HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (29 Sep 2024)

GB/T 40855-2021 PDF in English


GB/T 40855-2021 (GB/T40855-2021, GBT 40855-2021, GBT40855-2021)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 40855-2021English245 Add to Cart 0-9 seconds. Auto-delivery. Technical requirements and test methods for cybersecurity of remote service and management system for electric vehicles Valid
Standards related to (historical): GB/T 40855-2021
PDF Preview

GB/T 40855-2021: PDF in English (GBT 40855-2021)

GB/T 40855-2021 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 43.020 CCS T 40 Technical requirements and test methods for cybersecurity of remote service and management system for electric vehicles ISSUED ON: OCTOBER 11, 2021 IMPLEMENTED ON: MAY 01, 2022 Issued by: State Administration for Market Regulation; Standardization Administration of the People’s Republic of China. Table of Contents Foreword ... 3  1 Scope ... 4  2 Normative references ... 4  3 Terms and definitions ... 4  4 Abbreviations ... 6  5 Information security requirements ... 6  5.1 Overall structure diagram ... 6  5.2 Security requirements for on-board terminal ... 7  5.3 Security requirements for communication between platforms ... 9  5.4 Security requirements for communication between on-board terminal and platform ... 11  5.5 Platform security requirements ... 11  6 Test method ... 11  6.1 Overview ... 11  6.2 Requirements for on-board terminal information security test samples ... 12  6.3 On-board terminal information security test environment ... 12  6.4 On-board terminal information security test ... 13  6.5 Communication security test between platforms ... 18  6.6 Communication security test between on-board terminal and platform ... 19  Technical requirements and test methods for cybersecurity of remote service and management system for electric vehicles 1 Scope This document specifies the requirements and test methods for cybersecurity of remote service and management system for electric vehicles. This document applies to data communication between the on-board terminals of battery electric vehicles, plug-in hybrid electric vehicles and fuel-cell electric vehicles, vehicle enterprise service and management platforms and public service and management platforms. 2 Normative references The contents of the following documents constitute the indispensable clauses of this document through normative references in the text. For dated references, only the version corresponding to that date is applicable to this document; for undated references, the latest version (including all amendments) is applicable to this document. GB/T 19596, Terminology of electric vehicles GB/T 32960.1-2016, Technical specifications of remote service and management system for electric vehicles - Part 1: General principle GB/T 32960.3-2016, Technical specifications of remote service and management system for electric vehicles - Part 3: Communication protocol and data format 3 Terms and definitions Terms and definitions determined by GB/T 19596, GB/T 32960.1-2016, GB/T 32960.3-2016, and the following ones are applicable to this document. 3.1 Remote service and management system for electric vehicles a) It shall be equipped with the ability to determine and authorize application access and operation permissions to system resources; b) Trusted verification should be carried out. 5.2.2.4 On-board terminal data storage The data storage requirements of the on-board terminal are as follows: a) The confidentiality and integrity of remote service and management data that is stored in accordance with the requirements of GB/T 32960.3-2016 shall be guaranteed; cryptographic algorithms such as SM2, SM3, SM4, AES, and RSA should be supported; b) When storing and using the important security parameters of the on-board terminal, only authorized applications shall be allowed to read and modify them in an authorized manner. 5.2.2.5 On-board terminal network port transmission security The security requirements of the on-board terminal network port transmission are as follows: a) The source address, destination address, source port, destination port and protocol of the data packet shall be checked to decide whether to allow or deny the data packet in and out; b) It shall have the ability to determine whether to allow or deny access for incoming and outgoing data flows according to the session state information; c) Access control shall be implemented for the data flow entering and leaving the network port according to the application protocol and application content; d) Non-business-related network service ports shall be closed; access control shall be performed on business-related network service ports; e) The network data of attack behavior characteristics entering the on-board terminal shall be identified, and the recognition rate shall not be less than 95%; f) A private network or a virtual private network should be used for communication, which shall be isolated from the public network; g) It should have the ability to update and extend the security rules. 5.2.2.6 On-board terminal remote upgrades If the on-board terminal is provided with the remote upgrade function, the on- board terminal shall have an upgrade package verification mechanism to verify the integrity of the upgrade package and the authenticity of the source. 