iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN ISO 19299:2020

(Main)

Electronic fee collection - Security framework (ISO 19299:2020)

Electronic fee collection - Security framework (ISO 19299:2020)

This document defines an information security framework for all organizational and technical entities
of an EFC scheme and for the related interfaces, based on the system architecture defined in ISO 17573-1.
The security framework describes a set of security requirements and associated security measures.
Annex D contains a list of potential threats to EFC systems and a possible relation to the defined
security requirements. These threats can be used for a threat analysis to identify the relevant security
requirements for an EFC system.
The relevant security measures to secure EFC systems can then be derived from the identified security
requirements.

Elektronische Gebührenerhebung - Sicherheitsgrundstruktur (ISO 19299:2020)

[Not available]

Perception de télépéage -- Cadre de sécurité (ISO 19299:2020)

Ce document définit un cadre de sécurité de l'information pour toutes les entités organisationnelles et techniques d'un système EFC et pour les interfaces correspondantes, sur la base de l'architecture système définie dans la norme ISO 17573-1. Le cadre de sécurité décrit un ensemble d'exigences de sécurité et de mesures de sécurité associées.
L'Annexe D contient une liste des menaces potentielles pour les systèmes EFC et une relation possible avec les exigences de sécurité définies. Ces menaces peuvent être utilisées pour une analyse des menaces afin d'identifier les exigences de sécurité pertinentes pour un système EFC.
Les mesures de sécurité pertinentes pour sécuriser les systèmes EFC peuvent ensuite être dérivées des exigences de sécurité identifiées.

Elektronsko pobiranje pristojbin - Varnostni okvir (ISO 19299:2020)

General Information

Status
Published
Public Enquiry End Date
08-Dec-2019
Publication Date
29-Sep-2020
ICS
35.240.60 - IT applications in transport
Technical Committee
ITC - Information technology
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
17-Sep-2020
Due Date
22-Nov-2020
Completion Date
30-Sep-2020
Directive
2010/40/EU - Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport Text with EEA relevance
Mandate
M/338 - Standardisation mandate to CEN, CENELEC and ETSI in support of interoperabilty of electonic road toll systems in the community
Ref Project
EN ISO 19299:2020 - Electronic fee collection - Security framework (ISO 19299:2020)

Relations

Replaces
SIST-TS CEN ISO/TS 19299:2016 - Electronic fee collection - Security framework (ISO/TS 19299:2015)
Effective Date
01-Nov-2020

Buy Standard

EN ISO 19299:2020EN ISO 19299:2020
PreviousNext
Standard
EN ISO 19299:2020
English language
144 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
prEN ISO 19299:2019 - BARVEprEN ISO 19299:2019 - BARVE
PreviousNext
Draft
prEN ISO 19299:2019 - BARVE
English language
159 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN ISO 19299:2020
01-november-2020
Nadomešča:
SIST-TS CEN ISO/TS 19299:2016
Elektronsko pobiranje pristojbin - Varnostni okvir (ISO 19299:2020)
Electronic fee collection - Security framework (ISO 19299:2020)
Elektronische Gebührenerhebung - Sicherheitsgrundstruktur (ISO 19299:2020)
Perception de télépéage -- Cadre de sécurité (ISO 19299:2020)
Ta slovenski standard je istoveten z: EN ISO 19299:2020
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
SIST EN ISO 19299:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO 19299:2020

---------------------- Page: 2 ----------------------
SIST EN ISO 19299:2020


EN ISO 19299
EUROPEAN STANDARD

NORME EUROPÉENNE

September 2020
EUROPÄISCHE NORM
ICS 35.240.60; 03.220.20 Supersedes CEN ISO/TS 19299:2015
English Version

