Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This document is developed in accordance with the rules given in GB/T 1.1-2020 Directives for standardization - Part 1: Rules for the structure and drafting of standardizing documents.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing body of this document shall not be held responsible for identifying any or all such patent rights.
This document was proposed by the Ministry of Industry and Information Technology of the People's Republic of China.
This document is under the jurisdiction of the National Technical Committee of Auto Standardization (SAC/TC 114).
Technical requirements and test methods for cybersecurity of on-board information interactive system
1 Scope
This document specifies the information security technical requirements and test methods for hardware, communication protocols and interfaces, operating system, application software and data of on-board information interactive system.
This document is applicable to guiding enterprises such as complete vehicle manufacturers, parts and components suppliers and software suppliers, to carry out the design, development, verification and production of information security technology for on-board information interactive system.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069 Information security technology - Glossary
GB/T 40861 General cybersecurity technical requirements for road vehicles
GM/T 0005-2012 Randomness test specification
3 Terms and definitions
For the purposes of this standard, the terms and definitions specified in GB/T 25069 and GB/T 40861 as well as the followings apply.
3.1
on-board information interactive system
communication system installed on the vehicle, which has at least one of the following functions:
a) external functions of establishing connection and exchanging data through cellular network, short-distance communication and other communication technologies as well as those in internal terms of information acquisition, data transmission and instruction issuance through vehicle bus and electronic and electrical system;
b) related service functions such as realizing call, recording, navigation and entertainment
Note 1: The on-board information interactive system is generally a remote on-board information interactive system (T-Box), an on-board integrated information processing system (IVI) and a mixture thereof.
Note 2: The schematic diagram for a typical on-board information interactive system is shown in Figure A.1 in Annex A.
3.2
external communication
wireless communication between on-board information interactive system and vehicle exterior
Note: Including telecommunication based on mobile cellular network, Bluetooth, WLAN and other short-distance communication.
3.3
internal communication
communication between on-board information interactive system and in-vehicle electronic and electrical system
Note: Including the internal communication based on CAN, CAN-FD, LIN, on-board Ethernet, etc.
3.4
user
object using the resources of on-board information interactive system
Note: Including people, vehicles or third-party applications.
3.5
user data
data generated by or serving users
Note: Such data does not affect the operation of security functions.
3.6
code signing
mechanism for signing all or part of codes by an entity with signing authority using digital signature mechanism
3.7
application software
software on the on-board information interactive system for realizing functions such as payment and entertainment
Note: Including application software pre-installed and those installable in the on-board information interactive system
3.8
platform server
platform providing services for vehicles
Note: Including enterprise independent operation platforms, third-party platforms, etc.
3.9
external terminal
terminal device outside the vehicle
Note: Including road side units, cell phones, etc.
3.10
on-board public telecommunication protocol
standard communication protocol suitable for on-board information interactive system, which is adopted or approved by an international or national standardization organization
Note: Including HTTP, FTP, etc.
3.11
on-board private telecommunication protocol
communication protocol (in addition to communication protocols such as HTTP and FTP) customized between the complete vehicle manufacturer or parts and components manufacturer and the TSP, which is suitable for the on-board information interactive system
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
CAN: Controller Area Network
CAN-FD: Control Area Network-flexible data
ECU: Electronic Control Unit
E-Call: Emergency Call
FTP: File Transfer Protocol
HTTP: Hypertext Transfer Protocol
ID: Identifier
JTAG: Joint Test Action Group
LE: Low Energy
LIN: Local Interconnect Network
PCB: Printed Circuit Board
PSK: Pre-Shared Key
SPI: Serial Peripheral Interface
SSP: Secure Simple Pairing
SU: Switch User
TLS: Transport Layer Security
TSP: Telematics Service Provider
UART: Universal Asynchronous Receiver/Transmitter
URL: Uniform Resource Locator
USB: Universal Serial Bus
WLAN: Wireless Local Area Networks
WPA: WLAN Protected Access
5 Technical requirements
5.1 Hardware security requirements
5.1.1 The chip used in the on-board information interactive system shall meet the following requirements:
a) test according to 6.1 a), and the debugging interface shall be disabled or set up with security access control;
b) test according to 6.1 b), and no backdoor or hidden interface is available.
5.1.2 Test according to 6.1 c), and the exposed pins of key chips of processors, memory modules, communication IC, etc. used for processing, storing and transmitting personal sensitive information and security chips used in the on-board information interactive system shall be reduced.
5.1.3 Test according to 6.1 d), and the number of exposed communication lines between the key chips used for on-board information interactive system (for example, the on-board information interactive system using multi-layer circuit board may hide the communication lines by inner wiring) shall be reduced.
5.1.4 Test according to 6.1 e), and circuit boards and chips should not expose the readable screen printing for labeling port and pin functions.
5.2 Communication protocol and interface security requirements
5.2.1 External communication security
5.2.1.1 Communication connection security
Test according to 6.2.1.1 a), and the on-board information interactive system shall realize the identity authentication of the platform server or the external terminal. After successful identity authentication, test according to 6.2.1.1 b), and the on-board information interactive system can carry out communication interaction of business data with the platform server or the external terminal.
5.2.1.2 Communication transmission security
Test according to 6.2.1.2, and the data content transmitted between the on-board information interactive system and the platform server or the external terminal shall be encrypted, and national cryptographic algorithm should be used.
5.2.1.3 Communication response termination security
The on-board information interactive system shall meet the following requirements during communication:
a) test according to 6.2.1.3 a), and when the verification of data content fails, the response operation shall be terminated;
b) test according to 6.2.1.3 b), and when the identity authentication fails, the response operation shall be terminated.
5.2.1.4 Telecommunication protocol security
5.2.1.4.1 On-board public telecommunication protocol security
The on-board public telecommunication protocol is tested according to 6.2.1.4.1, and shall be of TLS version 1.2 or above or at least the same security level.
5.2.1.4.2 On-board private telecommunication protocol security
The on-board private telecommunication protocol shall meet the following requirements:
a) test according to 6.2.1.4.2 a), and support the data encryption key update in a secure manner;
b) test according to 6.2.1.4.2 b), and the key used shall be transmitted securely.
5.2.1.5 Short-distance communication protocol security
5.2.1.5.1 Short-distance communication password application security
The short-distance communication password application security shall meet the following requirements:
a) test according to 6.2.1.5.1 a), and the default password shall be highly complex password which at least includes Arabic numerals, uppercase and lowercase Latin alphabets with a length of at least digits;
Note: Bluetooth is not limited to the above requirements.
b) test according to 6.2.1.5.1 b), and different default passwords shall be used for different on-board information interactive systems;
c) test according to 6.2.1.5.1 c) and, when changing the password, the user shall be limited to set the password required by a) or risks shall be prompted to the user;
Note: Bluetooth is not limited to the above requirements.
d) test according to 6.2.1.5.1 d) and, for login authentication of human-machine interface or interface between different on-board information interactive systems across trust network, the mechanism against password brute force attack shall be supported and, when testing according to 6.2.1.5.1 e), the password file shall be set up with security access control.
5.2.1.5.2 On-board Bluetooth communication protocol security
The on-board information interactive system with on-board Bluetooth communication function shall meet the following requirements:
a) test according to 6.2.1.5.2 a), and no backdoor shall be available for the on-board information interactive system;
b) test according to 6.2.1.5.2 b), and the mode for external device requiring pairing with on-board Bluetooth shall be SSP mode in Classic case or LE Secure Connection mode in LE case;
c) test according to 6.2.1.5.2 c), and the on-board information interactive system shall verify the pairing request;
d) for the on-board Bluetooth communication function with high security requirements (e.g., non-contact control of vehicles by Bluetooth), test according to 6.2.1.5.2 d), and the access authority of external device shall be controlled to prevent illegal access;
e) for the on-board Bluetooth communication function with high security requirements (e.g., non-contact control of vehicles by Bluetooth), test according to 6.2.1.5.2 e), and the relevant data shall be encrypted.
5.2.1.5.3 On-board WLAN communication protocol security
For the on-board information interactive system with WLAN hotspot function, test according to 6.2.1.5.3, and WPA2-PSK or encryption authentication method of higher security level shall be used.
5.2.2 Internal communication security
When the on-board information interactive system conducts data interaction with other controller nodes in the vehicle through buses such as CAN or on-board Ethernet, test according to 6.2.2, and the security mechanism shall be used to ensure the integrity and availability of important data transmitted such as vehicle control instructions.
5.2.3 Communication interface security
5.2.3.1 General requirements
The communication interface of the on-board information interactive system shall meet the following requirements:
a) test according to 6.2.3.1 a), and no backdoor or hidden interface shall be available;
b) test according to 6.2.3.1 b), and the contents requiring authorization such as access authority shall not exceed the normal business scope.
5.2.3.2 Security of communication interface outside the vehicle
5.2.3.2.1 Test according to 6.2.3.2 a), and the on-board information interactive system shall support route isolation to isolate the communication of core service platforms performing functions such as controlling vehicle instructions and collecting personal sensitive information, internal communication of non-core service platforms in internal communication and Internet communication of non-core service platforms in external communication, etc.
Note: Non-core service platforms refer to service platforms other than core service platforms.
5.2.3.2.2 Test according to 6.2.3.2 b), the communication between the on-board information interactive system and the core service platform capable of performing functions of controlling vehicle instructions and collecting personal sensitive information should be conducted through private network or virtual private network so as to be isolated from public network.
5.2.3.3 Security of communication interface inside the vehicle
The on-board information interactive system shall meet the following requirements:
a) test according to 6.2.3.3 a), and whitelist shall be set for legal instructions;
b) test according to 6.2.3.3 b), and the bus control instruction source shall be verified.
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Technical requirements
5.1 Hardware security requirements
5.2 Communication protocol and interface security requirements
5.3 Operating system security requirements
5.4 Application software security requirements
5.5 Data security requirements
6 Test methods
6.1 Hardware security test
6.2 Test for security of communication protocol and interface
6.3 Test for operating system security
6.4 Test for application software security
6.5 Test for data security
Annex A (Informative) Schematic diagram for on-board information interactive system
Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This document is developed in accordance with the rules given in GB/T 1.1-2020 Directives for standardization - Part 1: Rules for the structure and drafting of standardizing documents.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing body of this document shall not be held responsible for identifying any or all such patent rights.
This document was proposed by the Ministry of Industry and Information Technology of the People's Republic of China.
This document is under the jurisdiction of the National Technical Committee of Auto Standardization (SAC/TC 114).
Technical requirements and test methods for cybersecurity of on-board information interactive system
1 Scope
This document specifies the information security technical requirements and test methods for hardware, communication protocols and interfaces, operating system, application software and data of on-board information interactive system.
This document is applicable to guiding enterprises such as complete vehicle manufacturers, parts and components suppliers and software suppliers, to carry out the design, development, verification and production of information security technology for on-board information interactive system.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069 Information security technology - Glossary
GB/T 40861 General cybersecurity technical requirements for road vehicles
GM/T 0005-2012 Randomness test specification
3 Terms and definitions
For the purposes of this standard, the terms and definitions specified in GB/T 25069 and GB/T 40861 as well as the followings apply.
3.1
on-board information interactive system
communication system installed on the vehicle, which has at least one of the following functions:
a) external functions of establishing connection and exchanging data through cellular network, short-distance communication and other communication technologies as well as those in internal terms of information acquisition, data transmission and instruction issuance through vehicle bus and electronic and electrical system;
b) related service functions such as realizing call, recording, navigation and entertainment
Note 1: The on-board information interactive system is generally a remote on-board information interactive system (T-Box), an on-board integrated information processing system (IVI) and a mixture thereof.
Note 2: The schematic diagram for a typical on-board information interactive system is shown in Figure A.1 in Annex A.
3.2
external communication
wireless communication between on-board information interactive system and vehicle exterior
Note: Including telecommunication based on mobile cellular network, Bluetooth, WLAN and other short-distance communication.
3.3
internal communication
communication between on-board information interactive system and in-vehicle electronic and electrical system
Note: Including the internal communication based on CAN, CAN-FD, LIN, on-board Ethernet, etc.
