CEN/TS 16439:2013
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
View Superseded by
Electronic fee collection - Security framework
11-03-2023
30-01-2013
Foreword
0 Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviations
5 Trust model
6 Security requirements
7 Security measures - countermeasures
8 Security specifications for interoperable interface
implementation
9 Key management
Annex A (normative) - Data type specification
Annex B (normative) - Implementation Conformance
Statement (ICS) proforma
Annex C (informative) - Stakeholder objectives and generic
requirements
Annex D (informative) - Threat analysis
Annex E (informative) - Security Policies
Annex F (informative) - Example for an EETS Security
Policy
Annex G (informative) - Requirements on privacy-focused
implementation
Bibliography
1.1EFC specific scopeISO 17573 defines the roles and functions as well as the internal and external entities of the EFC system environment. Based on the system architecture defined in ISO 17573, the security framework describes a set of requirements and security measures for stakeholders to implement and operate their part of an EFC system as required for a trustworthy environment according to its basic information security policy. In general, the overall scope is an information security framework for all organisational and technical entities and in detail for the interfaces between them.Figure 3 below illustrates the abstract EFC system model used to analyse the threats, define the security requirements and security measures of this Technical Specification. This Technical Specification is based on the assumption of an OBE which is dedicated to EFC purposes only and neither considers value added services based on EFC OBE, nor more generic OBE platforms (called in-vehicle ITS Stations) used to host the EFC application.The scope of this security framework comprises the following:-general information security objectives of the stakeholders;-threat analysis;-definition of a trust model;-security requirements;-security measures – countermeasures;-security specifications for interface implementation;-key management;-security policies;-privacy-enabled implementations.The following is outside the scope of this Technical Specification:-a complete risk assessment for an EFC system;-security issues rising from an EFC application running on an ITS station;NOTESecurity issues associated with an EFC application running on an ITS station will be covered in a CEN Technical Report on "Guidelines for EFC-applications based on in vehicle ITS Stations" that is being developed at the time of publication of this document.-entities and interfaces of the interoperability management role;-the technical trust relation of the model between TSP and User;-a complete specification and description of all necessary security measures to all identified threats;-concrete implementation specifications for implementation of security for EFC system, e.g. European electronic toll service (EETS);-detailed specifications required for privacy-friendly EFC implementations.The detailed scope of the bullet points and the clause with the corresponding content is given below:-General information security objectives of the stakeholders (informative, Annex C)To derive actual security requirements and define implementations, it is crucial to gain a common understanding of the possible different perspectives and objectives of such stakeholders of a toll charging environment.-Threat analysis (informative, Annex D)The threat analysis is the basis and motivation for all the security requirements resulting in this framework. The results from two complementary approaches will be combined in one common set of requirements. The first approach considers a number of threat scenarios from the perspective of various attackers. The second approach looks in depth on threats against the various identified assets (tangible and intangible entities).-Definition of a trust model (normative, Clause 5)The trust model comprises all basic assumptions and principles for establishing trust between the stakeholders. The trust model forms the basis for the implementation of cryptographic procedures to ensure confidentiality, integrity, authenticity and partly non-repudiation of exchanged data.-Security requirements (normative, Clause 6)(...)
Committee |
CEN/TC 278
|
DocumentType |
Technical Specification
|
PublisherName |
Comite Europeen de Normalisation
|
Status |
Withdrawn
|
SupersededBy |
Standards | Relationship |
UNE-CEN/TS 16439:2013 | Identical |
DIN CEN/TS 16439;DIN SPEC 70135:2013-05 | Identical |
DIN SPEC 70135 : 2013 | Identical |
UNI CEN/TS 16439 : 2013 | Identical |
NEN NPR CEN/TS 16439 : 2013 | Identical |
PD CEN/TS 16439:2013 | Identical |
S.R. CEN/TS 16439:2013 | Identical |
CEN/TS 16702-2:2015 | Electronic fee collection - Secure monitoring for autonomous toll systems - Part 2: Trusted recorder |
S.R. CEN/TS 16702-2:2015 | ELECTRONIC FEE COLLECTION - SECURE MONITORING FOR AUTONOMOUS TOLL SYSTEMS - PART 2: TRUSTED RECORDER |