Electronic fee collection - Security framework (ISO
19299:2020)
Perception de télépéage - Cadre de sécurité (ISO Elektronische Gebührenerhebung -
19299:2020) Sicherheitsgrundstruktur (ISO 19299:2020)
This European Standard was approved by CEN on 10 August 2020.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 19299:2020 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
SIST EN ISO 19299:2020
EN ISO 19299:2020 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST EN ISO 19299:2020
EN ISO 19299:2020 (E)
European foreword
This document (EN ISO 19299:2020) has been prepared by Technical Committee ISO/TC 204
"Intelligent transport systems" in collaboration with Technical Committee CEN/TC 278 “Intelligent
transport systems” the secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by March 2021, and conflicting national standards shall
be withdrawn at the latest by March 2021.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes CEN ISO/TS 19299:2015.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 19299:2020 has been approved by CEN as EN ISO 19299:2020 without any modification.


3

---------------------- Page: 5 ----------------------
SIST EN ISO 19299:2020

---------------------- Page: 6 ----------------------
SIST EN ISO 19299:2020
INTERNATIONAL ISO
STANDARD 19299
First edition
2020-08
Electronic fee collection — Security
framework
Perception de télépéage — Cadre de sécurité
Reference number
ISO 19299:2020(E)
©
ISO 2020

---------------------- Page: 7 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

---------------------- Page: 8 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 3
5 Trust model . 4
5.1 Overview . 4
5.2 Stakeholders trust relations . 5
5.3 Technical trust model . 6
5.3.1 General. 6
5.3.2 Trust model for TC and TSP relations . 6
5.3.3 Trust model for TSP and service user relations . 7
5.3.4 Trust model for interoperability management relations . 7
5.4 Implementation . 7
5.4.1 Setup of trust relations . 7
5.4.2 Trust relation renewal and revocation . 8
5.4.3 Issuing and revocation of sub CA and end-entity certificates . 8
5.4.4 Certificate and certificate revocation list profile and format . 9
5.4.5 Certificate extensions . 9
6 Security requirements .10
6.1 General .10
6.2 Information security management system .11
6.3 Communication interfaces .12
6.4 Data storage .12
6.5 Toll charger .12
6.6 Toll service provider .14
6.7 Interoperability management .16
6.8 Limitation of requirements .17
7 Security measures — Countermeasures .17
7.1 Overview .17
7.2 General security measures .18
7.3 Communication interfaces security measures .18
7.3.1 General.18
7.3.2 DSRC-EFC interface . .19
7.3.3 CCC interface .20
7.3.4 LAC interface .21
7.3.5 Front End to TSP back end interface .21
7.3.6 TC to TSP interface .22
7.3.7 ICC interface .23
7.4 End-to-end security measures .24
7.5 Toll service provider security measures .25
7.5.1 Front end security measures .25
7.5.2 Back end security measures .26
7.6 Toll charger security measures .27
7.6.1 RSE security measures . .27
7.6.2 Back end security measures .28
7.6.3 Other TC security measures .28
8 Security specifications for interoperable interface implementation .29
8.1 General .29
8.1.1 Subject.29
© ISO 2020 – All rights reserved iii

---------------------- Page: 9 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

8.1.2 Signature and hash algorithms .29
8.2 Security specifications for DSRC-EFC .29
8.2.1 Subject.29
8.2.2 OBE .29
8.2.3 RSE .29
9 Key management .30
9.1 Overview .30
9.2 Asymmetric keys .30
9.2.1 Key exchange between stakeholders .30
9.2.2 Key generation and certification .30
9.2.3 Protection of keys .30
9.2.4 Application .31
9.3 Symmetric keys .31
9.3.1 General.31
9.3.2 Key exchange between stakeholders .31
9.3.3 Key lifecycle .32
9.3.4 Key storage and protection .33
9.3.5 Session keys .34
Annex A (normative) Security profiles .35
Annex B (informative) Implementation conformance statement (ICS) proforma .39
Annex C (informative) Stakeholder objectives and generic requirements .57
Annex D (informative) Threat analysis .61
Annex E (informative) Security policies .118
Annex F (informative) Example for an EETS security policy .124
Annex G (informative) Recommendations for privacy-focused implementation .126
Bibliography .128
iv © ISO 2020 – All rights reserved

