• Shopping Cart
    There are no items in your cart

PD CEN/TS 16439:2013

Superseded

Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by

Electronic fee collection. Security framework

Available format(s)

Hardcopy , PDF

Superseded date

10-31-2015

Superseded by

PD CEN ISO/TS 19299:2015

Language(s)

English

Published date

02-28-2013

US$463.63
Excluding Tax where applicable

Foreword
0 Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviations
5 Trust model
6 Security requirements
7 Security measures - countermeasures
8 Security specifications for interoperable interface
  implementation
9 Key management
Annex A (normative) - Data type specification
Annex B (normative) - Implementation Conformance
        Statement (ICS) proforma
Annex C (informative) - Stakeholder objectives and generic
        requirements
Annex D (informative) - Threat analysis
Annex E (informative) - Security Policies
Annex F (informative) - Example for an EETS Security
        Policy
Annex G (informative) - Requirements on privacy-focused
        implementation
Bibliography

Specifies the roles and functions as well as the internal and external entities of the EFC system environment.

Committee
EPL/278
DocumentType
Standard
Pages
146
PublisherName
British Standards Institution
Status
Superseded
SupersededBy

1.1 EFC specific scope

ISO 17573 defines the roles and functions as well as the internal and external entities of the EFC system environment. Based on the system architecture defined in ISO 17573, the security framework describes a set of requirements and security measures for stakeholders to implement and operate their part of an EFC system as required for a trustworthy environment according to its basic information security policy. In general, the overall scope is an information security framework for all organisational and technical entities and in detail for the interfaces between them.

Figure 3 below illustrates the abstract EFC system model used to analyse the threats, define the security requirements and security measures of this Technical Specification. This Technical Specification is based on the assumption of an OBE which is dedicated to EFC purposes only and neither considers value added services based on EFC OBE, nor more generic OBE platforms (called in-vehicle ITS Stations) used to host the EFC application.

The trust model comprises all basic assumptions and principles for establishing trust between the stakeholders. The trust model forms the basis for the implementation of cryptographic procedures to ensure confidentiality, integrity, authenticity and partly non-repudiation of exchanged data.

The scope of this security framework comprises the following:

  • general information security objectives of the stakeholders;

  • threat analysis;

  • definition of a trust model;

  • security requirements;

  • security measures – countermeasures;

  • security specifications for interface implementation;

  • key management;

  • security policies;

  • privacy-enabled implementations.

The following is outside the scope of this Technical Specification:

  • a complete risk assessment for an EFC system;

  • security issues rising from an EFC application running on an ITS station;

NOTE Security issues associated with an EFC application running on an ITS station will be covered in a CEN Technical Report on \'Guidelines for EFC-applications based on in vehicle ITS Stations\' that is being developed at the time of publication of this document.

  • entities and interfaces of the interoperability management role;

  • the technical trust relation of the model between TSP and User;

  • a complete specification and description of all necessary security measures to all identified threats;

  • concrete implementation specifications for implementation of security for EFC system, e.g. European electronic toll service (EETS);

  • detailed specifications required for privacy-friendly EFC implementations.

The detailed scope of the bullet points and the clause with the corresponding content is given below:

  • General information security objectives of the stakeholders (informative, Annex C)

    To derive actual security requirements and define implementations, it is crucial to gain a common understanding of the possible different perspectives and objectives of such stakeholders of a toll charging environment.

  • Threat analysis (informative, Annex D)

The threat analysis is the basis and motivation for all the security requirements resulting in this framework. The results from two complementary approaches will be combined in one common set of requirements. The first approach considers a number of threat scenarios from the perspective of various attackers. The second approach looks in depth on threats against the various identified assets (tangible and intangible entities).

  • Definition of a trust model (normative, Clause 5)

The trust model comprises all basic assumptions and principles for establishing trust between the stakeholders. The trust model forms the basis for the implementation of cryptographic procedures to ensure confidentiality, integrity, authenticity and partly non-repudiation of exchanged data.

  • Security requirements (normative, Clause 6)

Based on the threat analysis, security requirements are defined (e.g. for organisational and technical entities, interfaces, information etc) from which a system operator can draw its own applicable set according to the actual security policy. No concrete implementation specifications will be given as they are strongly dependent on the actual context of the toll charging environment and the relations between the stakeholders. A basic risk analysis of the interfaces shown in Figure 4 introduces the minimum set of security requirements for the protection of these interfaces.

  • Security measures - countermeasures (normative, Clause 7)

A set of security measures mainly for data protocol layer of interfaces according to Figure 4 based on the requirements is defined to support actual EFC system implementations and as a base for the security specifications for interoperable interface implementation.

