PD CEN/TR 16968:2016
Current
The latest, up-to-date edition.
Electronic Fee Collection. Assessment of security measures for applications using Dedicated Short-Range Communication
Hardcopy , PDF
English
31-05-2016
Important note : Users cannot be edited or removed once added to your Multi user PDF.
European foreword
Introduction
1 Scope
2 Terms and definitions
3 Abbreviations
4 Method
5 Security Objectives and Functional Requirements
6 Threat analysis
7 Qualitative risk analysis
8 Proposals for new security measures
9 Impact of proposed countermeasures
10 Recommendations
Annex A (informative) - Current status of the DEA
cryptographic algorithm
Annex B (informative) - Security considerations
regarding DSRC in EFC Standards
Bibliography
Provides: - a qualitative risk analysis in relation to the context (local tolling system, interoperable tolling environment, EETS); - an assessment of the current recommended or defined security algorithms and measures to identify existing and possible future security leaks; - an outline of potential security measures which might be added to those already defined for DSRC; - an analysis of effects on existing EFC systems and interoperability clusters; - a set of recommendations on how to revise the current standards, or proposal for new work items, with already made implementations taken into account.
| Committee |
EPL/278
|
| DocumentType |
Standard
|
| Pages |
50
|
| PublisherName |
British Standards Institution
|
| Status |
Current
|
This Technical Report includes a threat analysis, based on CEN ISO/TS 19299 (EFC - Security Framework), of the CEN DSRC link as used in EFC applications according to the following Standards and Technical Specification
EN 15509:2014,
EN ISO 12813:2015,
EN ISO 13141:2015,
CEN/TS 16702-1:2014.
This Technical Report contains:
a qualitative risk analysis in relation to the context (local tolling system, interoperable tolling environment, EETS);
an assessment of the current recommended or defined security algorithms and measures to identify existing and possible future security leaks;
an outline of potential security measures which might be added to those already defined for DSRC;
an analysis of effects on existing EFC systems and interoperability clusters;
a set of recommendations on how to revise the current standards, or proposal for new work items, with already made implementations taken into account.
The security analysis in this Technical Report applies only to Security level 1, with Access Credentials and Message authentication code, as defined in EN 15509:2014.
It is outside the scope of this Technical Report to examine Non DSRC (wired or wireless) interfaces to the OBE and RSE.
| Standards | Relationship |
| CEN/TR 16968:2016 | Identical |
| ISO 12855:2015 | Electronic fee collection Information exchange between service provision and toll charging |
| EN 15509:2014 | Electronic fee collection - Interoperability application profile for DSRC |
| ISO 17575-1:2016 | Electronic fee collection Application interface definition for autonomous systems Part 1: Charging |
| CEN ISO/TS 19299:2015 | Electronic fee collection - Security framework (ISO/TS 19299:2015) |
| ISO 17573:2010 | Electronic fee collection Systems architecture for vehicle-related tolling |
| ISO/IEC 18000-6:2013 | Information technology — Radio frequency identification for item management — Part 6: Parameters for air interface communications at 860 MHz to 960 MHz General |
| TR 102 893 : 1.1.1 | INTELLIGENT TRANSPORT SYSTEMS (ITS); SECURITY; THREAT, VULNERABILITY AND RISK ANALYSIS (TVRA) |
| CEN ISO/TS 14907-1:2015 | Electronic fee collection - Test procedures for user and fixed equipment - Part 1: Description of test procedures (ISO/TS 14907-1:2015) |
| ISO/IEC 18033-3:2010 | Information technology Security techniques Encryption algorithms Part 3: Block ciphers |
| TS 102 165-1 : 4.2.3 | CYBER; METHODS AND PROTOCOLS; PART 1: METHOD AND PRO FORMA FOR THREAT, VULNERABILITY, RISK ANALYSIS (TVRA) |
| CEN/TS 16702-1:2014 | Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking |
| ISO/TS 17574:2017 | Electronic fee collection — Guidelines for security protection profiles |
| EN ISO 12855:2015 | Electronic fee collection - Information exchange between service provision and toll charging (ISO 12855:2015) |
| ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
| ISO 13141:2015 | Electronic fee collection — Localisation augmentation communication for autonomous systems |
| EN 16312:2013 | Intelligent transport systems - Automatic Vehicle and Equipment Registration (AVI/AEI) - Interoperable application profile for AVI/AEI and Electronic Register Identification using dedicated short range communication |
| CEN ISO/TS 17574:2017 | Electronic fee collection - Guidelines for security protection profiles (ISO/TS 17574:2017) |
| ISO/IEC 29167-10:2017 | Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications |
| ISO/IEC 9797-1:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher |
| EN ISO 17575-1:2016 | Electronic fee collection - Application interface definition for autonomous systems - Part 1: Charging (ISO 17575-1:2016) |
| ISO/TS 14907-1:2015 | Electronic fee collection Test procedures for user and fixed equipment Part 1: Description of test procedures |
| ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
| ISO 12813:2015 | Electronic fee collection Compliance check communication for autonomous systems |
| CEN/TR 16152:2011 | Electronic fee collection - Personalisation and mounting of first mount OBE |
| ISO/IEC 2382:2015 | Information technology — Vocabulary |
| CEN/TR 16670:2014 | Information technology - RFID threat and vulnerability analysis |
| ISO/TS 19299:2015 | Electronic fee collection Security framework |
| ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.