UNECE R155 CSMS 强制法规中,针对7大类常见的网络安全威胁,针对OEM给出了潜在漏洞环分析和对应的防控手段或者设计方法。该附录5中罗列的7类网络安全威胁,同时可以作为OEM满足CMS强制法规的基本基线和最小工作子集,方便OEM针对CSMS合规进行工作开展和落地。
……………………………………………………………………………………………………………………………………………………….
本文作者:David Liu #海洋@ FUSA Solutions
版权声明:本文核心内容为FUSA Solutions特约攥稿,未经事先书面许可,任何第三方不得随意转载;
转载声明:如需引用或转载本文章,请提前邮件联络相关管理员 (mailto:该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。 );
免责声明:本文仅代表作者个人意见和经验总结,不代表网站在特定领域的相关见解;
………………………………………………………………………………………………………………………………………………………….
拓展阅读:ISO/SAE 21434 DIS版本 | 信息安全设计要求归纳
………………………………………………………………………………………………………………………………………………………….
本文作者:David Liu #海洋@ FUSA Solutions
版权声明:本文核心内容为FUSA Solutions特约攥稿,未经事先书面许可,任何第三方不得随意转载;
转载声明:如需引用或转载本文章,请提前邮件联络相关管理员 (mailto:该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。 );
免责声明:本文仅代表作者个人意见和经验总结,不代表网站在特定领域的相关见解;
………………………………………………………………………………………………………………………………………………………….
拓展阅读:ISO/SAE 21434 DIS版本 | 信息安全设计要求归纳
………………………………………………………………………………………………………………………………………………………….
UNECE R155法规基本上涵盖了所有的乘用车和商用车,它适用于M类、N类、至少装有1个电控单元的O类以及具备L3以上自动驾驶功能的L6和L7类车辆,UNECE R155法规将于2021年1月起生效。”
UNECE R155网络安全法规相关要求主要包含:
1. CSMS (Cyber Security Management System / 网络安全管理体系认证);
CSMS认证,主要审查OEM是否在汽车的完整生命周期内,制定了网络安全相关的流程,以确保汽车全生命周期中都有对应的流程措施用以控制相关风险。
2. VTA (Vehicle Type Approval 车辆型式审批认证);
VTA车辆型式审批认证,主要针对OEM的网络安全开发中的具体工作执行情况进行审查,目标为确保车辆的网络安全防护技术能覆盖各生命周期的安全需求,且保证实施的网络安全防护,能够有效防控特定车型面对的网络安全风险。
CSMS(Cyber Security Management System)法规 Annex 5 附录5工作要求
UNECE R155 CSMS 强制法规中,针对7大类常见的网络安全威胁,给出了潜在漏洞环分析和对应的防控手段或者设计方法,简单归纳如下:
CSMS Annex5 - 4.3.1.
Threats regarding back-end servers related to vehicles in the field
CSMS 附录5 - 4.3.1.
外部数据服务器中的潜在信息安全威胁/网络安全威胁
典型信息安全威胁/网络安全威胁薄弱环节
信息破解,内部攻击,非授权访问等
信息破解,内部攻击,非授权访问等
典型信息安全威胁/网络安全威胁应对方法
Security controls
Security controls
信息安全措施/信息安全设计方法
-- Security Controls to back-end systems to minimise the risk of insider attack.
-- Security Controls to back-end systems to minimise unauthorized access.
-- Security Controls to back-end systems to prevent data breaches.
-- Security Controls to minimise risks associated with cloud computing.
-- System design and access control to prevent un-authorized personnel to access personal or system critical data.
-- Security Controls to back-end systems to minimise the risk of insider attack.
-- Security Controls to back-end systems to minimise unauthorized access.
-- Security Controls to back-end systems to prevent data breaches.
-- Security Controls to minimise risks associated with cloud computing.
-- System design and access control to prevent un-authorized personnel to access personal or system critical data.
CSMS Annex5 - 4.3.2.
Threats to vehicles regarding their communication channels
CSMS 附录5 - 4.3.2.
车辆远程通讯功能中的潜在信息安全威胁/网络安全威胁
典型信息安全威胁/网络安全威胁薄弱环节
Spoofing, code injection, relay attack等
Spoofing, code injection, relay attack等
典型信息安全威胁/网络安全威胁应对方法
Security controls / Security measures
Security controls / Security measures
信息安全措施/信息安全设计方法
-- Security controls for storing cryptographic keys (e.g. HSM).
-- Access control techniques and designs to protect system data/code.
-- Prevent unauthorized personnel to access personal or system critical data.
-- Measures to detect malicious internal messages or activity should be considered.
-- Measures to detect and recover from a denial of service attack shall be employed.
-- Measures to prevent and detect unauthorized access shall be employed.
-- Measures to protect systems against embedded viruses/malware should be considered.
-- The vehicle shall verify the authenticity and integrity of messages it receives.
-- Security controls for storing cryptographic keys (e.g. HSM).
-- Access control techniques and designs to protect system data/code.
-- Prevent unauthorized personnel to access personal or system critical data.
-- Measures to detect malicious internal messages or activity should be considered.
-- Measures to detect and recover from a denial of service attack shall be employed.
-- Measures to prevent and detect unauthorized access shall be employed.
-- Measures to protect systems against embedded viruses/malware should be considered.
-- The vehicle shall verify the authenticity and integrity of messages it receives.
CSMS Annex5 - 4.3.3.
Threats to vehicles regarding their update procedures
CSMS 附录5 - 4.3.3.
车辆功能升级过程中的潜在信息安全威胁/网络安全威胁
典型信息安全威胁/网络安全威胁薄弱环节
升级包被恶意篡改,OTA升级过程中遭到攻击,DoS等
升级包被恶意篡改,OTA升级过程中遭到攻击,DoS等
典型信息安全威胁/网络安全威胁应对方法
Security controls
Security controls
信息安全措施/信息安全设计方法
-- Secure software update procedures employed.
-- Security controls implemented for storing cryptographic keys.
-- Security controls applied to back-end systems.
-- Secure software update procedures employed.
-- Security controls implemented for storing cryptographic keys.
-- Security controls applied to back-end systems.
CSMS Annex5 - 4.3.4.
Threats to vehicles regarding unintended human actions facilitating a cyber attack
CSMS 附录5 - 4.3.4.
人员误操作导致的潜在信息安全威胁/网络安全威胁
典型信息安全威胁/网络安全威胁薄弱环节
人员未按照既定流程操作信息安全工作等
人员未按照既定流程操作信息安全工作等
典型信息安全威胁/网络安全威胁应对方法
Security procedures
Security procedures
信息安全措施/信息安全设计方法
-- Measures implemented for defining and controlling user roles and access privileges.
-- Organizations ensure security procedures are defined and followed including logging of actions and access related to the manage-ment of the security functions.
-- Measures implemented for defining and controlling user roles and access privileges.
-- Organizations ensure security procedures are defined and followed including logging of actions and access related to the manage-ment of the security functions.
CSMS Annex5 - 4.3.5.
Threats to vehicles regarding their external connectivity and connections
CSMS 附录5 - 4.3.5.
车辆近程链接通讯功能中的潜在信息安全威胁/网络安全威胁
典型信息安全威胁/网络安全威胁薄弱环节
USB, OBD,WIFI, NFC等
USB, OBD,WIFI, NFC等
典型信息安全威胁/网络安全威胁应对方法
Security controls
Security controls
信息安全措施/信息安全设计方法
-- Security controls applied to systems that have remote access.
-- Security controls applied to external interfaces.
-- Security controls applied to minimise the risk from third party software that is intended or foreseeable to be hosted on the vehicle.
-- Software shall be security assessed, authenticated and integrity protected.
-- Security controls applied to systems that have remote access.
-- Security controls applied to external interfaces.
-- Security controls applied to minimise the risk from third party software that is intended or foreseeable to be hosted on the vehicle.
-- Software shall be security assessed, authenticated and integrity protected.
CSMS Annex5 - 4.3.6.
Threats to vehicle data/code
CSMS 附录5 - 4.3.6.
车辆数据和代码中的潜在信息安全威胁/网络安全威胁
典型信息安全威胁/网络安全威胁薄弱环节
恶意访问和恶意篡改车辆数据, 恶意篡改系统诊断数据等
恶意访问和恶意篡改车辆数据, 恶意篡改系统诊断数据等
典型信息安全威胁/网络安全威胁应对方法
Access control
Access control
信息安全措施/信息安全设计方法
-- Access control techniques and designs applied to protect system data/code.
-- Access control techniques and designs to prevent unauthorized personnel to access personal or system critical data.
-- Security controls implemented for storing cryptographic keys e.g. Security Modules.
-- Data manipulation attacks on sensors or transmitted data could be mitigated by correlating the data from different sources of infor-mation.
-- Measures to detect and recover from a denial of service attack.
-- Access control techniques and designs applied to protect system data/code.
-- Access control techniques and designs to prevent unauthorized personnel to access personal or system critical data.
-- Security controls implemented for storing cryptographic keys e.g. Security Modules.
-- Data manipulation attacks on sensors or transmitted data could be mitigated by correlating the data from different sources of infor-mation.
-- Measures to detect and recover from a denial of service attack.
CSMS Annex5 - 4.3.7.
Potential vulnerabilities that could be exploited if not sufficiently protected or hardened
CSMS 附录5 - 4.3.7.
功能设计薄弱环节中的潜在信息安全威胁/网络安全威胁
典型信息安全威胁/网络安全威胁薄弱环节
加密算法缺陷,代码BUG,通讯协议中的薄弱环节,数据物理损坏等
加密算法缺陷,代码BUG,通讯协议中的薄弱环节,数据物理损坏等
典型信息安全威胁/网络安全威胁应对方法
Cybersecurity best practices
Cybersecurity best practices
信息安全措施/信息安全设计方法
--Cybersecurity best practices for software and hardware development.
--Cybersecurity testing with adequate coverage.
--Cybersecurity best practices for system design and system integration shall be followed.
--Cybersecurity best practices for the protection of data integrity and confidentiality shall be followed for storing personal data.
--Cybersecurity best practices for software and hardware development.
--Cybersecurity testing with adequate coverage.
--Cybersecurity best practices for system design and system integration shall be followed.
--Cybersecurity best practices for the protection of data integrity and confidentiality shall be followed for storing personal data.