Skip to product information
1 of 10

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 40855-2021 English PDF (GBT40855-2021)

GB/T 40855-2021 English PDF (GBT40855-2021)

Regular price $245.00 USD
Regular price Sale price $245.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 40855-2021 to get it for Purchase Approval, Bank TT...

GB/T 40855-2021: Technical requirements and test methods for cybersecurity of remote service and management system for electric vehicles

This document specifies the requirements and test methods for cybersecurity of remote service and management system for electric vehicles. This document applies to data communication between the on-board terminals of battery electric vehicles, plug-in hybrid electric vehicles and fuel-cell electric vehicles, vehicle enterprise service and management platforms and public service and management platforms.
GB/T 40855-2021
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 43.020
CCS T 40
Technical requirements and test methods for
cybersecurity of remote service and management
system for electric vehicles
ISSUED ON: OCTOBER 11, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: State Administration for Market Regulation;
Standardization Administration of the PEOPLE Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 6
5 Information security requirements ... 6
5.1 Overall structure diagram ... 6
5.2 Security requirements for on-board terminal ... 7
5.3 Security requirements for communication between platforms ... 9
5.4 Security requirements for communication between on-board terminal and platform ... 11
5.5 Platform security requirements ... 11
6 Test method ... 11
6.1 Overview ... 11
6.2 Requirements for on-board terminal information security test samples ... 12 6.3 On-board terminal information security test environment ... 12
6.4 On-board terminal information security test ... 13
6.5 Communication security test between platforms ... 18
6.6 Communication security test between on-board terminal and platform ... 19 Technical requirements and test methods for
cybersecurity of remote service and management
system for electric vehicles
1 Scope
This document specifies the requirements and test methods for cybersecurity of remote service and management system for electric vehicles.
This document applies to data communication between the on-board terminals of battery electric vehicles, plug-in hybrid electric vehicles and fuel-cell electric vehicles, vehicle enterprise service and management platforms and public service and management platforms.
2 Normative references
The contents of the following documents constitute the indispensable clauses of this document through normative references in the text. For dated references, only the version corresponding to that date is applicable to this document; for undated references, the latest version (including all amendments) is applicable to this document.
GB/T 19596, Terminology of electric vehicles
GB/T 32960.1-2016, Technical specifications of remote service and
management system for electric vehicles - Part 1: General principle
GB/T 32960.3-2016, Technical specifications of remote service and
management system for electric vehicles - Part 3: Communication protocol and data format
3 Terms and definitions
Terms and definitions determined by GB/T 19596, GB/T 32960.1-2016, GB/T 32960.3-2016, and the following ones are applicable to this document.
3.1
Remote service and management system for electric vehicles
a) It shall be equipped with the ability to determine and authorize application access and operation permissions to system resources;
b) Trusted verification should be carried out.
5.2.2.4 On-board terminal data storage
The data storage requirements of the on-board terminal are as follows:
a) The confidentiality and integrity of remote service and management data that is stored in accordance with the requirements of GB/T 32960.3-2016 shall be guaranteed; cryptographic algorithms such as SM2, SM3, SM4,
AES, and RSA should be supported;
b) When storing and using the important security parameters of the on-board terminal, only authorized applications shall be allowed to read and modify them in an authorized manner.
5.2.2.5 On-board terminal network port transmission security
The security requirements of the on-board terminal network port transmission are as follows:
a) The source address, destination address, source port, destination port and protocol of the data packet shall be checked to decide whether to allow or deny the data packet in and out;
b) It shall have the ability to determine whether to allow or deny access for incoming and outgoing data flows according to the session state
information;
c) Access control shall be implemented for the data flow entering and leaving the network port according to the application protocol and application
content;
d) Non-business-related network service ports shall be closed; access
control shall be performed on business-related network service ports;
e) The network data of attack behavior characteristics entering the on-board terminal shall be identified, and the recognition rate shall not be less than 95%;
f) A private network or a virtual private network should be used for
communication, which shall be isolated from the public network;
g) It should have the ability to update and extend the security rules.
5.2.2.6 On-board terminal remote upgrades
If the on-board terminal is provided with the remote upgrade function, the on- board terminal shall have an upgrade package verification mechanism to verify the integrity of the upgrade package and the authenticity of the source. 5.2.2.7 On-board terminal log
The log function requirements of the on-board terminal are as follows:
a) Information security-related events that occur in the remote service process of the on-board terminal, such as the detection of cyber-attacks, shall be recorded;
