HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GB/T 40857-2021 PDF English

US$260.00 · In stock · Download in 9 seconds
GB/T 40857-2021: Technical requirements and test methods for cybersecurity of vehicle gateway
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 40857-2021English260 Add to Cart 0-9 seconds. Auto-delivery Technical requirements and test methods for cybersecurity of vehicle gateway Valid

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 40857-2021
      

Similar standards

GB/T 40855   GB/T 40861   GB/T 40856   

GB/T 40857-2021: Technical requirements and test methods for cybersecurity of vehicle gateway

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT40857-2021
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 43.020 CCS T 40 Technical requirements and test methods for cyber security of vehicle gateway Issued on. OCTOBER 11, 2021 Implemented on. MAY 01, 2022 Issued by. State Administration for Market Regulation; Standardization Administration of the People's Republic of China.

Table of Contents

Foreword... 3 1 Scope... 4 2 Normative references... 4 3 Terms and definitions... 4 4 Abbreviations... 5 5 Vehicle gateway network topology... 6 5.1 CAN gateway... 6 5.2 Ethernet gateway... 6 5.3 Hybrid gateway... 7 6 Technical requirements... 7 6.1 Hardware cyber security requirements... 7 6.2 Communication cyber security requirements... 7 6.3 Firmware cyber security requirements... 9 6.4 Data cyber security requirements... 10 7 Test methods... 11 7.1 Hardware cyber security test... 11 7.2 Communication cyber security test... 11 7.3 Firmware cyber security test... 13 7.4 Data cyber security test... 14 Annex A (informative) Example of vehicle gateway topology... 16 Annex B (informative) Examples of typical attacks... 18 Bibliography... 21

1 Scope

This Standard specifies cyber security technical requirements and test methods for vehicle gateway product hardware, communication, firmware, data. This Standard is applicable to the design and implementation of cyber security of vehicle gateway products. It is also applicable to product testing, evaluation and management.

2 Normative references

The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 25069, Information security technology - Glossary GB/T 37935-2019, Information security technology - Trusted computing specification - Trusted software base GB/T 40861, General technical requirements for vehicle cybersecurity

3 Terms and definitions

For the purposes of this document, the terms and definitions defined in GB/T 25069, GB/T 37935-2019, GB/T 40861 as well as the followings apply. 3.1 vehicle gateway an electronic control unit of which the main function is to safely and reliably forward and transmit data between multiple networks in the vehicle 3.2 backdoor An aisle that can bypass the control of security mechanisms such as system authentication and enter the information system. 3.3 entity of root of trust A functional module that is used to support the establishment and transmission of the trust chain of the trusted computing platform that can provide external services such as integrity measurement, secure storage, and cryptographic computing.

4 Abbreviations

The following abbreviations apply to this Standard. ACL Access Control Lists ARP Address Resolution Protocol CAN Controller Area Network CAN-FD CAN with Flexible Data-rate DLC Data Length Code DoS Denial of Service ECU Electronic Control Unit ICMP Internet Control Message Protocol IP Internet Protocol JTAG Joint Test Action Group LIN Local Interconnect Network MAC Media Access Control MOST Media Oriented System Transport OBD On-Board Diagnostics PCB Printed Circuit Board

5 Vehicle gateway network topology

5.1 CAN gateway In the in-vehicle network structure based on CAN and/or CAN-FD bus, most ECUs and domain controllers communicate via CAN and/or CAN-FD buses. The vehicle gateways in this type of structure mainly have CAN and/or CAN- FD bus interfaces, which can be called CAN gateways. 5.2 Ethernet gateway In the Ethernet-based in-vehicle network structure, most ECUs and domain controllers communicate through Ethernet. 5.3 Hybrid gateway In part of the new generation of in-vehicle network structure, some ECUs and domain controllers communicate through Ethernet, while the other part of ECUs and domain controllers still communicate through traditional communication protocols (for example. CAN, CAN-FD, LIN, MOST).