5.2.2.7 On-board terminal log The log function requirements of the on-board terminal are as follows: a) Information security-related events that occur in the remote service process of the on-board terminal, such as the detection of cyber-attacks, shall be recorded; b) The content of each information security event log information record shall include but not limited to: date and time (accurate to the second), vehicle unique identification code, and event type; c) The integrity of the stored information security event log information shall be guaranteed; d) The confidentiality of the stored information security event log information should be guaranteed; e) The information security event log of the on-board terminal shall only be allowed to read by authorized applications in an authorized manner; f) There shall be an upload mechanism for information security event logs, to use a secure communication protocol to send information security event log information to the enterprise platform. 5.2.2.8 On-board terminal system security The on-board terminal shall not have high-risk and higher security vulnerabilities that were announced by authoritative vulnerability platforms 6 months ago and have not been dealt with. Note: Disposal includes methods such as eliminating loopholes and formulating mitigation measures. 5.3 Security requirements for communication between platforms 5.3.1 General requirements The remote service and management system for electric vehicles shall meet the confidentiality, integrity and availability requirements of the transmitted data. The remote service and management system for electric vehicles shall perform two-way authentication with the server platform before the client platform performs platform login. upgrading process. 5.3.4 Data unit encryption The remote service and management data required by GB/T 32960.3-2016 includes at least the real-time information report data in 7.2 of GB/T 32960.3- 2016. The encryption requirements are as follows: a) The data unit encryption method shall use SM4, AES whose key length is not less than 128 bits, or other equivalent and higher-level cryptographic algorithms; b) The key to encrypt the data unit shall be different from the key that is used in the secure communication protocol. 5.4 Security requirements for communication between on-board terminal and platform The communication from the on-board terminal to the platform shall meet the two-way identity authentication and the confidentiality, integrity and availability requirements of the transmitted data. When the on-board terminal reports the real-time information report data required by GB/T 32960.3-2016 to the platform in real time, it shall be encrypted according to 5.3.4. The secure communication protocol from the on-board terminal to the platform should meet the technical requirements of 5.3.3. 5.5 Platform security requirements 5.5.1 Enterprise service and management platform The enterprise service and management platform shall monitor and manage the information security of the on-board terminal, and shall be able to provide on-board terminal-related data and traceability methods for information security emergency response after information security problems occur to the on-board terminal. 5.5.2 Public service and management platform The public service and management platform can monitor the information security status of the on-board terminal. 6 Test method 6.1 Overview Information security test methods of the remote service and management system for electric vehicles include information security technical document According to the access method and address range description of the root of trust storage area of the on-board terminal secure startup, use the software debugging tool to destroy the signature data of the Bootloader. If the signature data is successfully destroyed, use the secure flashing tool to flash the Bootloader whose signature is destroyed; if it is successfully written to the designated area in the on-board terminal, detect whether the on-board terminal chip verifies the Bootloader signature, and stop loading the next-stage system image when the verification is unsuccessful. 6.4.2.3 Bootloader anti-tampering test of the on-board terminal software secure startup According to the access method and address range description of the root of trust storage area of the on-board terminal secure startup, try to use software debugging tools to tamper or replace the stored data in the Bootloader area; detect whether the on-board terminal prohibits writing the tampered or replaced Bootloader to the designated area within the on-board terminal. 6.4.2.4 System mirror image verification test of the on-board terminal secure startup Use software debugging tools to destroy the signature data of the system mirror image; write the system mirror image whose signature is destroyed to the designated area in the on-board terminal; check whether the on-board terminal verifies the system mirror image signature, and stop working when the verification is unsuccessful. 6.4.3 On-board terminal software system information security test 6.4.3.1 On-board terminal software system access control test Create a software application without added access control rights in accordance with the access control rules; use the software application without added access control rights to try to access the protected software application resources; detect whether the protected software application resources can be accessed. 6.4.3.2 Test of root of trust storage area of on-board terminal software system According to the access method and address range description of the root of trust storage area of the on-board terminal secure startup, use the software debugging tool to write data into the root of trust storage area of the software system; verify whether the data can be written into the storage area repeatedly. 6.4.3.3 Trusted verification test of on-board terminal software system Use software debugging tools to destroy the protected key code segment of the system mirror image; write the destroyed system mirror image into the on-board terminal; check whether the on-board terminal that is loaded with the damaged system mirror image can work normally. 