Skip to content
Please enter a keyword to search

  • PD CEN/TR 16968:2016

    Current The latest, up-to-date edition.

    Electronic Fee Collection. Assessment of security measures for applications using Dedicated Short-Range Communication

    Available format(s):  Hardcopy, PDF

    Language(s):  English

    Published date:  31-05-2016

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    European foreword
    Introduction
    1 Scope
    2 Terms and definitions
    3 Abbreviations
    4 Method
    5 Security Objectives and Functional Requirements
    6 Threat analysis
    7 Qualitative risk analysis
    8 Proposals for new security measures
    9 Impact of proposed countermeasures
    10 Recommendations
    Annex A (informative) - Current status of the DEA
            cryptographic algorithm
    Annex B (informative) - Security considerations
            regarding DSRC in EFC Standards
    Bibliography

    Abstract - (Show below) - (Hide below)

    Provides: - a qualitative risk analysis in relation to the context (local tolling system, interoperable tolling environment, EETS); - an assessment of the current recommended or defined security algorithms and measures to identify existing and possible future security leaks; - an outline of potential security measures which might be added to those already defined for DSRC; - an analysis of effects on existing EFC systems and interoperability clusters; - a set of recommendations on how to revise the current standards, or proposal for new work items, with already made implementations taken into account.

    Scope - (Show below) - (Hide below)

    This Technical Report includes a threat analysis, based on CEN ISO/TS 19299 (EFC - Security Framework), of the CEN DSRC link as used in EFC applications according to the following Standards and Technical Specification

    • EN 15509:2014,

    • EN ISO 12813:2015,

    • EN ISO 13141:2015,

    • CEN/TS 16702-1:2014.

    This Technical Report contains:

    • a qualitative risk analysis in relation to the context (local tolling system, interoperable tolling environment, EETS);

    • an assessment of the current recommended or defined security algorithms and measures to identify existing and possible future security leaks;

    • an outline of potential security measures which might be added to those already defined for DSRC;

    • an analysis of effects on existing EFC systems and interoperability clusters;

    • a set of recommendations on how to revise the current standards, or proposal for new work items, with already made implementations taken into account.

    The security analysis in this Technical Report applies only to Security level 1, with Access Credentials and Message authentication code, as defined in EN 15509:2014.

    It is outside the scope of this Technical Report to examine Non DSRC (wired or wireless) interfaces to the OBE and RSE.

    General Product Information - (Show below) - (Hide below)

    Committee EPL/278
    Document Type Standard
    Publisher British Standards Institution
    Status Current

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO 12855:2015 Electronic fee collection Information exchange between service provision and toll charging
    EN 15509:2014 Electronic fee collection - Interoperability application profile for DSRC
    ISO 17575-1:2016 Electronic fee collection Application interface definition for autonomous systems Part 1: Charging
    CEN ISO/TS 19299 : 2015 ELECTRONIC FEE COLLECTION - SECURITY FRAMEWORK (ISO/TS 19299:2015)
    ISO 17573:2010 Electronic fee collection Systems architecture for vehicle-related tolling
    ISO/IEC 18000-6:2013 Information technology — Radio frequency identification for item management — Part 6: Parameters for air interface communications at 860 MHz to 960 MHz General
    TR 102 893 : 1.1.1 INTELLIGENT TRANSPORT SYSTEMS (ITS); SECURITY; THREAT, VULNERABILITY AND RISK ANALYSIS (TVRA)
    CEN ISO/TS 14907-1:2015 Electronic fee collection - Test procedures for user and fixed equipment - Part 1: Description of test procedures (ISO/TS 14907-1:2015)
    ISO/IEC 18033-3:2010 Information technology Security techniques Encryption algorithms Part 3: Block ciphers
    TS 102 165-1 : 4.2.3 CYBER; METHODS AND PROTOCOLS; PART 1: METHOD AND PRO FORMA FOR THREAT, VULNERABILITY, RISK ANALYSIS (TVRA)
    CEN/TS 16702-1:2014 Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking
    ISO/TS 17574:2017 Electronic fee collection — Guidelines for security protection profiles
    EN ISO 12855:2015 (edition 2) Electronic fee collection - Information exchange between service provision and toll charging (ISO 12855:2015)
    ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
    EN ISO 13141:2015/A1:2017 ELECTRONIC FEE COLLECTION - LOCALISATION AUGMENTATION COMMUNICATION FOR AUTONOMOUS SYSTEMS (ISO 13141:2015/AMD 1:2017)
    ISO 13141:2015 Electronic fee collection — Localisation augmentation communication for autonomous systems
    EN ISO 12813:2015/A1:2017 ELECTRONIC FEE COLLECTION - COMPLIANCE CHECK COMMUNICATION FOR AUTONOMOUS SYSTEMS (ISO 12813:2015)
    EN 16312:2013 Intelligent transport systems - Automatic Vehicle and Equipment Registration (AVI/AEI) - Interoperable application profile for AVI/AEI and Electronic Register Identification using dedicated short range communication
    CEN ISO/TS 17574:2017 Electronic fee collection - Guidelines for security protection profiles (ISO/TS 17574:2017)
    ISO/IEC 29167-10:2017 Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications
    ISO/IEC 9797-1:2011 Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher
    EN ISO 17575-1:2016 Electronic fee collection - Application interface definition for autonomous systems - Part 1: Charging (ISO 17575-1:2016)
    ISO/TS 14907-1:2015 Electronic fee collection Test procedures for user and fixed equipment Part 1: Description of test procedures
    ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
    ISO 12813:2015 Electronic fee collection Compliance check communication for autonomous systems
    CEN/TR 16152:2011 Electronic fee collection - Personalisation and mounting of first mount OBE
    ISO/IEC 2382:2015 Information technology — Vocabulary
    CEN/TR 16670:2014 Information technology - RFID threat and vulnerability analysis
    ISO/TS 19299:2015 Electronic fee collection Security framework
    ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective