Electronic fee collection - Security framework (ISO 19299:2020)

This document defines an information security framework for all organizational and technical entities
of an EFC scheme and for the related interfaces, based on the system architecture defined in ISO 17573-1.
The security framework describes a set of security requirements and associated security measures.
Annex D contains a list of potential threats to EFC systems and a possible relation to the defined
security requirements. These threats can be used for a threat analysis to identify the relevant security
requirements for an EFC system.
The relevant security measures to secure EFC systems can then be derived from the identified security
requirements.

Elektronische Gebührenerhebung - Sicherheitsgrundstruktur (ISO 19299:2020)

[Not available]

Perception de télépéage -- Cadre de sécurité (ISO 19299:2020)

Ce document définit un cadre de sécurité de l'information pour toutes les entités organisationnelles et techniques d'un système EFC et pour les interfaces correspondantes, sur la base de l'architecture système définie dans la norme ISO 17573-1. Le cadre de sécurité décrit un ensemble d'exigences de sécurité et de mesures de sécurité associées.
L'Annexe D contient une liste des menaces potentielles pour les systèmes EFC et une relation possible avec les exigences de sécurité définies. Ces menaces peuvent être utilisées pour une analyse des menaces afin d'identifier les exigences de sécurité pertinentes pour un système EFC.
Les mesures de sécurité pertinentes pour sécuriser les systèmes EFC peuvent ensuite être dérivées des exigences de sécurité identifiées.

Elektronsko pobiranje pristojbin - Varnostni okvir (ISO 19299:2020)

General Information

Status
Published
Public Enquiry End Date
08-Dec-2019
Publication Date
29-Sep-2020
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
17-Sep-2020
Due Date
22-Nov-2020
Completion Date
30-Sep-2020

RELATIONS

Buy Standard

Standard
SIST EN ISO 19299:2020
English language
144 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN ISO 19299:2020
01-november-2020
Nadomešča:
SIST-TS CEN ISO/TS 19299:2016
Elektronsko pobiranje pristojbin - Varnostni okvir (ISO 19299:2020)
Electronic fee collection - Security framework (ISO 19299:2020)
Elektronische Gebührenerhebung - Sicherheitsgrundstruktur (ISO 19299:2020)
Perception de télépéage -- Cadre de sécurité (ISO 19299:2020)
Ta slovenski standard je istoveten z: EN ISO 19299:2020
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
SIST EN ISO 19299:2020 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO 19299:2020
---------------------- Page: 2 ----------------------
SIST EN ISO 19299:2020
EN ISO 19299
EUROPEAN STANDARD
NORME EUROPÉENNE
September 2020
EUROPÄISCHE NORM
ICS 35.240.60; 03.220.20 Supersedes CEN ISO/TS 19299:2015
English Version
Electronic fee collection - Security framework (ISO
19299:2020)

Perception de télépéage - Cadre de sécurité (ISO Elektronische Gebührenerhebung -

19299:2020) Sicherheitsgrundstruktur (ISO 19299:2020)
This European Standard was approved by CEN on 10 August 2020.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this

European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references

concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN

member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by

translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management

Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,

Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 19299:2020 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST EN ISO 19299:2020
EN ISO 19299:2020 (E)
Contents Page

European foreword ....................................................................................................................................................... 3

---------------------- Page: 4 ----------------------
SIST EN ISO 19299:2020
EN ISO 19299:2020 (E)
European foreword

This document (EN ISO 19299:2020) has been prepared by Technical Committee ISO/TC 204

"Intelligent transport systems" in collaboration with Technical Committee CEN/TC 278 “Intelligent

transport systems” the secretariat of which is held by NEN.

This European Standard shall be given the status of a national standard, either by publication of an

identical text or by endorsement, at the latest by March 2021, and conflicting national standards shall

be withdrawn at the latest by March 2021.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

This document supersedes CEN ISO/TS 19299:2015.

According to the CEN-CENELEC Internal Regulations, the national standards organizations of the

following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,

Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of

North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the

United Kingdom.
Endorsement notice

The text of ISO 19299:2020 has been approved by CEN as EN ISO 19299:2020 without any modification.

