News
The more intelligent, the more dangerous? The new regulation of car information security
- Author:ROGER
- Release on:2021-06-28
As people's daily means of transportation, cars have been integrated into most people's lives, and today, traditional mechanical cars are shifting to smart cars. And the characteristics of smart cars are to achieve integration of environmental awareness, planning decisions, multi-grade auxiliary driving in vehicles, which is higher, but with this, for automotive information security It also requires higher.
Unlike traditional communication products, the product is invaded by hackers, which will only lead to information disclosure, and the vehicle is controlled by hacker, which may pose a threat to the driver's life. On June 10, 2021, the "Data Safety Law of the People's Republic of China" (hereinafter referred to as data security law) was approved and will be implemented on September 1, 2021.
In addition to the "Data Safety Law", on May 12, the National Net Truna Office issued a disclosure of the "Several Regulations on Automobile Data Safety Management (Draft for Comment)", how to collect, how to collect, how to use, how to use Further standardize the use of car information.
At the same time, the United Nations has issued a regulation that has a significant impact on the entire industry. In the future, vehicle model certification can only be performed in the case of a vehicle manufacturer to obtain a network security management system (CSMS) certification.
"Data Security Law" provides security for the long-term development of the intelligent network
Why is it necessary to pay attention to the safety of car information, on the one hand, because the car information is related to the safety of the driver, on the other hand, there is still many vulnerabilities in the current smart car.
New Xinan CEO Fan Junfeng said in an interview with electronic enthusiasts, safe design and security from the perspective of information securitytestThere are many pain points in both ways. In terms of design, intelligent means that the integrated hardware and hard on a single car is more complicated, and the network link means a potential remote attack entrance. Both factors have brought new challenges to the whole vehicle information security design.
On the other hand, the traditional automobile safety assessment system focuses on functional safety, and thus information security test standards, the testing equipment is not perfect. Moreover, the iterative cycle of the smart network car becomes short, and the time and budget for the assessment laboratory have led to insufficient penetration test depth. Solving this problem requires the government to accelerate the construction of the relevant standard construction of the intelligent network car safety test, and promote information security assessment into a mandatory test.
Zhao Yonggang, Executive Director of National Technology Program Development, believes that due to the limitations of automotive electronic chip computing resources and security capabilities, car electronic equipment often lacks sufficient information security measures, and with more and more functions of the vehicle units, the code implemented Increase, potential code vulnerability is getting more and more prominent.
To solve this problem, you need to strengthen information security protection of the car system, strengthen the protection of vehicle operation, data security, user privacy, etc. based on data encryption technology, digital signature technology, etc., and its solutions such as password security mechanism, etc. .
Lan Jianchuan, Vice President of Gao Xing Terrace, gave several specific examples from car information security, one is an unsafe ecologyinterfaceSome companies will implant their applications into the automotive system, which will cause server data being illegally queried and acquisition and remote intrusion; the second is unauthorized access to security vulnerabilities, resulting in disclosure of server data information; The third is that the system may exist, causing the vehicle entertainment system, T-Box and other easy attacks, information may be threatened; the fourth is an unsafe car communication vulnerability, causing communication data to be eavesdropped and leak, vehicle location It may also be deceived, interfered, driving safety; etc.
In addition, when the vehicle system firmware OTA is upgraded, it may also need to be safely isolated in some security vulnerabilities. At the same time, it is possible to face Trojan implantation, leading to the leakage of the owner's sensitive information.
With the intelligence of automobiles, the deepening of the network is deepened, and the automotive system is more and more complicated. There is a data display, and there may be a defect in 1000 codes, which will bring information security issues. The auto industry ecology is very large, the industrial chain is longer, but the current lack of unified information security standards, which leads to different industries, and also causing the division of information security responsibility.
Today, with the implementation of the Data Safety Law, I believe that in the field of automobile information security, it will gradually form a unified standard. For the entire industry, it will be significant.
