EN ISO TS 17574-2017 en Electronic fee collection - Guidelines for security protection profiles.pdf

1、Electronic fee collection Guidelines for security protection profilesPD CEN ISO/TS 17574:2017BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06National forewordThis Published Document is the UK implementation of CEN ISO/TS 17574:2017. It supersedes DD CEN ISO/TS 17574:

2、2009 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee EPL/278, Intelligent transport systems.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary

3、 provisions ofa contract. Users are responsible for its correct application. The British Standards Institution 2017.Published by BSI Standards Limited 2017ISBN 978 0 580 94774 2ICS 03.220.20; 35.240.60Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Docu

4、ment was published under the authority of theStandards Policy and Strategy Committee on 30 April 2017.Amendments/corrigenda issued since publicationDate Text affectedPUBLISHED DOCUMENTPD CEN ISO/TS 17574:2017TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN ISO/TS 17574 Mar

5、ch 2017 ICS 03.220.20; 35.240.60 Supersedes CEN ISO/TS 17574:2009English Version Electronic fee collection - Guidelines for security protection profiles (ISO/TS 17574:2017) Perception de tlpage - Lignes directrices concernantles profils de protection de la scurit (ISO/TS 17574:2017) Elektronische Ge

6、bhrenerhebung - Leitfaden fr Sicherheitsprofile (ISO/TS 17574:2017) This Technical Specification (CEN/TS) was approved by CEN on 3 March 2017 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested t

7、o submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is

8、 permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark,

9、Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMIT

10、TEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN ISO/TS 17574:2017 ECEN ISO

11、/TS 17574:2017 (E) 2 Contents PageEuropean foreword . 3 PD CEN ISO/TS 17574:2017CEN ISO/TS 17574:2017 (E) 3 European foreword This document (CEN ISO/TS 17574:2017) has been prepared by Technical Committee ISO/TC 204 “Intelligent transport systems” in collaboration with Technical Committee CEN/TC 278

12、 “Intelligent transport systems” the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This documen

13、t supersedes CEN ISO/TS 17574:2009. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yu

14、goslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO/TS

15、17574:2017 has been approved by CEN as CEN ISO/TS 17574:2017 without any modification. PD CEN ISO/TS 17574:2017ISO/TS 17574:2017(E)Foreword ivIntroduction v1 Scope . 12 Normative references 13 Terms and definitions . 24 Abbreviated terms 45 EFC security architecture and protection profile processes

16、. 55.1 General . 55.2 EFC security architecture . 55.3 Protection profile preparatory steps . 65.4 Relationship between actors. 76 Outlines of Protection Profile . 96.1 Structure . 96.2 Context 10Annex A (informative) Procedures for preparing documents 11Annex B (informative) Example of threat analy

17、sis evaluation method .45Annex C (informative) Relevant security standards in the context of the EFC .50Annex D (informative) Common Criteria Recognition Arrangement (CCRA)51Bibliography .52 ISO 2017 All rights reserved iiiContents PagePD CEN ISO/TS 17574:2017ISO/TS 17574:2017(E)ForewordISO (the Int

18、ernational Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee ha

19、s been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical

20、standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in acc

21、ordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. De

22、tails of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).Any trade name used in this document is information given for the convenience of users and does not constitute

23、an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www .iso .org/ iso/ fo

24、reword .html.The committee responsible for this document is ISO/TC 204, Intelligent transport systems.This third edition cancels and replaces the second edition (ISO/TS 17574:2009), which has been technically revised. This edition includes the following significant changes with respect to the previo

25、us edition: Clause 1 has been redrafted and shortened; Clause 3 has been updated with harmonized terms; requirements updated as to reflect the latest version of the ISO/IEC 15408 series; a new Clause 5 has been added, comprising much of the text from the Scope of the previous edition.iv ISO 2017 All

26、 rights reservedPD CEN ISO/TS 17574:2017ISO/TS 17574:2017(E)IntroductionElectronic fee collection (EFC) systems are subject to several ways of fraud both by users and operators but also from people outside the system. These security threats have to be met by different types of security measures incl

27、uding security requirements specifications.It is recommended that EFC operators or national organizations, e.g. highway authorities or transport ministries, use the guideline provided by this document to prepare their own EFC/protection profile (PP), as security requirements should be described from

28、 the standpoint of the operators and/or operators organizations.It should be noted that this document is of a more informative than normative nature and it is intended to be read in conjunction with the underlying international standards ISO/IEC 15408 (all parts). Most of the content of this documen

29、t is an example shown in Annex A on how to prepare the security requirements for EFC equipment, in this case, a DSRC-based OBE with an IC card loaded with crucial data needed for the EFC. The example refers to a Japanese national EFC system and should only be regarded as an example.After an EFC/PP i

30、s prepared, it can be internationally registered by the organization that prepared the EFC/PP so that other operators or countries that want to develop their EFC system security services can refer to an already registered EFC/PP.This EFC-related document on security service framework and EFC/PP is b

31、ased on ISO/IEC 15408 (all parts). ISO/IEC 15408 (all parts) includes a set of requirements for the security functions and assurance of IT-relevant products and systems. Operators, organizations or authorities defining their own EFC/PP can use these requirements. This will be similar to the differen

