokuphepha ukubala okumbalwa. Izingxenye eziningi zemoto zidinga ukubambelela ngokuqinile ezimisweni zomkhiqizi wemishini yoqobo (i-OEM) ukuze kuqinisekiswe ukusebenza nokusebenza okuphephile. Kodwa i-ECU yazi kanjani uma lezi zidingo zifinyelelwa?

Leli nothi lohlelo lokusebenza lixoxa ngokuthi izikimu ze-cryptographic mutual authentication zinganika kanjani amandla ukuqinisekiswa okuthembekile kwezingxenye zemoto ezibalulekile ngomsebenzi wokumatanisa, okusiza ukuhlangabezana ne-ISO21434 kanye nezidingo ze-UNECE WP.29 Cybersecurity Regulation eziphoqelela ipharadigm "evikelekile ngedizayini".
Ake sichaze ukuthi kusho ukuthini “ukubhanqa” kulo mongo. Ukumatanisa ubuqiniso be-cryptographic kanye nokuhlotshaniswa phakathi kwezinhlelo ezingaphansi ezihlukene zezimoto ezivumela ukwethembana. Uma kuziwa onqenqemeni lwezimoto, okuhlanganisa izinzwa zezimoto nama-actuator, ukwethembana kuhlanganisa izici ezimbalwa: izingxenye zemoto kufanele zigunyazwe i-OEM, zibonakale, futhi zibe nomjikelezo wempilo olawulwa ngokuvikelekile (ukukhiqiza, ukufakwa, ukulinganisa, ukulungisa kabusha, ukuyekisa ukusebenza, njll.). I-DS28C40 Automotive I2C Authenticator IC ingasekela izikimu zokumatanisa ezihlukahlukene kanye nokulandeleka komjikelezo wempilo onqenqemeni lwezimoto. Le IC isetshenziswa njengesiboneloample kuwo wonke lo mbhalo.

Izinzuzo Zokubhanqa

  • Ukusetshenziswa kokumataniswa kwengxenye yemoto kuletha izinzuzo eziningi kubakhiqizi bezimoto. Ake sichaze lezi zinzuzo ngokuningiliziwe.
  • Ukuhlonza kanye Nokuqinisekisa Okuqinile Kwezingxenye
  • Inzuzo yokuqala nephambili “yokubhanqa” ukuhlinzeka ngokuhlonza okuqinile kwe-cryptographically kanye nokuqinisekiswa kwezingxenye zemoto. Ngokubopha ngokuvikelekile ingxenye yemoto ethile emotweni ethile, abakhiqizi bangaqinisekisa ukuthi izingxenye ezigunyaziwe kuphela ezisetshenziswa ezimotweni zabo. Lokhu akugcini nje ngokuthuthukisa ukuphepha, kodwa futhi kusiza ekuvimbeleni ukukhwabanisa, ukweba, kanye nenkohliso. Izingozi ziyancishiswa ngalolu hlelo oluqinile lokuqinisekisa njengoba noma iyiphi ingxenye eshintshwayo kufanele manje ibe yiqiniso futhi ivumeleke, isuse izingxenye zomgunyathi noma ezebiwe.

Ukuqinisekiswa Okuqinile Kwedatha Yomjikelezo Wempilo

Inzuzo yesibili "yokubhanqa" yikhono lokugcina nokufakazela umjikelezo wempilo wengxenye yemoto. Lokhu kuhlanganisa ukulinganisa kwengxenye nezilungiselelo, isimo somjikelezo wempilo (izinyathelo zokukhiqiza, izinyathelo zokunakekela, ukukhwezwa nokudluliselwa kwenye imoto, ukulungisa/ukulinganisa, ukuyekisa ukusebenza, njll.), isihlonzi se-chassis yemoto esihlotshaniswayo, nolunye ulwazi oluhlobene lokulandeleka. Izindlela ze-Cryptographic zisebenzisa isiginesha yedijithali ziletha ubufakazi obusemthethweni besimo sengxenye yemoto egcwele. Lolu lwazi olwengeziwe lungasetshenziswa ama-ECU emoto ukuze aphathe izingxenye eziyiqiniso, njengokwenqaba ikhamera ye-OEM ADAS engalinganiswe ngokungafanele, enqanyuliwe, noma efakwe ngokuzithandela kwenye imoto ngaphandle kokugunyazwa okufanele. Le datha ingaphinda ibethelwe ukuze kuvikeleke okwengeziwe, okuvumela abakhiqizi ukuthi baqinisekise ukuthi abantu abagunyaziwe kuphela abakwazi ukuyifinyelela. Lobu bufakazi bomjikelezo wempilo yengxenye kunciphisa ubungozi bokusebenzisa izingxenye ezingavumelekile nakuba ziyiqiniso, inqobo nje uma i-ECU nayo ivikeleke ngokwanele ukuze kungabikho ukudlula ukuqinisekiswa kwengxenye yemoto okungenzeka.

Secure Life Cycle Data Ukulawula Ukufinyelela Kokubhala

Ukwazi ukwethemba impilo evikelekile, idatha yomjikelezo ibalulekile ekuthembekeni. Tampukuhlanganisa ulwazi lomjikelezo wempilo kungavumela othile ukuthi alungise izingxenye ezigugile noma ezingasebenzi kahle ezingadala izingozi zokuphepha noma asebenzise izingxenye ezebiwe. Ngokusebenzisa isilawuli sokufinyelela esisekelwe ku-cryptographic, abakhiqizi bangaqinisekisa ukuthi amaqembu agunyaziwe kuphela angashintsha inkumbulo yolwazi lomjikelezo wempilo wengxenye yemoto kanye nolunye ulwazi olusetshenziselwa ukuhlanganisa ingxenye yemoto ku-ECU. Umthengisi ogunyaziwe we-OEM angakwazi ke ukufaka esikhundleni ingxenye yemoto futhi ahlobanise ingxenye ne-chassis yemoto, asebenzise ukulinganisa okugunyaziwe, njll.

Ukusebenza kweCryptographic Kwezingxenye Zemoto

Kunezimo eziningi lapho ingxenye yemoto kufanele iyeke ukusebenza ngokujwayelekile uma inganamathiselwe emotweni esemthethweni. Lokhu kungenzeka uma ingxenye yebiwa. Amanye amadivaysi adinga inqubo yokufaka efanele ukuze asebenze ngokuphepha. Ukuyiswa kwenye imoto ngaphandle kokulandela imithetho eqinile yokuyinakekela kungaba yingozi. Inkinga ingase futhi iphakame lapho kuhlasela umuntu ophakathi nendawo, lapho isistimu engaphansi yemoto ingaxhumani ngokuqondile ne-ECU esemthethweni kodwa ngedivayisi eqinile emaphakathi. Ukusebenzisa i-Cryptographic ingxenye yemoto kungaxazulula lezo zinkinga.

