Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed by and is under the jurisdiction of SAC/TC 268 National Technical Committee 268 on Intelligent Transport Systems of Standardization Administration of China.
Transportation - Information security specification
1 Scope
The Standard specifies the system architecture and general technical requirements of information security technology for transportation, including the general and special technical requirements for information security of user terminals, vehicle side units, infrastructure side units, computing centers, and network and communication basic components that constitute the transport information system.
The Standard is applicable to guiding the operators of transport information system to put forward specific information security standards, specifications, implementation guidelines, etc. according to the specific information security requirements of non-confidential systems, and can also be used to guide the planning, design, construction, operation and maintenance, evaluation, etc. of information security technology systems.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20839-2007 Intelligent transport systems - General terminology
GB/T 25069-2010 Information security technology - Glossary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 20839-2007 and GB/T 25069-2010 as well as the following apply. For the convenience of application, some terms and definitions in GB/T 20839-2007 and GB/T 25069-2010 are listed again.
3.1
transport information system
system composed of computers or other information terminals and relevant equipment and networks for collecting, storing, transmitting, exchanging and processing information according to certain rules and procedures in the field of transportation, which usually consists of terminals, vehicle side units, infrastructure side units, computing centers, networks and communications in whole or in part
?
3.2
information security
protecting and maintaining the confidentiality, integrity and availability of information, with authenticity, verifiability, non-repudiation and reliability includible
[GB/T 25069-2010, Definition 2.1.52]
3.3
operators of transport information system
owners, administrators and service providers of non-confidential information systems for transport
3.4
general user terminal for transport
general desktop terminal equipment and mobile intelligent terminal equipment used in transport business, including desktop computers, laptop computers, smart phones, tablet computers, etc.
3.5
special user terminal for transport
equipment used in transport business, which has specific functions and can realize man-machine interaction
3.6
infrastructure side unit
equipment or modules deployed on roadside and/or shore side in order to realize the function of transport information system, including communication equipment, information release equipment, condition monitoring equipment, environment monitoring equipment, etc.
3.7
vehicle side unit
device or communication module in transport equipment such as vehicles, ships and containers that communicates with infrastructure side units, terminals or computing centers
?
3.8
security element; SE
integrated circuit module with central processing unit, which is responsible for access permission, information authentication and encryption protection of general and special user terminals, vehicle side units and infrastructure side units
3.9
safety related application
applications for emergency collision and injury reduction, potential collision and injury reduction and prevention, emergency incident notification (such as emergency brake of front vehicle), etc. as well as those for emergency condition notification (such as accident, emergency vehicle, sudden environmental degradation notification)
3.10
driving aid application
applications for notification related to high-priority public security information from the infrastructure side unit to vehicle, emergency notification of safety-related road conditions such as traffic light cycle and sharp turn, and driving assistance messages such as automatic driving, roadside periodic broadcasting, positioning differential signals, traffic information broadcasting, etc.
3.11
value-added service application
applications for non-priority services such as online payment and recharge, personalized navigation services, driving route suggestions, and e-commerce
3.12
confidentiality
feature that prevents data from being leaked to or exploited by unauthorized individuals, entities or processes
[GB/T 25069-2010, Definition 2.1.1]
3.13
integrity
feature that data has not been altered or destroyed in an unauthorized manner
[GB/T 25069-2010, Definition 2.1.42]
3.14
availability
feature of data and resources that can be accessed and used by authorized entities upon request
[GB/T 25069-2010, Definition 2.1.20]
3.15
data freshness
feature of preventing the history data that has been successfully received from being received again, or the data that has exceeded the data reception time from being received, or the data that has exceeded the data validity range from being received
3.16
driving assistance
providing drivers with functions such as information service and support, and early warning and control intervention support in emergency using sensing detection, automatic control, communication and other technologies by virtue of intelligent detection of vehicle side unit and infrastructure side unit, vehicle-vehicle and vehicle-infrastructure side unit communication and other methods so as to improve drivers' travel safety and efficiency
[GB/T 20839-2007, Definition 7.2]
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
RFID: Radio Frequency Identification
T-BOX: Telematics BOX
TPMS: Tire Pressure Monitoring System
USB: Universal Serial Bus
VIN: Vehicle Identification Number
?
