GB/T 40855-2021 PDF in English
GB/T 40855-2021 (GB/T40855-2021, GBT 40855-2021, GBT40855-2021)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GB/T 40855-2021 | English | 245 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Technical requirements and test methods for cybersecurity of remote service and management system for electric vehicles
| Valid |
Standards related to (historical): GB/T 40855-2021
PDF Preview
GB/T 40855-2021: PDF in English (GBT 40855-2021) GB/T 40855-2021
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 43.020
CCS T 40
Technical requirements and test methods for
cybersecurity of remote service and management
system for electric vehicles
ISSUED ON: OCTOBER 11, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 6
5 Information security requirements ... 6
5.1 Overall structure diagram ... 6
5.2 Security requirements for on-board terminal ... 7
5.3 Security requirements for communication between platforms ... 9
5.4 Security requirements for communication between on-board terminal and
platform ... 11
5.5 Platform security requirements ... 11
6 Test method ... 11
6.1 Overview ... 11
6.2 Requirements for on-board terminal information security test samples ... 12
6.3 On-board terminal information security test environment ... 12
6.4 On-board terminal information security test ... 13
6.5 Communication security test between platforms ... 18
6.6 Communication security test between on-board terminal and platform ... 19
Technical requirements and test methods for
cybersecurity of remote service and management
system for electric vehicles
1 Scope
This document specifies the requirements and test methods for cybersecurity
of remote service and management system for electric vehicles.
This document applies to data communication between the on-board terminals
of battery electric vehicles, plug-in hybrid electric vehicles and fuel-cell electric
vehicles, vehicle enterprise service and management platforms and public
service and management platforms.
2 Normative references
The contents of the following documents constitute the indispensable clauses
of this document through normative references in the text. For dated references,
only the version corresponding to that date is applicable to this document; for
undated references, the latest version (including all amendments) is applicable
to this document.
GB/T 19596, Terminology of electric vehicles
GB/T 32960.1-2016, Technical specifications of remote service and
management system for electric vehicles - Part 1: General principle
GB/T 32960.3-2016, Technical specifications of remote service and
management system for electric vehicles - Part 3: Communication protocol
and data format
3 Terms and definitions
Terms and definitions determined by GB/T 19596, GB/T 32960.1-2016, GB/T
32960.3-2016, and the following ones are applicable to this document.
3.1
Remote service and management system for electric vehicles
a) It shall be equipped with the ability to determine and authorize application
access and operation permissions to system resources;
b) Trusted verification should be carried out.
5.2.2.4 On-board terminal data storage
The data storage requirements of the on-board terminal are as follows:
a) The confidentiality and integrity of remote service and management data
that is stored in accordance with the requirements of GB/T 32960.3-2016
shall be guaranteed; cryptographic algorithms such as SM2, SM3, SM4,
AES, and RSA should be supported;
b) When storing and using the important security parameters of the on-board
terminal, only authorized applications shall be allowed to read and modify
them in an authorized manner.
5.2.2.5 On-board terminal network port transmission security
The security requirements of the on-board terminal network port transmission
are as follows:
a) The source address, destination address, source port, destination port and
protocol of the data packet shall be checked to decide whether to allow or
deny the data packet in and out;
b) It shall have the ability to determine whether to allow or deny access for
incoming and outgoing data flows according to the session state
information;
c) Access control shall be implemented for the data flow entering and leaving
the network port according to the application protocol and application
content;
d) Non-business-related network service ports shall be closed; access
control shall be performed on business-related network service ports;
e) The network data of attack behavior characteristics entering the on-board
terminal shall be identified, and the recognition rate shall not be less than
95%;
f) A private network or a virtual private network should be used for
communication, which shall be isolated from the public network;
g) It should have the ability to update and extend the security rules.
5.2.2.6 On-board terminal remote upgrades
If the on-board terminal is provided with the remote upgrade function, the on-
board terminal shall have an upgrade package verification mechanism to verify
the integrity of the upgrade package and the authenticity of the source.