Izici ezibalulekile ze-DS28C40
I-DS28C40 ingafakwa engxenyeni yemoto ukuze kusungulwe ukubhanqa. Ngakho-ke, kubalulekile ukugqamisa izici ezinkulu ze-DS28C40 ngaphambi kokungena emininingwaneni eyengeziwe kwezinye izigaba. Idivayisi iyisiqinisekisi esivikelekile esihlinzeka ngesethi eyinhloko yamathuluzi e-cryptographic. Lawa mathuluzi ahlinzeka ngemisebenzi yokuvikela elinganayo ne-asymmetric njengoba kugqanyiswe kuThebula 1.

Ithebula 1. I-DS28C40 Ukuqhathanisa Kohlobo Lwe-Crypto-Security

UHLOBO LWE-CRYPTO-SECURITY DESCRIPTION
I-Symmetric (SHA-256based) Amandla okhiye oyimfihlo we-SHA-256 ahambisana ne-FIPS 180 futhi asetshenziswa kalula ngokuhambisana nemisebenzi ye-ECDSA noma ngokuzimela emisebenzini eminingi ye-HMAC. Ngokuvamile, inemithelela elandelayo kusistimu:

1. I-ECU ne-DS28C40 zisebenza ngokhiye oyimfihlo ofanayo noma osuselwe.

2. Imfihlo ivikelwe ekuhlaselweni kokudalulwa.

3. Isekela ukuqinisekiswa kwe-bidirectional ngokuqhathanisa ama-HMAC nokufunda/ukubhala kwamakhasi.

4. I-SHA-256 inobunzima obuphansi be-algorithm uma iqhathaniswa ne-ECC-P256.

5. I-SHA-256, uma isetshenziswa, inesikhathi sokubala esisheshayo esingafika ku-12x uma siqhathaniswa ne-ECC-P256.
I-Asymmetric (ECC-P256-based) Amakhono okhiye basesidlangalaleni/angasese be-ECC asebenza kusukela kujika le-P-256 elichazwe yi-NIST futhi ahlanganisa ukukhiqizwa kwesiginesha ye-FIPS 186-4-ethobelana ne-ECDSA nokuqinisekisa ukuze kusekelwe imodeli yokuqinisekisa ukhiye we-asymmetric okabili. Ngokuvamile, inemithelela elandelayo kusistimu:

1. I-ECU isebenza ngokhiye womphakathi; I-DS28C40 enokhiye oyimfihlo ohambelanayo.

2. Ukhiye wangasese kufanele uvikelwe; asikho isidingo sokuvikela ukhiye womphakathi.

3. Isekela ukuqinisekiswa okuphindwe kabili kwamasiginesha ngokufunda/ukubhala kwamakhasi.

4. I-ECC-P256 ikhuphule ubunkimbinkimbi uma iqhathaniswa ne-SHA-256.

5. I-ECC-P256 inesikhathi eside sokufakazela ubuqiniso ngokumelene ne-SHA-256.

Ngaphezu kwalokho, idivayisi iqukethe i-interface ye-I2C, i-real random generator (TRNG), i-6kb yenkumbulo yesikhathi esisodwa ehlelekayo (OTP) yedatha yomsebenzisi, okhiye nezitifiketi, okokufaka/okuphumayo kwenjongo eyodwa okulungisekayo (GPIO), kanye inombolo eyingqayizivele ye-64-bit ROM (ROMID). Imemori ye-OTP ingasetha kuphela amabhithi ukusuka ku-1 kuye ku-0 emakhasini enkumbulo angama-32-byte. Izilungiselelo zokuvikela zikhona kumabhulokhi wamakhasi ememori. Ngedivayisi ye-OTP, bhala imisebenzi nezilungiselelo zokuvikela kukhiqiza imiphumela engahlehliseki. Izilungiselelo zokuvikela ziwukuvikela ukubhala/ukufunda, ukuvikela ukubhala okugunyaziwe kwe-ECDSA/HMAC kanye nokuvikela okubethelwe okuyinkimbinkimbi. Iphinikhodi ye-GPIO isekela ukucushwa okuqinisekisiwe. Okokugcina, idivayisi ingena kuphakheji ye-10-Pin TDFN (3mm x 3mm) enebanga lokusebenza kusuka ku- -40°C kuya ku-125°C.

Izikimu Zokufaka Ezibalulekile Ezihlukene Zinika amandla Izinketho Ezihlukahlukene Zokumatanisa Imoto Nengxenye

Izinzuzo zokumataniswa kwezindlela zokuphepha zincike esikimini sokuqinisekisa impendulo yenselele esidinga ukufakwa "kwemininingwane" ehlukahlukene: izitifiketi, amapheya okhiye abazimele, okhiye basesidlangalaleni abamile, okhiye ababiwe abayimfihlo, njll. Izinketho ezihlukahlukene zinikeza amazinga ahlukene okuphepha nokuvumelana nezimo. , okuvumela abakhiqizi ukuthi bakhethe inketho engcono kakhulu ngezidingo zabo ezithile. Izinketho eziningi zingahlanganiswa: ngokuvamile, ukuqinisekiswa kwengxenye yemoto yokuqala kuyadingeka ukuze kukhishwe izinto zomgunyathi, kodwa ukudlula, izinyathelo ezengeziwe ezihlanganisa ukufakwa, ukumisa, futhi ekugcineni, inhlangano ethile yemoto-to-part kufanele yenziwe. Lokhu kufakwe engxenyeni esele yombhalo.

Ukuqinisekiswa Kwempendulo Yenselele
Njengesikhumbuzi esijwayelekile, ukuqinisekiswa kwempendulo yenselelo kunezinyathelo ezilandelayo:

  1. Idivayisi yokuqinisekisa ithumela "inselelo" (inombolo engahleliwe) kudivayisi ye-prover.
  2. Isaga sisebenzisa imfihlo ukuze sisayine inombolo engahleliwe futhi sikhiqize “impendulo” (inombolo engahleliwe ingase ihlanganiswe ukuze kunamathiselwe ulwazi olwengeziwe, isb, idatha yomjikelezo wempilo). Ukuqinisekiswa Kwempendulo Yomngeni Njengesikhumbuzi esivamile, ukuqinisekiswa kwempendulo yenselele kunezinyathelo ezilandelayo:
    1. Idivayisi yokuqinisekisa ithumela "inselelo" (inombolo engahleliwe) kudivayisi ye-prover.
    2. Isaga sisebenzisa imfihlo ukuze sisayine inombolo engahleliwe futhi sikhiqize “impendulo” (inombolo engahleliwe ingase ihlanganiswe ukuze kunamathiselwe ulwazi olwengeziwe, isb, idatha yomjikelezo wempilo).
    3. I-prover ithumela "impendulo" ku-ECU, ngezinye izikhathi ngedatha eyengeziwe yokuhlonza.
    4. Isiqinisekisi siqinisekisa idatha yokuhlonza umhloli kanye nempendulo.
      Qaphela lokhu kuqinisekiswa kungenziwa ngezindlela zombili.

Inketho Esekelwe Esitifiketini

Izingxenye zemoto ukuqinisekiswa okuqinile, ukuqinisekiswa kwedatha yomjikelezo wempilo, isilawuli sokufinyelela inkumbulo, nokwenza kusebenze izingxenye zemoto kungancika ekuqinisekiseni okusekelwe kusitifiketi. Ngakho-ke, le nketho ifakazela ngokuyimfihlo ubunikazi bedivayisi nolwazi olwengeziwe njengedatha yomjikelezo wempilo.

Njengesikhumbuzi esijwayelekile, ukuqinisekiswa okusekelwe kusitifiketi kwengxenye yemoto yi-ECU kungokulandelayo:

  1. I-ECU ithumela "inselele" (inombolo engahleliwe) engxenyeni yemoto enamathiselwe.
  2. Ingxenye yemoto isebenzisa ukhiye wayo oyimfihlo ukuze isayinde inombolo engahleliwe (inombolo engahleliwe ingase ihlanganiswe ukuze inamathisele ulwazi olwengeziwe lwengxenye yemoto, isb, idatha yomjikelezo wempilo).
  3. Ingxenye yemoto ithumela isiginesha "yempendulo" kanye nesitifiketi sayo sengxenye yemoto ku-ECU.
  4. I-ECU iqinisekisa isitifiketi sengxenye yemoto isebenzisa isitifiketi se-OEM CA. Izingxenye zemoto ezingezona eziyiqiniso ziyanqatshwa lapha njengoba izitifiketi zazo zingakhishwa i-OEM CA.
  5. I-ECU iqinisekisa impendulo yengxenye yemoto. Wonke ama-clones anqatshiwe njengoba okhiye abayimfihlo abakwazi ukukopishwa; ngakho-ke, izingxenye ezihlanganisiwe azikwazi ukubala amasignesha alungile. Lolu hlelo lungenziwa futhi ngakolunye uhlangothi, lapho ingxenye yemoto ingaqinisekisa ukuthi i-ECU isemthethweni, noma kunikezwa ukufinyelela kokubhala inkumbulo.

Ukufakwa Kwesitifiketi
Ukufakwa kwesitifiketi kufanele kwenziwe ngaphambi kokusebenzisa noma yiziphi izimo zokuqinisekisa ezisuselwe kusitifiketi. Ngakho-ke, ngesikhathi sokwenziwa kwemoto, izitifiketi zokhiye womphakathi kufanele zifakwe ku-ECU yemoto kanye nezingxenye zemoto ezixhunywe kuyo. Ukufakwa kwalezo zitifiketi kudinga isiphathimandla sokuqinisekisa izimpande ezithenjwayo (OEM CA). Ake sithathe i-example yekhamera yemoto izoba yingxenye yemoto ehlotshaniswa ne-ECU ngokoMfanekiso 1.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-1

Uhlelo lwe-ECU
Uma i-ECU idinga ukuzifakazela ubuqiniso ezingxenyeni zemoto futhi kudingekile ukusebenzisa i-cryptographic, i-OEM kufanele isebenzise isistimu yokuqalisa evikelekile ukuze ilungiselele i-ECU ngokwenza imisebenzi elandelayo:

  • Layisha ipheya yokhiye ehlukile ku-ECU bese uyigcina ku-ECU (okunye ipheya yokhiye ingakhiqizwa ku-ECU, bese ukhiye womphakathi ufundwe ku-ECU). Ukhiye oyimfihlo usiza i-ECU ukufakazela ubunikazi bayo.
  • Khipha Isitifiketi se-ECU futhi usigcine ku-ECU. Isitifiketi se-ECU sisayinwe ngedijithali kusetshenziswa ukhiye oyimfihlo we-OEM CA. Lesi sinyathelo sifakazela ukuthi i-ECU ivela ku-OEM.
  • Gcina Isitifiketi se-OEM CA (ukhiye wasesidlangalaleni we-CA kuphela ugcinwa ukuze usetshenziswe njengesitifiketi esilula se-CA) ku-ECU. Lesi sinyathelo sisiza i-ECU ukuthi iqinisekise izitifiketi zengxenye yemoto enamathiselwe phakathi nezinqubo zokuqinisekisa eziqinile futhi iqinisekise ukuthi zigunyaziwe izingxenye ze-OEM. IsibampIsitifiketi se-ECU sichazwe kuThebula 2.

Ithebula 2. Okuqukethwe Kwesitifiketi Se-ECU

INSIMU DESCRIPTION
Isihlonzi Esiyingqayizivele se-ECU Ongakukhetha. I-ID ehlonza ngokukhethekile i-ECU.
I-ECDSA Public Key X iyaxhumanisa I-ECU inokubhanqwa kokhiye abahlukile ngezinjongo zokuqinisekisa. Le nkambu iqukethe ingxenye yomphakathi yalokhu kubhanqwa kokhiye.

Njengoba noma ubani engakwazi ukukhiqiza ipheya yokhiye, isitifiketi senziwa kulo khiye womphakathi ukufakazela ukuthi sigunyazwe i-Root CA ethenjwa ngokufanayo.
ECDSA Public Key Y coordinate
Idatha eyengeziwe Idatha engeziwe engafanele
Ingxenye ye-ECDSA Isiginesha R Lesi siginesha sibalwa kusetshenziswa ukhiye oyimfihlo we-Root CA Authority lapho isitifiketi "sikhishwa."

Ivala amasimu okukhulunywe ngawo ngenhla; akekho ongafoja isitifiketi noma aguqule isitifiketi.

Izitifiketi ziqinisekisa ukuthi inani le-ECDSA Public Key enkundleni engenhla lifana nesihlonzi se-ECU Eyingqayizivele kanye nedatha engafanele efunwa esitifiketini FUTHI ikhishwe i-Root CA ehlosiwe.

Amasiginesha avumelekile angenziwa kuphela yi-Root CA esemthethweni.
Ingxenye yeSiginesha ye-ECDSA

Ukukhiqizwa kwesitifiketi se-ECU kubandakanya amabhizinisi amathathu afaka i-OEM CA, isistimu yokuqalisa evikelekile, kanye ne-ECU ngokomfanekiso 2. I-OEM CA iqukethe ukhiye oyimfihlo wokusayina zonke izitifiketi ze-ECU. Ngokusobala kufanele ivikelwe ekudaluleni ukugwema ukukhiqizwa kwama-ECU akhohlakele nezingxenye zemoto. Ngokuvamile, itholakala endaweni evikelekile. Isistimu yokuqalisa iyithuluzi ngempela elenza inqubo njengoba kubonisiwe kuMfanekiso 2. Umkhiqizi we-ECU noma inkampani yemoto kufanele athuthukise leli thuluzi.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-2

Car Part Programming
Izingxenye zemoto kumele nazo zenze inqubo efanayo yokuqalisa ukuze zigunyazwe yi-ECU. I-OEM CA, ngosizo lwesistimu yokuqalisa, kufanele ikhiqize ipheya yokhiye abahlukile kudivayisi ngayinye, bese ikhipha futhi ilayisha isitifiketi sengxenye yemoto (isb., ikhamera), futhi ekugcineni ilayishe Isitifiketi se-OEM esithenjwa ngokufanayo engxenyeni yemoto. Kulo mbhalo, i-DS28C40 IC isetshenziselwa ukusekela lokhu. Ifomethi yesitifiketi esekelwa i-DS28C40 iboniswa kuThebula 3.