5 Architecture of information security technology for transportation
The architecture of information security technology for transportation consists of six parts, namely user terminal security, vehicle side unit security, infrastructure side unit security, computing center security, network and communication security, and security general technology, with security general technology being the common requirement for the other five parts.
The operators of transport information system shall ensure that their information systems meet the special security technical requirements of the five system components, namely the user terminal security, vehicle side unit security, infrastructure side unit security, computing center security, and network and communication security and the security general technical requirements.
When the technical requirements of network and communication security is adopted, reference shall be made to the security technical requirements of user terminal, vehicle side unit, infrastructure side unit, and computing center according to the characteristics of different transport information systems, and reasonable technical measures shall be taken to ensure the coordination and complementarity among the security protection mechanisms of various components of the transport information system and form longitudinal-depth protection capabilities. See Figure 1 for the transport information security system architecture.
Figure 1 Transport information security system architecture
6 General technical requirements for transport information system security
6.1 Identity authentication
The technical requirements for identity authentication include the following:
a) The logged-in user shall be subjected to identity identification and authentication; the identity identification of the user shall be unique and the identity authentication information shall be required to have certain complexity;
b) The user shall modify the initial password set by the system when logging in for the first time and change it regularly;
c) The combination of two or more authentication technologies should be adopted to carry out identity authentication for user, with one of the authentication technologies realized by using cryptographic technique;
d) Necessary measures shall be taken to avoid the transmission of authentication information in plaintext when remote management is carried out;
e) The function of login failure handling shall be provided, and necessary protection measures, such as session shutdown, limiting illegal login times and automatic exit in case of login connection timeout, shall be configured and enabled;
f) Authentication information reset or other technical measures shall be taken to ensure system security when the user identity authentication information is lost or invalid;
g) The users shall be required to register with their real names (based on name, ID number, VIN number, mobile phone number, etc.) in various transportation applications according to the principle of "using real-name at background and voluntary at the foreground", and the system shall verify the real names.
6.2 Access control
The technical requirements for access control include the following:
a) The function of access control shall be provided, with accounts and authorities assigned to logged-in users;
b) Default account shall be renamed or deleted and the default password of the default account shall be changed;
c) The redundant and expired account shall be deleted;
d) The minimum authority shall be granted to different accounts to complete their respective tasks, with a mutually restrictive relationship formed between them;
e) The access control policy shall be configured by authorized subject and the subject-to-object access rules shall be specified in the access control policy;
f) The granularity of access control shall be at the user level for the subject and at least at the file level for the object;
g) Security markings shall be set for sensitive information resources, and subjects' access to information resources with security markings shall be controlled.
6.3 Malicious code prevention
The technical requirements for malicious code prevention include the following:
a) It shall be able to detect and remove malicious codes such as viruses, worms and Trojans;
b) It shall be able to upgrade and update the malicious code prevention mechanism, and technical means shall be adopted for dedicated network and local area network of transport to upgrade the malicious code prevention mechanism timely.