b) The content of each information security event log information record shall include but not limited to: date and time (accurate to the second), vehicle unique identification code, and event type;
c) The integrity of the stored information security event log information shall be guaranteed;
d) The confidentiality of the stored information security event log information should be guaranteed;
e) The information security event log of the on-board terminal shall only be allowed to read by authorized applications in an authorized manner;
f) There shall be an upload mechanism for information security event logs, to use a secure communication protocol to send information security event log information to the enterprise platform.
5.2.2.8 On-board terminal system security
The on-board terminal shall not have high-risk and higher security
vulnerabilities that were announced by authoritative vulnerability platforms 6 months ago and have not been dealt with.
Note: Disposal includes methods such as eliminating loopholes and formulating mitigation measures.
5.3 Security requirements for communication between platforms
5.3.1 General requirements
The remote service and management system for electric vehicles shall meet the confidentiality, integrity and availability requirements of the transmitted data. The remote service and management system for electric vehicles shall perform two-way authentication with the server platform before the client platform performs platform login.
upgrading process.
5.3.4 Data unit encryption
The remote service and management data required by GB/T 32960.3-2016
includes at least the real-time information report data in 7.2 of GB/T 32960.3- 2016. The encryption requirements are as follows:
a) The data unit encryption method shall use SM4, AES whose key length is not less than 128 bits, or other equivalent and higher-level cryptographic algorithms;
b) The key to encrypt the data unit shall be different from the key that is used in the secure communication protocol.
5.4 Security requirements for communication between on-board terminal
and platform
The communication from the on-board terminal to the platform shall meet the two-way identity authentication and the confidentiality, integrity and availability requirements of the transmitted data. When the on-board terminal reports the real-time information report data required by GB/T 32960.3-2016 to the platform in real time, it shall be encrypted according to 5.3.4. The secure communication protocol from the on-board terminal to the platform should meet the technical requirements of 5.3.3.
5.5 Platform security requirements
5.5.1 Enterprise service and management platform
The enterprise service and management platform shall monitor and manage the information security of the on-board terminal, and shall be able to provide on-board terminal-related data and traceability methods for information security emergency response after information security problems occur to the on-board terminal.
5.5.2 Public service and management platform
The public service and management platform can monitor the information
security status of the on-board terminal.
6 Test method
6.1 Overview
Information security test methods of the remote service and management
system for electric vehicles include information security technical document According to the access method and address range description of the root of trust storage area of the on-board terminal secure startup, use the software debugging tool to destroy the signature data of the Bootloader. If the signature data is successfully destroyed, use the secure flashing tool to flash the Bootloader whose signature is destroyed; if it is successfully written to the designated area in the on-board terminal, detect whether the on-board terminal chip verifies the Bootloader signature, and stop loading the next-stage system image when the verification is unsuccessful.
6.4.2.3 Bootloader anti-tampering test of the on-board terminal software secure startup
According to the access method and address range description of the root of trust storage area of the on-board terminal secure startup, try to use software debugging tools to tamper or replace the stored data in the Bootloader area; detect whether the on-board terminal prohibits writing the tampered or replaced Bootloader to the designated area within the on-board terminal.
6.4.2.4 System mirror image verification test of the on-board terminal
secure startup
Use software debugging tools to destroy the signature data of the system mirror image; write the system mirror image whose signature is destroyed to the designated area in the on-board terminal; check whether the on-board terminal verifies the system mirror image signature, and stop working when the
verification is unsuccessful.
6.4.3 On-board terminal software system information security test
6.4.3.1 On-board terminal software system access control test
Create a software application without added access control rights in
accordance with the access control rules; use the software application without added access control rights to try to access the protected software application resources; detect whether the protected software application resources can be accessed.
6.4.3.2 Test of root of trust storage area of on-board terminal software system
According to the access method and address range description of the root of trust storage area of the on-board terminal secure startup, use the software debugging tool to write data into the root of trust storage area of the software system; verify whether the data can be written into the storage area repeatedly. 6.4.3.3 Trusted verification test of on-board terminal software system
Use software debugging tools to destroy the protected key code segment of the system mirror image; write the destroyed system mirror image into the on-board terminal; check whether the on-board terminal that is loaded with the damaged system mirror image can work normally.