Ithebula 3. Okuqukethwe Kwesitifiketi Sekhamera, Kugcinwe ku-DS28C40

INSIMU DESCRIPTION
I-DS28C40 ROMID I-DS28C40 ngayinye inesihlonzi esiyingqayizivele esingu-64-bit esibizwa ngokuthi i-ROMID.
I-ECDSA Public Key X iyaxhumanisa I-DS28C40 ngayinye inokhiye omile ohlukile ngezinjongo zokuqinisekisa. Le nkambu iqukethe ingxenye yomphakathi yalokhu kubhanqwa kokhiye.

Njengoba noma ubani engakwazi ukukhiqiza ipheya yokhiye, isitifiketi senziwa kulo khiye womphakathi ukufakazela ukuthi sigunyazwe i-Root CA ethenjwa ngokufanayo.
ECDSA Public Key Y coordinate
Idatha eyengeziwe Idatha engeziwe engafanele
Ingxenye ye-ECDSA Isiginesha R Lesi siginesha sibalwa kusetshenziswa ukhiye oyimfihlo we-Root CA Authority lapho isitifiketi "sikhishwa."

Ivala amasimu okukhulunywe ngawo ngenhla; akekho ongafoja isitifiketi noma aguqule isitifiketi.

Izitifiketi ziqinisekisa ukuthi inani le-ECDSA Public Key enkundleni engenhla lifana nesihlonzi se-ROMID kanye nedatha engafanele efunwa esitifiketini FUTHI ikhishwe i-Root CA ehlosiwe.

Amasiginesha avumelekile angenziwa kuphela yi-Root CA esemthethweni.
Ingxenye yeSiginesha ye-ECDSA

Ukufakwa kwesitifiketi sekhamera kuphinde kufaka phakathi amabhizinisi amathathu okuyi-CA, isistimu yokuqalisa, kanye ne-DS28C40 ngokomfanekiso 3 ngamunye. I-CA inokhiye oyimfihlo wokusayina izitifiketi. Ngokusobala kumele kuvikelwe ekudaluleni ukuze kugwenywe ukukhiqizwa kwezingxenye zemoto ezingaqinile. Ngokuvamile, itholakala endaweni evikelekile. Isistimu yokuqalisa iyithuluzi elenza inqubo njengoba kubonisiwe kuMfanekiso 3.

Esinyathelweni sokuqala, i-DS28C40 izikhiqizela ukubhanqwa kokhiye abazimele abangahleliwe ngaphakathi kwememori yayo evikelekile, bese ikhipha ukhiye womphakathi ukuze ugunyazwe yi-CA. I-CA ibe ifunda ukhiye wasesidlangalaleni we-DS28C40, ikhiqize isitifiketi sedivayisi, futhi isigcine kumemori ye-DS28C40. Okokugcina, uhlelo lokuqalisa lungagcina i-CA Certificate ku-DS28C40 kusetshenziswa ifomethi elula (kuphela ukhiye wasesidlangalaleni we-CA, owaziwa ngokuthi i-Authority Public Key, ugcinwa) Ngokwenza kanjalo, ingxenye yemoto ingenziwa isebenze ngokufihlakele noma ukubhala isilawuli sokufinyelela kumemori yayo kungavulwa.

Kaningi, izingxenye zemoto ziqalwa ngabakhiqizi bezingxenye zemoto abagunyazwe yi-OEM, hhayi i-OEM ngokwayo. Izikimu zesitifiketi zivumela ukunikeza lesi sinyathelo ngaphandle kwesidingo sokuthi i-OEM yabelane ngokhiye oyimfihlo wokuvikela we-OEM CA obalulekile. Abakhiqizi bezingxenye zezimoto ngokuvamile bane-CA yabo, enokhiye wabo oyimfihlo wokusayina isitifiketi nesitifiketi se-CA. Izingxenye zabo zamukelwa ama-ECU emoto uma ephethe ingxenye yemoto yesitifiketi se-CA somkhiqizi. Ngakho-ke, i-OEM yengamela ukulayisha izitifiketi ezifanele zomkhiqizi wengxenye yemoto kuma-ECU ukuze izingxenye zomkhiqizi zamukelwe “njengeziyiqiniso.” Umfanekiso olandelayo ukhombisa ukuqaliswa kwengxenye yemoto kusetshenziswa i-DS28C40.

Uma noma yikuphi ukubhala okuvikelekile kudingekile, khona-ke i-Writ Authority Public Key kufanele ifakwe nayo (bona Umfanekiso 3). Lo khiye wasesidlangalaleni onegunya lokubhala uyingxenye yokhiye wesibili we-Root CA osetshenziselwa ukubhala kuphela. Ngakho-ke, i-Root CA iqukethe omunye ukhiye oyimfihlo obizwa ngokuthi i-Writ Authority Private Key ukuze ihlukanise ukusetshenziswa kwayo.I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-3

Ukwengeza, isevisi yokuhlela kusengaphambili ye-Analog Devices, Inc. ingenza izinyathelo ezivezwe kuMfanekiso 3. Lokhu ikwenza ngezindlela zokungenisa okuphephile kokhiye oyimfihlo we-CA endaweni yokuhlola evikelekile Yamadivayisi we-Analog. Ngokwenza kanjalo, kungenza ukukhiqizwa kwamapheya okhiye we-DS28C40 nezitifiketi ezihlelwe ngaphambili kube lula kakhulu ku-OEM yemoto.

Umsebenzi Wokubhanqa

Uma ingxenye yemoto enjalo igaywe futhi inamathiselwe ku-ECU, ukuqinisekiswa kokuqala kufanele kwenziwe yi-ECU ukuze kuqinisekiswe ukuthi ingxenye iphuma kumkhiqizi wengxenye egunyaziwe ngenxa yohlelo olusekelwe kwisitifiketi. Lokhu kuqinisekisa kuba yimpumelelo uma i-ECU ingaqinisekisa ngempumelelo impendulo yengxenye yemoto enseleleni. Nokho, lokhu akuvikeli ekushintsheni izingxenye ngaphandle kokulawula njengoba zonke izingxenye ezikhishwe yi-CA efanayo zivumelekile. Ukuze ubophe ingxenye ngokuqhubekayo unomphela ku-chassis yemoto ethile, ukuhlola okwengeziwe kungenziwa i-ECU kusetshenziswa ulwazi olugcinwe ngaphakathi kwememori elawulwa ukufinyelela yengxenye yemoto. Ulwazi luhlanganisa isihlonzi esiyingqayizivele sengxenye yemoto kanye nokhiye osesidlangalaleni. OkwesiboneloampLe, ukumatanisa okusekelwe kusitifiketi kungase kube ukulondoloza izihlonzi ezihlukile noma okhiye basesidlangalaleni phakathi kwe-ECU nengxenye yemoto.