32、t PPs registered by several financial institutions, e.g. for payment instruments like IC cards.The products and systems that were developed in accordance with ISO/IEC 15408 (all parts) can be publicly assured by the authentication of the government or designated private evaluation agencies. ISO 2017

33、 All rights reserved vPD CEN ISO/TS 17574:2017PD CEN ISO/TS 17574:2017Electronic fee collection Guidelines for security protection profiles1 ScopeThis document provides guidelines for preparation and evaluation of security requirements specifications, referred to as Protection Profiles (PP) in ISO/I

34、EC 15408 (all parts) and in ISO/IEC TR 15446.By Protection Profile (PP), it means a set of security requirements for a category of products or systems that meet specific needs. A typical example would be a PP for On-Board Equipment (OBE) to be used in an EFC system. However, the guidelines in this d

35、ocument are superseded if a Protection Profile already exists for the subsystem in consideration.The target of evaluation (TOE) for EFC is limited to EFC specific roles and interfaces as shown in Figure 1. Since the existing financial security standards and criteria are applicable to other external

36、roles and interfaces, they are assumed to be outside the scope of TOE for EFC.Figure 1 Scope of TOE for EFCThe security evaluation is performed by assessing the security-related properties of roles, entities and interfaces defined in security targets (STs), as opposed to assessing complete processes

37、 which often are distributed over more entities and interfaces than those covered by the TOE of this document.NOTE Assessing security issues for complete processes is a complimentary approach, which may well be beneficial to apply when evaluating the security of a system.2 Normative referencesThere

38、are no normative references in this document.TECHNICAL SPECIFICATION ISO/TS 17574:2017(E) ISO 2017 All rights reserved 1PD CEN ISO/TS 17574:2017ISO/TS 17574:2017(E)3 Terms and definitionsFor the purposes of this document, the following terms and definitions apply.ISO and IEC maintain terminological

39、databases for use in standardization at the following addresses: IEC Electropedia: available at h t t p :/ www .electropedia .org/ ISO Online browsing platform: available at h t t p :/ www .iso .org/ obp3.1assurance requirementsecurity requirements to assure confidence in the implementation of funct

40、ional requirements3.2auditindependent review and examination in order to ensure compliance with established policy and operational procedures and to recommend associated changes3.3availabilityproperty of being accessible and usable upon demand by an authorized entitySOURCE: ISO/TS 19299:2015, 3.63.4

41、certificationprocedure by which a party gives written assurance that a product, process, or service conforms to specified requirementsSOURCE: ISO/TS 14907-1:2015, 3.33.5confidentialityprevention of information leakage to non-authenticated individuals, parties, and/or processesSOURCE: ISO/TS 19299:20

42、15, 3.113.6data privacyrights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure and disposal of personal informationSOURCE: ISO/TS 19299:2015, 3.323.7Evaluation Assurance LevelEALset of assurance requirements, usually involving documentation,

43、 analysis and testing, representing a point on a predefined assurance scale, that form an assurance package3.8functional requirementrequirement for a function that a system or system component is able to perform3.9integrityproperty that data have not been altered or destroyed in an unauthorized mann

44、er3.10international registrarorganization authorized to register protection profiles at an international level2 ISO 2017 All rights reservedPD CEN ISO/TS 17574:2017ISO/TS 17574:2017(E)3.11key managementgeneration, distribution, storage, application and revocation of encryption keys3.12On-Board Equip

45、mentOBErequired equipment on-board a vehicle for performing required EFC functions and communication servicesNote 1 to entry: The OBE does not need to include payment means.3.13personalization cardset-up cardIC card to transcribe individual data such as vehicle information into On-Board Equipment3.1

46、4rationale verificationprocess determining that a product of each phase of the system lifecycle development process fulfils all the requirements specified in the previous phase3.15reliabilityability of a device or a system to perform its intended function under given conditions of use for a specifie

47、d period of time or number of cyclesSOURCE: ISO/TS 14907-1:2015, 3.173.16road side equipmentRSEequipment located along the road, either fixed or mobile3.17secure application moduleSAMphysical module that securely executes cryptographic functions and stores keysSOURCE: ISO/TS 19299:2015, 3.353.18secu

48、rity policyset of rules that regulate how to handle security threats or define the appropriate security levelSOURCE: ISO/TS 19299:2015, 3.363.19security targetSTset of security requirements and specifications to be used as the basis for evaluation of an identified TOE3.20security threatpotential act

49、ion or manner to violate the security of a system3.21target of evaluationTOEset of software, firmware and/or hardware possibly accompanied by guidanceSOURCE: ISO/IEC 15408-1:2009, 3.1.70 ISO 2017 All rights reserved 3PD CEN ISO/TS 17574:2017ISO/TS 17574:2017(E)3.22threat agententity that has the intention to act adversely on an assetSOURCE: ISO/TS 19299:2015, 3.403.23toll chargerentity which levies toll for the use of vehicles in a toll domainNote 1 to entry: In other documents, the terms operator or toll operat