6.4.4 On-board terminal data storage information security test
6.4.4.1 On-board terminal data storage confidentiality test
Use software analysis tools to read the contents of the area that stores remote service and management data; check whether it is ciphertext storage.
6.4.4.2 On-board terminal data storage integrity test
Use an unauthorized application to read the contents of the area that stores remote service and management data; check whether it can be modified; if it can be modified, check whether the terminal can still call the data normally after the modification.
6.4.4.3 Information security test of important security parameters of on- board terminal
Use an unauthorized application to read the important security parameters of the system data area, to test whether it can be read or used.
6.4.5 On-board terminal network port transmission information security
test
6.4.5.1 On-board terminal network port access control strategy
information security check
6.4.5.1.1 On-board terminal network port control strategy information
security check
Check whether the source address, destination address, source port,
destination port, protocol and other related configuration parameters are set in the access control policy of the device.
6.4.5.1.2 On-board terminal network port data flow control strategy
information security check
Check whether a mechanism such as session authentication is used to provide the ability to explicitly allow or deny access for incoming and outgoing data flow. 6.4.5.2 On-board terminal network port access control strategy test
Set the access control policy that meets the standard requirements on the tested sample; detect packets that do not meet the policy requirements to the Download the upgrade package of unauthorized signatures to the designated area of the on-board terminal; issue the upgrade package upgrade instruction; detect whether the on-board terminal performs authorization verification when loading the upgrade package.
6.4.7 Information security test of on-board terminal log function
6.4.7.1 Information security check of on-board terminal log function
According to the description of the on-board terminal security event log recording rules, check whether the content of the on-board terminal log information record includes but is not limited to the date and time, subject identity, event type, event result and other components.
6.4.7.2 Confidentiality information security test of on-board terminal log function
According to the description of the log storage area and address range of the on-board terminal, use the log analysis tool to read the content of the log function area and detect whether it is ciphertext storage.
6.4.7.3 Integrity information security test of on-board terminal log function According to the description of the log storage area and address range of the on-board terminal, use an unauthorized application to read the contents of the log function area, and check whether it can be modified; if it can be modified, check whether the log can still be read normally after the modification. 6.4.7.4 Access authority information security test of on-board terminal log function
According to the description of the log storage area and address range of the on-board terminal, use an unauthorized user application to access the audit information storage area; detect whether the access is successful.
6.4.7.5 Upload information security test of on-board terminal log function Connect the on-board terminal to the test network; use the attack case to carry out a malicious attack on the on-board terminal; check whether the security attack event log can be retrieved on the enterprise platform after the attack is over.
6.4.8 On-board terminal system information security test
Detect the system information security of the on-board terminal by the following methods:
a) Use vulnerability scanning tools to perform vulnerability detection of the on-board terminal; detect whether there are high-risk and above security vulnerabilities announced by the authoritative vulnerability platform 6 months ago;
b) If there are high-risk and above security vulnerabilities, check whether the manufacturer provides a solution for the vulnerabilities.
6.5 Communication security test between platforms
6.5.1 Verification of certification mechanism
Check whether there is an authentication mechanism for communication
access between platforms.
6.5.2 Communication confidentiality transmission test
Use network monitoring tools to monitor network transmission data; detect whether the data transmitted between the enterprise service and management platform and the public service and management platform is ciphertext.
6.5.3 Communication integrity transmission test
After destroying the data reported by the on-board terminal, detect whether the transmission between the enterprise service and management platform and the public service and management platform fails.
6.5.4 Network port redundancy and unauthorized access test
Scan the network port of the enterprise service and management platform through the network scanning tool:
a) Detect whether the enterprise service and management platform open
redundant network ports that are not required for business;
b) Under unauthorized network conditions, use external network tools to detect whether an unauthorized access connection can be established for an open network port.
6.5.5 Verification of protocol version
Check whether the secure communication protocol is TLS 1.2 or above, and whether downgrade is allowed, such as downgrading to TLS 1.1, TLS 1.0 or SSL 3.0, SSL 2.0.
6.5.6 Protocol function verification
Check whether the secure communication protocol disables TLS session
renegotiation and TLS compression.

View full details