Qaphela ukuthi konke ukugeleza kokuqinisekisa okuchazwe kulesi sigaba kufanele kwenziwe njalo (qinisekisa isitifiketi kuqala bese emva kwalokho impendulo yengxenye) emele ukushaya kwesikhathi sokubambezeleka.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-4

Inketho Yokhiye Womphakathi Emile

Uma kungadingeki ukuguquguquka kwesikimu sangaphambilini sesitifiketi, indlela elula yokumatanisa ingafinyelelwa kusetshenziswa okhiye basesidlangalaleni abamile. Lokhu kungenziwa endaweni ethembekile, ngesikhathi sokukhiqiza noma egalaji, ngokwesiboneloample, lapho ufaka/ulungisa ikhamera yemoto. Umfanekiso 4 ubonisa ukumataniswa kwengxenye yemoto ne-ECU. Kulolu hlelo, ukhiye wasesidlangalaleni we-ECU ugcinwe ngokuqondile ku-DS28C40 yengxenye yemoto ngumlingisi ogunyaziwe, ngokucatshangwa ukuthi ukhiye womphakathi uthembekile. Umsebenzi wokuhlehla wenziwa futhi lapho ukhiye womphakathi wengxenye yemoto (DS28C40) ubhalwe ngokuqondile kumemori ye-ECU, kucatshangwa ukuthi yethenjwa. Ngokucabangela ukuthi umsebenzi uqhutshwa iqembu elithenjwayo, i-ECU nengxenye manje sekubhanqiwe njengoba bethembana ngokulinganayo ukhiye womunye nomunye womphakathi. Uma ingxenye ithathelwa indawo entsha, eyokugcina inqatshwa i-ECU njengokhiye wasesidlangalaleni osenkumbulo osetshenziswa i-ECU ukuqinisekisa impendulo yengxenye ayifani nokhiye oyimfihlo wengxenye entsha.

Lolu hlelo lulula futhi luyashesha ukwenziwa ngoba alufaki ukukhishwa nokuqinisekiswa kwezitifiketi, kodwa ludinga ukwethenjwa okungeziwe engxenyeni yomsuka nenqubo yokumatanisa njengoba okhiye basesidlangalaleni bekhohliswa ngokuqondile. Uma okhiye basesidlangalaleni bengalawulwa umdlali oyisikhohlakali, lo angakwazi ukufaka esikhundleni okhiye basesidlangalaleni abashintshaniswa ngokulinganayo futhi ahlobanise ingxenye entsha. Qaphela ukuthi lolu hlelo lweqa ukuqinisekiswa okuqinile kokuqala kwezingxenye zemoto; ngakho-ke, izinto zomgunyathi azivinjelwa.

Ukufakwa Okuqondile Kokhiye Oyimfihlo Okwabelwana Ngayo

Ukumatanisa kungenziwa futhi ngokuhlela kusengaphambili okhiye abayimfihlo ababiwe kukho kokubili i-ECU nezingxenye zemoto. Inzuzo yale ndlela ukuthi ilula kakhulu futhi ishesha kakhulu ekubalweni kwe-cryptography computation. Ngokufanayo nokushintshisana kokhiye basesidlangalaleni okwenziwa umlingisi othenjwayo okukhulunywe ngaye ngenhla, imfihlo eyabiwe ekhethwe ngokungahleliwe igcinwa ngokuqondile kokubili ku-DS28C40 yemoto kanye ne-ECU ngumlingisi ogunyaziwe. Ngokucabanga ukuthi ukusebenza bekuqhutshwa iqembu elithembekile, i-ECU nengxenye manje sekubhanqiwe njengoba babelane ngokhiye ofanayo oyimfihlo. Uma ingxenye ithathelwa indawo entsha, ukhiye oyimfihlo olungile kufanele ufakwe engxenyeni; ngaphandle kwalokho, inqatshwa i-ECU njengokhiye owabiwe wenkumbulo osetshenziswa i-ECU ukuze iqinisekise ukuthi impendulo yengxenye ayifani nengxenye entsha.

I-DS28C40 ingalethwa ngezimfihlo ezilayishwe kusengaphambili ezithathwe kukhiye oyimfihlo oyimpande kanye ne-ID eyingqayizivele engu-64-bit ehlanganiswe ne-ID yokukhiqiza engu-16-bit. Imfihlo yempande ingase igcinwe ngokuqondile kuma-ECU ukuze ngayinye yazo ikwazi ukwamukela zonke izingxenye zemoto. Ukuba nemfihlo yempande kuvumela ukutholwa kokhiye owabiwe ofanayo yi-ECU.
Ngaphandle kwalokho, futhi ukuze kuncishiswe ubungozi obukhona ekudalulweni kokhiye oyingqayizivele okhona kuwo wonke ama-ECU, igaraji/umkhiqizi othenjwayo angakwazi ukulayisha ngokuqondile imfihlo eyabiwe yengxenye yemoto ku-ECU ngokoMdwebo 5.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-5

Inketho Eyinhloko Yokusungula

Inketho eyingxube ibandakanya kokubili ukuqinisekiswa okusekelwe kwesitifiketi sokuqala kanye nokumataniswa kokhiye okuyimfihlo kusetshenziswa iphrothokholi ye-Elliptic-curve Diffie-Hellman (ECDH). Inketho yokumatanisa esekelwe kukhiye oyimfihlo idinga izinyathelo ezifanayo njengenketho esekelwe kusitifiketi. Isinyathelo esengeziwe (i-ECDH) sisungula ngokuvikelekile ukhiye oyimfihlo owabiwe phakathi kwe-ECU nengxenye yemoto ngaphandle kokudalula noma yiluphi ulwazi olubucayi phakathi nokumataniswa.

Izinzuzo zenketho yokusungula eyinhloko ziningi. Uhlelo luvumela kalula ukunika amandla abahlinzeki bezingxenye eziningi ukuthi bakhiqize izingxenye eziqinisekisiwe ze-OEM: Ngesikhathi sokufakwa, izingxenye zingagunyazwa ngokugcwele njengeziyiqiniso. Izinyathelo ezengeziwe ze-ECDH ziletha ama-advan amabilitages. Ibophezela unomphela ingxenye yemoto ku-chassis' ECU ngokwenza imfihlo eyabelane ngokuhlanganyela, ehlukile kuleyo nhlangano, ukuze kuvinjelwe ukushintshaniswa kalula kwezingxenye zangempela. Iphinde inike amandla ukuqinisekiswa okushesha kakhulu (okuvezwa kamuva) ukweqa ukuqinisekiswa okwengeziwe kwesitifiketi nokusebenzisa ama-algorithms okhiye oyimfihlo ashesha kakhulu kunokuqinisekisa okusekelwe kusitifiketi esizinyathelo ezimbili. I-DS28C40 igcina imfihlo eyabiwe efanayo (SECRET_S) enkumbulweni yayo ngokusebenzisa umyalo othi “Compute and Write SHA-256 Secret” umyalo, kuyilapho i-ECU igcina imfihlo efanayo kumemori evikelwe ngenxa yalokho iqedela ukubhanqa ngokomfanekiso 6. Uma ingxenye ithathelwa indawo entsha, inqatshwa i-ECU njengoba ukhiye owabelwe osesikhumbuzweni osetshenziswa i-ECU ukuze uqinisekise impendulo yengxenye ayifani nengxenye entsha.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-6

