1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS ISO 24534-5:2011Incorporating Corrigendum February 2013Intelligent transport systems Automatic vehicle and equipment identification Electronic Registration Identification (ERI
2、) for vehiclesPart 5: Secure communications using symmetrical techniquesBS ISO 24534-5:2011 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 24534-5:2011. It supersedes DD ISO/TS 24534-5:2008 which is withdrawn.The UK participation in its preparation was entrust
3、ed to TechnicalCommittee EPL/278, Road transport informatics.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. T
4、he British Standards Institution 2013. Published by BSI Standards Limited 2013 ISBN 978 0 580 82238 4 ICS 03.220.20; 35.240.60 Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy
5、 Committee on 31 January 2013. Amendments/Corrigenda issued since publicationDate Text affected28 February 2013 Addition of supersessionBS ISO 24534-5:2011Reference numberISO 24534-5:2011(E)ISO 2011INTERNATIONAL STANDARD ISO24534-5First edition2011-12-15Intelligent transport systems Automatic vehicl
6、e and equipment identification Electronic Registration Identification (ERI) for vehicles Part 5: Secure communications using symmetrical techniques Systmes de transport intelligents Identification automatique des vhicules et des quipements Identification denregistrement lectronique (ERI) pour les vh
7、icules Partie 5: Communications scurises utilisant des techniques symtriques BS ISO 24534-5:2011ISO 24534-5:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
8、 or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org We
9、b www.iso.org Published in Switzerland ii ISO 2011 All rights reservedBS ISO 24534-5:2011ISO 24534-5:2011(E) ISO 2011 All rights reserved iiiContents Page Foreword ivIntroduction . v1 Scope 12 Normative references 23 Terms and definitions . 24 Symbols and abbreviations 85 System communications conce
10、pt . 95.1 General . 95.2 Overview . 95.3 Security services . 135.4 Communication architecture description . 145.5 Interfaces 166 Interface requirements 176.1 Overview . 176.2 Abstract transaction definitions 176.3 The onboard interface to the ERT 276.4 The short-range air interface 276.5 Remote acce
11、ss interface 29Annex A (normative) ASN.1 module definitions 31Annex B (informative) Operational scenarios 34Annex C (normative) PICS pro forma . 37Bibliography 39BS ISO 24534-5:2011ISO 24534-5:2011(E) iv ISO 2011 All rights reservedForeword ISO (the International Organization for Standardization) is
12、 a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represen
13、ted on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are dr
14、afted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International S
15、tandard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 24534-5 was prepa
16、red by Technical Committee ISO/TC 204, Intelligent transport systems. This first edition of ISO 24534-5 cancels and replaces the first edition of ISO/TS 24534-5:2008. ISO 24534 consists of the following parts, under the general title Intelligent transport systems Automatic vehicle and equipment iden
17、tification Electronic Registration Identification (ERI) for vehicles: Part 1: Architecture Part 2: Operational requirements Part 3: Vehicle data Part 4: Secure communications using asymmetrical techniques Part 5: Secure communications using symmetrical techniques BS ISO 24534-5:2011ISO 24534-5:2011(
18、E) ISO 2011 All rights reserved vIntroduction A quickly emerging need has been identified within administrations to improve the unique identification of vehicles for a variety of services. Situations are already occurring where manufacturers intend to fit lifetime tags to vehicles. Various governmen
19、ts are considering the needs and benefits of electronic registration identification (ERI), such as legal proof of vehicle identity with potential mandatory usages. There is a commercial and economic justification both in respect of tags and infrastructure that a standard enable an interoperable solu
20、tion. ERI is a means of uniquely identifying road vehicles. The application of ERI will offer significant benefits over existing techniques for vehicle identification. It will be an enabling technology for the future management and administration of traffic and transport, including applications in f
21、ree flow, multi-lane, traffic conditions with the capability of supporting mobile transactions. ERI addresses the need of authorities and other users for a trusted electronic identification, including roaming vehicles. This part of ISO 24534 specifies the interfaces for the exchange of data between
22、an onboard component containing the ERI data and an ERI reader or writer inside or outside the vehicle using symmetric cryptographic techniques. The exchanged identification data consists of a unique vehicle identifier and can also include data typically found in the vehicles registration certificat
23、e (see ISO 24534-3 for details). The authenticity of the exchanged vehicle data can be further enhanced by using symmetric encryption techniques, i.e. techniques based on secret keys shared by a particular community of users. The ERI interface defined in this part of ISO 24534 supports confidentiali
24、ty measures to adhere to international and national privacy regulations and to prevent other misuse of electronic identification of vehicles. Following the events of September 11th, 2001, and the subsequent reviews of anti-terrorism measures, the need for ERI has been identified as a possible anti-t
25、errorism measure. The need for international harmonization of such ERI is therefore important. It is also important to ensure that any ERI measures contain protection against misuse by terrorists. This part of ISO 24534 makes use of the basic automatic vehicle identification (AVI) provisions already
26、 defined in ISO 14814 and ISO 14816. In addition, it includes provisions for security and the use of additional registration data of a vehicle. BS ISO 24534-5:2011BS ISO 24534-5:2011INTERNATIONAL STANDARD ISO 24534-5:2011(E) ISO 2011 All rights reserved 1Intelligent transport systems Automatic vehic
27、le and equipment identification Electronic Registration Identification (ERI) for vehicles Part 5: Secure communications using symmetrical techniques 1 Scope This International Standard provides the requirements for an electronic registration identification (ERI) using symmetric encryption techniques