PD CEN/TR 16690:2014 | Electronic fee collection. Guidelines for EFC applications based on in-vehicle ITS stations |
TS 102 940 : 1.1.1 | INTELLIGENT TRANSPORT SYSTEMS (ITS); SECURITY; ITS COMMUNICATIONS SECURITY ARCHITECTURE AND SECURITY MANAGEMENT |
S.R. CEN/TR 16690:2014 | ELECTRONIC FEE COLLECTION - GUIDELINES FOR EFC APPLICATIONS BASED ON IN-VEHICLE ITS STATIONS |
CEN/TS 16702-1:2014 | Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking |
I.S. EN 15509:2014 | ELECTRONIC FEE COLLECTION - INTEROPERABILITY APPLICATION PROFILE FOR DSRC |
PD ISO/TS 16785:2014 | Electronic Fee Collection (EFC). Interface definition between DSRC-OBE and external in-vehicle devices |
PD CEN/TS 16702-2:2015 | Electronic fee collection. Secure monitoring for autonomous toll systems Trusted recorder |
PD CEN/TS 16702-1:2014 | Electronic fee collection. Secure monitoring for autonomous toll system Compliance checking |
CEN/TR 16690:2014 | Electronic fee collection - Guidelines for EFC applications based on in-vehicle ITS stations |
S.R. CEN/TS 16702-1:2014 | ELECTRONIC FEE COLLECTION - SECURE MONITORING FOR AUTONOMOUS TOLL SYSTEMS - PART 1: COMPLIANCE CHECKING |
UNI EN 15509 : 2014 | ELECTRONIC FEE COLLECTION - INTEROPERABILITY APPLICATION PROFILE FOR DSRC |
UNI CEN/TS 16702-1 : 2014 | ELECTRONIC FEE COLLECTION - SECURE MONITORING FOR AUTONOMOUS TOLL SYSTEMS - PART 1: COMPLIANCE CHECKING |
ISO/TS 16785:2014 | Electronic Fee Collection (EFC) Interface definition between DSRC-OBE and external in-vehicle devices |
EN 15509:2014 | Electronic fee collection - Interoperability application profile for DSRC |
BS EN 15509:2014 | Electronic fee collection. Interoperability application profile for DSRC |
ISO/IEC 18031:2011 | Information technology Security techniques Random bit generation |
ISO 12855:2015 | Electronic fee collection Information exchange between service provision and toll charging |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ISO/IEC 8825-2:2015 | Information technology ASN.1 encoding rules: Specification of Packed Encoding Rules (PER) Part 2: |
ISO/IEC 14888-3:2016 | Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms |
ISO/IEC 27003:2017 | Information technology — Security techniques — Information security management systems — Guidance |
EN 15509:2014 | Electronic fee collection - Interoperability application profile for DSRC |
ISO/IEC 8825-1:2015 | Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1: |
ISO 17573:2010 | Electronic fee collection Systems architecture for vehicle-related tolling |
ISO/IEC 18033-2:2006 | Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers |
ISO/IEC 8825-4:2015 | Information technology ASN.1 encoding rules: XML Encoding Rules (XER) Part 4: |
ISO/IEC 18033-3:2010 | Information technology Security techniques Encryption algorithms Part 3: Block ciphers |
ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
ISO/TS 17574:2017 | Electronic fee collection — Guidelines for security protection profiles |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
EN ISO 12855:2015 | Electronic fee collection - Information exchange between service provision and toll charging (ISO 12855:2015) |
ISO/TS 14907-2:2016 | Electronic fee collection Test procedures for user and fixed equipment Part 2: Conformance test for the on-board unit application interface |
ISO/IEC 10181-1:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Overview |
ISO/TS 17575-1:2010 | Electronic fee collection Application interface definition for autonomous systems Part 1: Charging |
ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
ISO 14906:2011 | Electronic fee collection Application interface definition for dedicated short-range communication |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO/IEC 14888-1:2008 | Information technology — Security techniques — Digital signatures with appendix — Part 1: General |
ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
CEN ISO/TS 14907-2:2016 | Electronic fee collection - Test procedures for user and fixed equipment - Part 2: Conformance test for the on-board unit application interface (ISO/TS 14907-2:2016) |
ISO/TS 13141:2010 | Electronic fee collection Localisation augmentation communication for autonomous systems |
CEN ISO/TS 17574:2017 | Electronic fee collection - Guidelines for security protection profiles (ISO/TS 17574:2017) |
ISO/IEC 9797-1:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher |
ISO/IEC 10118-3:2004 | Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions |
ISO/TS 12813:2009 | Electronic fee collection Compliance check communication for autonomous systems |
ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
ISO/IEC 14888-2:2008 | Information technology — Security techniques — Digital signatures with appendix — Part 2: Integer factorization based mechanisms |
ISO/IEC 11770-1:2010 | Information technology Security techniques Key management Part 1: Framework |
CEN ISO/TS 12813:2009 | Electronic fee collection - Compliance check communication for autonomous systems (ISO/TS 12813:2009) |
ISO/IEC 11770-3:2015 | Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.