3.4
user
object using the resources of on-board information interactive system
Note: Including people, vehicles or third-party applications.
3.5
user data
data generated by or serving users
Note: Such data does not affect the operation of security functions.
3.6
code signing
mechanism for signing all or part of codes by an entity with signing authority using digital signature mechanism
3.7
application software
software on the on-board information interactive system for realizing functions such as payment and entertainment
Note: Including application software pre-installed and those installable in the on-board information interactive system
3.8
platform server
platform providing services for vehicles
Note: Including enterprise independent operation platforms, third-party platforms, etc.
3.9
external terminal
terminal device outside the vehicle
Note: Including road side units, cell phones, etc.
3.10
on-board public telecommunication protocol
standard communication protocol suitable for on-board information interactive system, which is adopted or approved by an international or national standardization organization
Note: Including HTTP, FTP, etc.
3.11
on-board private telecommunication protocol
communication protocol (in addition to communication protocols such as HTTP and FTP) customized between the complete vehicle manufacturer or parts and components manufacturer and the TSP, which is suitable for the on-board information interactive system
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
CAN: Controller Area Network
CAN-FD: Control Area Network-flexible data
ECU: Electronic Control Unit
E-Call: Emergency Call
FTP: File Transfer Protocol
HTTP: Hypertext Transfer Protocol
ID: Identifier
JTAG: Joint Test Action Group
LE: Low Energy
LIN: Local Interconnect Network
PCB: Printed Circuit Board
PSK: Pre-Shared Key
SPI: Serial Peripheral Interface
SSP: Secure Simple Pairing
SU: Switch User
TLS: Transport Layer Security
TSP: Telematics Service Provider
UART: Universal Asynchronous Receiver/Transmitter
URL: Uniform Resource Locator
USB: Universal Serial Bus
WLAN: Wireless Local Area Networks
WPA: WLAN Protected Access
5 Technical requirements
5.1 Hardware security requirements
5.1.1 The chip used in the on-board information interactive system shall meet the following requirements:
a) test according to 6.1 a), and the debugging interface shall be disabled or set up with security access control;
b) test according to 6.1 b), and no backdoor or hidden interface is available.
5.1.2 Test according to 6.1 c), and the exposed pins of key chips of processors, memory modules, communication IC, etc. used for processing, storing and transmitting personal sensitive information and security chips used in the on-board information interactive system shall be reduced.
5.1.3 Test according to 6.1 d), and the number of exposed communication lines between the key chips used for on-board information interactive system (for example, the on-board information interactive system using multi-layer circuit board may hide the communication lines by inner wiring) shall be reduced.
5.1.4 Test according to 6.1 e), and circuit boards and chips should not expose the readable screen printing for labeling port and pin functions.
5.2 Communication protocol and interface security requirements
5.2.1 External communication security
5.2.1.1 Communication connection security
Test according to 6.2.1.1 a), and the on-board information interactive system shall realize the identity authentication of the platform server or the external terminal. After successful identity authentication, test according to 6.2.1.1 b), and the on-board information interactive system can carry out communication interaction of business data with the platform server or the external terminal.
5.2.1.2 Communication transmission security
Test according to 6.2.1.2, and the data content transmitted between the on-board information interactive system and the platform server or the external terminal shall be encrypted, and national cryptographic algorithm should be used.
5.2.1.3 Communication response termination security
The on-board information interactive system shall meet the following requirements during communication:
a) test according to 6.2.1.3 a), and when the verification of data content fails, the response operation shall be terminated;
b) test according to 6.2.1.3 b), and when the identity authentication fails, the response operation shall be terminated.
5.2.1.4 Telecommunication protocol security
5.2.1.4.1 On-board public telecommunication protocol security
The on-board public telecommunication protocol is tested according to 6.2.1.4.1, and shall be of TLS version 1.2 or above or at least the same security level.
5.2.1.4.2 On-board private telecommunication protocol security
The on-board private telecommunication protocol shall meet the following requirements:
a) test according to 6.2.1.4.2 a), and support the data encryption key update in a secure manner;
b) test according to 6.2.1.4.2 b), and the key used shall be transmitted securely.
