BSI PD CEN/TR 16968:2016
$189.07
Electronic Fee Collection. Assessment of security measures for applications using Dedicated Short-Range Communication
| Published By | Publication Date | Number of Pages |
| BSI | 2016 | 50 |
This Technical Report includes a threat analysis, based on CEN ISO/TS 19299 (EFC – Security Framework), of the CEN DSRC link as used in EFC applications according to the following Standards and Technical Specification
-
EN 15509:2014,
-
EN ISO 12813:2015,
-
EN ISO 13141:2015,
-
CEN/TS 16702-1:2014.
This Technical Report contains:
-
a qualitative risk analysis in relation to the context (local tolling system, interoperable tolling environment, EETS);
-
an assessment of the current recommended or defined security algorithms and measures to identify existing and possible future security leaks;
-
an outline of potential security measures which might be added to those already defined for DSRC;
-
an analysis of effects on existing EFC systems and interoperability clusters;
-
a set of recommendations on how to revise the current standards, or proposal for new work items, with already made implementations taken into account.
The security analysis in this Technical Report applies only to Security level 1, with Access Credentials and Message authentication code, as defined in EN 15509:2014.
It is outside the scope of this Technical Report to examine Non DSRC (wired or wireless) interfaces to the OBE and RSE.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 3 | CEN/TC 278 |
| 4 | 0BContents Page Contents Page |
| 6 | European foreword |
| 7 | Introduction |
| 8 | 1 Scope 2 Terms and definitions |
| 11 | 3 Abbreviations |
| 12 | 4 Method |
| 14 | Figure 1 — Adapted TVRA methodology used in this report |
| 15 | 5 Security Objectives and Functional Requirements 5.1 Target of evaluation Figure 2 — TOE |
| 16 | 5.2 Security objectives 5.2.1 Introduction 5.2.2 Confidentiality 5.2.3 Availability 5.2.4 Accountability 5.2.5 Data integrity |
| 17 | 5.3 Functional security requirements 5.3.1 Introduction 5.3.2 Confidentiality Table 1 — Toll charger confidentiality requirements |
| 18 | Table 2 — OBU confidentiality requirements |
| 19 | 5.3.3 Availability Table 3 — Toll charger availability requirements Table 4 — Toll service provider availability requirements |
| 20 | 5.3.4 Accountability Table 5 — Toll charger accountability requirements |
| 21 | Table 6 — Toll service provider accountability requirements |
| 22 | 5.3.5 Data integrity Table 7 — Toll charger integrity requirements |
| 23 | Table 8 — Toll service provider integrity requirements 5.4 Inventory of assets 5.4.1 Functional Assets |
| 24 | 5.4.2 Data Assets 5.4.2.1 OBU 5.4.2.2 RSE 6 Threat analysis |
| 25 | Table 9 — Vulnerabilities, weaknesses and threats |
| 26 | 7 Qualitative risk analysis 7.1 Introduction 7.1.1 General 7.1.2 Likelihood of a threat Table 10 — Occurrence likelihood |
| 27 | 7.1.3 Impact of a threat Table 11 — Resulting impact |
| 28 | 7.1.4 Classification of Risk Table 12 — Risk classification 7.2 Risk determination 7.2.1 Definition of high and low risk context |
| 29 | 7.2.2 Threat T1: Access Credentials keys can be obtained 7.2.2.1 Description 7.2.2.2 Low Risk Context 7.2.2.3 High Risk Context 7.2.3 Threat T2: Authentication keys can be obtained 7.2.3.1 Description 7.2.3.2 Low Risk Context 7.2.3.3 High Risk Context |
| 30 | 7.2.4 Threat T3: OBU can be cloned 7.2.4.1 Description 7.2.4.2 Low Risk Context 7.2.4.3 High Risk Context 7.2.5 Threat T4: OBU can be faked 7.2.5.1 Description 7.2.5.2 Low Risk Context 7.2.5.3 High Risk Context |
| 31 | 7.2.6 Threat T5: Authentication of OBU data can be repudiated 7.2.6.1 Description 7.2.6.2 Low Risk Context 7.2.6.3 High Risk Context 7.2.7 Threat T6: Application data can be modified after the transaction 7.2.7.1 Description 7.2.7.2 Low Risk Context |
| 32 | 7.2.7.3 High Risk Context 7.2.8 Threat T7: Data in the VST is not secure 7.2.8.1 Description 7.2.8.2 Low Risk Context 7.2.8.3 High Risk Context 7.2.9 Threat T8: DSRC Communication can be eavesdropped 7.2.9.1 Description 7.2.9.2 Low Risk Context 7.2.9.3 High Risk Context |
| 33 | 7.2.10 Threat T9: Correctness of application data are repudiated 7.2.10.1 Description 7.2.10.2 Low Risk Context 7.2.10.3 High Risk Context 7.2.11 Threat T10: Master keys may be obtained from RSE 7.2.11.1 Description 7.2.11.2 Low Risk Context 7.2.11.3 High Risk Context 7.3 Summary |
| 34 | Table 13 — Summary of qualitative risks 8 Proposals for new security measures 8.1 Introduction 8.2 Security measures to counter risks related to key recovery |
| 35 | Table 14 — Possible countermeasures to major and critical risks |
| 36 | Figure 3 — Introduction of RndOBU2 in GetStampedRs 8.3 Recommended countermeasures |
| 37 | 8.4 Qualitative cost benefit analysis 9 Impact of proposed countermeasures 9.1 Current situation and level of fraud in existing EFC systems using CEN DSRC link |
| 38 | 9.2 EETS legislation 9.3 Analysis of effects on existing EFC systems 9.3.1 Affected roles 9.3.2 The CEN DSRC equipment Manufacturers |
| 39 | 9.3.3 The Toll Service Providers 9.3.4 The Toll Chargers |
| 40 | 10 Recommendations 10.1 Add security levels and procedures to EN ISO 14906 Table 15 — EN 15509 EFC-DSRC-IAP-1 security levels Table 16 — Proposed new security mechanisms |
| 41 | 10.2 Recommendation for other EFC standards 10.3 New standards |
| 42 | Annex A (informative) Current status of the DEA cryptographic algorithm A.1 Overview A.2 ISO/IEC 9797-1 (MAC Algorithm 1) Table A.1 — ISO/IEC 9797-1 Recommendations for block ciphers used by MAC algorithm 1 A.3 FIPS 46 (DEA Specification – DES) |
| 43 | A.4 ENISA recommendations Table A.2 — Block Cipher Summary (adopted from Table 3.2 in ENISA report) |
| 44 | Annex B (informative) Security considerations regarding DSRC in EFC Standards B.1 Security vulnerabilities in EN 15509 and EN ISO 14906 B.2 Security vulnerabilities in EN ISO 12813 (CCC) |
| 45 | B.3 Security vulnerabilities in EN ISO 13141 (LAC) B.4 Security vulnerabilities in CEN/TS 16702-1 (SM-CC) |
| 46 | Bibliography |
