magnifying icon Basket
1 item ^

Basket is empty
Login

Login

LOGGED AS

Help

Satisfaction enquiry

SATISFACTION ENQUIRY

Newsletter

Free of charge lifelong learning "Standardization"

FREE OF CHARGE LIFELONG LEARNING "STANDARDIZATION"

Standardisation

Draft standards in public enquiry

DRAFT STANDARDS IN PUBLIC ENQUIRY

Standards organizations

STANDARDS ORGANIZATIONS

  • National standards

  • European standards

  • International standards


Deliverable

 
Free preview
Price
Language
 
CEN/TS 16439:2013 Edition 01/2013
Electronic fee collection - Security framework
  •   
  •  
  • 136.7 / copy
  •  
 

Abstract

1.1 EFC specific scope ISO 17573 defines the roles and functions as well as the internal and external entities of the EFC system environment. Based on the system architecture defined in ISO 17573, the security framework describes a set of requirements and security measures for stakeholders to implement and operate their part of an EFC system as required for a trustworthy environment according to its basic information security policy. In general, the overall scope is an information security framework for all organisational and technical entities and in detail for the interfaces between them. Figure 3 below illustrates the abstract EFC system model used to analyse the threats, define the security requirements and security measures of this Technical Specification. This Technical Specification is based on the assumption of an OBE which is dedicated to EFC purposes only and neither considers value added services based on EFC OBE, nor more generic OBE platforms (called in-vehicle ITS Stations) used to host the EFC application. The scope of this security framework comprises the following: - general information security objectives of the stakeholders; - threat analysis; - definition of a trust model; - security requirements; - security measures – countermeasures; - security specifications for interface implementation; - key management; - security policies; - privacy-enabled implementations. The following is outside the scope of this Technical Specification: - a complete risk assessment for an EFC system; - security issues rising from an EFC application running on an ITS station; NOTE Security issues associated with an EFC application running on an ITS station will be covered in a CEN Technical Report on "Guidelines for EFC-applications based on in vehicle ITS Stations" that is being developed at the time of publication of this document. - entities and interfaces of the interoperability management role; - the technical trust relation of the model between TSP and User; - a complete specification and description of all necessary security measures to all identified threats; - concrete implementation specifications for implementation of security for EFC system, e.g. European electronic toll service (EETS); - detailed specifications required for privacy-friendly EFC implementations. The detailed scope of the bullet points and the clause with the corresponding content is given below: - General information security objectives of the stakeholders (informative, Annex C) To derive actual security requirements and define implementations, it is crucial to gain a common understanding of the possible different perspectives and objectives of such stakeholders of a toll charging environment. - Threat analysis (informative, Annex D) The threat analysis is the basis and motivation for all the security requirements resulting in this framework. The results from two complementary approaches will be combined in one common set of requirements. The first approach considers a number of threat scenarios from the perspective of various attackers. The second approach looks in depth on threats against the various identified assets (tangible and intangible entities). - Definition of a trust model (normative, Clause 5) The trust model comprises all basic assumptions and principles for establishing trust between the stakeholders. The trust model forms the basis for the implementation of cryptographic procedures to ensure confidentiality, integrity, authenticity and partly non-repudiation of exchanged data. - Security requirements (normative, Clause 6) (...)

Status

Standard - Superseded

Origin

Technical Committee :
CEN/TC 278 : Road transport and traffic telematics

Directives

2004/54/EC : Directive 2004/54/EC of the European Parliament and of the Council of 29 April 2004 on minimum safety requirements for tunnels in the trans-European road network

Implementation

start of the vote on the project      date of ratification (dor)    27/08/2012
end of the vote on the project      date of anouncement (doa)    30/04/2013
start of the vote on the final project    26/04/2012   date of publication (dop)   
end of the vote on the final project      date of withdrawal (dow)   


Publication Official Journal
of the Grand-Duchy of Luxembourg
05/06/2013
Reference

Relations

Evolutions
CEN ISO/TS 19299:2015

International Classification for Standards (ICS codes) :

35.240.60 : IT applications in transport and trade

magnifying icon Basket
1 item ^

Basket is empty


Warning:
DIN standards can be downloaded only once! After downloading, they are no longer available in the eLibrary.
Begin download?