This Technical Report includes a threat analysis, based on CEN ISO\/TS 19299 (EFC – Security Framework), of the CEN DSRC link as used in EFC applications according to the following Standards and Technical Specification<\/p>\n
EN 15509:2014,<\/p>\n<\/li>\n
EN ISO 12813:2015,<\/p>\n<\/li>\n
EN ISO 13141:2015,<\/p>\n<\/li>\n
CEN\/TS 16702-1:2014.<\/p>\n<\/li>\n<\/ul>\n
This Technical Report contains:<\/p>\n
a qualitative risk analysis in relation to the context (local tolling system, interoperable tolling environment, EETS);<\/p>\n<\/li>\n
an assessment of the current recommended or defined security algorithms and measures to identify existing and possible future security leaks;<\/p>\n<\/li>\n
an outline of potential security measures which might be added to those already defined for DSRC;<\/p>\n<\/li>\n
an analysis of effects on existing EFC systems and interoperability clusters;<\/p>\n<\/li>\n
a set of recommendations on how to revise the current standards, or proposal for new work items, with already made implementations taken into account.<\/p>\n<\/li>\n<\/ul>\n
The security analysis in this Technical Report applies only to Security level 1, with Access Credentials and Message authentication code, as defined in EN 15509:2014.<\/p>\n
It is outside the scope of this Technical Report to examine Non DSRC (wired or wireless) interfaces to the OBE and RSE.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 3<\/td>\n | CEN\/TC 278 <\/td>\n<\/tr>\n | ||||||
| 4<\/td>\n | 0BContents Page Contents Page <\/td>\n<\/tr>\n | ||||||
| 6<\/td>\n | European foreword <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | 1 Scope 2 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 3 Abbreviations <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 4 Method <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | Figure 1 \u2014 Adapted TVRA methodology used in this report <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 5 Security Objectives and Functional Requirements 5.1 Target of evaluation Figure 2 \u2014 TOE <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 5.2 Security objectives 5.2.1 Introduction 5.2.2 Confidentiality 5.2.3 Availability 5.2.4 Accountability 5.2.5 Data integrity <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 5.3 Functional security requirements 5.3.1 Introduction 5.3.2 Confidentiality Table 1 \u2014 Toll charger confidentiality requirements <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | Table 2 \u2014 OBU confidentiality requirements <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 5.3.3 Availability Table 3 \u2014 Toll charger availability requirements Table 4 \u2014 Toll service provider availability requirements <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 5.3.4 Accountability Table 5 \u2014 Toll charger accountability requirements <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | Table 6 \u2014 Toll service provider accountability requirements <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 5.3.5 Data integrity Table 7 \u2014 Toll charger integrity requirements <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | Table 8 \u2014 Toll service provider integrity requirements 5.4 Inventory of assets 5.4.1 Functional Assets <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 5.4.2 Data Assets 5.4.2.1 OBU 5.4.2.2 RSE 6 Threat analysis <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | Table 9 \u2014 Vulnerabilities, weaknesses and threats <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 7 Qualitative risk analysis 7.1 Introduction 7.1.1 General 7.1.2 Likelihood of a threat Table 10 \u2014 Occurrence likelihood <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 7.1.3 Impact of a threat Table 11 \u2014 Resulting impact <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 7.1.4 Classification of Risk Table 12 \u2014 Risk classification 7.2 Risk determination 7.2.1 Definition of high and low risk context <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 7.2.2 Threat T1: Access Credentials keys can be obtained 7.2.2.1 Description 7.2.2.2 Low Risk Context 7.2.2.3 High Risk Context 7.2.3 Threat T2: Authentication keys can be obtained 7.2.3.1 Description 7.2.3.2 Low Risk Context 7.2.3.3 High Risk Context <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 7.2.4 Threat T3: OBU can be cloned 7.2.4.1 Description 7.2.4.2 Low Risk Context 7.2.4.3 High Risk Context 7.2.5 Threat T4: OBU can be faked 7.2.5.1 Description 7.2.5.2 Low Risk Context 7.2.5.3 High Risk Context <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 7.2.6 Threat T5: Authentication of OBU data can be repudiated 7.2.6.1 Description 7.2.6.2 Low Risk Context 7.2.6.3 High Risk Context 7.2.7 Threat T6: Application data can be modified after the transaction 7.2.7.1 Description 7.2.7.2 Low Risk Context <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 7.2.7.3 High Risk Context 7.2.8 Threat T7: Data in the VST is not secure 7.2.8.1 Description 7.2.8.2 Low Risk Context 7.2.8.3 High Risk Context 7.2.9 Threat T8: DSRC Communication can be eavesdropped 7.2.9.1 Description 7.2.9.2 Low Risk Context 7.2.9.3 High Risk Context <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 7.2.10 Threat T9: Correctness of application data are repudiated 7.2.10.1 Description 7.2.10.2 Low Risk Context 7.2.10.3 High Risk Context 7.2.11 Threat T10: Master keys may be obtained from RSE 7.2.11.1 Description 7.2.11.2 Low Risk Context 7.2.11.3 High Risk Context 7.3 Summary <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | Table 13 \u2014 Summary of qualitative risks 8 Proposals for new security measures 8.1 Introduction 8.2 Security measures to counter risks related to key recovery <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | Table 14 \u2014 Possible countermeasures to major and critical risks <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | Figure 3 \u2014 Introduction of RndOBU2 in GetStampedRs 8.3 Recommended countermeasures <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 8.4 Qualitative cost benefit analysis 9 Impact of proposed countermeasures 9.1 Current situation and level of fraud in existing EFC systems using CEN DSRC link <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 9.2 EETS legislation 9.3 Analysis of effects on existing EFC systems 9.3.1 Affected roles 9.3.2 The CEN DSRC equipment Manufacturers <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 9.3.3 The Toll Service Providers 9.3.4 The Toll Chargers <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 10 Recommendations 10.1 Add security levels and procedures to EN ISO 14906 Table 15 \u2014 EN 15509 EFC-DSRC-IAP-1 security levels Table 16 \u2014 Proposed new security mechanisms <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 10.2 Recommendation for other EFC standards 10.3 New standards <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | Annex A (informative) Current status of the DEA cryptographic algorithm A.1 Overview A.2 ISO\/IEC 9797-1 (MAC Algorithm 1) Table A.1 \u2014 ISO\/IEC 9797-1 Recommendations for block ciphers used by MAC algorithm 1 A.3 FIPS 46 (DEA Specification \u2013 DES) <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | A.4 ENISA recommendations Table A.2 \u2014 Block Cipher Summary (adopted from Table 3.2 in ENISA report) <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | Annex B (informative) Security considerations regarding DSRC in EFC Standards B.1 Security vulnerabilities in EN 15509 and EN ISO 14906 B.2 Security vulnerabilities in EN ISO 12813 (CCC) <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | B.3 Security vulnerabilities in EN ISO 13141 (LAC) B.4 Security vulnerabilities in CEN\/TS 16702-1 (SM-CC) <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Electronic Fee Collection. Assessment of security measures for applications using Dedicated Short-Range Communication<\/b><\/p>\n |