5.2.1.5 Short-distance communication protocol security
5.2.1.5.1 Short-distance communication password application security
The short-distance communication password application security shall meet the following requirements:
a) test according to 6.2.1.5.1 a), and the default password shall be highly complex password which at least includes Arabic numerals, uppercase and lowercase Latin alphabets with a length of at least digits;
Note: Bluetooth is not limited to the above requirements.
b) test according to 6.2.1.5.1 b), and different default passwords shall be used for different on-board information interactive systems;
c) test according to 6.2.1.5.1 c) and, when changing the password, the user shall be limited to set the password required by a) or risks shall be prompted to the user;
Note: Bluetooth is not limited to the above requirements.
d) test according to 6.2.1.5.1 d) and, for login authentication of human-machine interface or interface between different on-board information interactive systems across trust network, the mechanism against password brute force attack shall be supported and, when testing according to 6.2.1.5.1 e), the password file shall be set up with security access control.
5.2.1.5.2 On-board Bluetooth communication protocol security
The on-board information interactive system with on-board Bluetooth communication function shall meet the following requirements:
a) test according to 6.2.1.5.2 a), and no backdoor shall be available for the on-board information interactive system;
b) test according to 6.2.1.5.2 b), and the mode for external device requiring pairing with on-board Bluetooth shall be SSP mode in Classic case or LE Secure Connection mode in LE case;
c) test according to 6.2.1.5.2 c), and the on-board information interactive system shall verify the pairing request;
d) for the on-board Bluetooth communication function with high security requirements (e.g., non-contact control of vehicles by Bluetooth), test according to 6.2.1.5.2 d), and the access authority of external device shall be controlled to prevent illegal access;
e) for the on-board Bluetooth communication function with high security requirements (e.g., non-contact control of vehicles by Bluetooth), test according to 6.2.1.5.2 e), and the relevant data shall be encrypted.
5.2.1.5.3 On-board WLAN communication protocol security
For the on-board information interactive system with WLAN hotspot function, test according to 6.2.1.5.3, and WPA2-PSK or encryption authentication method of higher security level shall be used.
5.2.2 Internal communication security
When the on-board information interactive system conducts data interaction with other controller nodes in the vehicle through buses such as CAN or on-board Ethernet, test according to 6.2.2, and the security mechanism shall be used to ensure the integrity and availability of important data transmitted such as vehicle control instructions.
5.2.3 Communication interface security
5.2.3.1 General requirements
The communication interface of the on-board information interactive system shall meet the following requirements:
a) test according to 6.2.3.1 a), and no backdoor or hidden interface shall be available;
b) test according to 6.2.3.1 b), and the contents requiring authorization such as access authority shall not exceed the normal business scope.
5.2.3.2 Security of communication interface outside the vehicle
5.2.3.2.1 Test according to 6.2.3.2 a), and the on-board information interactive system shall support route isolation to isolate the communication of core service platforms performing functions such as controlling vehicle instructions and collecting personal sensitive information, internal communication of non-core service platforms in internal communication and Internet communication of non-core service platforms in external communication, etc.
Note: Non-core service platforms refer to service platforms other than core service platforms.
5.2.3.2.2 Test according to 6.2.3.2 b), the communication between the on-board information interactive system and the core service platform capable of performing functions of controlling vehicle instructions and collecting personal sensitive information should be conducted through private network or virtual private network so as to be isolated from public network.
5.2.3.3 Security of communication interface inside the vehicle
The on-board information interactive system shall meet the following requirements:
a) test according to 6.2.3.3 a), and whitelist shall be set for legal instructions;
b) test according to 6.2.3.3 b), and the bus control instruction source shall be verified.
Contents of GB/T 40856-2021
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Technical requirements
5.1 Hardware security requirements
5.2 Communication protocol and interface security requirements
5.3 Operating system security requirements
5.4 Application software security requirements
5.5 Data security requirements
6 Test methods
6.1 Hardware security test
6.2 Test for security of communication protocol and interface
6.3 Test for operating system security
6.4 Test for application software security
6.5 Test for data security
Annex A (Informative) Schematic diagram for on-board information interactive system