---------------------- Page: 5 ----------------------
SIST EN ISO 19299:2020
---------------------- Page: 6 ----------------------
SIST EN ISO 19299:2020
INTERNATIONAL ISO
STANDARD 19299
First edition
2020-08
Electronic fee collection — Security
framework
Perception de télépéage — Cadre de sécurité
Reference number
ISO 19299:2020(E)
ISO 2020
---------------------- Page: 7 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 2

4 Abbreviated terms .............................................................................................................................................................................................. 3

5 Trust model ................................................................................................................................................................................................................ 4

5.1 Overview ...................................................................................................................................................................................................... 4

5.2 Stakeholders trust relations ........................................................................................................................................................ 5

5.3 Technical trust model ........................................................................................................................................................................ 6

5.3.1 General...................................................................................................................................................................................... 6

5.3.2 Trust model for TC and TSP relations ............................................................................................................ 6

5.3.3 Trust model for TSP and service user relations .................................................................................... 7

5.3.4 Trust model for interoperability management relations .............................................................. 7

5.4 Implementation ...................................................................................................................................................................................... 7

5.4.1 Setup of trust relations ............................................................................................................................................... 7

5.4.2 Trust relation renewal and revocation ......................................................................................................... 8

5.4.3 Issuing and revocation of sub CA and end-entity certificates ................................................... 8

5.4.4 Certificate and certificate revocation list profile and format .................................................... 9

5.4.5 Certificate extensions .................................................................................................................................................. 9

6 Security requirements .................................................................................................................................................................................10

6.1 General ........................................................................................................................................................................................................10

6.2 Information security management system ..................................................................................................................11

6.3 Communication interfaces .........................................................................................................................................................12

6.4 Data storage ............................................................................................................................................................................................12

6.5 Toll charger .............................................................................................................................................................................................12

6.6 Toll service provider .......................................................................................................................................................................14

6.7 Interoperability management .................................................................................................................................................16

6.8 Limitation of requirements .......................................................................................................................................................17

7 Security measures — Countermeasures ...................................................................................................................................17

7.1 Overview ...................................................................................................................................................................................................17

7.2 General security measures ........................................................................................................................................................18

7.3 Communication interfaces security measures .........................................................................................................18

7.3.1 General...................................................................................................................................................................................18

7.3.2 DSRC-EFC interface ........................................................................................................................................... ..........19

7.3.3 CCC interface ....................................................................................................................................................................20

7.3.4 LAC interface ....................................................................................................................................................................21

7.3.5 Front End to TSP back end interface ...........................................................................................................21

7.3.6 TC to TSP interface ......................................................................................................................................................22

7.3.7 ICC interface ......................................................................................................................................................................23

7.4 End-to-end security measures ...............................................................................................................................................24

7.5 Toll service provider security measures ........................................................................................................................25

7.5.1 Front end security measures ..............................................................................................................................25

7.5.2 Back end security measures ...............................................................................................................................26

7.6 Toll charger security measures ..............................................................................................................................................27

7.6.1 RSE security measures ........................................................................................................................................... ..27

7.6.2 Back end security measures ...............................................................................................................................28

7.6.3 Other TC security measures ................................................................................................................................28

8 Security specifications for interoperable interface implementation .........................................................29

8.1 General ........................................................................................................................................................................................................29

8.1.1 Subject....................................................................................................................................................................................29

© ISO 2020 – All rights reserved iii
---------------------- Page: 9 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

8.1.2 Signature and hash algorithms .........................................................................................................................29

8.2 Security specifications for DSRC-EFC ...............................................................................................................................29

8.2.1 Subject....................................................................................................................................................................................29

8.2.2 OBE ...........................................................................................................................................................................................29

8.2.3 RSE ............................................................................................................................................................................................29

9 Key management ...............................................................................................................................................................................................30

9.1 Overview ...................................................................................................................................................................................................30

9.2 Asymmetric keys ................................................................................................................................................................................30

9.2.1 Key exchange between stakeholders ...........................................................................................................30

9.2.2 Key generation and certification .....................................................................................................................30

9.2.3 Protection of keys .........................................................................................................................................................30

9.2.4 Application .........................................................................................................................................................................31