---------------------- Page: 10 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in
collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/TC
278 Intelligent transport systems, in accordance with the Agreement on technical cooperation between
ISO and CEN (Vienna Agreement).
This first edition cancels and replaces ISO/TS 19299:2015, which has been technically revised.
The main changes compared to the previous edition are as follows:
— added requirements and security measures for the use of common payment media according to
ISO/TS 21193;
— updated data protection considerations in Annex G, in order to take into account the European
Union’s new General Data Protection Regulation (i.e. Directive 2016/679/EC).
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v

---------------------- Page: 11 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

Introduction
Context of this document
The development process for a security concept and implementation to protect any existing electronic
fee collection (EFC) system normally includes several steps as follows (see Figure 1):
— definition of the security objectives and policy statements in a security policy;
— threat analysis with risk assessment to define the security requirements;
— development of the security measures followed by the development of security test specifications.
Figure 1 — Development path for the security documents
Each actor in an existing EFC system implements the defined security measures and supervises their
effectiveness. When a security measure is found not working properly, an improvement process is
started. The development of the EFC security framework follows this approach, with the following
limitations:
— No standard security policy exists, nor can it be defined: The security policy can only be defined by
the responsible stakeholders and it is limited by laws and regulations. Nonetheless, this document
provides basic examples of possible security policies (in Annex E to Annex F).
— No standard risk assessment is possible: Risk assessment compares possible losses to stakeholders
with the required resources (e.g. equipment, knowledge, time) to perform an attack. In a real system,
risk assessment is based on the evaluation of the costs and benefits of each countermeasure.
— No specific system design or configuration was deemed as universally applicable. Only the available
EFC base standards were taken as references. Specific technical details of a particular system
(e.g. servers, computer centres, and de-centralised elements like roadside equipment) need to be
additionally taken into consideration when implementing security measures.
vi © ISO 2020 – All rights reserved

---------------------- Page: 12 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

Selection of requirements and respective security measures for an existing EFC system is based on the
security policy and the risk assessment of several stakeholders’ systems. Due to the fact that there is
no overall valid security policy, nor is there the possibility to provide a useful risk assessment, the EFC
security framework provides an extensive (but non-exhaustive) toolbox of requirements and security
measures.
To understand the content of this document, the reader should be aware of the methodological
assumptions used to develop it. Security of an (interoperable) EFC scheme depends on the correct
implementation and operation of a number of processes, systems, and interfaces. Only a reliable end-to-
end security ensures the accurate and trustworthy operation of interacting components of toll charging
environments. Therefore, this security framework also covers systems or interfaces which are not EFC
specific, like back office connections. An application independent security framework for such system
parts and interfaces, an information security management system (ISMS), can be found, for example, in
the ISO/IEC 27000 series.
The development process of this document is described briefly in the steps below:
a) Definition of the stakeholder objectives and generic requirements as the basic motivation for the
security requirements (Annex C). A possible security policy with a set of policy statements is
provided in Annex E, and an example of a European electronic toll service (EETS) security policy is
given in Annex F.
b) Based on the EFC role model and further definitions from the EFC architecture standard
(ISO 17573-1), the specification defines an abstract EFC system model as the basis for a threat
analysis, definition of requirements, and security measures.
c) The threats on the EFC system model and its assets are analysed by two different methods: an
attack-based analysis and an asset-based analysis. The first approach considers several threat
scenarios from the perspective of various attackers. The second approach looks in depth on threats
against the various identified assets (tangible and intangible). This approach, although producing
some redundancy, ensures completeness and coverage of a broad range of risks (see Annex D).
d) The requirements specification (see Clause 6) is based on the threats identified in Annex D.
Each requirement is at least motivated by one threat and each threat is covered by at least one
requirement.
e) The definition of security measures (see Clause 7) provides a high-level description of recommended
possible methods to cover the developed requirements.
f) The security specifications for interoperable interface implementation (Clause 8) provide detailed
definitions, such as for message authenticators. These specifications represent an add-on for
security to the corresponding relevant interface standards.
g) Basic key management requirements that support the implementation of the interoperable
interfaces are described in Clause 9. The toll charging environment uses cryptographic elements
(e.g. keys, certificates, certificate revocation lists) to support security services like confidentiality,
integrity, authenticity, and non-repudiation. This section of the document covers the (initial) setup
of key exchange between stakeholders and several operational procedures, such as key renewal,
certificate revocation.
h) A general trust model (see Clause 5) is defined to form the basis for the implementation of
cryptographic procedures to ensure confidentiality, integrity, and authenticity of exchanged
data. In this context, the security framework references approved international standards for the
implementation of cryptographic procedures enhanced by EFC specific details where needed.
A stakeholder of an EFC scheme who wants to use this security framework should to do the following:
— define a security policy for the EFC scheme (may involve more than one stakeholder in an interoperable
EFC scheme). Some examples for a security policy and its elements are provided (in Annex E and
Annex F) as an aid to build up a secure system for a concrete interoperability framework (including
the European electronic toll service).
© ISO 2020 – All rights reserved vii