5.2.2.7 On-board terminal log
The log function requirements of the on-board terminal are as follows:
a) Information security-related events that occur in the remote service
process of the on-board terminal, such as the detection of cyber-attacks,
shall be recorded;
b) The content of each information security event log information record shall
include but not limited to: date and time (accurate to the second), vehicle
unique identification code, and event type;
c) The integrity of the stored information security event log information shall
be guaranteed;
d) The confidentiality of the stored information security event log information
should be guaranteed;
e) The information security event log of the on-board terminal shall only be
allowed to read by authorized applications in an authorized manner;
f) There shall be an upload mechanism for information security event logs,
to use a secure communication protocol to send information security event
log information to the enterprise platform.
5.2.2.8 On-board terminal system security
The on-board terminal shall not have high-risk and higher security
vulnerabilities that were announced by authoritative vulnerability platforms 6
months ago and have not been dealt with.
Note: Disposal includes methods such as eliminating loopholes and formulating
mitigation measures.
5.3 Security requirements for communication between platforms
5.3.1 General requirements
The remote service and management system for electric vehicles shall meet
the confidentiality, integrity and availability requirements of the transmitted data.
The remote service and management system for electric vehicles shall perform
two-way authentication with the server platform before the client platform
performs platform login.
upgrading process.
5.3.4 Data unit encryption
The remote service and management data required by GB/T 32960.3-2016
includes at least the real-time information report data in 7.2 of GB/T 32960.3-
2016. The encryption requirements are as follows:
a) The data unit encryption method shall use SM4, AES whose key length is
not less than 128 bits, or other equivalent and higher-level cryptographic
algorithms;
b) The key to encrypt the data unit shall be different from the key that is used
in the secure communication protocol.
5.4 Security requirements for communication between on-board terminal
and platform
The communication from the on-board terminal to the platform shall meet the
two-way identity authentication and the confidentiality, integrity and availability
requirements of the transmitted data. When the on-board terminal reports the
real-time information report data required by GB/T 32960.3-2016 to the platform
in real time, it shall be encrypted according to 5.3.4. The secure communication
protocol from the on-board terminal to the platform should meet the technical
requirements of 5.3.3.
5.5 Platform security requirements
5.5.1 Enterprise service and management platform
The enterprise service and management platform shall monitor and manage
the information security of the on-board terminal, and shall be able to provide
on-board terminal-related data and traceability methods for information security
emergency response after information security problems occur to the on-board
terminal.
5.5.2 Public service and management platform
The public service and management platform can monitor the information
security status of the on-board terminal.
6 Test method
6.1 Overview
Information security test methods of the remote service and management
system for electric vehicles include information security technical document
According to the access method and address range description of the root of
trust storage area of the on-board terminal secure startup, use the software
debugging tool to destroy the signature data of the Bootloader. If the signature
data is successfully destroyed, use the secure flashing tool to flash the
Bootloader whose signature is destroyed; if it is successfully written to the
designated area in the on-board terminal, detect whether the on-board terminal
chip verifies the Bootloader signature, and stop loading the next-stage system
image when the verification is unsuccessful.
6.4.2.3 Bootloader anti-tampering test of the on-board terminal software
secure startup
According to the access method and address range description of the root of
trust storage area of the on-board terminal secure startup, try to use software
debugging tools to tamper or replace the stored data in the Bootloader area;
detect whether the on-board terminal prohibits writing the tampered or replaced
Bootloader to the designated area within the on-board terminal.
6.4.2.4 System mirror image verification test of the on-board terminal
secure startup
Use software debugging tools to destroy the signature data of the system mirror
image; write the system mirror image whose signature is destroyed to the
designated area in the on-board terminal; check whether the on-board terminal
verifies the system mirror image signature, and stop working when the
verification is unsuccessful.
6.4.3 On-board terminal software system information security test
6.4.3.1 On-board terminal software system access control test
Create a software application without added access control rights in
accordance with the access control rules; use the software application without
added access control rights to try to access the protected software application
resources; detect whether the protected software application resources can be
accessed.
6.4.3.2 Test of root of trust storage area of on-board terminal software
system
According to the access method and address range description of the root of
trust storage area of the on-board terminal secure startup, use the software
debugging tool to write data into the root of trust storage area of the software
system; verify whether the data can be written into the storage area repeatedly.
6.4.3.3 Trusted verification test of on-board terminal software system
Use software debugging tools to destroy the protected key code segment of the
system mirror image; write the destroyed system mirror image into the on-board
terminal; check whether the on-board terminal that is loaded with the damaged
system mirror image can work normally.