6 Technical requirements

6.1 Hardware cyber security requirements 6.1.1 Test according to 7.1a). The gateway shall not have backdoors or hidden interfaces. 6.1.2 Test according to 7.1b). The debugging interface of the gateway shall be disabled or set up security access control. 6.2 Communication cyber security requirements 6.2.1 CAN gateway communication cyber security requirements 6.2.1.1 Access control The gateway shall establish a communication matrix between each CAN network. Establish an access control strategy based on CAN data frame identifier (CANID). After testing according to 7.2.1a), the data frame sent by the source port shall be detected at the destination port specified in the list. After testing according to 7.2.1b), data frames that do not meet the definition shall be discarded or logged. 6.2.1.2 Denial of service attack detection The gateway shall perform CAN bus DoS attack detection on the CAN channel of the vehicle's external communication interface (for example. the channel connected to the OBD-II port and the channel connected to the vehicle information interaction system). 6.2.1.3 Data frame health detection The gateway shall check the data frame according to the signal definition in the communication matrix. The checking content includes DLC field, signal value validity. Test according to 7.2.1e), f). Discard or log data frames that do not meet the definition of the communication matrix. 6.2.1.4 Data frame anomaly detection The gateway shall have a data frame abnormality detection function, that is, the mechanism for checking and recording the sending and receiving relationship between data frames is tested in accordance with 7.2.1g). Discard or log the abnormal data frames. 6.2.1.5 UDS session detection The gateway shall check whether the CAN channel initiated by the UDS session is normal. Test according to 7.2.1h). Intercept or log conversations initiated by abnormal channels. 6.2.2 Ethernet gateway communication cyber security requirements 6.2.2.1 Network domain The gateway shall support network division. Test according to 7.2.2a). Discard packets that do not conform to the network domain. Example. Use VLAN to separate different domains in the vehicle network. 6.2.3 Cyber security requirements for hybrid gateway communication For hybrid gateways, the cyber security requirements for CAN communication and Ethernet communication shall meet the requirements of 6.2.1 and 6.2.2 respectively. 6.3 Firmware cyber security requirements 6.3.1 Safe startup The gateway shall have the function of safe startup, which can protect the trusted root used for secure startup through the entity of root of trust. Test according to 7.3a), b), c). The trusted root, Bootloader program and system firmware of the gateway shall not be tampered with, or the gateway cannot start normally after being tampered. 6.3.2 Security log If the gateway has a security log function, it meets the following requirements. 6.3.3 Security breach Test according to 7.3j). The gateway shall not have high-risk and higher security vulnerabilities announced by the authoritative vulnerability platform 6 months ago that have not been dealt with. 6.4 Data cyber security requirements The important safety parameters in the gateway shall be stored and processed in a safe manner. Prevent unauthorized access, modification, deletion and retrieval. Test according to 7.4.

7 Test methods

7.1 Hardware cyber security test The gateway hardware cyber security test is carried out in sequence according to the following procedures and requirements. 7.2 Communication cyber security test 7.2.1 CAN gateway communication cyber security test The CAN gateway communication cyber security test is carried out in sequence according to the following procedures and requirements. a) Set the access control strategy specified in 6.2.1.1 (if the access control strategy of the tested sample cannot be modified through the software configuration, the sample sender will provide a list of preset access control strategies). The detection device sends data frames that comply with the policy to the source port specified in the list. Detect the received data frame at the destination port specified in the list. b) Set the access control strategy specified in 6.2.1.1 (if the access control strategy of the tested sample cannot be modified through the software configuration, the sample sender will provide a list of preset access control strategies). The detection device sends data frames that do not comply with the policy to the source port specified in the list. Detect the received data frame at the destination port specified in the list, and collect sample logs. c) The sender confirms that the gateway is connected to the CAN channel of the vehicle's external communication interface. The detection device sends a flood attack data frame conforming to the communication matrix with a bus load rate greater than 80% on this channel. Detect the received data frame at the designated destination port and collect sample logs. If there are multiple channels of this type, they are tested separately in turn. 7.3 Firmware cyber security test The cyber security test of the gateway system is carried out in sequence according to the following procedures and requirements. a) Anti-tampering test of root of trust for secure startup of gateway. b) Verification test of secure startup Bootloader program of gateway. c) Verification test of secure startup system firmware of gateway. d) If the tested gateway has a security log recording function, check the logs generated by the tested samples in turn and execute 7.2. e) If the tested gateway has a security log recording function, try to change the cyber security settings of the tested sample (such as modifying the access control list). Check the generated log. 7.4 Data cyber security test The gateway data cyber security test is carried out in sequence according to the following procedures and requirements. a) Testers try to crack the authorized access control of the gateway security zone or security module (for example. use brute force cracking or dictionary cracking to try to crack the access password of the security zone or security module); b) The sender of the tested sample provides the address range of the secure storage area inside the gateway or the access method of the security module. Testers use software tools authorized by the sender. Attempt to read access to the secure area or security module; c) Testers use software tools or access methods that are not authorized by the sender. Attempt to read and write to the security zone or security module. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 40857-2021 be delivered?

Answer: The full copy PDF of English version of GB/T 40857-2021 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 40857-2021_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 40857-2021_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 40857-2021 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 40857-2021?

A step-by-step guide to download PDF of GB/T 40857-2021_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 40857-2021".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9