Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed by and is under the jurisdiction of SAC/TC 268 National Technical Committee 268 on Intelligent Transport Systems of Standardization Administration of China.
Transportation - Information security specification
1 Scope
The Standard specifies the system architecture and general technical requirements of information security technology for transportation, including the general and special technical requirements for information security of user terminals, vehicle side units, infrastructure side units, computing centers, and network and communication basic components that constitute the transport information system.
The Standard is applicable to guiding the operators of transport information system to put forward specific information security standards, specifications, implementation guidelines, etc. according to the specific information security requirements of non-confidential systems, and can also be used to guide the planning, design, construction, operation and maintenance, evaluation, etc. of information security technology systems.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20839-2007 Intelligent transport systems - General terminology
GB/T 25069-2010 Information security technology - Glossary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 20839-2007 and GB/T 25069-2010 as well as the following apply. For the convenience of application, some terms and definitions in GB/T 20839-2007 and GB/T 25069-2010 are listed again.
3.1
transport information system
system composed of computers or other information terminals and relevant equipment and networks for collecting, storing, transmitting, exchanging and processing information according to certain rules and procedures in the field of transportation, which usually consists of terminals, vehicle side units, infrastructure side units, computing centers, networks and communications in whole or in part
3.2
information security
protecting and maintaining the confidentiality, integrity and availability of information, with authenticity, verifiability, non-repudiation and reliability includible
[GB/T 25069-2010, Definition 2.1.52]
3.3
operators of transport information system
owners, administrators and service providers of non-confidential information systems for transport
3.4
general user terminal for transport
general desktop terminal equipment and mobile intelligent terminal equipment used in transport business, including desktop computers, laptop computers, smart phones, tablet computers, etc.
3.5
special user terminal for transport
equipment used in transport business, which has specific functions and can realize man-machine interaction
3.6
infrastructure side unit
equipment or modules deployed on roadside and/or shore side in order to realize the function of transport information system, including communication equipment, information release equipment, condition monitoring equipment, environment monitoring equipment, etc.
3.7
vehicle side unit
device or communication module in transport equipment such as vehicles, ships and containers that communicates with infrastructure side units, terminals or computing centers
3.8
security element; SE
integrated circuit module with central processing unit, which is responsible for access permission, information authentication and encryption protection of general and special user terminals, vehicle side units and infrastructure side units
3.9
safety related application
applications for emergency collision and injury reduction, potential collision and injury reduction and prevention, emergency incident notification (such as emergency brake of front vehicle), etc. as well as those for emergency condition notification (such as accident, emergency vehicle, sudden environmental degradation notification)
3.10
driving aid application
applications for notification related to high-priority public security information from the infrastructure side unit to vehicle, emergency notification of safety-related road conditions such as traffic light cycle and sharp turn, and driving assistance messages such as automatic driving, roadside periodic broadcasting, positioning differential signals, traffic information broadcasting, etc.
3.11
value-added service application
applications for non-priority services such as online payment and recharge, personalized navigation services, driving route suggestions, and e-commerce
3.12
confidentiality
feature that prevents data from being leaked to or exploited by unauthorized individuals, entities or processes
[GB/T 25069-2010, Definition 2.1.1]
3.13
integrity
feature that data has not been altered or destroyed in an unauthorized manner
[GB/T 25069-2010, Definition 2.1.42]
3.14
availability
feature of data and resources that can be accessed and used by authorized entities upon request
[GB/T 25069-2010, Definition 2.1.20]
3.15
data freshness
feature of preventing the history data that has been successfully received from being received again, or the data that has exceeded the data reception time from being received, or the data that has exceeded the data validity range from being received
3.16
driving assistance
providing drivers with functions such as information service and support, and early warning and control intervention support in emergency using sensing detection, automatic control, communication and other technologies by virtue of intelligent detection of vehicle side unit and infrastructure side unit, vehicle-vehicle and vehicle-infrastructure side unit communication and other methods so as to improve drivers' travel safety and efficiency
[GB/T 20839-2007, Definition 7.2]
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
RFID: Radio Frequency Identification
T-BOX: Telematics BOX
TPMS: Tire Pressure Monitoring System
USB: Universal Serial Bus
VIN: Vehicle Identification Number
5 Architecture of information security technology for transportation
The architecture of information security technology for transportation consists of six parts, namely user terminal security, vehicle side unit security, infrastructure side unit security, computing center security, network and communication security, and security general technology, with security general technology being the common requirement for the other five parts.
The operators of transport information system shall ensure that their information systems meet the special security technical requirements of the five system components, namely the user terminal security, vehicle side unit security, infrastructure side unit security, computing center security, and network and communication security and the security general technical requirements.
