The Journal of The Korea Institute of Intelligent Transport Systems (한국ITS학회 논문지)

The Korea Institute of Intelligent Transport Systems (한국ITS학회)
권호 표지
DOI QR코드

DOI QR Code

Development of Framework for Compliance with Vehicle Cybersecurity Regulations: Cybersecurity Requirement Finder

차량 사이버보안 법규 준수를 위한 프레임워크 개발: Cybersecurity Requirement Finder

  • Jun hee Oh (Dept. of Conputer Science, Univ. of Dankook) ;
  • Yun keun Song (Dept. of Conputer Science, Univ. of Dankook) ;
  • Kyung rok Park (Dept. of Conputer Science, Univ. of Dankook) ;
  • Hyuk Kwon (Korea Internet & Security Agency (KISA)) ;
  • Samuel Woo (Dept. of Software, Univ. of Dankook)
  • 오준희 (단국대학교 컴퓨터학과) ;
  • 송윤근 (단국대학교 컴퓨터학과) ;
  • 박경록 (단국대학교 컴퓨터학과) ;
  • 권혁 (한국인터넷진흥원) ;
  • 우사무엘 (단국대학교 소프트웨어학과)
  • Received : 2023.09.18
  • Accepted : 2023.11.06
  • Published : 2023.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, the electronic control unit (ECU) has been integrating several functions into one beyond simple convenience functions. Accordingly, ECUs have more functions and external interfaces than before, and various cybersecurity problems are arising. The United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations (WP.29) issued UN Regulation No.155 to establish international standards for vehicle cybersecurity management systems in light of the growing threats to vehicle cybersecurity. According to international standards, vehicle manufacturers are required to establish a Cybersecurity Management System (CSMS) and receive a Vehicle Type Approval (VTA). However, opinions were raised that the implementation period should be adjusted because domestic preparations for this are insufficient. Therefore, in this paper, we propose a web-based solution that maps a checklist to check the status of CSMS in the requirement and various vehicle security companies and solutions to mitigate the identified gap.

최근 ECU(Electronic Control Unit)는 단순한 편의 기능을 넘어 여러 기능이 하나로 통합되고 있다. 이에 따라 ECU는 이전보다 더 많은 기능과 외부 인터페이스를 갖게 되었고, 다양한 사이버 보안 문제가 발생하고 있다. UNECE(United Nations Economic Commission for Europe) WP. 29는 증가하는 차량 사이버보안에 대한 위협을 고려해 UN Regulation No.155를 발표하여 차량 사이버 보안 관리 체계에 대한 국제 기준을 마련했다. 국제 기준에 따르면 차량 제조업체는 2022년 7월부터 CSMS(Cybersecurity Management System)를 구축하고, VTA(Vehicle Type Approval)를 받아야 한다. 그러나 국내에서는 이에 대한 준비가 미흡해 시행 시기를 조정해야 한다는 의견이 제기되었다. 따라서 본 논문에서는 요구사항의 CSMS 현황을 확인하기 위한 체크리스트와 식별된 갭(Gap)을 완화하기 위한 다양한 차량 보안 솔루션을 매핑 시켜주는 웹 기반의 솔루션을 제안한다.

Keywords

Acknowledgement

본 연구는 산업통상자원부 한국산업기술평가관리원(KEIT) 자율주행기술개발혁신사업 "자율주행 시스템의 내부 네트워크 및 무선 소프트웨어 업데이트 보안 평가기술 개발" 과제(과제번호: 20022229)의 지원을 받아 수행되었습니다. 본 연구는 2023년도 정부(과학기술정보통신부)의 재원으로 정보통신기획평가원의 지원을 받아 수행된 연구임(No.2022-0-01022, 이벤트 기반 실험시스템 구축을 통한 자동차 내·외부 아티팩트 수집 및 통합 분석 기술 개발)

References

  1. APMA(Automotive Parts Manufacturers Association) Cybersecurity Committee(2021), Apma Cyberkit ISO 21434.
  2. Boannews(2023a), https://m.boannews.com/html/detail.html?idx=94054, 2023.09.08.
  3. Boannews(2023b), https://m.boannews.com/html/detail.html?idx=94213, 2023.09.04.
  4. EE(Electronic Engineering) Times, https://www.eetimes.com/automotive-cybersecurity-more-than-in-vehicle-and-cloud/, 2023.09.04.
  5. Im, D. S.(2022), "An Analysis of the Relative Importance of Security Level Check Items for Autonomous Vehicle Security Threat Response", The Journal of the Korea Institute of Intelligent Transportation Systems, vol. 21, no. 4, pp.145-156. https://doi.org/10.12815/kits.2022.21.4.145
  6. ISO/SAE(2021), ISO/SAE 21434:2021, Road vehicles-Cybersecurity engineering.
  7. ITSSL(Intelligent Transport Systems security Lab)(n.d.), Cybersecurity Requirements Finder, http://43.201.15.38/, 2023.09.04.
  8. Korea Internet & Security Agency(2022), Self-driving car security model Part 2: CSMS.
  9. Korea Internet & Security Agency(2023a), An Explanation and Application of Security Model for Autonomous Vehicles.
  10. Korea Internet & Security Agency(2023b), https://www.kisa.or.kr/2060205/form?postSeq=18&page=1, 2023.09.04.
  11. Land Infrastructure and Transport Committee(2023), Report on the review of partial amendments to the Automobile Management Act.
  12. SAE(Society of Automotive Engineers)(2020), https://www.sae.org/standards/content/iso/sae21434.d1/, 2023.09.04.
  13. Song, Y. K., Woo, S., Lee, J. and Lee, Y. S.(2019), "Deriving Essential Security Requirements of IVN through Case Analysis", The Journal of the Korea Institute of Intelligent Transport Systems, vol. 18, no. 2, pp.144-155. https://doi.org/10.12815/kits.2019.18.2.144
  14. UNECE WP(United Nations Economic Commission for Europe Working Party).29.(2021), UN Regulation No.155-Cyber Security and Cyber Security Management System.
  15. UNECE WP(United Nations Economic Commission for Europe Working Party)29.(2020), Proposal for the Interpretation Document for UN Regulation No. [155] on uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system.
  16. UPSTREAM(2023), Upstream 2023 Global Automotive Cybersecurity Report.