CEN/TS 16439:2013
(Main)Electronic fee collection - Security framework
Electronic fee collection - Security framework
1.1 EFC specific scope
ISO 17573 defines the roles and functions as well as the internal and external entities of the EFC system environment. Based on the system architecture defined in ISO 17573, the security framework describes a set of requirements and security measures for stakeholders to implement and operate their part of an EFC system as required for a trustworthy environment according to its basic information security policy. In general, the overall scope is an information security framework for all organisational and technical entities and in detail for the interfaces between them.
Figure 3 below illustrates the abstract EFC system model used to analyse the threats, define the security requirements and security measures of this Technical Specification. This Technical Specification is based on the assumption of an OBE which is dedicated to EFC purposes only and neither considers value added services based on EFC OBE, nor more generic OBE platforms (called in-vehicle ITS Stations) used to host the EFC application.
The scope of this security framework comprises the following:
- general information security objectives of the stakeholders;
- threat analysis;
- definition of a trust model;
- security requirements;
- security measures – countermeasures;
- security specifications for interface implementation;
- key management;
- security policies;
- privacy-enabled implementations.
The following is outside the scope of this Technical Specification:
- a complete risk assessment for an EFC system;
- security issues rising from an EFC application running on an ITS station;
NOTE Security issues associated with an EFC application running on an ITS station will be covered in a CEN Technical Report on "Guidelines for EFC-applications based on in vehicle ITS Stations" that is being developed at the time of publication of this document.
- entities and interfaces of the interoperability management role;
- the technical trust relation of the model between TSP and User;
- a complete specification and description of all necessary security measures to all identified threats;
- concrete implementation specifications for implementation of security for EFC system, e.g. European electronic toll service (EETS);
- detailed specifications required for privacy-friendly EFC implementations.
The detailed scope of the bullet points and the clause with the corresponding content is given below:
- General information security objectives of the stakeholders (informative, Annex C)
To derive actual security requirements and define implementations, it is crucial to gain a common understanding of the possible different perspectives and objectives of such stakeholders of a toll charging environment.
- Threat analysis (informative, Annex D)
The threat analysis is the basis and motivation for all the security requirements resulting in this framework. The results from two complementary approaches will be combined in one common set of requirements. The first approach considers a number of threat scenarios from the perspective of various attackers. The second approach looks in depth on threats against the various identified assets (tangible and intangible entities).
- Definition of a trust model (normative, Clause 5)
The trust model comprises all basic assumptions and principles for establishing trust between the stakeholders. The trust model forms the basis for the implementation of cryptographic procedures to ensure confidentiality, integrity, authenticity and partly non-repudiation of exchanged data.
- Security requirements (normative, Clause 6)
(...)
Elektronische Gebührenerhebung - Sicherheitsgrundstruktur
Perception de télépéage - Cadre de sécurité
Elektronsko pobiranje pristojbin - Varnostni okvir
Standard ISO 17573 določa vloge in funkcije ter notranje in zunanje subjekte okolja sistema za elektronsko pobiranje pristojbin (EFC). Varnostni okvir na podlagi sistemske arhitekture iz standarda ISO 17573 opisuje sklop zahtev in varnostnih ukrepov za zainteresirane strani, da lahko svoj del sistema za okoljsko pobiranje pristojbin izvajajo in upravljajo v skladu z zahtevami za zaupanja vredno okolje ob upoštevanju osnovne politike informacijske varnosti. Na splošno je skupno področje uporabe okvir informacijske varnosti za vse organizacijske in tehnične subjekte, podrobno pa za vmesnike med njimi.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-april-2013
Elektronsko pobiranje pristojbin - Varnostni okvir
Electronic fee collection - Security framework
Elektronische Gebührenerhebung - Sicherheitsgrundstruktur
Perception de télépéage - Cadre de sécurité
Ta slovenski standard je istoveten z: CEN/TS 16439:2013
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
transportu in trgovini and trade
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
TECHNICAL SPECIFICATION
CEN/TS 16439
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
January 2013
ICS 35.240.60
English Version
Electronic fee collection - Security framework
Perception de télépéage - Cadre de sécurité Elektronische Gebührenerhebung -
Sicherheitsgrundstruktur
This Technical Specification (CEN/TS) was approved by CEN on 27 August 2012 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2013 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 16439:2013: E
worldwide for CEN national Members.