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Architecture of information security technology for transportation
6 General technical requirements for transport information system security
7 Technical requirements for user terminal security
8 Technical requirements for vehicle side unit security
9 Technical requirements for infrastructure side unit security
10 Technical requirements for computing center security
11 Technical requirements for network and communication security
Bibliography
交通運輸 信息安全規范
1 范圍
本標準規定了交通運輸信息安全技術體系架構和通用技術要求,包括構成交通運輸信息系統的用戶終端、載運裝備單元、基礎設施單元、計算中心、網絡與通信各基本組成部分的信息安全通用和專項技術要求。
本標準適用于指導交通運輸信息系統運營者針對非涉密系統的特定信息安全需求提出具體的信息安全標準、規范、實施指南等,也可用于指導開展信息安全技術體系規劃、設計、建設、運維、評估等工作。
2 規范性引用文件
下列文件對于本文件的應用是必不可少的。凡是注日期的引用文件,僅注日期的版本適用于本文件。凡是不注日期的引用文件,其最新版本(包括所有的修改單)適用于本文件。
GB/T 20839—2007 智能運輸系統 通用術語
GB/T 25069—2010 信息安全技術 術語
3 術語和定義
GB/T 20839—2007和GB/T 25069—2010界定的以及下列術語和定義適用于本文件。為了便于使用,以下重復列出了GB/T 20839—2007和GB/T 25069—2010中的某些術語和定義。
3.1
交通運輸信息系統 transport information system
交通運輸領域由計算機或者其他信息終端及相關設備和網絡組成的按照一定的規則和程序對信息進行收集、存儲、傳輸、交換、處理的系統。通常由終端、載運裝備單元、基礎設施單元、計算中心、網絡和通信等全部或部分組成。
3.2
信息安全 information security
保護、維持信息的保密性、完整性和可用性,也可包括真實性、可核查性、抗抵賴性、可靠性等性質。
[GB/T 25069—2010,定義2.1.52]
3.3
交通運輸信息系統運營者 operators of transport information system
交通運輸非涉密信息系統的所有者、管理者和服務提供者。
3.4
交通運輸通用用戶終端 general user terminal for transport
在交通運輸業務中使用的通用桌面終端設備和移動智能終端設備,包括臺式機、筆記本電腦、智能手機、平板電腦等。
3.5
交通運輸專用用戶終端 special user terminal for transport
在交通運輸業務中使用的具備特定功能可實現人機交互操作的設備。
3.6
基礎設施單元 infrastructure side unit
為實現交通運輸信息系統功能,部署在路側、岸側的設備或模塊等,包括通信設備、信息發布設備、狀態監測設備、環境監測設備等。
3.7
載運裝備單元 vehicle side unit
車輛、船舶、集裝箱等交通運輸裝備中與基礎設施單元、終端或計算中心實現通信的裝置或通信模塊等。
3.8
安全單元 security element;SE
含有中央處理單元的集成電路模塊,負責通用和專用用戶終端、載運裝備單元和基礎設施單元的訪問許可、信息鑒別和加密保護等。
3.9
生命安全級應用 safety related application
緊急碰撞與傷害減弱,潛在碰撞與傷害減弱和防止,緊急事件通知(如前車急剎)等;緊急情況通知(如事故,急救車輛,突發性環境惡化通知)等應用。
