1、PD CEN/TR 16968:2016 Electronic Fee Collection Assessment of security measures for applications using Dedicated Short-Range Communication BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06PD CEN/TR 16968:2016 PUBLISHED DOCUMENT National foreword This Published Documen
2、t is the UK implementation of CEN/TR 16968:2016. The UK participation in its preparation was entrusted to Technical Committee EPL/278, Intelligent transport systems. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport t
3、o include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 92597 9 ICS 35.240.60 Compliance with a British Standard cannot confer immunity from legal obligatio
4、ns. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 31 May 2016. Amendments issued since publication Date Text affectedPD CEN/TR 16968:2016TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 16968 May 2016 ICS 35.240.60 English Ve
5、rsion Electronic Fee Collection - Assessment of security measures for applications using Dedicated Short-Range Communication Elektronische Gebhrenerhebung - Beurteilung von Sicherheitsmanahmen fr Anwendungen mit dedizierter Nahbereichskommunikation This Technical Report was approved by CEN on 11 Apr
6、il 2016. It has been drawn up by the Technical Committee CEN/TC 278. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Ita
7、ly, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Ave
8、nue Marnix 17, B-1000 Brussels 2016 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 16968:2016 EPD CEN/TR 16968:2016 CEN/TR 16968:2016 (E) 2 Contents Page European foreword . 4 Introduction 5 1 Scope 6 2 Terms and definitions .
9、 6 3 Abbreviations . 9 4 Method . 10 5 Security Objectives and Functional Requirements 13 5.1 Target of evaluation 13 5.2 Security objectives . 14 5.2.1 Introduction . 14 5.2.2 Confidentiality . 14 5.2.3 Availability . 14 5.2.4 Accountability . 14 5.2.5 Data integrity . 14 5.3 Functional security re
10、quirements . 15 5.3.1 Introduction . 15 5.3.2 Confidentiality . 15 5.3.3 Availability . 17 5.3.4 Accountability . 18 5.3.5 Data integrity . 20 5.4 Inventory of assets . 21 5.4.1 Functional Assets . 21 5.4.2 Data Assets 22 6 Threat analysis 22 7 Qualitative risk analysis 24 7.1 Introduction . 24 7.1.
11、1 General . 24 7.1.2 Likelihood of a threat . 24 7.1.3 Impact of a threat . 25 7.1.4 Classification of Risk . 26 7.2 Risk determination 26 7.2.1 Definition of high and low risk context 26 7.2.2 Threat T1: Access Credentials keys can be obtained 27 7.2.3 Threat T2: Authentication keys can be obtained
12、 . 27 7.2.4 Threat T3: OBU can be cloned . 28 7.2.5 Threat T4: OBU can be faked 28 7.2.6 Threat T5: Authentication of OBU data can be repudiated . 29 7.2.7 Threat T6: Application data can be modified after the transaction 29 7.2.8 Threat T7: Data in the VST is not secure 30 7.2.9 Threat T8: DSRC Com
13、munication can be eavesdropped 30 7.2.10 Threat T9: Correctness of application data are repudiated . 31 7.2.11 Threat T10: Master keys may be obtained from RSE 31 7.3 Summary . 31 PD CEN/TR 16968:2016 CEN/TR 16968:2016 (E) 3 8 Proposals for new security measures . 32 8.1 Introduction 32 8.2 Security
14、 measures to counter risks related to key recovery 32 8.3 Recommended countermeasures . 34 8.4 Qualitative cost benefit analysis . 35 9 Impact of proposed countermeasures 35 9.1 Current situation and level of fraud in existing EFC systems using CEN DSRC link 35 9.2 EETS legislation . 36 9.3 Analysis
15、 of effects on existing EFC systems . 36 9.3.1 Affected roles . 36 9.3.2 The CEN DSRC equipment Manufacturers . 36 9.3.3 The Toll Service Providers 37 9.3.4 The Toll Chargers . 37 10 Recommendations 38 10.1 Add security levels and procedures to EN ISO 14906 38 10.2 Recommendation for other EFC stand
16、ards . 39 10.3 New standards . 39 Annex A (informative) Current status of the DEA cryptographic algorithm 40 A.1 Overview 40 A.2 ISO/IEC 9797-1 (MAC Algorithm 1) 40 A.3 FIPS 46 (DEA Specification DES) 40 A.4 ENISA recommendations . 41 Annex B (informative) Security considerations regarding DSRC in E
17、FC Standards 42 B.1 Security vulnerabilities in EN 15509 and EN ISO 14906 42 B.2 Security vulnerabilities in EN ISO 12813 (CCC) . 42 B.3 Security vulnerabilities in EN ISO 13141 (LAC) . 43 B.4 Security vulnerabilities in CEN/TS 16702-1 (SM-CC) 43 Bibliography . 44 PD CEN/TR 16968:2016 CEN/TR 16968:2
18、016 (E) 4 European foreword This document (CEN/TR 16968:2016) has been prepared by Technical Committee CEN/TC 278 “Intelligent transport systems”, the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent ri
