Transcription of 汽车信息安全通用技术要求 - catarc.org.cn
1 ICS T40/49.. GB/T XXXX.. General cybersecurity technical requirements for road vehicles ( ). - - - - . 0.. GB/T 190524-2020.. 2.. 3. 1 .. 4. 2 .. 4. 3 .. 4. 4 .. 6. 5 .. 6.. 6.. 7.. 7. 6 .. 7.. 7.. 8.. 8. A .. 13. 1. GB/T XXX-XXX.. GB/T .. (SAC/TC 114) .. 2. GB/T XXXX-XXXX.. 1 .. a) . b) . c) . d) . e) . f) . g) . h) . A . 1 . 3. GB/T XXX-XXX.. 1 .. M N . 2 .. GB/T 29246-2017 . GB/T . 3 . GB/T 29246-2017 .. road vehicle cybersecurity . confidentiality . [GB/T 29246-2017 ]. integrity . [GB/T 29246-2017 ]. availability . [GB/T 29246-2017 ]. authenticity 4. GB/T XXXX-XXXX.. [GB/T 29246-2017 ]. access controllability . non-repudiation . [GB/T 29246-2017 ]. accountability . preventability . denial of service DoS .. distributed denial of service DDoS .. backdoor . credential . 1 . 2 . 5. GB/T XXX-XXX. derivation key . security important parameter .. access control . [GB/T 29246-2017, ]. 4 . TLS Transport Layer Security . TPM Trusted Platform Module.
2 HSM Hardware Secure Module . TEE Trusted Execution Environments . OBD On-Board Diagnostics . IMSI International Mobile Subscriber Identity . 5 .. 1 .. 6. GB/T XXXX-XXXX. 1 .. a) . b) . c) . d) . CAN LIN .. a) . b) . 1 . 2 . 3 OBD Wifi . 6 .. 7. GB/T XXX-XXX.. ECU .. a) . b) . c) .. a) .. b) .. 8. GB/T XXXX-XXXX.. a) .. b) .. a) . b) .. GB/T ASIL C D DoS/DDoS .. a) . b) . c) .. a) .. b) .. 9. GB/T XXX-XXX.. a) .. b) .. ECU .. a) . b) . TPM HSM TEE .. 10. GB/T XXXX-XXXX. a) . b) .. a) 3G 4G 5G . b) .. a) 3G 4G 5G . b) .. a) 3G 4G 5G . b) .. a) DoS/DDoS . b) .. 11. GB/T XXX-XXX.. ID IMSI .. DoS/DDoS .. ID .. 12. GB/T XXXX-XXXX. AA. A.. 1 . a) . b) .. 2 . 3 Telnet FTP TFTP .. 4 .. 5 .. 6 . 7 .. 8 .. 9 . 10 . 11 . 12 . URL .. 13 .. 13. GB/T XXX-XXX.. 1 . OS .. 2 .. 3 .. 4 JTAG PIN ECU . 5 .. 1 ID .. 2 . 3 . ID . 4 .. 5 root .. 1 .. 2 .. 3 DDoS .. 4 . 14. GB/T XXXX-XXXX. 5 OBD .. 1 V2X . ID .. 2 DoS/DDoS .. 3 V2X . 4 . 5 .. 6 . 7 IP ping TCP syn IP.
3 8 .. 9 CRL .. 1 .. 2 .. 3 TPMS ECU .. 4 OBD USB .. 5 WIFI AP .. 15. GB/T XXX-XXX.. [1] ISO/IEC 21827:2008 Information technology Security techniques Systems Security Engineering Capability Maturity Model [2] ISO/IEC 27033-1:2015 Information technology Security techniques Network security Part 1: Overview and concepts [3] ISO/IEC 27039:2015 Information technology Security techniques Selection, deployment and operations of intrusion detection and prevention systems (IDPS). 16.
