On June 27,2024, the third China Automobile networking Safety Conference 2024, hosted by Galaxy Automotive, was successfully concluded in Shanghai.
In recent years, automobile network data security incidents emerge one after another.
According to public data, as of August 2023, there were more than 3700 safety loopholes in smart cars, involving more than 1000 models, of which the repetition rate of high-frequency vulnerabilities reached 70%.
The installation of intelligent network connection system not only means a larger proportion of on-board software, but also brings a denser sensor interface.
Intelligent vehicle has become a key part of data collection, transmission and processing.
Vehicle information and data security is facing new challenges.
Physical defense against “magic” attacks, car companies how to give users privacy “insurance”, create a reliable automobile information security protection system, build from chips, firmware, basic software, applications to the whole vehicle network environment oriented to electronic and electrical architecture, it still requires the concerted efforts of the vehicle network security ecosystem.
In this context, the third China vehicle networking Security Conference focuses on the development and operation of vehicle networking security, network security penetration testing, security chips, data security protection and other topics.
Special thanks are given to Victor, Ziguang Tongxin, Ansys, Yitchi, Yimai Communications, Koloda, Zhiyuan Electronics, Tongxing Intelligence, Oriental Chinese Science, Zhisheng Software Technology, Fupi Software, Zhinan Technology and AVIC Chuangzhi 13 ecological partners for their strong support.
The organizers welcome the speech & A brief analysis of China’s passenger car market.
Under the background of the accelerated reshuffle of China’s automobile industry and the continuous acceleration of electrification development, intelligent development determines the reputation and user experience of cars.
Whether the interaction is smooth, whether privacy can be effectively protected, whether intelligent cars will have loopholes and other key issues in the market.
In addition, the fierce competition makes enterprises face many challenges, and multi-dimensions need to be considered on the basis of making good products.
Zhou Xiaoying, CEO of Galaxy Automobile, said that while competition intensifies, the market also brings many opportunities to the industry, which is expected to create a new era.
The industry is becoming more and more tolerant and applied to new technologies, constantly exploring new functions, looking for new selling points, and improving user experience, which promotes the development of the automobile industry faster and faster.
, Zhou Xiaoying | Global Automotive CEO, DevSecOps best practices for intelligent vehicle networking security development and operation.
Shao Jiangning, senior director of global network security for Lailai Automotive, introduces that security development and operation runs through the Weilai Automotive Technology self-Research Technology Station, including several major parts in intelligent cars, such as smart cars, intelligent cockpits, smart energy, and so on.
The concept of safe development is systematically adopted in vehicle global operating system, vehicle engineering, chip, battery, intelligent manufacturing and so on.
Shao Jiangning said that through the practice of safety management, safety development, operation and maintenance, Lai Automobile hopes to establish a strong safety integration leading organization.
to establish a mature network security management system.
to create a full life cycle for network security development.
to build an end-to-end network security protection system to create a solid foundation security base.
to form full-time and global security operation monitoring to ensure rapid response to threats.
Carry out practical emergency drills, enhance the ability of dynamic attack and defense, and establish a management system of internal control and personnel safety.
, Shao Jiangning | Senior Director of Global Network Security of Lulai Automobile, one-stop solution for automotive network security penetration testing.
Network security testing involves the whole process from the early stage of code design to the back end.
The code scanning and authentication of network security need to be carried out in the early stage, and potential vulnerabilities may occur due to the introduction of non-standard design code in the process of designing code.
This requires the identification of potential threats and vulnerabilities through appropriate tools.
Sun Sidao, a consultant of Victor Automotive Technology (Shanghai) Co., Ltd., said that the network security testing method involves many aspects, such as static code scanning, unit testing, system testing, fuzzy testing and side channel testing, etc.
different testing methods focus on different points and need to be analyzed for specific problems.
, Sun Sling | consultant of Victor Automotive Technology (Shanghai) Co., Ltd., application of trusted architecture of automotive safety chip in vehicle networking, Lan Ruifen, product manager of automotive safety chip of Ziguang Tongxin Microelectronics Co., Ltd., trusted architecture is actually the environment of Java Card+GP, which was applied in the financial field as early as 2010, and then extended to the entire field of security application.
Lan Ruifen said that because the security chip is used under the security architecture, the trusted architecture has a certain particularity, and the security must be based on the interaction between the two entities.
therefore, security issues must be taken into account in the process of application upgrade and firmware upgrade.