---------------------- Page: 13 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

— identify the relevant processes, systems and interfaces, and match them to the EFC security
framework;
— select the corresponding security requirements according to the security policy;
— implement the security measures associated to the selected requirements;
— provide evidence of compliance of its systems, processes, and interfaces with the requirements
of this document. Evidence can be provided by a self-declaration, an internal or external audit, or
other certifications.
EFC role model
This document complies with the role model defined in ISO 17573-1. According to this role model, the
toll charger (TC) manages the tolled
...

SLOVENSKI STANDARD
oSIST prEN ISO 19299:2019
01-december-2019
Elektronsko pobiranje pristojbin - Varnostni okvir (ISO/DIS 19299:2019)
Electronic fee collection - Security framework (ISO/DIS 19299:2019)
Elektronische Gebührenerhebung - Sicherheitsgrundstruktur (ISO/DIS 19299:2019)
Perception de télépéage -- Cadre de sécurité (ISO/DIS 19299:2019)
Ta slovenski standard je istoveten z: prEN ISO 19299
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
oSIST prEN ISO 19299:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO 19299:2019

---------------------- Page: 2 ----------------------
oSIST prEN ISO 19299:2019
DRAFT INTERNATIONAL STANDARD
ISO/DIS 19299
ISO/TC 204 Secretariat: ANSI
Voting begins on: Voting terminates on:
2019-09-18 2019-12-11
Electronic fee collection — Security framework
Perception de télépéage — Cadre de sécurité
ICS: 35.240.60; 03.220.20
THIS DOCUMENT IS A DRAFT CIRCULATED
This document is circulated as received from the committee secretariat.
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
ISO/CEN PARALLEL PROCESSING
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 19299:2019(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
©
PROVIDE SUPPORTING DOCUMENTATION. ISO 2019

---------------------- Page: 3 ----------------------
oSIST prEN ISO 19299:2019
ISO/DIS 19299:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