Izikimu Ezihlukahlukene Zokuqinisekisa Ingxenye Yemoto

Izingxenye zemoto kanye ne-ECU ngaphambilini amataniswe kusetshenziswa enye yezindlela ezichazwe kule dokhumenti, njengokususelwe kusitifiketi, ukhiye osesidlangalaleni omile, ukhiye oyimfihlo owabelwe, noma ukusungulwa kokhiye manje kunikeza isivikelo esiqine kakhulu ekuphepheni kwemoto. Umgunyathi, ukukhwabanisa, nokuhlasela kuphazanyiswa ngokukwazi ukufakazela ubuqiniso nesimo somjikelezo wempilo wengxenye yemoto noma i-ECU. Uma noma iyiphi impahla elawulwayo ingenakuthenjwa ngoba yehluleka inqubo yokuqinisekisa, i-ECU noma ingxenye yemoto ingayeka ukusebenza futhi igcine isistimu isesimweni esiphephile, ngokwesibonelo.ample, ukuvimbela imoto ukuthi isebenze, ukubonisa izexwayiso kudeshibhodi. Izikimu zokufakazela ubuqiniso ezihlehliswayo zivumela izingxenye zemoto ukuthi ziyeke ukusebenza uma zinganamathiselwe ku-ECU esemthethweni (ngenxa yokuhlasela komuntu ophakathi nendawo noma ukushintshaniswa okungalawuleki kwengxenye kwenye imoto). Uhlelo olunjalo luphinde lusetshenziselwe ukulawula ukufinyelela kokubhala kumemori yangaphakathi yengxenye yemoto ukuze kulondolozwe umjikelezo wempilo kanye nedatha yokumisa ekuguquleni okungafunwa.

Ukuhlonza kanye Nokuqinisekiswa Kwengxenye Yemoto yi-ECU

I-ECU kufanele ikhombe futhi iqinisekise ingxenye yemoto phakathi nokusetshenziswa okuvamile ukuze kuqinisekiswe ukuthi iyiqiniso, futhi ihlotshaniswa kahle ne-chassis. Lokhu kungenziwa lapho injini iqala, futhi ngezikhathi ezithile ngenkathi imoto isebenza.

Ukuqinisekisa Okusekelwe Esitifiketini
Ekuqinisekiseni okusekelwe kusitifiketi, i-ECU nengxenye yemoto kufanele zabelane ngesitifiketi esivamile sesigunyazo sokunikeza izitifiketi. Idokhumenti ichaze izikimu ezihlukahlukene zokunikeza izitifiketi, kodwa ekugcineni, i-ECU kufanele ikwazi ukuqinisekisa isitifiketi sengxenye yemoto isebenzisa ukhiye womphakathi wesiphathimandla sokunikeza izitifiketi esikhiphe isitifiketi sengxenye. Uma ingxenye yemoto nayo idinga ukufakazela ubuqiniso be-ECU, ingxenye yemoto kufanele futhi ikwazi ukuqinisekisa isitifiketi se-ECU isebenzisa isitifiketi sesiphathimandla sokunikeza izitifiketi.

Uma usebenzisa i-DS28C40, isitifiketi sengxenye yemoto singagcinwa kumemori ye-DS28C40 (i-ECU ingasithola sisebenzisa umyalo othi “Funda Inkumbulo”). I-DS28C40 ingagcina isitifiketi segunya lesitifiketi ngokwefomethi ethile echazwe kuzicaciso ze-DS28C40. Isitifiketi se-ECU singaqinisekiswa yi-DS28C40 kusetshenziswa umyalo othi “Qinisekisa i-ECDSA Public Key”. Ngemva kwempumelelo, ukhiye osesidlangalaleni we-ECU uthathwa njengothenjiwe. Isinyathelo sokuqinisekisa isitifiketi (indlela eyodwa noma zombili) silandelwa yisinyathelo esilandelayo esichazwe kuMfanekiso 7.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-7

Ukuqinisekiswa Kokhiye Womphakathi Okumile

Ukuze kubhekwe njengokuyiqiniso, amadivayisi adinga ukufakazela ulwazi lokhiye oyimfihlo ohambisana nokhiye osesidlangalaleni okhangiswa kuzitifiketi zabo (abenzi bomgunyathi abanakho ukufinyelela kokhiye bangempela bedivayisi). Ukuba nokhiye oyimfihlo ongakwesokudla kungafakazelwa kusetshenziswa i-algorithm ye-ECDSA engxenyeni yokuphendula inselele yephrothokholi njengoMfanekiso 7. Ukuze kufezeke lokho, i-ECU isebenzisa ukulandelana kokuqinisekiswa kwe-Compute and Read Page ye-DS28C40. I-ECU ithumela inselele ku-DS28C40 ngalo myalo.

I-DS28C40 isayina ngedijithali inombolo engahleliwe efakwe olwazini olwengeziwe ngokusebenza kwesiginesha ye-ECDSA kusetshenziswa ukhiye wayo oyimfihlo. Isiginesha ewumphumela ibuyiselwa ku-ECU eyenza umsebenzi wokuqinisekisa we-ECDSA ngedatha efanayo futhi isebenzisa ukhiye womphakathi wengxenye yemoto. Ukuthembela kukhiye osesidlangalaleni osetshenziselwa ukuqinisekiswa kungenzeka ukuthi kusungulwe esinyathelweni sangaphambili sokuqinisekisa isitifiketi njengoba kuveziwe ngenhla, noma ngokufakwa okuthenjiwe kwengxenye yokhiye osesidlangalaleni kumemori ye-ECU ngendlela emile. Ngemva kwempumelelo, i-ECU ithola ubufakazi obusemthethweni bokuthi zombili iziphetho zisebenzisa idatha efanayo futhi ukhiye oyimfihlo wengxenye yemoto ufana nokhiye osesidlangalaleni osetshenziswa i-ECU. I-cryptography yokhiye osesidlangalaleni ine-advantage yokungabelani ngolwazi oluyimfihlo phakathi kwamadivayisi ahlukahlukene. Nokho, ukwethenjwa kokhiye basesidlangalaleni kufanele kuqinisekiswe, kungaba ngesikimu esisekelwe kusitifiketi noma ngokusebenzisa inqubo yokushintshisana yokhiye osesidlangalaleni ethenjwayo njengoba iveziwe engxenyeni yokuqala.