3.10
行駛輔助級應用 driving aid application
基礎設施側單元向載運裝備通知的高優先級的公共安全信息相關通知;安全相關道路狀況緊急通知如紅綠燈周期、急轉彎等;行車輔助消息如自動駕駛、路側周期廣播、定位差分信號、交通信息播報等應用。
3.11
增值服務級應用 value-added service application
非優先類業務如在線支付充值、個性化導航服務、行車路線建議、電子商務等應用。
3.12
保密性 confidentiality
使數據不泄露給未授權的個人、實體、進程,或不被其利用的特性。
[GB/T 25069—2010,定義2.1.1]
3.13
完整性 integrity
數據沒有遭受以未授權方式所做的更改或破壞的特性。
[GB/T 25069—2010,定義2.1.42]
3.14
可用性 availability
已授權實體一旦需要就可訪問和使用的數據和資源的特性。
[GB/T 25069—2010,定義2.1.20]
3.15
數據新鮮性 data freshness
防止已成功接收的歷史數據再次被接收處理,或超出數據接收時間的數據被接收,或超出數據合法性范圍的數據被接收的特性。
3.16
輔助駕駛 driving assistance
利用傳感探測、自動控制、通信等技術,通過載運裝備單元和基礎設施單元的智能探測、載運裝備-載運裝備和載運裝備-基礎設施通信等方法,為駕駛員提供信息服務與支持、緊急情況下的預警和控制干預支持等功能,提高駕駛員出行安全和效率。
[GB/T 20839—2007,定義7.2]
4 縮略語
下列縮略語適用于本文件。
RFID:射頻識別(Radio Frequency Identification)
T-BOX:遠程信息處理器(Telematics BOX)
TPMS:輪胎壓力監測系統(Tire Pressure Monitoring System)
USB:通用串行總線(Universal Serial Bus)
VIN:車輛識別碼(Vehicle Identification Number)
5 交通運輸信息系統安全技術體系架構
交通運輸信息安全技術體系架構由用戶終端安全、載運裝備單元安全、基礎設施單元安全、計算中心安全、網絡和通信安全、安全通用技術六部分構成,安全通用技術是對其余五部分的共性要求。
交通運輸信息系統運營者應確保所運營的信息系統滿足用戶終端安全、載運裝備單元安全、基礎設施單元安全、計算中心安全、網絡和通信安全五個體系組成部分的專項安全技術要求,同時還要滿足安全通用技術要求。
采用網絡和通信安全技術要求時,應根據不同交通運輸信息系統的特征,參考用戶終端、載運裝備單元、基礎設施單元、計算中心的安全技術要求,采用合理的技術措施,確保交通運輸信息系統各組成部分安全防護機制之間的協調性和互補性,形成縱深防護能力。交通運輸信息安全體系架構見圖1。
交通運輸信息安全技術
安全通用技術
身份鑒別
安全審計
訪問控制
密碼應用
惡意代碼防范
用戶終端安全技術
設備和主機安全
應用軟件安全
數據安全
入侵防范
載運裝備單元安全技術
物理和環境安全
設備標識
基礎設施單元安全技術
屋里和環境安全
計算中心安全技術
云計算平臺安全
網絡和通信安全技術
物理與環境安全
集中管控
網絡架構安全
訪問控制
通信傳輸安全
入侵防范
邊界防護
圖1 交通運輸信息安全體系架構圖
6 交通運輸信息系統安全通用技術要求
6.1 身份鑒別
身份鑒別技術要求包括:
a) 應對登錄的用戶進行身份標識和鑒別,用戶的身份標識應具有唯一性,身份鑒別信息具有復雜度要求;
b) 用戶首次登錄時應修改系統設置的初始口令,并定期更換;
c) 宜采用兩種或兩種以上組合的鑒別技術對用戶進行身份鑒別,且其中一種鑒別技術應使用密碼技術來實現;
d) 當進行遠程管理時,應采取必要措施,避免鑒別信息明文傳輸;
e) 應具有登錄失敗處理功能,應配置并啟用結束會話、限制非法登錄次數和當登錄連接超時自動退出等相關必要的保護措施;
f) 用戶身份鑒別信息丟失或失效時,應采用鑒別信息重置或其他技術措施保證系統安全;
g) 按照“后臺實名、前臺自愿”的原則,要求用戶在各類交通運輸應用中進行實名身份(基于姓名、身份證號、VIN號、移動電話號碼等)注冊,系統應對實名情況進行校驗。