---------------------- Page: 4 ----------------------
oSIST prEN ISO 19299:2019
ISO/DIS 19299:2019(E)
Contents Page
Foreword . vii
Introduction . viii
1 Scope .1
2 Normative references .2
3 Terms and definitions .4
4 Symbols and abbreviated terms . 11
5 Trust model. 12
5.1 Overview . 12
5.2 Stakeholders trust relations . 12
5.3 Technical trust model . 13
5.3.1 General . 13
5.3.2 Trust model for TC and TSP relations . 13
5.3.3 Trust model for TSP and service user relations . 15
5.3.4 Trust model for Interoperability Management relations . 15
5.4 Implementation . 15
5.4.1 Setup of trust relations . 15
5.4.2 Trust relation renewal and revocation . 16
5.4.3 Issuing and revocation of sub CA and end-entity certificates . 16
5.4.4 Certificate and certificate revocation list profile and format . 17
5.4.5 Certificate extensions . 17
6 Security requirements . 19
6.1 General . 19
6.2 Information security management system . 20
6.3 Communication interfaces . 20
6.4 Data storage . 21
6.5 Toll charger . 21
6.6 Toll service provider . 24
6.7 Interoperability Management . 26
6.8 Limitation of requirements . 26
7 Security measures — countermeasures . 27
7.1 Overview . 27
7.2 General security measures . 27
7.3 Communication interfaces security measures . 28
7.3.1 General . 28
7.3.2 DSRC-EFC interface. 29
7.3.3 CCC interface . 30
7.3.4 LAC interface . 31
7.3.5 Front End to TSP back end interface. 32
7.3.6 TC to TSP interface . 32
7.3.7 ICC interface . 34
7.4 End-to-end security measures . 35
7.5 Toll service provider security measures . 36
7.5.1 Front end security measures . 36
© ISO 2019 – All rights reserved
iii

---------------------- Page: 5 ----------------------
oSIST prEN ISO 19299:2019
ISO/DIS 19299:2019(E)
7.5.2 Back end security measures . 37
7.6 Toll charger security measures . 38
7.6.1 RSE security measures . 38
7.6.2 Back end security measures . 39
7.6.3 Other TC security measures . 40
8 Security specifications for interoperable interface implementation . 40
8.1 General . 40
8.1.1 Subject . 40
8.1.2 Signature and hash algorithms . 40
8.2 Security specifications for DSRC-EFC . 41
8.2.1 Subject . 41
8.2.2 OBE . 41
8.2.3 RSE . 41
9 Key management . 41
9.1 Overview . 41
9.2 Asymmetric keys . 42
9.2.1 Key exchange between stakeholders . 42
9.2.2 Key generation and certification . 42
9.2.3 Protection of keys . 42
9.2.4 Application . 42
9.3 Symmetric keys . 43
9.3.1 General . 43
9.3.2 Key exchange between stakeholders . 43
9.3.3 Key lifecycle. 44
9.3.4 Key storage and protection . 45
9.3.5 Session keys . 46
Annex A (normative) Security profiles . 47
A.1 General . 47
A.2 Communication interface profiles . 47
A.2.1 TC to TSP profiles . 47
A.2.2 Communication provider profile . 48
A.2.3 ICC interface profile. 49
A.3 Data storage profiles . 49
A.3.1 OBE data storages profile . 49
A.3.2 ICC data storage profile . 50
A.3.3 RSE data storage profile . 50
A.3.4 Back end data storage profile . 50
Annex B (normative) Implementation conformance statement (ICS) proforma . 51
B.1 Guidance for completing the ICS proforma . 51
B.1.1 Purposes and structure . 51
B.1.2 Abbreviations and conventions . 51
B.2 Identification of the implementation . 53
B.2.1 General . 53
B.2.2 Date of the statement . 53
B.2.3 Implementation Under Test (IUT) identification . 53
B.2.4 System Under Test (SUT) identification . 53
B.2.5 Supplier. 53
B.2.6 Actor (if different from supplier) . 54
B.2.7 ICS contact person . 54
B.3 Identification of the standard . 54
B.4 Global statement of conformance . 55
© ISO 2019 – All rights reserved
iv