Lan Ruifen | Automotive Safety Chip Product Manager of Ziguang Tongxin Microelectronics Co., Ltd., corporate data security protection (forensics and identification of commercial secret cases), there are some differences between trade secret identification and traditional judicial identification.
Guan Linyu, associate researcher of the third Research Institute of the Ministry of Public Security.
Traditional judicial expertise is mainly divided into four categories: forensic medicine, material evidence, audio-visual materials and recorded images, among which intellectual property rights are not included at present.
The difficulty of trade secret identification lies in the extraction of technical points, many people do not know how to write when reporting a case, and there are many difficulties in the identification process due to the lack of corresponding standards.
Guan Linyu said that in recent years, on the basis of practice, the Ministry of Public Security has formulated relevant standards, involving non-public identification standards for technical information in the field of computers and communications, and cooperated with the Financial Corps of Shanghai Public Security Bureau to determine the method description of the key points of technical information technology in reporting cases.
Guan Linyu | Associate researcher of the third Research Institute of the Ministry of Public Security, new-generation automobile business safety practices and challenges.
According to the China Association of Automobile Manufacturers, China exported 4.
91 million vehicles in 2023, of which 1.
203 million new energy vehicles were exported, an increase of 77.
6% over the same period last year.
About 1 out of every 4 cars exported are new energy vehicles.
Zheng Dexi, an expert on information security compliance of Xiaopeng Automobile, said that as Xiaopeng Automobile accelerates the process of internationalization 2.
0, the issue of safety compliance is becoming more and more important.
Zheng Dexi said that the standards of different countries and regions are the baseline requirements that must be met when cars go to sea.
For example, when the United Nations R155 regulations introduce the concept of management system in 2022, all enterprises need to meet the requirements, set up the system, operate effectively, and obtain the relevant certification before they can sell in the relevant regions of the European Union.
Zheng Dexi | Xiaopeng automobile information security compliance expert, then the forum entered the round table discussion session.
The round-table discussion revolves around “jointly building a safety line of defense and building a safety ecology”.
EO Zhou Xiaoying hosted, Guan Linyu, associate researcher of the third Research Institute of the Ministry of Public Security, Shao Jiangning, senior director of global network security of Weilai Automobile, Cao Yingjie, vice president of 360car networking Security Research Institute, Chen Yingao, senior security expert of Xiaomi Technology Group, and Feng Heqing, senior product expert of Tencent Security Keen Security Lab, participated in the discussion.
The attendees expressed their own views, and the scene was warm and extraordinary! Hongqi vehicle information security practice and development insight, FAW R & D Institute Intelligent Network Lianyuan Electronic and Electrical Security Design Director Li Mu Xie introduced that FAW has clear security requirements for data security in the process of work, all the requirements will be implemented on the controller, other node cloud, mobile phone APP will also be implemented in the implementation of specific security requirements, and eventually closed loop to information security testing.
Li Mu Xie also mentioned that in the process of component development, it will also be combined with specific information security system design, mainly from the perspective of the whole vehicle to define specific security scenarios and carry out the corresponding component development work.
Li Mu Xie, Director of Electronic and Electrical Safety Design of FAW Research and Development Institute Intelligent Network Union Hospital, discussion on the practical scheme of vehicle-side idps capacity building.
Han Jianwei, deputy chief of Avita model going out to sea, said that idps not only meets the requirements of vehicles going to sea, but also can make a forward-looking construction of the national standard that will be enforced in the future.
Idps is based on landing demand.
After getting the R155 VTA certification, it needs to be put into the overall security operation process or emergency response process to operate.
Han Jianwei also mentioned that idps is suitable for vehicle-side intrusion monitoring and protection, and its core functions include data acquisition module, intrusion monitoring engine and detection rule base.
The data acquisition module collects all kinds of intelligent ECU data, status and events in real time, and sends these data to the intrusion detection algorithm SDK for analysis.
Han Jianwei | Deputy Chief Manager of Avita, the practice of large models in automotive VSOC and threat intelligence, after the explosion of ChatGPT, large models are constantly being reshaped in various industries, reshaping a variety of products and solutions.
In the automobile field, the smart driving scheme has changed from the original way of perception to decision-making and execution to the end-to-end way, and some enterprises have gradually begun to explore the large model in the direction of automobile safety.
According to Wang Mingwei, chief technical officer of Callisto, VSOC connects to three big data sources, namely, data exchanged by car end, cloud, car owner and car through Bluetooth, and refers to the mapping of line marks to basic data perception and decision-making, which constitutes Callisto’s understanding of the whole data.