19、ghts. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. PD CEN/TR 16968:2016 CEN/TR 16968:2016 (E) 5 Introduction Security for dedicated short-range communication (DSRC) applications in the context of electronic fee collection (EFC) has a long history in
20、 standardization. Currently the area is covered by several standards and technical specifications, successively developed over time: EN ISO 14906 (Electronic fee collection - Application interface definition for dedicated short-range communication) provides a toolbox of functions and security measur
21、es which can be used for DSRC application. CEN ISO/TS 19299 (Electronic fee collection - Security framework) analyzes the threats to an EFC system as a whole, and not specifically for the DSRC technology. EN ISO 12813 (Electronic fee collection - Compliance check communication for autonomous systems
22、) and EN ISO 13141 (Electronic fee collection - Localisation augmentation communication for autonomous systems) mirrors the best-practice security measures of EN 15509. CEN/TS 16702-1 (Electronic fee collection - Secure monitoring for autonomous toll systems - Part 1: Compliance checking) provides a
23、n EFC enforcement concept, partially dependent on a DSRC application. EN 15509 (Electronic fee collection - Interoperability application profile for DSRC) defines an interoperable application profile which comprises a selection of such measures with a definition of security algorithms associated to
24、it. It is based on the experience of many EU projects related to DSRC-EFC. As the security domain has evolved, it is now necessary to analyze again the threats, vulnerabilities and risks of using the CEN DSRC technology in all DSRC-based applications related to EFC. Technological advances and prolif
25、eration of cryptographic tools and knowledge has made an attack on the security procedures of DSRC more likely. This technical report (TR) identifies context dependent risks on the DSRC link and proposes security measures to counter them and the points out what new standard deliverables that are nee
26、ded. PD CEN/TR 16968:2016 CEN/TR 16968:2016 (E) 6 1 Scope This Technical Report includes a threat analysis, based on CEN ISO/TS 19299 (EFC - Security Framework), of the CEN DSRC link as used in EFC applications according to the following Standards and Technical Specification EN 15509:2014, EN ISO 12
27、813:2015, EN ISO 13141:2015, CEN/TS 16702-1:2014. This Technical Report contains: a qualitative risk analysis in relation to the context (local tolling system, interoperable tolling environment, EETS); an assessment of the current recommended or defined security algorithms and measures to identify e
28、xisting and possible future security leaks; an outline of potential security measures which might be added to those already defined for DSRC; an analysis of effects on existing EFC systems and interoperability clusters; a set of recommendations on how to revise the current standards, or proposal for
29、 new work items, with already made implementations taken into account. The security analysis in this Technical Report applies only to Security level 1, with Access Credentials and Message authentication code, as defined in EN 15509:2014. It is outside the scope of this Technical Report to examine No
30、n DSRC (wired or wireless) interfaces to the OBE and RSE. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 access credentials trusted attestation or secure module that establishes the claimed identity of an object or application SOURCE: EN 155
31、09:2014, 3.1 2.2 accountability property that ensures that the actions of an entity may be traced uniquely to that entity SOURCE: ISO 7498-2:1989, 3.3.3, modified PD CEN/TR 16968:2016 CEN/TR 16968:2016 (E) 7 2.3 asset anything that has value to a stakeholder SOURCE: CEN ISO/TS 19299:2015, 3.3 2.4 at
32、tack attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset SOURCE: CEN ISO/TS 19299:2015, 3.4 2.5 attribute addressable package of data consisting of a single data element or structured sequences of data elements SOURCE: EN ISO 17575-1:
33、2016, 3.2 2.6 authentication security mechanism allowing verification of the provided identity SOURCE: EN 301 175 2.7 authenticator data, possibly encrypted, that is used for authentication SOURCE: EN 15509:2014, 3.3 2.8 confidentiality prevention of information leakage to non-authenticated individu
34、als, parties and/or processes SOURCE: CEN ISO/TS 19299:2015, 3.11 2.9 data integrity property that data has not been altered or destroyed in an unauthorized manner SOURCE: CEN ISO/TS 19299:2015, 3.28 2.10 hacker person who attempts or succeeds to gain unauthorized access to protected resources SOURC