28、 that are based on an identifier assigned to a vehicle (e.g. for recognition by national authorities), suitable to be used for electronic identification of local and foreign vehicles by national authorities, vehicle manufacturing, in-life maintenance and end-of-life identification (vehicle life-cycl
29、e management), adaptation of vehicle data, e.g. in case of international re-sales, safety related purposes, crime reduction, commercial services, and adhering to privacy and data protection regulations. This part of ISO 24534 specifies the interfaces for a secure exchange of data between the electro
30、nic registration tag (ERT), which is the onboard device containing the ERI data, and the ERI reader or ERI writer in or outside the vehicle using symmetric encryption techniques. Symmetric encryption techniques are based on secret keys shared by a particular community of users, i.e. in closed user g
31、roups in which it is trusted that keys are not revealed to outsiders. It includes the interface between an ERT and an onboard ERI reader or writer, the interface between the onboard ERI equipment and (roadside) reading and writing equipment, and security issues related to the communication with the
32、ERT. NOTE The vehicle identifiers and possible related vehicle information (as typically contained in a vehicle registration certificate) are defined in ISO 24534-3. BS ISO 24534-5:2011ISO 24534-5:2011(E) 2 ISO 2011 All rights reserved2 Normative references The following referenced documents are ind
33、ispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 8825-2, Information technology ASN.1 encoding rules: Specification of Packed Encodi
34、ng Rules (PER) Part 2 ISO 14816, Road transport and traffic telematics Automatic vehicle and equipment identification Numbering and data structure ISO 15628, Road transport and traffic telematics Dedicated short range communication (DSRC) DSRC application layer EN 12834, Road transport and traffic t
35、elematics Dedicated Short Range Communication (DSRC) DSRC application layer 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 access control prevention of unauthorized use of a resource, including the prevention of use of a resource in an unaut
36、horized manner ISO 7498-2, definition 3.3.1 3.2 access control list list of entities, together with their access rights, which are authorized to have access to a resource ISO 7498-2, definition 3.3.2 3.3 active threat threat of a deliberate unauthorized change to the state of the system ISO 7498-2,
37、definition 3.3.4 EXAMPLE Modification of messages, replay of messages, insertion of spurious messages, masquerading as an authorized entity and denial of service. 3.4 additional vehicle data electronic registration identification (ERI) data in addition to the vehicle identifier ISO 24534-3, definiti
38、on 3.1 3.5 air interface conductor-free medium between onboard equipment (OBE) and the reader/interrogator through which the linking of the onboard equipment (OBE) to the reader/interrogator is achieved by means of electro-magnetic signals ISO 14814, definition 3.2 BS ISO 24534-5:2011ISO 24534-5:201
39、1(E) ISO 2011 All rights reserved 33.6 authorization granting of rights, which includes the granting of access based on access rights ISO 7498-2, definition 3.3.10 3.7 challenge data item chosen at random and sent by the verifier to the claimant, which is used by the claimant, in conjunction with se
40、cret information held by the claimant, to generate a response which is sent to the verifier ISO 9798-1, definition 3.3.5 NOTE In this part of ISO 24534, the term challenge is also used in case an ERT does not have enabled encryption capabilities and the challenge is merely copied without any secret
41、information applied. 3.8 ciphertext data produced, through the use of encipherment, the semantic content of which is not available ISO 7498-2, definition 3.3.14 3.9 claimant entity which is or represents a principal for the purposes of authentication, including the functions necessary for engaging i
42、n authentication exchanges on behalf of a principal ISO/IEC 10181-2, definition 3.10 3.10 cleartext intelligible data, the semantic content of which is available ISO 7498-2, definition 3.3.15 3.11 confidentiality property that information is not made available or disclosed to unauthorized individual
43、s, entities, or processes ISO 7498-2, definition 3.3.16 3.12 data integrity integrity property that data has not been altered or destroyed in an unauthorized manner ISO 7498-2, definition 3.3.21 3.13 decipherment decryption reversal of a corresponding reversible encipherment ISO 7498-2, definition 3
44、.23 BS ISO 24534-5:2011ISO 24534-5:2011(E) 4 ISO 2011 All rights reserved3.14 distinguishing identifier information which unambiguously distinguishes an entity ISO 9798-1, definition 3.3.9 3.15 electronic registration identification ERI action or act of identifying a vehicle with electronic means fo
45、r purposes as mentioned in the scope of this part of ISO 24534 3.16 electronic registration reader ERR device used to read or read/write data from or to an electronic registration tag (ERT) NOTE 1 An ERR communicates directly, i.e. via an OSI data-link, with an ERT. NOTE 2 An ERR can also be an ERI
46、reader and/or an ERI writer or can act as a relay in the exchange of ERI data protocol units between an ERT and an ERI reader/writer. 3.17 electronic registration tag ERT onboard ERI device that contains the ERI data, including the relevant implemented security provisions and one or more interfaces
47、to access that data NOTE 1 In case of high security, the ERT is a type of secure application module (SAM). NOTE 2 The ERT can be a separate device or can be integrated into an onboard device that also provides other capabilities (e.g. DSRC communications). 3.18 encipherment encryption cryptographic
48、transformation of data to produce ciphertext NOTE 1 Encipherment can be irreversible, in which case the corresponding decipherment process cannot feasibly be performed. NOTE 2 Adapted from ISO 7498-2, definition 3.3.27. 3.19 end-to-end encipherment encipherment of data within or at the source end sy
49、stem, with the corresponding decipherment occurring only within or at the destination end system ISO 7498-2, definition 3.3.29 3.20 entity authentication corroboration that an entity is the one claimed ISO 9798-1, definition 3.3.11 3.21 ERI data vehicle identifying data which can be obtained from the ERT that consists of the vehicle identifier and possible additional vehicle data NOTE Adapted from ISO 24534-3, definition 3.4. BS ISO 24534-