6.4.4 On-board terminal data storage information security test
6.4.4.1 On-board terminal data storage confidentiality test
Use software analysis tools to read the contents of the area that stores remote
service and management data; check whether it is ciphertext storage.
6.4.4.2 On-board terminal data storage integrity test
Use an unauthorized application to read the contents of the area that stores
remote service and management data; check whether it can be modified; if it
can be modified, check whether the terminal can still call the data normally after
the modification.
6.4.4.3 Information security test of important security parameters of on-
board terminal
Use an unauthorized application to read the important security parameters of
the system data area, to test whether it can be read or used.
6.4.5 On-board terminal network port transmission information security
test
6.4.5.1 On-board terminal network port access control strategy
information security check
6.4.5.1.1 On-board terminal network port control strategy information
security check
Check whether the source address, destination address, source port,
destination port, protocol and other related configuration parameters are set in
the access control policy of the device.
6.4.5.1.2 On-board terminal network port data flow control strategy
information security check
Check whether a mechanism such as session authentication is used to provide
the ability to explicitly allow or deny access for incoming and outgoing data flow.
6.4.5.2 On-board terminal network port access control strategy test
Set the access control policy that meets the standard requirements on the
tested sample; detect packets that do not meet the policy requirements to the
Download the upgrade package of unauthorized signatures to the designated
area of the on-board terminal; issue the upgrade package upgrade instruction;
detect whether the on-board terminal performs authorization verification when
loading the upgrade package.
6.4.7 Information security test of on-board terminal log function
6.4.7.1 Information security check of on-board terminal log function
According to the description of the on-board terminal security event log
recording rules, check whether the content of the on-board terminal log
information record includes but is not limited to the date and time, subject
identity, event type, event result and other components.
6.4.7.2 Confidentiality information security test of on-board terminal log
function
According to the description of the log storage area and address range of the
on-board terminal, use the log analysis tool to read the content of the log
function area and detect whether it is ciphertext storage.
6.4.7.3 Integrity information security test of on-board terminal log function
According to the description of the log storage area and address range of the
on-board terminal, use an unauthorized application to read the contents of the
log function area, and check whether it can be modified; if it can be modified,
check whether the log can still be read normally after the modification.
6.4.7.4 Access authority information security test of on-board terminal log
function
According to the description of the log storage area and address range of the
on-board terminal, use an unauthorized user application to access the audit
information storage area; detect whether the access is successful.
6.4.7.5 Upload information security test of on-board terminal log function
Connect the on-board terminal to the test network; use the attack case to carry
out a malicious attack on the on-board terminal; check whether the security
attack event log can be retrieved on the enterprise platform after the attack is
over.
6.4.8 On-board terminal system information security test
Detect the system information security of the on-board terminal by the following
methods:
a) Use vulnerability scanning tools to perform vulnerability detection of the
on-board terminal; detect whether there are high-risk and above security
vulnerabilities announced by the authoritative vulnerability platform 6
months ago;
b) If there are high-risk and above security vulnerabilities, check whether the
manufacturer provides a solution for the vulnerabilities.
6.5 Communication security test between platforms
6.5.1 Verification of certification mechanism
Check whether there is an authentication mechanism for communication
access between platforms.
6.5.2 Communication confidentiality transmission test
Use network monitoring tools to monitor network transmission data; detect
whether the data transmitted between the enterprise service and management
platform and the public service and management platform is ciphertext.
6.5.3 Communication integrity transmission test
After destroying the data reported by the on-board terminal, detect whether the
transmission between the enterprise service and management platform and the
public service and management platform fails.
6.5.4 Network port redundancy and unauthorized access test
Scan the network port of the enterprise service and management platform
through the network scanning tool:
a) Detect whether the enterprise service and management platform open
redundant network ports that are not required for business;
b) Under unauthorized network conditions, use external network tools to
detect whether an unauthorized access connection can be established for
an open network port.
6.5.5 Verification of protocol version
Check whether the secure communication protocol is TLS 1.2 or above, and
whether downgrade is allowed, such as downgrading to TLS 1.1, TLS 1.0 or
SSL 3.0, SSL 2.0.
6.5.6 Protocol function verification
Check whether the secure communication protocol disables TLS session
renegotiation and TLS compression.
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|