---------------------- Page: 6 ----------------------
oSIST prEN ISO 19299:2019
ISO/DIS 19299:2019(E)
B.5 Roles . 55
B.6 Trust model. 55
B.7 Profiles. 58
B.8 Requirements . 59
B.9 Security measures . 62
B.10 Specifications for interoperable interfaces security . 67
B.11 Specifications for key management . 67
Annex C (informative) Stakeholder objectives and generic requirements . 69
C.1 General . 69
C.2 Toll chargers . 70
C.2.1 Toll chargers and their main interests . 70
C.2.2 Security service requirements for a toll charger . 70
C.3 Toll service providers . 71
C.3.1 Toll service providers and their main interests . 71
C.3.2 Security service requirements for a toll service provider . 71
C.4 Service users . 72
C.4.1 Service users and their main interests . 72
C.4.2 Service user requirements . 72
C.5 Interoperability management. 72
C.5.1 Interoperability management and its main interests . 72
C.5.2 Security service requirements for interoperability management . 73
Annex D (informative) Threat analysis. 74
D.1 General . 74
D.1.1 General approach . 74
D.1.2 Naming conventions . 74
D.1.3 Statement of completeness . 75
D.2 Attack trees-based threat analysis . 75
D.2.1 Overview . 75
D.2.2 System model . 75
D.2.3 Presentation of attack trees . 77
D.2.4 Attacker class 1: Service user . 78
D.2.5 Attacker class 2: Toll service provider . 82
D.2.6 Attacker class 3: Toll charger . 85
D.2.7 Attacker class 4: Hacker . 88
D.2.8 Attacker class 5: Activist . 92
D.2.9 Attacker class 6: Communication provider . 93
D.2.10 Attacker class 7: Enterprise . 95
D.2.11 Attacker class 8: Government . 98
D.2.12 Attacker class 9: Foreign state agency . 100
D.3 Asset based threat analysis . 102
D.3.1 General . 102
D.3.2 Threatened Assets . 103
D.3.3 Compliance matrix . 103
D.3.4 Presentation of threats . 105
D.3.5 Generic threats . 105
D.3.6 Asset 203: Billing details . 107
D.3.7 Asset 204: OBE Charge Report . 108
D.3.8 Asset 205: Customization information . 109
D.3.9 Asset 206: Service user contract information . 110
D.3.10 Asset 207: Exception list . 110
D.3.11 Asset 208: Customer service . 111
© ISO 2019 – All rights reserved
v

---------------------- Page: 7 ----------------------
oSIST prEN ISO 19299:2019
ISO/DIS 19299:2019(E)
D.3.12 Asset 209: OBE . 111
D.3.13 Asset 210: Service user privacy . 113
D.3.14 Asset 211: RSE . 114
D.3.15 Asset 212: EFC stakeholder image and reputation . 115
D.3.16 Asset 213: TC and TSP central system . 116
D.3.17 Asset 214: Road usage data . 118
D.3.18 Asset 215: Trust objects . 119
D.3.19 Asset 216: Service user identification . 120
D.3.20 Asset 217: Toll context data . 121
D.3.21 Asset 218: Payment means . 122
D.3.22 Asset 219: Limited autonomy . 123
D.3.23 Asset 220: EFC schema . 123
D.3.24 Asset 221: Contractual conditions . 124
D.3.25 Asset 222: Operational rules . 125
D.3.26 Asset 223: Complaints . 126
D.3.27 Asset 224: Certification . 127
D.3.28 Asset 225: Quality assurance parameter reporting . 128
D.3.29 Asset 226: Enforcement data . 129
D.3.30 Asset 227: Invoice . 130
D.3.31 Asset 228: ICC . 130
Annex E (informative) Security policies . 132
E.1 General . 132
E.1.1 Overview of this Annex . 132
E.1.2 Motivation for the need of security policies . 132
E.2 Example EFC scheme security policy . 132
E.2.1 Motivation for information security .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN 17870:2023(Main)
Intelligent transport systems - eSafety - eCall additional data concept for equipment limitations
EN 17870:2023

This document defines an additional data concept that may be transferred as the ‘optional additional data ’ part of an eCall MSD, as defined in EN 15722, that may be transferred from a vehicle to a PSAP in the event of a crash or emergency via an eCall communication session.
The purpose of this document is to provide means to notify the PSAP of any limitations to the sending equipment that are endorsed by other standards, but not (immediately) apparent to the receiver. Lack of knowledge about these limitations can hamper the emergency process. This document describes an additional data concept which facilitates the inclusion of information about such limitations in a consistent and usable matter.
This document can be seen as an addendum to EN 15722; it contains as little redundancy as possible.