Ukuqinisekisa Okusekelwe Ngokuyimfihlo Kwabiwe

Ukuthi imfihlo eyabiwe ifakwe ngokuqondile noma isungulwa nge-ECDH, le nqubo yokuqinisekisa ingxenye yemoto incike ekusebenzeni kwephrothokholi yokuphendula inselele. I-DS28C40 isebenzisa i-HMAC-SHA256 njengekhodi yokuqinisekisa umlayezo (MAC). Kule phrothokholi, i-ECU ithumela inselele engahleliwe engxenyeni yemoto njengepharamitha yomyalo othi "Compute and Read Page Authentication" ohlinzekwa yi-DS28C40 ehlezi engxenyeni yemoto. I-DS28C40 ibala i-HMAC-SHA256 yenselele (nenye idatha engeziwe) isebenzisa imfihlo eyabiwe futhi ibuyisela umphumela we-MAC. Le nqubo iboniswa kuMfanekiso 8.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-8

I-ECU yenza ukubala okufanayo ngedatha efanayo ngenguqulo yayo yokhiye owabiwe futhi ikhiqize i-MAC yesibili. Uma womabili amanani e-MAC efanelana, iqinisekisa ukuthi kokubili idatha nokhiye abayimfihlo okwabelwana ngabo kufana nhlangothi zombili, okufakazela ukuthi isisetshenziswa sivumelekile. Manje, ukusetshenziswa kwengxenye yemoto kungagunyazwa. I-advantage kulezi zindlela ezimbili ukuthi ukubala kushesha izikhathi ezingu-12 kunendlela yokhiye womphakathi esebenzisa i-ECDSA.

Ukuqinisekisa (Ubufakazi) Kokuqukethwe Kwenkumbulo Yengxenye Yemoto yi-ECU

Ubufakazi bokuqukethwe kwenkumbulo yengxenye yemoto kuhambisana nokuhlonza/ukuqinisekisa futhi kuvumela ukutholaampubufakazi bobufakazi bezakhiwo zayo ezihlukahlukene, njengolwazi lomjikelezo wempilo, ukulinganisa nezilungiselelo, ukunakekelwa, nezinyathelo zokukhiqiza noma olunye ulwazi oluchazwe nge-OEM olungenamthetho. Lobu bufakazi, empeleni, busetshenziswa ngesikhathi esisodwa ngendlela yokuhlonza edaluliwe kanye nendlela yokuqinisekisa eshiwo ngenhla lapho kusayinwe khona okuqukethwe kwenkumbulo yengxenye (nge-ECDSA noma i-HMAC-SHA256) kanye nenselelo ye-ECU engenayo ngenkathi kusetshenziswa umyalo othi “Compute and Read Memory Authentication”. , ngakho-ke, okufakazela umsuka nobuqiniso bayo. Uma ingxenye eyodwa yedatha yenkumbulo ye-DS28C40 ishintshwa ekuhambeni phakathi kwengxenye yemoto ne-ECU, noma uma ukhiye wokusayina ungavumelekile, i-ECU iyaqaphela njengoba yehluleka ukuqinisekisa isiginesha yedatha, ngaleyo ndlela ivimbe yonke imininingwane.ampukuzama ukukhohlisa. Idatha ivamise ukubuyiswa kumemori yengxenye yemoto ngokukhipha imiyalo ethi “Funda Inkumbulo” ku-DS28C40. Kungase futhi "kucatshangwe" kalula yi-ECU, kususe isidingo sokufunda idatha njalo uma ukuqinisekiswa kufanele kwenziwe.

Ku-DS28C40 IC, inkumbulo ihlukaniswa ibe amakhasi amaningana anobude obugxilile. Inqubo efanayo yokuqinisekisa ingaphinda nganoma yimaphi amakhasi. Futhi, uma kudingeka, ukubethela kungangezwa ngezinyathelo ezengeziwe ukuze kuvinjelwe ukulalela okuqukethwe kwenkumbulo yengxenye yemoto ngenkathi kuthuthwa.

Ukubhala Okuvikelekile Emakhasini Enkumbulo Yengxenye Yemoto
Okuqukethwe kwenkumbulo yengxenye yemoto ngokusobala kuyimpahla okufanele ivikelwe; ngakho-ke, ukulawula ukufinyelela kokubhala okuqinile kuyadingeka ukuze kulungiswe idatha, njengokulinganisa, izilungiselelo, kanye/noma ulwazi lomjikelezo wempilo. Ukufeza lokhu, izinhlelo zangaphambili zokumatanisa nezokuqinisekisa ziyasetshenziswa. Lesi sigaba sidingida izindlela ezimbalwa inkumbulo yengxenye yemoto engavikelwa ngayo.

Ukubhalwa Kwedatha Yokulinganisa/Yomjikelezo Wempilo
Phakathi nokuseviswa kwesistimu engaphansi yemoto egalaji noma efekthri, imisebenzi yokubhala inkumbulo ingafezwa futhi ilawulwe umlingisi ogunyaziwe. I-DS28C40 inikezela ngesilawuli sokufinyelela ekubhaleni inkumbulo kusetshenziswa i-algorithm ye-ECDSA noma kusetshenziswa i-algorithm yemfihlo eyabiwe ye-HMAC-SHA256. Umsebenzi wokubhala obethelwe uyenzeka, nakuba kungakhulunywanga ngakho kuleli nothi lohlelo lokusebenza. Okokuqala, ukufundwa kokuqukethwe kwekhasi lememori okuqondiwe kwamanje kwenziwa njengoMfanekiso 9 ngamunye. Bese:

Ukuqinisekisa Okusekelwe Kukhiye Womphakathi:

  • Igalaji/imboni isebenzisa umyalo othi “Qinisekisa i-ECDSA Public Key” ukuze uqinisekise isitifiketi sabo. Kuncike ekutheni i-DS28C40 iqaliswe ngesitifiketi se-CA esifana nesitifiketi segaraji, i-DS28C40 iyasithemba isitifiketi esihlongozwayo futhi isebenzisa ukhiye osesidlangalaleni ohambisanayo emsebenzini wokuqinisekisa we-ECDSA olandelayo.
  • Igalaji/imboni isebenzisa umyalo othi “Qinisekisa i-ECDSA Bhala Inkumbulo”, isayine ngedijithali idatha yekhasi lememori yamanje nentsha, kusetshenziswa ukhiye wayo oyimfihlo. Izinketho ezihlukahlukene zingasetshenziswa ngokubona kwe-OEM kulokhu: Igalaji/imboni ingaba nokhiye oyimfihlo endaweni “ebhokisini elivikelekile,” noma inqubo yokuqinisekisa ingaqhutshwa ku-inthanethi ngeseva ye-OEM, igcine okhiye abayimfihlo begcinwe bekude endaweni evikelekile. ingqalasizinda.
  • I-DS28C40 iqinisekisa isiginesha engena ngaphakathi komyalo othi “Authenticated ECDSA Write Memory” isebenzisa ukhiye osesidlangalaleni oqinisekiswe ngaphambilini owamukelwe kumyalo othi “Qinisekisa Ukhiye Womphakathi We-ECDSA”. Ngemva kwempumelelo, okuqukethwe kwememori kuyabuyekezwa, okusho ukuthi kokubili okhiye kanye nolwazi olufakwe ekubalweni kwesiginesha yedijithali, ukugwema ukuchithwa kokulawulwa kokufinyelela nokusetshenziswa kwedatha kwezokuthutha.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-9

