1
/
von
10
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 40857-2021 English PDF (GBT40857-2021)
GB/T 40857-2021 English PDF (GBT40857-2021)
Normaler Preis
$260.00 USD
Normaler Preis
Verkaufspreis
$260.00 USD
Grundpreis
/
pro
Versand wird beim Checkout berechnet
Verfügbarkeit für Abholungen konnte nicht geladen werden
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 40857-2021
Historical versions: GB/T 40857-2021
Preview True-PDF (Reload/Scroll if blank)
GB/T 40857-2021: Technical requirements and test methods for cybersecurity of vehicle gateway
GB/T 40857-2021
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 43.020
CCS T 40
Technical requirements and test methods for cyber
security of vehicle gateway
ISSUED ON: OCTOBER 11, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 5
5 Vehicle gateway network topology ... 6
5.1 CAN gateway ... 6
5.2 Ethernet gateway ... 6
5.3 Hybrid gateway... 7
6 Technical requirements ... 7
6.1 Hardware cyber security requirements ... 7
6.2 Communication cyber security requirements ... 7
6.3 Firmware cyber security requirements ... 9
6.4 Data cyber security requirements ... 10
7 Test methods ... 11
7.1 Hardware cyber security test ... 11
7.2 Communication cyber security test ... 11
7.3 Firmware cyber security test ... 13
7.4 Data cyber security test ... 14
Annex A (informative) Example of vehicle gateway topology ... 16
Annex B (informative) Examples of typical attacks ... 18
Bibliography ... 21
Technical requirements and test methods for cyber
security of vehicle gateway
1 Scope
This Standard specifies cyber security technical requirements and test methods
for vehicle gateway product hardware, communication, firmware, data.
This Standard is applicable to the design and implementation of cyber security
of vehicle gateway products. It is also applicable to product testing, evaluation
and management.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 25069, Information security technology - Glossary
GB/T 37935-2019, Information security technology - Trusted computing
specification - Trusted software base
GB/T 40861, General technical requirements for vehicle cybersecurity
3 Terms and definitions
For the purposes of this document, the terms and definitions defined in GB/T
25069, GB/T 37935-2019, GB/T 40861 as well as the followings apply.
3.1 vehicle gateway
an electronic control unit of which the main function is to safely and reliably
forward and transmit data between multiple networks in the vehicle
NOTE 1: The vehicle gateway passes through the isolation between different networks and
the conversion between different communication protocols. Information can be exchanged
among the functional domains that share communication data.
NOTE 2: The vehicle gateway is also called central gateway.
The typical Ethernet gateway topology is shown in Figure A.2.
5.3 Hybrid gateway
In part of the new generation of in-vehicle network structure, some ECUs and
domain controllers communicate through Ethernet, while the other part of ECUs
and domain controllers still communicate through traditional communication
protocols (for example: CAN, CAN-FD, LIN, MOST).
The vehicle gateway in this kind of structure has both Ethernet interface and
traditional communication protocol interface, which can be called hybrid
gateway.
The typical hybrid gateway topology is shown in Figure A.3.
Annex B lists some typical attacks against vehicle gateways and in-vehicle
network communications.
6 Technical requirements
6.1 Hardware cyber security requirements
6.1.1 Test according to 7.1a). The gateway shall not have backdoors or hidden
interfaces.
6.1.2 Test according to 7.1b). The debugging interface of the gateway shall be
disabled or set up security access control.
6.2 Communication cyber security requirements
6.2.1 CAN gateway communication cyber security requirements
6.2.1.1 Access control
The gateway shall establish a communication matrix between each CAN
network. Establish an access control strategy based on CAN data frame
identifier (CANID). After testing according to 7.2.1a), the data frame sent by the
source port shall be detected at the destination port specified in the list. After
testing according to 7.2.1b), data frames that do not meet the definition shall be
discarded or logged.
6.2.1.2 Denial of service attack detection
The gateway shall perform CAN bus DoS attack detection on the CAN channel
of the vehicle's external communication interface (for example: the channel
connected to the OBD-II port and the channel connected to the vehicle
information interaction system).