  • Standard
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 21177:2023(Main)
Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO 21177:2023)
EN ISO 21177:2023

This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.:
—    between devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) as specified in ISO 21217; and
—    between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks.
These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner.
These services are essential for many intelligent transport system (ITS) applications and services including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside/infrastructure-related services.

  • Standard
    114 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    110 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 15876:2023(Main)
Electronic fee collection - Conformity evaluation of on-board and roadside equipment to EN 15509
EN 15876:2023

It defines the test suite structure and the test purposes for conformity evaluation of on-board and roadside equipment designed for compliance with the requirements set up in EN 15509.

  • Standard
    122 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    147 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 17949:2023(Main)
Public transport - Distribution APIs for MaaS
CEN/TR 17949:2023

Existing public and private distribution API specifications will be identified, where practicable, and summarised in a number of ways, including: ownership of specification, scope of API functionality, basis of data model and data categorisation used, management of reference data, commercial access rules to the specification, governance of the specification, existing examples of use for MaaS booking, coherence with existing CEN standards, potential for becoming a new CEN standard.

  • Technical report
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 15509:2023(Main)
Electronic fee collection - Interoperability application profile for DSRC
EN 15509:2023

The scope for this European Standard is limited to:
-   payment method: Central account based on EFC-DSRC;
-   physical systems: OBU, RSE and the DSRC interface between them (all functions and information flows related to these parts);
-   DSRC-link requirements;
-   EFC transactions over the DSRC interface;
-   data elements to be used by OBU and RSE used in EFC-DSRC transactions;
-   security mechanisms for OBU and RSE used in EFC-DSRC transactions.

  • Standard
    61 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 20524-1:2023(Main)
Intelligent transport systems - Geographic Data Files (GDF) GDF5.1 - Part 1: Application independent map data shared between multiple sources (ISO 20524-1:2020)
EN ISO 20524-1:2022

This standard specifies the conceptual and logical data model and physical encoding formats for geographic databases for Intelligent Transport Systems (ITS) applications and services. It includes a specification of potential contents of such databases (data dictionaries for Features, Attributes and Relationships), a specification of how these contents shall be represented, and of how relevant information about the database itself can be specified (metadata).
The focus of this standard is on ITS applications and services and it emphasizes road and road-related information. ITS applications and services, however, also require information in addition to road and road-related information.
Typical ITS applications and services targeted by this International Standard are in-vehicle or portable navigation systems, traffic management centres, or services linked with road management systems, including public transport systems.
The Conceptual Data Model has a broader focus than ITS applications and services. It is application-independent, allowing for future harmonization of this standard with other geographic database standards.
In order to deal with a multiple data provider environment and new applications, conceptual models, features, attributes and relationships are expanded in GDF5.1.
GDF5.1 is separated into two parts according to methods of utilization.
GDF5.1 Part 1 defines application-independent map data shared between multiple sources.
GDF5.1 Part 2 defines map data used in automated driving systems, cooperative ITS, and multi-modal transport.

  • Standard
    1077 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    1074 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17184:2023(Main)
Intelligent transport systems - eSafety - eCall High level application protocols (HLAP) using IP Multimedia Subsystem (IMS) over packet switched networks
CEN/TS 17184:2022

