This document defines an information security framework for all organizational and technical entities of an EFC scheme and for the related interfaces, based on the system architecture defined in ISO 17573-1. The security framework describes a set of security requirements and associated security measures. Annex D contains a list of potential threats to EFC systems and a possible relation to the defined security requirements. These threats can be used for a threat analysis to identify the relevant security requirements for an EFC system. The relevant security measures to secure EFC systems can then be derived from the identified security requirements.
Tämän julkaisun valmistelusta Suomessa vastaa Yhteinen Toimialaliitto, www.ytl.fi.
Sisällysluettelo
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Trust model
5.1 Overview
5.2 Stakeholders trust relations
5.3 Technical trust model
5.4 Implementation
6 Security requirements
6.1 General
6.2 Information security management system
6.3 Communication interfaces
6.4 Data storage
6.5 Toll charger
6.6 Toll service provider
6.7 Interoperability management
6.8 Limitation of requirements
7 Security measures — Countermeasures
7.1 Overview
7.2 General security measures
7.3 Communication interfaces security measures
7.4 End-to-end security measures
7.5 Toll service provider security measures
7.6 Toll charger security measures
8 Security specifications for interoperable interface implementation
8.1 General
8.2 Security specifications for DSRC-EFC
9 Key management
9.1 Overview
9.2 Asymmetric keys
9.3 Symmetric keys
Annex A Security profiles (normative)
Annex B Implementation conformance statement (ICS) proforma (informative)
Annex C Stakeholder objectives and generic requirements (informative)
Annex D Threat analysis (informative)
Annex E Security policies (informative)
Annex F Example for an EETS security policy (informative)
Annex G Recommendations for privacy-focused implementation (informative)
CEN/TS 16702-1:2020 Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking
EN 15509:2014 Electronic fee collection - Interoperability application profile for DSRC
IETF RFC 4648:2006
CEN/TS 16702-1:2020 Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking
EN 15509:2014 Electronic fee collection - Interoperability application profile for DSRC
IETF RFC 4648:2006
IETF RFC 5280:2008
ISO 12813:2019 Electronic fee collection -- Compliance check communication for autonomous systems
ISO 12855:2015 Electronic fee collection -- Information exchange between service provision and toll charging
ISO 13141:2015 Electronic fee collection -- Localisation augmentation communication for autonomous systems
ISO 14906:2018 Electronic fee collection -- Application interface definition for dedicated short-range communication
ISO 17575-1:2016 Electronic fee collection -- Application interface definition for autonomous systems -- Part 1: Charging
ISO 2859-1:1999 Sampling procedures for inspection by attributes -- Part 1: Sampling schemes indexed by acceptance quality limit (AQL) for lot-by-lot inspection
ISO/IEC 11770-1:2010 Information technology -- Security techniques -- Key management -- Part 1: Framework
ISO/IEC 11770-3:2015 Information technology -- Security techniques -- Key management -- Part 3: Mechanisms using asymmetric techniques
ISO/IEC 18031:2011 Information technology -- Security techniques -- Random bit generation
ISO/IEC 18033-2:2006 Information technology -- Security techniques -- Encryption algorithms -- Part 2: Asymmetric ciphers
ISO/IEC 19790:2012 Information technology -- Security techniques -- Security requirements for cryptographic modules
ISO/IEC 7816-3:2006 Identification cards -- Integrated circuit cards -- Part 3: Cards with contacts -- Electrical interface and transmission protocols
ISO/IEC 8825-1:2015 Information technology -- ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)
ISO/IEC 9594-8:2017 Information technology -- Open Systems Interconnection -- The Directory -- Part 8: Public-key and attribute certificate frameworks
ISO/IEC 9797-1:2011 Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 1: Mechanisms using a block cipher
ISO/TS 17573-2:2020 Electronic fee collection -- System architecture for vehicle related tolling -- Part 2: Vocabulary
NIST FIPS 140-2:2002