6.4.4 On-board terminal data storage information security test 6.4.4.1 On-board terminal data storage confidentiality test Use software analysis tools to read the contents of the area that stores remote service and management data; check whether it is ciphertext storage. 6.4.4.2 On-board terminal data storage integrity test Use an unauthorized application to read the contents of the area that stores remote service and management data; check whether it can be modified; if it can be modified, check whether the terminal can still call the data normally after the modification. 6.4.4.3 Information security test of important security parameters of on- board terminal Use an unauthorized application to read the important security parameters of the system data area, to test whether it can be read or used. 6.4.5 On-board terminal network port transmission information security test 6.4.5.1 On-board terminal network port access control strategy information security check 6.4.5.1.1 On-board terminal network port control strategy information security check Check whether the source address, destination address, source port, destination port, protocol and other related configuration parameters are set in the access control policy of the device. 6.4.5.1.2 On-board terminal network port data flow control strategy information security check Check whether a mechanism such as session authentication is used to provide the ability to explicitly allow or deny access for incoming and outgoing data flow. 6.4.5.2 On-board terminal network port access control strategy test Set the access control policy that meets the standard requirements on the tested sample; detect packets that do not meet the policy requirements to the Download the upgrade package of unauthorized signatures to the designated area of the on-board terminal; issue the upgrade package upgrade instruction; detect whether the on-board terminal performs authorization verification when loading the upgrade package. 6.4.7 Information security test of on-board terminal log function 6.4.7.1 Information security check of on-board terminal log function According to the description of the on-board terminal security event log recording rules, check whether the content of the on-board terminal log information record includes but is not limited to the date and time, subject identity, event type, event result and other components. 6.4.7.2 Confidentiality information security test of on-board terminal log function According to the description of the log storage area and address range of the on-board terminal, use the log analysis tool to read the content of the log function area and detect whether it is ciphertext storage. 6.4.7.3 Integrity information security test of on-board terminal log function According to the description of the log storage area and address range of the on-board terminal, use an unauthorized application to read the contents of the log function area, and check whether it can be modified; if it can be modified, check whether the log can still be read normally after the modification. 6.4.7.4 Access authority information security test of on-board terminal log function According to the description of the log storage area and address range of the on-board terminal, use an unauthorized user application to access the audit information storage area; detect whether the access is successful. 6.4.7.5 Upload information security test of on-board terminal log function Connect the on-board terminal to the test network; use the attack case to carry out a malicious attack on the on-board terminal; check whether the security attack event log can be retrieved on the enterprise platform after the attack is over. 6.4.8 On-board terminal system information security test Detect the system information security of the on-board terminal by the following methods: a) Use vulnerability scanning tools to perform vulnerability detection of the on-board terminal; detect whether there are high-risk and above security vulnerabilities announced by the authoritative vulnerability platform 6 months ago; b) If there are high-risk and above security vulnerabilities, check whether the manufacturer provides a solution for the vulnerabilities. 6.5 Communication security test between platforms 6.5.1 Verification of certification mechanism Check whether there is an authentication mechanism for communication access between platforms. 6.5.2 Communication confidentiality transmission test Use network monitoring tools to monitor network transmission data; detect whether the data transmitted between the enterprise service and management platform and the public service and management platform is ciphertext. 6.5.3 Communication integrity transmission test After destroying the data reported by the on-board terminal, detect whether the transmission between the enterprise service and management platform and the public service and management platform fails. 6.5.4 Network port redundancy and unauthorized access test Scan the network port of the enterprise service and management platform through the network scanning tool: a) Detect whether the enterprise service and management platform open redundant network ports that are not required for business; b) Under unauthorized network conditions, use external network tools to detect whether an unauthorized access connection can be established for an open network port. 6.5.5 Verification of protocol version Check whether the secure communication protocol is TLS 1.2 or above, and whether downgrade is allowed, such as downgrading to TLS 1.1, TLS 1.0 or SSL 3.0, SSL 2.0. 6.5.6 Protocol function verification Check whether the secure communication protocol disables TLS session renegotiation and TLS compression. ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.