35、E: CEN ISO/TS 19299:2015, 3.19 PD CEN/TR 16968:2016 CEN/TR 16968:2016 (E) 8 2.11 key management generation, distribution, storage, application and revocation of encryption keys SOURCE: CEN ISO/TS 17574:2009, 3.13 modified 2.12 message authentication code MAC string of bits which is the output of a M
36、AC algorithm SOURCE: ISO/IEC 9797-1:2011, 3.9 2.13 non-repudiation ability to prove the occurrence of a claimed event or action and its originating entities SOURCE: CEN ISO/TS 19299:2015, 3.27 2.14 on-board equipment OBE all required equipment on-board a vehicle for performing required EFC functions
37、 and communication services 2.15 on-board unit OBU single electronic unit on-board a vehicle for performing specific EFC functions and for communication with external systems Note 1 to entry: An OBU always includes, in this context, at least the support of the DSRC interface 2.16 reliability ability
38、 of a device or a system to perform its intended function under given conditions of use for a specified period of time or number of cycles SOURCE: CEN ISO/TS 14907-1:2015, 3.17 2.17 roadside equipment RSE equipment located along the road, either fixed or mobile SOURCE: CEN ISO/TS 14907-1:2015, 3.17
39、2.18 security target set of security requirements and specifications to be used as the basis for evaluation of an identified TOE SOURCE: CEN ISO/TS 17574:2009, 3.25 PD CEN/TR 16968:2016 CEN/TR 16968:2016 (E) 9 2.19 target of evaluation TOE set of software, firmware and/or hardware possibly accompani
40、ed by guidance SOURCE: ISO/IEC 15408-1:2009, 3.1.70 2.20 threat potential cause of an unwanted information security incident, which may result in harm SOURCE: CEN ISO/TS 19299:2015, 3.39 2.21 threat agent entity that has the intention to act adversely on an asset SOURCE: CEN ISO/TS 19299:2015, 3.40
41、2.22 threat analysis systematic detection, identification, and evaluation of threats SOURCE: CEN ISO/TS 19299:2015, 3.41 2.23 toll charger TC entity which levies toll for the use of vehicles in a toll domain SOURCE: ISO 17573:2010, 3.16 modified 2.24 toll service provider TSP entity providing toll s
42、ervices in one or more toll domains SOURCE: ISO 17573:2010, 3.23 modified 2.25 transaction counter data value in the on-board unit that is incremented by the roadside equipment at each transaction SOURCE: EN 15509:2014, 3.23 2.26 vulnerability weakness of an asset or control that can be exploited by
43、 an attacker SOURCE: CEN ISO/TS 19299:2015, 3.51 3 Abbreviations For the purposes of this document, the following symbols and abbreviations apply. PD CEN/TR 16968:2016 CEN/TR 16968:2016 (E) 10 AES Advanced Encryption Standard CCC Compliance check communication (EN ISO 12813) COTS Commercial Off-the-
44、Shelf DEA Data Encryption Algorithm DES Data Encryption Standard DSRC Dedicated Short-Range Communication (EN ISO 14906) EETS European Electronic Toll Service IAP Interoperable Application Profile LAC Localisation augmentation communication (EN ISO 13141) MAC Message authentication code NIST Nationa
45、l Institute of Standards and Technology OBE On-board Equipment OBU On-board Unit RSE Roadside Equipment SM-CC Secure Monitoring Compliance Check (CEN/TS 167021:2014) TOE Target Of Evaluation TVRA Threat, Vulnerability and Risk Analysis VST Vehicle Service Table 4 Method The method in this technical
46、report is based on the method of ETSI/TS 102 165-1 which defines a 10 step method which in turn is based on ISO/IEC 15408 and is especially adapted to communication interfaces. This approach is also used in ETSI/TR 102 893. The 10 steps are listed below: 1) Identification of the Target of Evaluation
47、 (TOE) resulting in a high-level description of the main assets of the TOE and the TOE environment and a specification of the goal, purpose and scope of the Threat, Vulnerability and Risk Analysis (TVRA). See 5.1. 2) Identification of the objectives resulting in a high-level statement of the securit
48、y aims and issues to be resolved. See 5.2. 3) Identification of the functional security requirements, derived from the objectives from step 2. See 5.3. 4) Inventory of the assets as refinements of the high-level asset descriptions from step 1 and additional assets as a result of steps 2 and 3. See 5
49、.4. 5) Identification and classification of the vulnerabilities in the system, the threats that can exploit them, and the unwanted incidents that may result. See Clause 6. 6) Quantifying the occurrence likelihood and impact of the threats. See 7.1. 7) Establishment of the risks. See 7.2. PD CEN/TR 16968:2016 CEN/TR 16968:2016 (E) 11 8) Identification of countermeasures framework (conceptual) resulting in a list of alternative security services and capabilities needed to reduce the risk. See 8.2. 9) Co