The gateway shall have a DoS attack detection function based on the CAN bus
interface load. It shall have a DoS attack detection function based on one or
more CANID data frame periods.
Test according to 7.2.1c) and d). When the gateway detects a DoS attack on
one or more CAN channels, it shall meet the following requirements:
a) The communication function and pre-set performance of the unattended
CAN channel of the gateway shall not be affected;
b) The gateway discards or logs the detected attack data frames.
6.2.1.3 Data frame health detection
The gateway shall check the data frame according to the signal definition in the
communication matrix. The checking content includes DLC field, signal value
validity. Test according to 7.2.1e), f). Discard or log data frames that do not meet
the definition of the communication matrix.
6.2.1.4 Data frame anomaly detection
The gateway shall have a data frame abnormality detection function, that is, the
mechanism for checking and recording the sending and receiving relationship
between data frames is tested in accordance with 7.2.1g). Discard or log the
abnormal data frames.
Example:
When the gateway detects that the transmission frequency of a data frame
within a certain period of time is far from the predefined frequency, or the signal
value content of the same data frame at adjacent times conflicts or jumps
abnormally, discard or log data frames.
6.2.1.5 UDS session detection
The gateway shall check whether the CAN channel initiated by the UDS session
is normal. Test according to 7.2.1h). Intercept or log conversations initiated by
abnormal channels.
NOTE: The normal channel usually includes the channel connected to the OBD-II port and
the channel connected to the in-vehicle information interaction system.
6.2.2 Ethernet gateway communication cyber security requirements
6.2.2.1 Network domain
The gateway shall support network division. Test according to 7.2.2a). Discard
packets that do not conform to the network domain.
The gateway shall have the function of safe startup, which can protect the
trusted root used for secure startup through the entity of root of trust. Test
according to 7.3a), b), c). The trusted root, Bootloader program and system
firmware of the gateway shall not be tampered with, or the gateway cannot start
normally after being tampered.
6.3.2 Security log
If the gateway has a security log function, it meets the following requirements:
a) Test according to 7.3d), e), f). When the gateway detects various events
such as communication that does not meet the requirements of 6.2,
software configuration changes in the gateway, and failure to verify the
integrity of the gateway software, relevant information shall be recorded;
b) Test according to 7.3g). The security log of the gateway shall include at
le...
Get QUOTATION in 1-minute: Click GB/T 40857-2021
Historical versions: GB/T 40857-2021
Preview True-PDF (Reload/Scroll if blank)
GB/T 40857-2021: Technical requirements and test methods for cybersecurity of vehicle gateway
GB/T 40857-2021
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 43.020
CCS T 40
Technical requirements and test methods for cyber
security of vehicle gateway
ISSUED ON: OCTOBER 11, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 5
5 Vehicle gateway network topology ... 6
5.1 CAN gateway ... 6
5.2 Ethernet gateway ... 6
5.3 Hybrid gateway... 7
6 Technical requirements ... 7
6.1 Hardware cyber security requirements ... 7
6.2 Communication cyber security requirements ... 7
6.3 Firmware cyber security requirements ... 9
6.4 Data cyber security requirements ... 10
7 Test methods ... 11
7.1 Hardware cyber security test ... 11
7.2 Communication cyber security test ... 11
7.3 Firmware cyber security test ... 13
7.4 Data cyber security test ... 14
Annex A (informative) Example of vehicle gateway topology ... 16
Annex B (informative) Examples of typical attacks ... 18
Bibliography ... 21
Technical requirements and test methods for cyber
security of vehicle gateway
1 Scope
This Standard specifies cyber security technical requirements and test methods
for vehicle gateway product hardware, communication, firmware, data.
This Standard is applicable to the design and implementation of cyber security
of vehicle gateway products. It is also applicable to product testing, evaluation
and management.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 25069, Information security technology - Glossary
GB/T 37935-2019, Information security technology - Trusted computing
specification - Trusted software base
GB/T 40861, General technical requirements for vehicle cybersecurity
3 Terms and definitions
For the purposes of this document, the terms and definitions defined in GB/T
25069, GB/T 37935-2019, GB/T 40861 as well as the followings apply.