In respect of pan European eCall (operating requirements defined in EN 16072), this document defines the high level application protocols, procedures and processes required to provide the eCall service via a packet switched wireless communications network using IMS (IP Multimedia Subsystem) and wireless access (such as LTE, NR and their successors).
This document assumes support of eCall using IMS over packet switched networks by an IVS and a PSAP and further assumes that all PLMNs available to an IVS at the time an eCall or test eCall is initiated are packet switched networks. Support of eCall where eCall using IMS over packet switched networks is not supported by an IVS or PSAP is out of the scope of this document.
At some moment in time packet switched networks will be the only Public Land Mobile Networks (PLMN) available. However as long as GSM/UMTS PLMNs are available (Teleservice 12/TS12) ETSI TS 122 003 will remain operational. Both the use of such PLMNs and the logic behind choosing the appropriate network in a hybrid situation (where both packet-switched and circuit-switched networks are available) are out of scope of this document.
NOTE 1   The objective of implementing the pan-European in-vehicle emergency call system (eCall) is to automate the notification of a traffic accident, wherever in Europe, with the same technical standards and the same quality of services objectives by using a PLMN (such as ETSI prime medium) which supports the European harmonized 112/E112 emergency number (TS12 ETSI TS 122 003 or IMS packet switched network) and to provide a means of manually triggering the notification of an emergency incident.
NOTE 2   HLAP requirements for third party services supporting eCall can be found in EN 16102,. This document makes reference to those provisions but does not duplicate them.

  • Technical specification
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17875:2023(Main)
Intelligent transport systems - eSafety - Incident Support Information System (ISIS) Architecture
CEN/TS 17875:2022

This document describes the architecture of a secure process flow between a source ITS system and a destination ITS system to provide an ‘incident support information system’ (ISIS) to emergency responders by accessing (with the agreement of the vehicle owners/keepers) data from a crashed vehicle and/or other vehicles, or drones, in the vicinity of the incident.

  • Technical specification
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 14906:2023(Main)
Electronic fee collection - Application interface definition for dedicated short-range communication (ISO 14906:2022)
EN ISO 14906:2023

This document specifies the application interface in the context of electronic fee collection (EFC) systems using dedicated short-range communication (DSRC).
The EFC application interface is the EFC application process interface to the DSRC application layer, as can be seen in Figure 1. This document comprises specifications of:
—    EFC attributes (i.e. EFC application information) that can also be used for other applications and/or interfaces;
—    the addressing procedures of EFC attributes and (hardware) components (e.g. integrated circuit(s) card);
—    EFC application functions, i.e. further qualification of actions by definitions of the concerned services, assignment of associated ActionType values, and content and meaning of action parameters;
—    the EFC transaction model, which defines the common elements and steps of any EFC transaction;
—    the behaviour of the interface so as to ensure interoperability on an EFC-DSRC application interface level.
This is an interface standard, adhering to the open systems interconnection (OSI) philosophy (see ISO/IEC 7498-1), and it is as such not primarily concerned with the implementation choices to be realized at either side of the interface.
This document provides security-specific functionality as place holders (data and functions) to enable the implementation of secure EFC transactions. Yet the specification of the security policy (including specific security algorithms and key management) remains at the discretion and under the control of the EFC operator, and hence is outside the scope of this document.

  • Standard
    131 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    130 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 12896-10:2023(Main)
Public transport - Reference data model - Part 10: Alternative Modes
EN 12896-10:2022

This part of the EN12896-X series (Transmodel-Part 10) takes into account the conceptual data model for the 'new modes' (vehicle pooling, vehicle sharing, taxis, vehicle rental) elaborated within CEN TS 17413 (Models and Definitions for New Modes) and is dedicated to be amended and re- published as a reference data model for the alternative modes of transport (Part 10 of the Public Transport Reference Data Model).
This new publication takes into account the revision of the conceptual model (published as CEN TS 17413) by the project team TC278 PT0303 working on the implementation of the 'new modes' model (NeTEx-Part5).
EN12896-10, supplementing the series of EN12896-X, establishes the semantic reference for the alternative modes data domain and thus facilitates the integration of these modes into the overall mobility environment, in particular into multimodal travel services (e.g. trip planning systems).

  • Standard
    258 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    258 pages
    English language
    sale 10% off
    e-Library read for
    1 day