Contents Page
Foreword . 6
0 Introduction . 7
0.1 Reader's guide . 7
0.2 EFC role model . 8
0.3 Relation to other security standards . 9
1 Scope . 11
1.1 EFC specific scope . 11
1.2 Scope in relation to other security frameworks . 14
2 Normative references . 15
3 Terms and definitions . 16
4 Symbols and abbreviations . 22
5 Trust model . 24
5.1 Introduction . 24
5.2 Stakeholders trust relations . 24
5.3 Technical trust model . 25
5.3.1 General . 25
5.3.2 Trust model for TC and TSP relations . 25
5.3.3 Trust model for TSP and User relations . 27
5.3.4 Trust model for Interoperability Management relations . 27
5.4 Implementation . 27
5.4.1 Setup of trust relations . 27
5.4.2 Trust relation renewing and revocation . 27
5.4.3 Issuing and revocation of sub CA and entity certificates . 28
5.4.4 Certificate and Certificate Revocation List profile and format . 28
5.4.5 Certificate extensions . 28
6 Security requirements. 29
6.1 Introduction . 29
6.2 Information Security Management System . 29
6.3 Communication interfaces . 30
6.3.1 General . 30
6.3.2 Generic interface requirements . 31
6.3.3 DSRC profile . 31
6.3.4 TC to TSP profile . 32
6.3.5 Communication provider profile. 32
6.4 Data storages . 33
6.4.1 General . 33
6.4.2 OBE data storages . 33
6.4.3 RSE data storages. 33
6.4.4 Back End data storage . 34
6.5 Toll Charger . 34
6.6 Toll Service Provider . 35
6.7 User. 37
6.8 Interoperability Management . 38
6.9 Limitation of requirements . 38
7 Security measures - countermeasures . 38
7.1 Introduction . 38
7.2 General security measures . 39
7.3 Communication interfaces security measures . 39
7.3.1 General .3 9
7.3.2 DSRC-EFC interface .3 9
7.3.3 CCC interface . 40
7.3.4 LAC interface .4 0
7.3.5 Front End to TSP Back End interface .4 1
7.3.6 TC to TSP interface .4 1
7.4 End-to-end security measures .4 1
7.5 Toll Service Provider security measures .4 3
7.5.1 Front End security measures.4 3
7.5.2 Back End security measures .4 3
7.6 Toll Charger security measures.4 4
7.6.1 RSE security measures .4 4
7.6.2 Back End security measures .4 4
7.6.3 Other TC security measures .4 4
8 Security specifications for interoperable interface implementation . 45
8.1 General .4 5
8.1.1 Subject .4 5
8.1.2 Signature and hash algorithms .4 5
8.1.3 MAC algorithm .4 5
8.1.4 MAC key derivation .4 6
8.1.5 Key encryption algorithm.4 6
8.1.6 Padding algorithm .4 6
8.2 Security specifications for DSRC-EFC .4 6
8.2.1 Subject .4 6
8.2.2 OBE .4 6
8.2.3 RSE .4 7
8.3 Security specifications for CCC.4 7
8.3.1 Subject .4 7
8.3.2 OBE .4 7
8.3.3 RSE .4 7
8.4 Security specifications for LAC .4 7
8.4.1 Subject .4 7
8.4.2 OBE .4 7
8.4.3 RSE .4 7
8.5 Security specifications for Front End to TSP interface . 48
8.5.1 General .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.