When the technical requirements of network and communication security is adopted, reference shall be made to the security technical requirements of user terminal, vehicle side unit, infrastructure side unit, and computing center according to the characteristics of different transport information systems, and reasonable technical measures shall be taken to ensure the coordination and complementarity among the security protection mechanisms of various components of the transport information system and form longitudinal-depth protection capabilities. See Figure 1 for the transport information security system architecture.
Figure 1 Transport information security system architecture
6 General technical requirements for transport information system security
6.1 Identity authentication
The technical requirements for identity authentication include the following:
a) The logged-in user shall be subjected to identity identification and authentication; the identity identification of the user shall be unique and the identity authentication information shall be required to have certain complexity;
b) The user shall modify the initial password set by the system when logging in for the first time and change it regularly;
c) The combination of two or more authentication technologies should be adopted to carry out identity authentication for user, with one of the authentication technologies realized by using cryptographic technique;
d) Necessary measures shall be taken to avoid the transmission of authentication information in plaintext when remote management is carried out;
e) The function of login failure handling shall be provided, and necessary protection measures, such as session shutdown, limiting illegal login times and automatic exit in case of login connection timeout, shall be configured and enabled;
f) Authentication information reset or other technical measures shall be taken to ensure system security when the user identity authentication information is lost or invalid;
g) The users shall be required to register with their real names (based on name, ID number, VIN number, mobile phone number, etc.) in various transportation applications according to the principle of "using real-name at background and voluntary at the foreground", and the system shall verify the real names.
6.2 Access control
The technical requirements for access control include the following:
a) The function of access control shall be provided, with accounts and authorities assigned to logged-in users;
b) Default account shall be renamed or deleted and the default password of the default account shall be changed;
c) The redundant and expired account shall be deleted;
d) The minimum authority shall be granted to different accounts to complete their respective tasks, with a mutually restrictive relationship formed between them;
e) The access control policy shall be configured by authorized subject and the subject-to-object access rules shall be specified in the access control policy;
f) The granularity of access control shall be at the user level for the subject and at least at the file level for the object;