Ukuqinisekisa Okusekelwe Kukhiye Okwabiwe-Imfihlo:

  • Igalaji/imboni isebenzisa umyalo othi “Qinisekisa i-SHA256-Write”, ibala i-HMAC-SHA256 phezu kwayo yomibili idatha yekhasi lenkumbulo yamanje nentsha, kusetshenziswa ukhiye wabo oyimfihlo owabiwe. Izinketho ezihlukahlukene zingasetshenziswa ngokubona kwe-OEM kulokhu: Igalaji/imboni ingaba nokhiye owabiwe endaweni “ebhokisini elivikelekile,” noma inqubo yokuqinisekisa ingaqhutshwa ku-inthanethi ngeseva ye-OEM, igcine okhiye abayimfihlo begcinwe ngokukude endaweni evikelekile. ingqalasizinda.
  • I-DS28C40 iqinisekisa i-MAC ingena ngaphakathi komyalo othi “Authenticated ECDSA Write” isebenzisa imfihlo eyabiwe. Ngemva kwempumelelo, okuqukethwe kwememori kuyabuyekezwa, okusho ukuthi kokubili okhiye abayimfihlo ababiwe nolwazi olufakwe kumeshi yokubala ye-MAC, ukugwema ukuchithwa kokulawulwa kokufinyelela nokusetshenziswa kwedatha kwezokuthutha. Inqubo iboniswa kuMfanekiso 10.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-10

I-Cryptographic Activation Yengxenye Yemoto yi-ECU

Kulolu hlelo, ingxenye yemoto iqinisekisa i-ECU. Kusetshenziswa i-DS28C40, lokhu kuhumushela ekwenzeni umsebenzi wokubhala oqinisekisiwe ochazwe ngenhla kudokhumenti ukuze ulawule iphinikhodi yokukhipha ye-DS28C40. Ngaphandle kwemininingwane efanele, ukulawula iphinikhodi yokuphumayo akunakwenzeka. Iphinikhodi yokukhiphayo ingalawula izinga lesiginali engase ivimbele ingxenye yemoto kancane noma ngokuphelele, noma iyiphi inketho efanelekile ngokombono wokuphepha.
Uma usebenzisa i-DS28C40 ukuze ulawule ukusebenza kwengxenye yemoto, i-ECU kufanele ifakazele ukuthi ingumnikazi wemfihlo eyabiwe esemthethweni noma ukhiye oyimfihlo (zombili izikimu zingenzeka). Bheka Ukubhala Okuvikelekile esigabeni Samakhasi Enkumbulo Yengxenye Yemoto njengoba isebenza ngendlela efanayo kodwa ubhalela ikhasi lememori elibonakalayo elikhethekile elilawula isimo se-GPIO njengoMdwebo 11 ngamunye.

I-ANALOG-DEVICES-DS28C40-DeepCover-Automotive-I2C-Authenticator-fig-11

Isifinyezo
Ukusebenza kwengxenye yemoto okuqinisekisiwe nokusebenza okuphephile kungafinyelelwa kangcono ngokusebenzisa izinketho ezihlukahlukene zokumatanisa okuxoxwe ngazo. Lezi zinketho zingafinyelelwa kangcono ngamadivayisi afana ne-DS28C40 kanye nokusetshenziswa/ulwazi lwezinhlelo ze-cryptography ezethulwa i-ECDSA ne-HMAC-SHA. Isifinyezo esenziwe lula sezinzuzo siboniswa kuThebula 4.

Ithebula 4. Izinzuzo Zokukhetha Okuhlukile

UHLELO UKHIYE FAKA UHLELO INQUBO YOKUMANQANISA Umazisi NOKUQINISEKISA OKUQINILE KWEZINXENYE UBUQINISEKISO OBUQINILE IDATHA YOmjikelezo Wempilo PHEPHILE IMPILO CYCLE IDATHA BHALA UKUSEBENZA KWE-CRYPTO- GRAPHIC IZIQEPHU ZEMOTO I-COMPUTE LATENCY
Isitifiketi- Sisekelwe Kubandakanyekile (i-CA iyadingeka) Kulula Iqinile Iqinile Iqinile Iqinile Kancane
Okhiye Basesidlangalaleni Abamile Kulula (Isikhungo sokufaka kufanele sithenjwe.) Kulula (A

Isici sokumatanisa kufanele sithenjwe.)

 Maphakathi

(Uma umdlali okhohlakele ekwazi ukulawula okhiye basesidlangalaleni, khona-ke ingxenye entsha ingahlotshaniswa.)

 Maphakathi Maphakathi Maphakathi Okumaphakathi (2x ngokushesha njengokususelwe kusitifiketi; akukho ukuqinisekiswa kwesitifiketi)
Ukhiye Oyimfihlo Wabiwe Ngokuqondile Kulula (Isikhungo sokufaka kufanele sithenjwe.) Kulula (A

Isici sokumatanisa kufanele sibe

othembekile.)

 Iqinile Iqinile Iqinile Iqinile Ngokushesha (12x ngokushesha

kuneSitifiketi esisekelwe)
Ukusungulwa Okubalulekile Kubandakanyekile (i-CA iyadingeka) Okubandakanyekayo (ECDH

okudingekayo)

 Iqinile Iqinile Iqinile Iqinile Ngokushesha (Kufana Nokhiye Oyimfihlo Owabiwe Ngqo)

Izinkomba/Ezinye Izinsiza

Haight, Michael. Umhlahlandlela Wesixazululo 7632, I-DeepCover Secure Automotive Authenticator Solution Guide.
I-Design Solutions No. 56, Thembela Izitifiketi Zakho Zedijithali—Ngisho Noma Ungaxhumekile Ku-inthanethi.
Ukuze uthole imininingwane eyengeziwe, bheka i-DS28C40/DS28E40/DS2478 Data Sheets, DS28C40/DS28E40/DS2478 Security User's Guides, kanye ne-DS28C40 EV kit/DS28E40 EV Kit Data Sheets.

Amadokhumenti / Izinsiza

ANALOG DEVICES DS28C40 DeepCover Automotive I2C Authenticator [pdf] Imaniwali yosebenzisayo
DS28C40 DeepCover Automotive I2C Authenticator, DeepCover Automotive I2C Authenticator, Automotive I2C Authenticator, Authenticator

Izithenjwa

Okuthunyelwe Okuhlobene

Shiya amazwana

Ikheli lakho le-imeyili ngeke lishicilelwe. Izinkambu ezidingekayo zimakiwe *