Information encryption, safeguard data security
The presentation of the Data Security Law and the emergence of the advice of the automotive data security, providing a policy and standard reference for the market. But how do you want to do car information security, you need to make a corresponding solution.
Fan Junfeng said in the technical level, which can be divided into two dimensional operations of data security protection and data flow control, and password technology can be used in each link of data "collection, analysis, storage, transmission, query, utilization and deletion". to realise. For example, in a data collection, transfer, and storage, password technology can be encrypted and signed with all raw data to ensure confidentiality and integrity of the data.
In terms of analysis, query and utilization, you can use the full-state password, multi-party computing, federal learning, etc. "Data can be invisible". In addition, the state can also force data collection equipment, data storage devices, and data computing devices to use high security chips in line with my country, provide financial level security protection for data.
National Technology has been introduced, the whole system supports national secret and international cryptographic algorithms, equipped with various symmetrical algorithms, asymmetric algorithms, hash algorithms, can meet different password applications. Zhao Yongang refers to the national technology N32S032 safety chip is a domestic safety chip that is also available at the same time. A large number of applications.
In addition, national technology is universalMCUEquisical and security, while supporting national secrets and international cryptographic algorithms, you can play an important role in car user information and privacy protection such as data security protection, data relocation processing, and security control. At the same time, the national technology is planning to establish an IATF16949 automotive quality management system certification, and build an intelligent network of automotive information security quality assurance system.
The high-emerging investigation is a security solution on the data transmission channel. For example, through the vehicle front mounting group, the front-BOX and the vehicle, the platform is safeguard, and the road based on the road is also available. Collaborative Intelligent Network System Solution, in Man - Car - Road - Net - Platform Scenedata communicationHave its security.
However, Fan Junfeng mentioned that in addition to introducing a cryptographic algorithm and a password chip, a wide range of data generated by the smart network car, not only involving personal (owners, drivers, ride, pedestrians), also involved map, street view , Charging and other data that may affect the country and public interests, and you need to classify different data, and conduct risk analysis and safety design. There are also many technological innovations in this.
Through the chip, communication pipe, encryption algorithm to strengthen the safety protection of automotive information, so that relevant enterprises can better meet the "Data Safety Law" and Auto Data Safety Management Documentation Documents.
Unlike traditional communication products, the product is invaded by hackers, which will only lead to information disclosure, and the vehicle is controlled by hacker, which may pose a threat to the driver's life. On June 10, 2021, the "Data Safety Law of the People's Republic of China" (hereinafter referred to as data security law) was approved and will be implemented on September 1, 2021.
In addition to the "Data Safety Law", on May 12, the National Net Truna Office issued a disclosure of the "Several Regulations on Automobile Data Safety Management (Draft for Comment)", how to collect, how to collect, how to use, how to use Further standardize the use of car information.
At the same time, the United Nations has issued a regulation that has a significant impact on the entire industry. In the future, vehicle model certification can only be performed in the case of a vehicle manufacturer to obtain a network security management system (CSMS) certification.
"Data Security Law" provides security for the long-term development of the intelligent network
Why is it necessary to pay attention to the safety of car information, on the one hand, because the car information is related to the safety of the driver, on the other hand, there is still many vulnerabilities in the current smart car.
New Xinan CEO Fan Junfeng said in an interview with electronic enthusiasts, safe design and security from the perspective of information securitytestThere are many pain points in both ways. In terms of design, intelligent means that the integrated hardware and hard on a single car is more complicated, and the network link means a potential remote attack entrance. Both factors have brought new challenges to the whole vehicle information security design.
On the other hand, the traditional automobile safety assessment system focuses on functional safety, and thus information security test standards, the testing equipment is not perfect. Moreover, the iterative cycle of the smart network car becomes short, and the time and budget for the assessment laboratory have led to insufficient penetration test depth. Solving this problem requires the government to accelerate the construction of the relevant standard construction of the intelligent network car safety test, and promote information security assessment into a mandatory test.
