In-vehicle network system, electronic control unit, and update processing method

What is claimed is: 1 . A method for use in an in-vehicle network system including a plurality of electronic control units that each communicate a data frame having a message authentication code (MAC) added thereto with one another via at least one bus in accordance with Controller Area Network (CAN) protocol, the method comprising: detecting a state of a vehicle having the in-vehicle network system mounted therein; and updating a MAC key used to generate the message authentication code under the condition that the detected state of the vehicle is a predetermined state. 2 . The method according to claim 1 , wherein the plurality of electronic control units include a first electronic control unit and a second control unit, and wherein the method further comprises: the first electronic control unit sending a data frame identified with a predetermined message ID; the first electronic control unit generating a first message authentication code that reflects the value of a transmission counter which counts the number of transmission events using the MAC key; the first electronic control unit adding the first message authentication code to the data frame to be sent; the second electronic control unit receiving the data frame identified by the predetermined message ID; the second electronic control unit generating a second message authentication code that reflects the value of a reception counter which counts the number of reception events using the MAC key; the second electronic control unit verifying whether the message authentication code added to the received data frame is the same as the second message authentication code; and resetting the transmission counter and the reception counter under the condition that the detected state of the vehicle is the predetermined state. 3 . The method according to claim 1 , wherein the at least one bus comprises a plurality of buses, wherein each of at least one of the plurality of electronic control units is connected to one of the buses, wherein in the updating a MAC key, the MAC key held by each of the at least one electronic control unit among the electronic control units is updated, and the predetermined state is determined depending on the bus to which the each of the at least one electronic control unit is connected. 4 . The method according to claim 1 , wherein the at least one bus comprises a plurality of buses, wherein each of the plurality of buses belongs to any one of a plurality of types of group, and each of the electronic control units is connected to any one of the buses, and wherein in the updating a MAC key, the MAC key held by each of the at least one electronic control unit among the electronic control units is updated, and the predetermined state is determined depending on the group to which the bus to which the each of the at least one electronic control unit is connected belongs. 5 . The method according to claim 1 , wherein in the updating a MAC key, the MAC key is updated if the detected state of the vehicle is the predetermined state at a timing at which a quantity of a given type counted since previous updating of the MAC key reaches a predetermined quantity. 6 . The method according to claim 5 , wherein in the updating a MAC key, if the detected state of the vehicle is not the predetermined state at a timing at which a quantity of a given type counted since previous updating of the MAC key reaches a predetermined quantity, the MAC key is updated at a timing at which the detected state of the vehicle changes to the predetermined state. 7 . The method according to claim 1 , wherein the predetermined state is a state in which the vehicle is not traveling. 8 . The method according to claim 7 , wherein the state in which the vehicle is not traveling is a state in which the vehicle is parking. 9 . An in-vehicle network system including a plurality of electronic control units that each communicate a data frame having a message authentication code (MAC) added thereto with one another via at least one bus in accordance with Controller Area Network (CAN) protocol, the system comprising: a first electronic control unit including one or more memories and circuitry which, in operation, holds a first MAC key used to generate the message authentication code, generates a first message authentication code using the first MAC key, adds the generated first message authentication code to a data frame identified by a predetermined message ID, sends the data frame, and updates the first MAC key under the condition that a state of a vehicle having the in-vehicle network system mounted therein is a predetermined state; and a second electronic control unit including one or more memories and circuitry which, in operation, holds a second MAC key used to generate the message authentication code, generates a second message authentication code using the second MAC key, receives a data frame identified by the predetermined message ID, verifies whether the message authentication code added to the received data frame is the same as the second message authentication code, and updates the second MAC key under the condition that the state of the vehicle is a predetermined state. 10 . The in-vehicle network system according to claim 9 , wherein when updating the first MAC key, the circuitry of the first electronic control unit determines whether the state of the vehicle is a predetermined state when receiving a particular frame identified by a predetermined particular message ID and updates the first MAC key if the state of the vehicle is the predetermined state, and wherein when updating the second MAC key, the circuitry of the second electronic control unit determines whether the state of the vehicle is a predetermined state when receiving a particular frame identified by a predetermined particular message ID and updates the second MAC key if the state of the vehicle is the predetermined state. 11 . An electronic control unit for operating in accordance with Controller Area Network (CAN) protocol, comprising one or more memories and circuitry which, in operation: holds a MAC key used to generate a message authentication code (MAC); generates the message authentication code using the held MAC key; and updates the held MAC key under the condition that a state of a vehicle having the electronic control unit mounted therein is a predetermined state.