Shenzhen, 2021, March 8 / US News, the trend of development of the vehicle network industry, the construction of information security new order is unstoppable. For the entire vehicle networking industry, third-party testing certification bodies are essential for information security. Recently, as the pioneers and leaders of China’s third-party testing certification industry, Sun Shuangmin, president of CTi Hua Shi and Testing Certification Group Co., Ltd., and Sun Shuangmin, president of Metal Materials, received an interview with the “Import and Export Manager” magazine.
Sun Shuangmin CTI Hua Shi Testing Certification Group Co., Ltd. President of Automobile and Metal Materials Division 
As a mature field, the global automotive industry chain is amazing, and the vehicle network is used as an emerging industrial form, and it is inevitably ignorant from the long-term industry chain. On this chain, components equipment manufacturers, terminal equipment manufacturers, automotive manufacturers, software developers, system integrators, etc., jointly build traffic network information security “safe port”.
The development of new things is often more difficult, but the forward direction is always bright and frank. In this process, shaping a new order is an unavoidable major event, including many details such as standards and rules, and the vehicle network is in such a development process. About 10 security and its standards established related hot topics, CTi Hua Shi Test Certification Group Co., Ltd., Chen Shuangmin, president of the CTI, Metal Materials Division, received an interview with the reporter.
CTI-CTI, China Test: Building a bus network information security new order is unstoppable
[ 123] Emerging admissions shallow development horizontal
Huawei released “Car Road Integrated Intelligent Network System CSHY; V2X White Paper” divided the network development of the network into three phases. The first stage is a vehicle-based functional vehicle information service phase, that is, the 2G / 3G / 4G era has a basic networking capacity vehicle. The second phase is the intelligent network service phase, that is, the stage we are currently located. ThisThe phase of “new four-generation” (electricity, interconnection, sharing, intelligent) of the automotive industry is achieved by CSHY; V2X technology, with the continuous breakthrough of lteeshy; V2X technology, is expected to implement the L3 / L4 level automatic driving . The third stage is the intelligent travel service phase, and the road collaboration has been widely used in smart transportation and advanced automatic driving, achieving wisdom travel, reaching people – SHY; car Shy; – Life Unity.
“It is to be noted that these three phases do not necessarily evolve, but may be advanced in parallel.” Sun Shuangmin said.
It should be said that the development of the car industry has a clear main line. Under the new technology blessings, the vehicle network industry has steadily forward, the development of the driving force is continuously aggregated, and the intelligent network service stage has to go. Distance. However, the global car network industry also encounters a lot of stumbling blocks in the development process, such as industry standards and uniform, related car network information security, etc.
Sun Shuangmin explained: “As a highly international division of labor, it is difficult for the future global car network technology standards, because the network involves many information exchange standards, such as car terminals, network communication, systems, The standards such as the various levels of the application, and standardization is the basis for promoting a healthy development of industrial. Different models will produce different application systems, and each system lacks a unified reference platform and interface, which will cause system incompatibility and resource waste, and information on each other. Can not be shared. “
About the security of the network information, although the laws and regulations related to service platform, network communication, data security and privacy protection, industry standards are still established, perfect, but with automated intelligence And the level of networking is increasing, and the vehicle will face more and more information security threats while bringing more convenience to life.
In the view of Sun Shuangmin, China’s car network market is still facing difficulties such as industrial chain imperfect, business model is unclear, lack of technical system support. “Despite the domestic anti-lock brake system, electronic power distribution system, electronic stabilization procedures, etc. Automotive electronic safety technology is gradually improved, but automotive electronics-related frontier core technical patents are basically in the hands of foreign companies, such as engine management systems, body Manage system, automatic anti-collision system, etc., let alone core chip technology. “He said.
CTI-CTI, China Test: Building a network information security new order is unstoppable
Ternet Information security risks three major factors
From the current market situation, information security vulnerability is undoubtedly a big hidden danger on the car manufacturer, consumers, etc.. Focus. 
From the industrial chain, the car is collected by a perceived layer, handling various data, demand, and reflects the information interaction with other cars, roads, people, and networks through the transport layer, and reflects all kinds of application services. The information security risks existing include multiple aspects, including the license network service platform, network communication, data security, and privacy protection. Sun Shuangmin has arisening these risks to three major aspects.
First, the lane service platform security threat. The car service platform is generally based on cloud computing technology, and it is also easy to introduce cloud computing itself into platform, such as operating system vulnerability threats, virtual resource scheduling issues, SOL injection vulnerabilities, password security issues, etc.
“On the Ternet TSP (full business support platform), security vulnerabilities may come from the defects or errors when encoding the software system design, or may come from the design defects or logic of the service in the interaction process. There are unreasonable problems on the process, these defects, errors or unreasonable things may be intentionally unintentionally utilized, thereby adversely affecting the operation of the entire car network. “Sun Shuangmin told reporters.
Second, the vehicle network communication security threat. Car Shy; Yunxin Information occupied an important position in the vehicle network security, and became the main link of the attack by the vehicle, and the main threats faced, such as middleman attacks. The attacker hijaches TSHY; BOX (Car Intelligent Interconnection Terminal) session, monitors communication data by pseudo-base station, DNS (domain name system). With a wide range of wireless communication technologies and interfaces, the vehicle nodes need to deploy multiple wireless interfaces, realize the connection of various networks such as WiFi, Bluetooth, Letshy; V2X, short-range communication protocols are cracked and the authentication mechanism is crackdown. It has become the current main threat.