3.1 vehicle gateway
an electronic control unit of which the main function is to safely and reliably
forward and transmit data between multiple networks in the vehicle
NOTE 1: The vehicle gateway passes through the isolation between different networks and
the conversion between different communication protocols. Information can be exchanged
among the functional domains that share communication data.
NOTE 2: The vehicle gateway is also called central gateway.
The typical Ethernet gateway topology is shown in Figure A.2.
5.3 Hybrid gateway
In part of the new generation of in-vehicle network structure, some ECUs and
domain controllers communicate through Ethernet, while the other part of ECUs
and domain controllers still communicate through traditional communication
protocols (for example: CAN, CAN-FD, LIN, MOST).
The vehicle gateway in this kind of structure has both Ethernet interface and
traditional communication protocol interface, which can be called hybrid
gateway.
The typical hybrid gateway topology is shown in Figure A.3.
Annex B lists some typical attacks against vehicle gateways and in-vehicle
network communications.
6 Technical requirements
6.1 Hardware cyber security requirements
6.1.1 Test according to 7.1a). The gateway shall not have backdoors or hidden
interfaces.
6.1.2 Test according to 7.1b). The debugging interface of the gateway shall be
disabled or set up security access control.
6.2 Communication cyber security requirements
6.2.1 CAN gateway communication cyber security requirements
6.2.1.1 Access control
The gateway shall establish a communication matrix between each CAN
network. Establish an access control strategy based on CAN data frame
identifier (CANID). After testing according to 7.2.1a), the data frame sent by the
source port shall be detected at the destination port specified in the list. After
testing according to 7.2.1b), data frames that do not meet the definition shall be
discarded or logged.
6.2.1.2 Denial of service attack detection
The gateway shall perform CAN bus DoS attack detection on the CAN channel
of the vehicle's external communication interface (for example: the channel
connected to the OBD-II port and the channel connected to the vehicle
information interaction system).
The gateway shall have a DoS attack detection function based on the CAN bus
interface load. It shall have a DoS attack detection function based on one or
more CANID data frame periods.
Test according to 7.2.1c) and d). When the gateway detects a DoS attack on
one or more CAN channels, it shall meet the following requirements:
a) The communication function and pre-set performance of the unattended
CAN channel of the gateway shall not be affected;
b) The gateway discards or logs the detected attack data frames.
6.2.1.3 Data frame health detection
The gateway shall check the data frame according to the signal definition in the
communication matrix. The checking content includes DLC field, signal value
validity. Test according to 7.2.1e), f). Discard or log data frames that do not meet
the definition of the communication matrix.
6.2.1.4 Data frame anomaly detection
The gateway shall have a data frame abnormality detection function, that is, the
mechanism for checking and recording the sending and receiving relationship
between data frames is tested in accordance with 7.2.1g). Discard or log the
abnormal data frames.
Example:
When the gateway detects that the transmission frequency of a data frame
within a certain period of time is far from the predefined frequency, or the signal
value content of the same data frame at adjacent times conflicts or jumps
abnormally, discard or log data frames.
6.2.1.5 UDS session detection
The gateway shall check whether the CAN channel initiated by the UDS session
is normal. Test according to 7.2.1h). Intercept or log conversations initiated by
abnormal channels.
NOTE: The normal channel usually includes the channel connected to the OBD-II port and
the channel connected to the in-vehicle information interaction system.
6.2.2 Ethernet gateway communication cyber security requirements
6.2.2.1 Network domain
The gateway shall support network division. Test according to 7.2.2a). Discard
packets that do not conform to the network domain.
The gateway shall have the function of safe startup, which can protect the
trusted root used for secure startup through the entity of root of trust. Test
according to 7.3a), b), c). The trusted root, Bootloader program and system
firmware of the gateway shall not be tampered with, or the gateway cannot start
normally after being tampered.
6.3.2 Security log
If the gateway has a security log function, it meets the following requirements:
a) Test according to 7.3d), e), f). When the gateway detects various events
such as communication that does not meet the requirements of 6.2,
software configuration changes in the gateway, and failure to verify the
integrity of the gateway software, relevant information shall be recorded;
b) Test according to 7.3g). The security log of the gateway shall include at
le...
Share