g) Security markings shall be set for sensitive information resources, and subjects' access to information resources with security markings shall be controlled.
6.3 Malicious code prevention
The technical requirements for malicious code prevention include the following:
a) It shall be able to detect and remove malicious codes such as viruses, worms and Trojans;
b) It shall be able to upgrade and update the malicious code prevention mechanism, and technical means shall be adopted for dedicated network and local area network of transport to upgrade the malicious code prevention mechanism timely.
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Architecture of information security technology for transportation
6 General technical requirements for transport information system security
7 Technical requirements for user terminal security
8 Technical requirements for vehicle side unit security
9 Technical requirements for infrastructure side unit security
10 Technical requirements for computing center security
11 Technical requirements for network and communication security
Bibliography
交通运输 信息安全规范
1 范围
本标准规定了交通运输信息安全技术体系架构和通用技术要求,包括构成交通运输信息系统的用户终端、载运装备单元、基础设施单元、计算中心、网络与通信各基本组成部分的信息安全通用和专项技术要求。
本标准适用于指导交通运输信息系统运营者针对非涉密系统的特定信息安全需求提出具体的信息安全标准、规范、实施指南等,也可用于指导开展信息安全技术体系规划、设计、建设、运维、评估等工作。
2 规范性引用文件
下列文件对于本文件的应用是必不可少的。凡是注日期的引用文件,仅注日期的版本适用于本文件。凡是不注日期的引用文件,其最新版本(包括所有的修改单)适用于本文件。
GB/T 20839—2007 智能运输系统 通用术语
GB/T 25069—2010 信息安全技术 术语
3 术语和定义
GB/T 20839—2007和GB/T 25069—2010界定的以及下列术语和定义适用于本文件。为了便于使用,以下重复列出了GB/T 20839—2007和GB/T 25069—2010中的某些术语和定义。
3.1
交通运输信息系统 transport information system
交通运输领域由计算机或者其他信息终端及相关设备和网络组成的按照一定的规则和程序对信息进行收集、存储、传输、交换、处理的系统。通常由终端、载运装备单元、基础设施单元、计算中心、网络和通信等全部或部分组成。
3.2
信息安全 information security
保护、维持信息的保密性、完整性和可用性,也可包括真实性、可核查性、抗抵赖性、可靠性等性质。
[GB/T 25069—2010,定义2.1.52]
3.3
交通运输信息系统运营者 operators of transport information system
交通运输非涉密信息系统的所有者、管理者和服务提供者。
3.4
交通运输通用用户终端 general user terminal for transport
在交通运输业务中使用的通用桌面终端设备和移动智能终端设备,包括台式机、笔记本电脑、智能手机、平板电脑等。
3.5
交通运输专用用户终端 special user terminal for transport
在交通运输业务中使用的具备特定功能可实现人机交互操作的设备。
3.6
基础设施单元 infrastructure side unit
为实现交通运输信息系统功能,部署在路侧、岸侧的设备或模块等,包括通信设备、信息发布设备、状态监测设备、环境监测设备等。
3.7
载运装备单元 vehicle side unit
车辆、船舶、集装箱等交通运输装备中与基础设施单元、终端或计算中心实现通信的装置或通信模块等。
3.8
安全单元 security element;SE
含有中央处理单元的集成电路模块,负责通用和专用用户终端、载运装备单元和基础设施单元的访问许可、信息鉴别和加密保护等。
3.9
生命安全级应用 safety related application
紧急碰撞与伤害减弱,潜在碰撞与伤害减弱和防止,紧急事件通知(如前车急刹)等;紧急情况通知(如事故,急救车辆,突发性环境恶化通知)等应用。
3.10
行驶辅助级应用 driving aid application
基础设施侧单元向载运装备通知的高优先级的公共安全信息相关通知;安全相关道路状况紧急通知如红绿灯周期、急转弯等;行车辅助消息如自动驾驶、路侧周期广播、定位差分信号、交通信息播报等应用。
3.11
增值服务级应用 value-added service application
非优先类业务如在线支付充值、个性化导航服务、行车路线建议、电子商务等应用。
3.12
保密性 confidentiality
使数据不泄露给未授权的个人、实体、进程,或不被其利用的特性。
[GB/T 25069—2010,定义2.1.1]
3.13
完整性 integrity
数据没有遭受以未授权方式所做的更改或破坏的特性。
[GB/T 25069—2010,定义2.1.42]
3.14
可用性 availability
已授权实体一旦需要就可访问和使用的数据和资源的特性。
[GB/T 25069—2010,定义2.1.20]
3.15
数据新鲜性 data freshness
防止已成功接收的历史数据再次被接收处理,或超出数据接收时间的数据被接收,或超出数据合法性范围的数据被接收的特性。
3.16
辅助驾驶 driving assistance