Third, data security and privacy threat. The data in the car network is derived from the user, ECU (electronic control unit), sensor, information entertainment system third-party application and car network service platform, data species including user identity information, car operation status, user driving habits, geographic location information, Users pay attention to sensitive information such as content. The net related data is mainly stored on the intelligent network car and the car service platform. Due to the uniform security requirements of the data collection, transmission, storage, etc., the data may be stolen by the access control, improper data storage.
There is no doubt that China’s intelligent network automotive industry has entered the development of “fast lanes”. The industrial scale is expanding, and the technological innovation is more active, and new application is booming. This background accelerates the pace of information security standards.
According to Sun Shuangmin, the current China’s car network information security standard is basically recommended. National organization industry experts participate in ISO / TC22 / SC32 / WG11 (ISO / SAE Information Security Joint Working Group) Work Conference, actively participate in international automotive information security standards; support China Xinxint Institute and other units actively promote international transformation of domestic standard results, Promote “V2X Communication Data Security Requirements” international standards successfully in the International Telecommunications Union (iTushy; T). There is an enhanced mandatory standard that is “National Six” rearrangement standard (GB17691-2018), and the other for the anti-theft is in the pre-research phase.
In June 2018, the Ministry of Industry and Information Technology issued the National Standardization Management Committee issued the “National Terminal Industry Standard System Construction Guide (Intelligent Network Auto)” series documents, and released 2018, 2019 ” Intelligent Net Cars Standardization Work Points “, the focus of network and information security as standard development.
In addition, there is a Unece R155 regulation published by the United Nations Economic Commission in the United Nations Economic Commission, but the effective time of countries is inconsistent.
“The automotive industry is highly differentiated, specific implementation technical programs, architectures, etc., but standard requirements for information security for the car network will be consistent, including the automotive industry information security management system Construction, risk assessment, product design, openSend, test, operation and maintenance, etc. “Sun Shuangmin will summarize this as” the external performance form of the traffic network information will be a variety of, but the core of its abstract level is consistent “
Take the safety of the traffic network information
[ 123] Intelligent Net Cars combine the Physical World with the virtual world, bringing a better experience to users. Today, the intelligent network car has become the strategic direction of the development of the automotive industry. But with the car’s intelligent network The security threats faced, and even objectively hinders the transformation of traditional vehicles to intelligent networks. In the case of cybersecurity, the threat of smart network vehicles may It is catastrophic. Automobile network safety has become an important basis for guiding the development of the automotive industry.
Sun Shuangmin said that the CTI Hua Shi Test Certification Group as a leader in China’s third-party testing certification industry, currently from 3 Aspect, help the vehicle network industry chain participant to circumvent information security risks, plus the steady development of China’s car network industry.
First, weerately understand the relevant policies and standards of the car network at home and abroad. Main laws and regulations and policies According to the “National People’s Republic of China Standardization Law” “Regulations on Road Traffic Safety Law of the People’s Republic of China” “Regulations on Road Traffic Safety Law” “Regulations on Road Traffic Safety Law” “Traffic Management Regulations” “Intelligent Network Auto Road Test Management Specification (Trial)” “Guide” (General Requirements) (Overseas Requirements) of the National Terminal Industry Standard System. Secondly, from the detection level to form a complete test ability of the vehicle network and Providing the strength of the solution, in the early days of consulting services, the relevant enterprises have deeply interpreted industry standards and test requirements, providing the integration from the laboratory, testing the simulation full-strand service. For both the same, there are differences The car network, the Internet of Things and mobile office, CTI Hua Shi Testing Certification Group has the ability to make overall considerations in the overall system research, development, deployment, testing, etc., segmentation, according to scientific, effective, saving, sustainable development The idea to build a security system for customers.
Sun Shuangmin said that the car network PKI (public key infrastructure) solution usually builds “issuance (people, cars, things) – safe pass – usefulThe overall safety framework of trusted verification, activation), and then builds a digital certificate authentication system, a security service platform, TSP cloud platform, and more, and standards for the construction of digital certificate certification system, TSP cloud platform, and the standards. In order to provide a full range of management design, the safety management system and standard supporting construction will be provided in accordance with the project requirements, providing management support for future host factory background business.
Finally, from the authentication level In-depth cooperation with the relevant national relevant medical departments and testing institutions, providing customers from the relevant information security fields of the Internet access to all-round, full procedures for all stages of the product. CTi China Test Certification Group to build digital certificate certification The system and application security service platform is the construction target. Among them, the digital certificate authentication system provides digital certificate services for the license network, including certificate issuance, certificate management, status online query, CRL download, and the application security service platform contains the security authentication gateway and Signment inspection server, can provide security support services for cloud applications, including signature inspection, secure authentication, channel encryption, etc.
There is no doubt, for the entire car network industry The third-party testing certification body is essential as information security. In this habitual development of this train network industry, the construction of information security is unstoppable.