Wang Mingwei | CTO of Callisto Technology, Guoqiang Intelligent Network Joint Automotive Information Security testing solution.
Tencent Security Keen Security Lab initially focused on automotive information security testing, doing security attack and defense research.
He has historical experience in automobile embedded systems, on-board firmware and various tailored parts or upgraded OTA.
At present, it can be designed for the tailored system.
Feng Heqing, senior product expert of Tencent Security Keen Security Lab, said that for some risk compliance and test strong standards, some risk compliance and test strong standards can be covered, in addition, for the application of hardware operating systems covered by strong standards, network communications and network data security can be tested.
Feng Heqing | Keen Security Lab senior product expert of Tencent Security, distributed development practice of automobile information security connected with Intelligent Network.
Wang Jiaming, head of product information security development of FAW-Volkswagen Automobile Co., Ltd., believes that the current mainframe factory faces many problems in the process of information security development, mainly from risk assessment to the derivation of security concepts and security specifications, the most important of which is to improve the requirements so that Tier1 can be better developed.
Wang Jiaming stressed that information security requirements need to be analyzed from tara to conduct risk assessment, which also involves regulatory requirements.
Both European UNECER155 regulations and domestic vehicle information security technical requirements emphasize the risk assessment of vehicles.
Wang Jiaming, head of product information security development of FAW-Volkswagen Automobile Co., Ltd., practice of intelligent network vehicle security loopholes.
In recent years, there are more and more problems faced by autopilot, traditional security and information security, such as cloud attacks, vehicle back-end services, and so on.
There are also many security problems in the process of BMS interaction, and there are more and more topics about charging pile vulnerabilities in the security conference in the past two years.
Cao Yingjie, deputy director of 360 vehicle Internet Safety Research Institute, pointed out that automobile safety loopholes will not only cause economic losses, but also threaten personal safety and cause adverse social impact.
Recently, the Ministry of Natural Resources has also issued a draft requiring mandatory regulation of geographic information data collected by cars in order to reduce adverse effects.
Cao Yingjie carried out a detailed analysis of the vulnerability mining case.
Cao Yingjie | Vice President of 360 vehicle networking Security Research Institute, penetration and security capacity building under Intelligent Networked vehicles, according to Chen Yingao, senior security expert of Xiaomi Technology Group, when you want to control a car, you need to analyze the car first, one is whether the brand has an information security team and apply for information security, etc.
second, the number of suppliers of the brand, which car factories are supplied by the suppliers.
The third is to judge whether it attaches importance to safety.
Chen Yingao said that in the design stage, hundreds of pages of technical documents require research and certification and safety review, and the coding process will have a great impact on the design stage because of the low online pressure and safety awareness of the R & D staff.
Chen Yingao | Senior security expert of Xiaomi Technology Group, practice of vehicle networking security system in the digital intelligence era.
In the past three years, Ji Yue business has mainly focused on four major capabilities: security detection, monitoring, reinforcement and immunity.
The current goals are mainly divided into four categories: the first is not to allow large-scale illegal remote control.
the second is to ensure that the data of users and companies will not be disclosed.
the third is to ensure that the paid software of the company will not be cracked.
and the fourth is to carry out security measures under compliance.
Xi Mingze, head of information security in Jiyue, said that it is necessary to integrate the four major security capabilities in the operation, which involves some logic for the systematic construction of infrastructure security facilities, which starts with the perception of change, to the disposal and analysis of the whole risk, and then to the integration of basic protection capabilities and security access.
Xi Mingze | the person in charge of information security in Jiyue, the exploration and practice of the data compliance framework of new energy vehicle companies.
At present, the background of data compliance supervision faced by the whole vehicle factory is very complex.
First, the country used to consider not only the compliance requirements of China’s current regulatory environment, but also overseas.
Market requirements.
second, different countries have different regulatory requirements for different industries.
third, the screening, evaluation and constraints of third-party partners.
, Gong Hao, senior manager of data compliance at smart, said that in order to meet the above three complex requirements, companies need to consider many issues, including different markets, regulations, models and functions on different models.
This is a very complex proposition.
Gong Hao| Senior Manager of Smart Data Compliance, at this point, the 2024 3rd China Car Internet Security Conference has come to a successful conclusion.
In the future, we look forward to continuous innovation and breakthroughs in the field of Internet of Vehicles security and contributing more wisdom and strength to ensure the stable operation of intelligent transportation systems and the safe travel of passengers.
Let us move forward hand in hand and jointly create a new chapter in IoT security.
, Return to First Electric Network Home>.