利用传感探测、自动控制、通信等技术,通过载运装备单元和基础设施单元的智能探测、载运装备-载运装备和载运装备-基础设施通信等方法,为驾驶员提供信息服务与支持、紧急情况下的预警和控制干预支持等功能,提高驾驶员出行安全和效率。
[GB/T 20839—2007,定义7.2]
4 缩略语
下列缩略语适用于本文件。
RFID:射频识别(Radio Frequency Identification)
T-BOX:远程信息处理器(Telematics BOX)
TPMS:轮胎压力监测系统(Tire Pressure Monitoring System)
USB:通用串行总线(Universal Serial Bus)
VIN:车辆识别码(Vehicle Identification Number)
5 交通运输信息系统安全技术体系架构
交通运输信息安全技术体系架构由用户终端安全、载运装备单元安全、基础设施单元安全、计算中心安全、网络和通信安全、安全通用技术六部分构成,安全通用技术是对其余五部分的共性要求。
交通运输信息系统运营者应确保所运营的信息系统满足用户终端安全、载运装备单元安全、基础设施单元安全、计算中心安全、网络和通信安全五个体系组成部分的专项安全技术要求,同时还要满足安全通用技术要求。
采用网络和通信安全技术要求时,应根据不同交通运输信息系统的特征,参考用户终端、载运装备单元、基础设施单元、计算中心的安全技术要求,采用合理的技术措施,确保交通运输信息系统各组成部分安全防护机制之间的协调性和互补性,形成纵深防护能力。交通运输信息安全体系架构见图1。
交通运输信息安全技术
安全通用技术
身份鉴别
安全审计
访问控制
密码应用
恶意代码防范
用户终端安全技术
设备和主机安全
应用软件安全
数据安全
入侵防范
载运装备单元安全技术
物理和环境安全
设备标识
基础设施单元安全技术
屋里和环境安全
计算中心安全技术
云计算平台安全
网络和通信安全技术
物理与环境安全
集中管控
网络架构安全
访问控制
通信传输安全
入侵防范
边界防护
图1 交通运输信息安全体系架构图
6 交通运输信息系统安全通用技术要求
6.1 身份鉴别
身份鉴别技术要求包括:
a) 应对登录的用户进行身份标识和鉴别,用户的身份标识应具有唯一性,身份鉴别信息具有复杂度要求;
b) 用户首次登录时应修改系统设置的初始口令,并定期更换;
c) 宜采用两种或两种以上组合的鉴别技术对用户进行身份鉴别,且其中一种鉴别技术应使用密码技术来实现;
d) 当进行远程管理时,应采取必要措施,避免鉴别信息明文传输;
e) 应具有登录失败处理功能,应配置并启用结束会话、限制非法登录次数和当登录连接超时自动退出等相关必要的保护措施;
f) 用户身份鉴别信息丢失或失效时,应采用鉴别信息重置或其他技术措施保证系统安全;
g) 按照“后台实名、前台自愿”的原则,要求用户在各类交通运输应用中进行实名身份(基于姓名、身份证号、VIN号、移动电话号码等)注册,系统应对实名情况进行校验。
6.2 访问控制
访问控制技术要求包括:
a) 应提供访问控制功能,对登录的用户分配账号和权限;
b) 应重命名或删除默认账号,修改默认账号的默认口令;
c) 应及时删除多余的、过期的账号;
d) 应授予不同账号为完成各自承担任务所需的最小权限,并在它们之间形成相互制约的关系;
e) 应由授权主体配置访问控制策略,访问控制策略规定主体对客体的访问规则;
f) 访问控制的粒度应达到主体为用户级,客体至少为文件级;
g) 应对敏感信息资源设置安全标记,并控制主体对有安全标记信息资源的访问。
6.3 恶意代码防范
恶意代码防范技术要求包括:
a) 应具备对病毒、蠕虫、木马等恶意代码进行检测和清除的能力;
b) 应具备维护恶意代码防护机制的升级和更新的能力,交通运输专网、局域网等应采取技术手段及时升级恶意代码防护机制。
6.4 安全审计
安全审计技术要求包括:
a) 应对交通运输信息系统中的关键节点进行安全审计,审计覆盖到每个用户,对重要的用户行为和重要安全事件进行审计;
b) 审计记录应包括事件的日期、时间、用户、事件类型、事件是否成功及其他与审计相关的信息;
c) 应对审计记录进行保护,定期备份,避免受到未预期的删除、修改或覆盖等;
d) 应确保审计记录的留存时间符合法律法规要求,存储时间不少于6个月;
e) 审计记录产生时的时间应由系统范围内唯一确定的时钟产生,以确保审计分析的正确性;
f) 应对审计进程进行保护,防止未经授权的中断。
6.5 密码应用
密码应用技术要求包括:
a) 交通运输重要信息系统应采用交通运输行业规划的密钥和数字证书;
b) 交通运输重要信息系统采用密码技术保证应用系统实现身份鉴别、访问控制等安全功能,确保审计记录、数据存储和通信安全;
c) 应优先采用SM系列密码算法;
d) 应采用经国家密码主管部门认可的密码产品;
e) 同时运行在互联网和专网的信息系统,须使用密码技术保证网络系统实现安全访问路径、访问控制、身份鉴别功能;
f) 应采用密码技术保证主机设备、网络设备实现身份鉴别、访问控制、审计记录、数据传输安全、数据存储安全和程序安全;
g) 应采用密码技术实现专用终端、载运装备单元和基础设施单元的接入认证。
7 用户终端安全技术要求
7.1 设备和主机安全
设备和主机安全技术要求包括:
a) 专用用户终端应具备与T作环境相适应的物理防护措施,具备必要的防挤压、防水等能力;
b) 专用用户终端的身份标识装置应具备防物理拆卸、逻辑破坏和伪造等功能,发现标识异常时,应停止服务并发出和上传警示信息;
c) 专用移动终端、卡证读写设备等应具有可寻址的唯一性标识,发起信息传输时应进行自身身份标识;
d) 应对专用用户终端的启用、维护、弃置等进行全生命周期管理;
e) 专用用户终端在启动前应进行安全检测;
f) 专用用户终端应拆除或封闭不必要的数据传输物理接口;
g) 对于能够接入外部设备的专用用户终端,应具有防恶意软件和入侵防护能力,对临时接入设备采取病毒查杀等安全预防措施。
7.2 应用软件安全
应用软件安全技术要求包括:
a) 应用软件应经过信息系统运营者自身授权和安全评估,能够支持实现载运装备侧设备和移动应用软件安全防护需求(如密钥管理、身份认证管理、远程升级管理、安全监控、数据安全、恶意代码防护等),形成载运装备侧、移动应用软件和服务平台的一体化防御体系;
b) 移动应用软件在上线前,应经过安全检测;
c) 移动应用软件在启动前,应具有安全检测机制并提供版本更新功能;
d) 移动应用软件在运行中,宜具有通信数字证书安全性校验功能;
e) 移动专用用户终端上的应用软件应经过单位自身授权和专业评估单位的安全评估。
7.3 数据安全
数据安全技术要求包括:
a) 专用移动终端、卡证读写设备等应采用安全单元或者达到同样安全等级的方式存储密钥和敏感信息;
b) 应具备定期备份关键业务数据的能力;
c) 经用户同意或接纳服务条款的,服务提供者可以采集、存储、传输和使用用户信息(包括载运装备所有者与使用者,载运装备基础信息等)。
7.4 入侵防范
入侵防范技术要求包括:
a) 用户终端应关闭不需要的系统服务、默认共享和高危端口;
b) 专用用户终端操作系统应遵循最小安装的原则,仅安装需要的组件和应用程序。
