• There are no items in your cart

PD CEN/TR 16968:2016

Current

Current

The latest, up-to-date edition.

Electronic Fee Collection. Assessment of security measures for applications using Dedicated Short-Range Communication

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

31-05-2016

€306.17
Excluding VAT

European foreword
Introduction
1 Scope
2 Terms and definitions
3 Abbreviations
4 Method
5 Security Objectives and Functional Requirements
6 Threat analysis
7 Qualitative risk analysis
8 Proposals for new security measures
9 Impact of proposed countermeasures
10 Recommendations
Annex A (informative) - Current status of the DEA
        cryptographic algorithm
Annex B (informative) - Security considerations
        regarding DSRC in EFC Standards
Bibliography

Provides: - a qualitative risk analysis in relation to the context (local tolling system, interoperable tolling environment, EETS); - an assessment of the current recommended or defined security algorithms and measures to identify existing and possible future security leaks; - an outline of potential security measures which might be added to those already defined for DSRC; - an analysis of effects on existing EFC systems and interoperability clusters; - a set of recommendations on how to revise the current standards, or proposal for new work items, with already made implementations taken into account.

Committee
EPL/278
DocumentType
Standard
Pages
50
PublisherName
British Standards Institution
Status
Current

This Technical Report includes a threat analysis, based on CEN ISO/TS 19299 (EFC - Security Framework), of the CEN DSRC link as used in EFC applications according to the following Standards and Technical Specification

  • EN 15509:2014,

  • EN ISO 12813:2015,

  • EN ISO 13141:2015,

  • CEN/TS 16702-1:2014.

This Technical Report contains:

  • a qualitative risk analysis in relation to the context (local tolling system, interoperable tolling environment, EETS);

  • an assessment of the current recommended or defined security algorithms and measures to identify existing and possible future security leaks;

  • an outline of potential security measures which might be added to those already defined for DSRC;

  • an analysis of effects on existing EFC systems and interoperability clusters;

  • a set of recommendations on how to revise the current standards, or proposal for new work items, with already made implementations taken into account.

The security analysis in this Technical Report applies only to Security level 1, with Access Credentials and Message authentication code, as defined in EN 15509:2014.

It is outside the scope of this Technical Report to examine Non DSRC (wired or wireless) interfaces to the OBE and RSE.

Standards Relationship
CEN/TR 16968:2016 Identical

ISO 12855:2015 Electronic fee collection Information exchange between service provision and toll charging
EN 15509:2014 Electronic fee collection - Interoperability application profile for DSRC
ISO 17575-1:2016 Electronic fee collection Application interface definition for autonomous systems Part 1: Charging
CEN ISO/TS 19299:2015 Electronic fee collection - Security framework (ISO/TS 19299:2015)
ISO 17573:2010 Electronic fee collection Systems architecture for vehicle-related tolling
ISO/IEC 18000-6:2013 Information technology — Radio frequency identification for item management — Part 6: Parameters for air interface communications at 860 MHz to 960 MHz General
TR 102 893 : 1.1.1 INTELLIGENT TRANSPORT SYSTEMS (ITS); SECURITY; THREAT, VULNERABILITY AND RISK ANALYSIS (TVRA)
CEN ISO/TS 14907-1:2015 Electronic fee collection - Test procedures for user and fixed equipment - Part 1: Description of test procedures (ISO/TS 14907-1:2015)
ISO/IEC 18033-3:2010 Information technology Security techniques Encryption algorithms Part 3: Block ciphers
TS 102 165-1 : 4.2.3 CYBER; METHODS AND PROTOCOLS; PART 1: METHOD AND PRO FORMA FOR THREAT, VULNERABILITY, RISK ANALYSIS (TVRA)
CEN/TS 16702-1:2014 Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking
ISO/TS 17574:2017 Electronic fee collection — Guidelines for security protection profiles
EN ISO 12855:2015 Electronic fee collection - Information exchange between service provision and toll charging (ISO 12855:2015)
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO 13141:2015 Electronic fee collection — Localisation augmentation communication for autonomous systems
EN 16312:2013 Intelligent transport systems - Automatic Vehicle and Equipment Registration (AVI/AEI) - Interoperable application profile for AVI/AEI and Electronic Register Identification using dedicated short range communication
CEN ISO/TS 17574:2017 Electronic fee collection - Guidelines for security protection profiles (ISO/TS 17574:2017)
ISO/IEC 29167-10:2017 Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications
ISO/IEC 9797-1:2011 Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher
EN ISO 17575-1:2016 Electronic fee collection - Application interface definition for autonomous systems - Part 1: Charging (ISO 17575-1:2016)
ISO/TS 14907-1:2015 Electronic fee collection Test procedures for user and fixed equipment Part 1: Description of test procedures
ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
ISO 12813:2015 Electronic fee collection Compliance check communication for autonomous systems
CEN/TR 16152:2011 Electronic fee collection - Personalisation and mounting of first mount OBE
ISO/IEC 2382:2015 Information technology — Vocabulary
CEN/TR 16670:2014 Information technology - RFID threat and vulnerability analysis
ISO/TS 19299:2015 Electronic fee collection Security framework
ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.