Zhao Yonggang, Executive Director of National Technology Program Development, believes that due to the limitations of automotive electronic chip computing resources and security capabilities, car electronic equipment often lacks sufficient information security measures, and with more and more functions of the vehicle units, the code implemented Increase, potential code vulnerability is getting more and more prominent.
To solve this problem, you need to strengthen information security protection of the car system, strengthen the protection of vehicle operation, data security, user privacy, etc. based on data encryption technology, digital signature technology, etc., and its solutions such as password security mechanism, etc. .
Lan Jianchuan, Vice President of Gao Xing Terrace, gave several specific examples from car information security, one is an unsafe ecologyinterfaceSome companies will implant their applications into the automotive system, which will cause server data being illegally queried and acquisition and remote intrusion; the second is unauthorized access to security vulnerabilities, resulting in disclosure of server data information; The third is that the system may exist, causing the vehicle entertainment system, T-Box and other easy attacks, information may be threatened; the fourth is an unsafe car communication vulnerability, causing communication data to be eavesdropped and leak, vehicle location It may also be deceived, interfered, driving safety; etc.
In addition, when the vehicle system firmware OTA is upgraded, it may also need to be safely isolated in some security vulnerabilities. At the same time, it is possible to face Trojan implantation, leading to the leakage of the owner's sensitive information.
With the intelligence of automobiles, the deepening of the network is deepened, and the automotive system is more and more complicated. There is a data display, and there may be a defect in 1000 codes, which will bring information security issues. The auto industry ecology is very large, the industrial chain is longer, but the current lack of unified information security standards, which leads to different industries, and also causing the division of information security responsibility.
Today, with the implementation of the Data Safety Law, I believe that in the field of automobile information security, it will gradually form a unified standard. For the entire industry, it will be significant.
Information encryption, safeguard data security
The presentation of the Data Security Law and the emergence of the advice of the automotive data security, providing a policy and standard reference for the market. But how do you want to do car information security, you need to make a corresponding solution.
Fan Junfeng said in the technical level, which can be divided into two dimensional operations of data security protection and data flow control, and password technology can be used in each link of data "collection, analysis, storage, transmission, query, utilization and deletion". to realise. For example, in a data collection, transfer, and storage, password technology can be encrypted and signed with all raw data to ensure confidentiality and integrity of the data.
In terms of analysis, query and utilization, you can use the full-state password, multi-party computing, federal learning, etc. "Data can be invisible". In addition, the state can also force data collection equipment, data storage devices, and data computing devices to use high security chips in line with my country, provide financial level security protection for data.
National Technology has been introduced, the whole system supports national secret and international cryptographic algorithms, equipped with various symmetrical algorithms, asymmetric algorithms, hash algorithms, can meet different password applications. Zhao Yongang refers to the national technology N32S032 safety chip is a domestic safety chip that is also available at the same time. A large number of applications.
In addition, national technology is universalMCUEquisical and security, while supporting national secrets and international cryptographic algorithms, you can play an important role in car user information and privacy protection such as data security protection, data relocation processing, and security control. At the same time, the national technology is planning to establish an IATF16949 automotive quality management system certification, and build an intelligent network of automotive information security quality assurance system.
The high-emerging investigation is a security solution on the data transmission channel. For example, through the vehicle front mounting group, the front-BOX and the vehicle, the platform is safeguard, and the road based on the road is also available. Collaborative Intelligent Network System Solution, in Man - Car - Road - Net - Platform Scenedata communicationHave its security.
However, Fan Junfeng mentioned that in addition to introducing a cryptographic algorithm and a password chip, a wide range of data generated by the smart network car, not only involving personal (owners, drivers, ride, pedestrians), also involved map, street view , Charging and other data that may affect the country and public interests, and you need to classify different data, and conduct risk analysis and safety design. There are also many technological innovations in this.
Through the chip, communication pipe, encryption algorithm to strengthen the safety protection of automotive information, so that relevant enterprises can better meet the "Data Safety Law" and Auto Data Safety Management Documentation Documents.