  • Security specifications for interface implementation (normative, Clause 8)

To support the future implementation of (interoperable) toll charging environments, this specification provides precise implementation specifications for the interfaces, e.g. the detailed definition of message authenticators. These specifications represent an add-on for security to the corresponding standards. Figure 4 shows the relevant interfaces and the corresponding standards which need to be enhanced by proper security provisions.

  • Key management (normative, Clause 9)

The toll charging environment uses cryptographic elements (keys, certificates, revocation lists etc) to support security services like confidentiality, authenticity, integrity and non-repudiation. This section of thespecification covers the initial setup of key exchange between stakeholders and several operational procedures like key renewal, certificate revocation etc.

specification covers the initial setup of key exchange between stakeholders and several operational procedures like key renewal, certificate revocation etc.

  • Implementation conformance statement (ICS) proforma (Annex B)

Annex B defines the implementation conformance statement proforma to be used by an equipment supplier, a system implementation or an actor of a role declaring his conformity to this Technical Specification.

  • Security policies (informative, Annex E and Annex F)

As an aid for using this Technical Specification to build up a secure system, some examples are provided of what security policies could look like for a concrete interoperability framework (including European electronic toll service).

  • Privacy-enabled implementations (informative, Annex G)

Respecting privacy is crucial for the implementation of every toll charging environment. However, different Toll Chargers may have different requirements on the level of privacy. This Technical Specification supports implementations with respect to privacy, but does not mandate one specific implementation. Therefore, it summarises the general requirements and conditions in relation to data privacy.

1.2 Scope in relation to other security frameworks

In general the overall scope is an information security framework for all organisational and technical entities of an EFC environment and in detail for the interfaces between them. This Technical Specification covers only the EFC specific aspects and not general IT security aspects. A general and complete IT security guideline, the Information Security Management System, is provided in the ISO 2700x family of standards.

A corresponding ISO/IEC 27001 certification of a TC or Toll Service Provider (TSP) organisation may be used to demonstrate fulfilment of this Technical Specification provided that the scope and the Statements of Applicability (SoA) include the EFC business processes specified in ISO 17573 and the security measures provided by this Technical Specification are applied, e.g. by using them as part of the so-called catalogues containing the security measures and control objectives.

Standards Relationship
CEN/TS 16439:2013 Identical

ISO/IEC 18031:2011 Information technology Security techniques Random bit generation
ISO 12855:2015 Electronic fee collection Information exchange between service provision and toll charging
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC 8825-2:2015 Information technology ASN.1 encoding rules: Specification of Packed Encoding Rules (PER) Part 2:
ISO/IEC 14888-3:2016 Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms
ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance
EN 15509:2014 Electronic fee collection - Interoperability application profile for DSRC
ISO/IEC 8825-1:2015 Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1:
ISO 17573:2010 Electronic fee collection Systems architecture for vehicle-related tolling
ISO/IEC 18033-2:2006 Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers
ISO/IEC 8825-4:2015 Information technology ASN.1 encoding rules: XML Encoding Rules (XER) Part 4:
ISO/IEC 18033-3:2010 Information technology Security techniques Encryption algorithms Part 3: Block ciphers
ISO/IEC 19790:2012 Information technology — Security techniques — Security requirements for cryptographic modules
ISO/TS 17574:2017 Electronic fee collection — Guidelines for security protection profiles
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
EN ISO 12855:2015 Electronic fee collection - Information exchange between service provision and toll charging (ISO 12855:2015)
ISO/TS 14907-2:2016 Electronic fee collection Test procedures for user and fixed equipment Part 2: Conformance test for the on-board unit application interface
ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview
ISO/TS 17575-1:2010 Electronic fee collection Application interface definition for autonomous systems Part 1: Charging
ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO 14906:2011 Electronic fee collection Application interface definition for dedicated short-range communication
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 14888-1:2008 Information technology — Security techniques — Digital signatures with appendix — Part 1: General
ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
CEN ISO/TS 14907-2:2016 Electronic fee collection - Test procedures for user and fixed equipment - Part 2: Conformance test for the on-board unit application interface (ISO/TS 14907-2:2016)
ISO/TS 13141:2010 Electronic fee collection Localisation augmentation communication for autonomous systems
CEN ISO/TS 17574:2017 Electronic fee collection - Guidelines for security protection profiles (ISO/TS 17574:2017)
ISO/IEC 9797-1:2011 Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher
ISO/IEC 10118-3:2004 Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions
ISO/TS 12813:2009 Electronic fee collection Compliance check communication for autonomous systems
ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
ISO/IEC 14888-2:2008 Information technology Security techniques Digital signatures with appendix Part 2: Integer factorization based mechanisms
ISO/IEC 11770-1:2010 Information technology Security techniques Key management Part 1: Framework
CEN ISO/TS 12813:2009 Electronic fee collection - Compliance check communication for autonomous systems (ISO/TS 12813:2009)
ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.