6.2 訪問控制
訪問控制技術要求包括:
a) 應提供訪問控制功能,對登錄的用戶分配賬號和權限;
b) 應重命名或刪除默認賬號,修改默認賬號的默認口令;
c) 應及時刪除多余的、過期的賬號;
d) 應授予不同賬號為完成各自承擔任務所需的最小權限,并在它們之間形成相互制約的關系;
e) 應由授權主體配置訪問控制策略,訪問控制策略規定主體對客體的訪問規則;
f) 訪問控制的粒度應達到主體為用戶級,客體至少為文件級;
g) 應對敏感信息資源設置安全標記,并控制主體對有安全標記信息資源的訪問。
6.3 惡意代碼防范
惡意代碼防范技術要求包括:
a) 應具備對病毒、蠕蟲、木馬等惡意代碼進行檢測和清除的能力;
b) 應具備維護惡意代碼防護機制的升級和更新的能力,交通運輸專網、局域網等應采取技術手段及時升級惡意代碼防護機制。
6.4 安全審計
安全審計技術要求包括:
a) 應對交通運輸信息系統中的關鍵節點進行安全審計,審計覆蓋到每個用戶,對重要的用戶行為和重要安全事件進行審計;
b) 審計記錄應包括事件的日期、時間、用戶、事件類型、事件是否成功及其他與審計相關的信息;
c) 應對審計記錄進行保護,定期備份,避免受到未預期的刪除、修改或覆蓋等;
d) 應確保審計記錄的留存時間符合法律法規要求,存儲時間不少于6個月;
e) 審計記錄產生時的時間應由系統范圍內唯一確定的時鐘產生,以確保審計分析的正確性;
f) 應對審計進程進行保護,防止未經授權的中斷。
6.5 密碼應用
密碼應用技術要求包括:
a) 交通運輸重要信息系統應采用交通運輸行業規劃的密鑰和數字證書;
b) 交通運輸重要信息系統采用密碼技術保證應用系統實現身份鑒別、訪問控制等安全功能,確保審計記錄、數據存儲和通信安全;
c) 應優先采用SM系列密碼算法;
d) 應采用經國家密碼主管部門認可的密碼產品;
e) 同時運行在互聯網和專網的信息系統,須使用密碼技術保證網絡系統實現安全訪問路徑、訪問控制、身份鑒別功能;
f) 應采用密碼技術保證主機設備、網絡設備實現身份鑒別、訪問控制、審計記錄、數據傳輸安全、數據存儲安全和程序安全;
g) 應采用密碼技術實現專用終端、載運裝備單元和基礎設施單元的接入認證。
7 用戶終端安全技術要求
7.1 設備和主機安全
設備和主機安全技術要求包括:
a) 專用用戶終端應具備與T作環境相適應的物理防護措施,具備必要的防擠壓、防水等能力;
b) 專用用戶終端的身份標識裝置應具備防物理拆卸、邏輯破壞和偽造等功能,發現標識異常時,應停止服務并發出和上傳警示信息;
c) 專用移動終端、卡證讀寫設備等應具有可尋址的唯一性標識,發起信息傳輸時應進行自身身份標識;
d) 應對專用用戶終端的啟用、維護、棄置等進行全生命周期管理;
e) 專用用戶終端在啟動前應進行安全檢測;
f) 專用用戶終端應拆除或封閉不必要的數據傳輸物理接口;
g) 對于能夠接入外部設備的專用用戶終端,應具有防惡意軟件和入侵防護能力,對臨時接入設備采取病毒查殺等安全預防措施。
7.2 應用軟件安全
應用軟件安全技術要求包括:
a) 應用軟件應經過信息系統運營者自身授權和安全評估,能夠支持實現載運裝備側設備和移動應用軟件安全防護需求(如密鑰管理、身份認證管理、遠程升級管理、安全監控、數據安全、惡意代碼防護等),形成載運裝備側、移動應用軟件和服務平臺的一體化防御體系;
b) 移動應用軟件在上線前,應經過安全檢測;
c) 移動應用軟件在啟動前,應具有安全檢測機制并提供版本更新功能;
d) 移動應用軟件在運行中,宜具有通信數字證書安全性校驗功能;
e) 移動專用用戶終端上的應用軟件應經過單位自身授權和專業評估單位的安全評估。
7.3 數據安全
數據安全技術要求包括:
a) 專用移動終端、卡證讀寫設備等應采用安全單元或者達到同樣安全等級的方式存儲密鑰和敏感信息;
b) 應具備定期備份關鍵業務數據的能力;
c) 經用戶同意或接納服務條款的,服務提供者可以采集、存儲、傳輸和使用用戶信息(包括載運裝備所有者與使用者,載運裝備基礎信息等)。
7.4 入侵防范
入侵防范技術要求包括:
a) 用戶終端應關閉不需要的系統服務、默認共享和高危端口;
b) 專用用戶終端操作系統應遵循最小安裝的原則,僅安裝需要的組件和應用程序。