9.3 Symmetric keys ....................................................................................................................................................................................31

9.3.1 General...................................................................................................................................................................................31

9.3.2 Key exchange between stakeholders ...........................................................................................................31

9.3.3 Key lifecycle .......................................................................................................................................................................32

9.3.4 Key storage and protection ..................................................................................................................................33

9.3.5 Session keys ......................................................................................................................................................................34

Annex A (normative) Security profiles ............................................................................................................................................................35

Annex B (informative) Implementation conformance statement (ICS) proforma .............................................39

Annex C (informative) Stakeholder objectives and generic requirements ...............................................................57

Annex D (informative) Threat analysis ...........................................................................................................................................................61

Annex E (informative) Security policies .....................................................................................................................................................118

Annex F (informative) Example for an EETS security policy ................................................................................................124

Annex G (informative) Recommendations for privacy-focused implementation ...........................................126

Bibliography .........................................................................................................................................................................................................................128

iv © ISO 2020 – All rights reserved
---------------------- Page: 10 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in

collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/TC

278 Intelligent transport systems, in accordance with the Agreement on technical cooperation between

ISO and CEN (Vienna Agreement).

This first edition cancels and replaces ISO/TS 19299:2015, which has been technically revised.

The main changes compared to the previous edition are as follows:

— added requirements and security measures for the use of common payment media according to

ISO/TS 21193;

— updated data protection considerations in Annex G, in order to take into account the European

Union’s new General Data Protection Regulation (i.e. Directive 2016/679/EC).

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 11 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)
Introduction
Context of this document

The development process for a security concept and implementation to protect any existing electronic

fee collection (EFC) system normally includes several steps as follows (see Figure 1):

— definition of the security objectives and policy statements in a security policy;

— threat analysis with risk assessment to define the security requirements;

— development of the security measures followed by the development of security test specifications.

Figure 1 — Development path for the security documents

Each actor in an existing EFC system implements the defined security measures and supervises their

effectiveness. When a security measure is found not working properly, an improvement process is

started. The development of the EFC security framework follows this approach, with the following

limitations:

— No standard security policy exists, nor can it be defined: The security policy can only be defined by

the responsible stakeholders and it is limited by laws and regulations. Nonetheless, this document

provides basic examples of possible security policies (in Annex E to Annex F).

— No standard risk assessment is possible: Risk assessment compares possible losses to stakeholders

with the required resources (e.g. equipment, knowledge, time) to perform an attack. In a real system,

risk assessment is based on the evaluation of the costs and benefits of each countermeasure.

— No specific system design or configuration was deemed as universally applicable. Only the available

EFC base standards were taken as references. Specific technical details of a particular system

(e.g. servers, computer centres, and de-centralised elements like roadside equipment) need to be

additionally taken into consideration when implementing security measures.
vi © ISO 2020 – All rights reserved
---------------------- Page: 12 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

Selection of requirements and respective security measures for an existing EFC system is based on the

security policy and the risk assessment of several stakeholders’ systems. Due to the fact that there is

no overall valid security policy, nor is there the possibility to provide a useful risk assessment, the EFC

security framework provides an extensive (but non-exhaustive) toolbox of requirements and security

measures.

To understand the content of this document, the reader should be aware of the methodological

assumptions used to develop it. Security of an (interoperable) EFC scheme depends on the correct

implementation and operation of a number of processes, systems, and interfaces. Only a reliable end-to-

end security ensures the accurate and trustworthy operation of interacting components of toll charging

environments. Therefore, this security framework also covers systems or interfaces which are not EFC

specific, like back office connections. An application independent security framework for such system

parts and interfaces, an information security management system (ISMS), can be found, for example, in

the ISO/IEC 27000 series.

The development process of this document is described briefly in the steps below:

a) Definition of the stakeholder objectives and generic requirements as the basic motivation for the

security requirements (Annex C). A possible security policy with a set of policy statements is

provided in Annex E, and an example of a European electronic toll service (EETS) security policy is

given in Annex F.

b) Based on the EFC role model and further definitions from the EFC architecture standard

(ISO 17573-1), the specification defines an abstract EFC system model as the basis for a threat

analysis, definition of requirements, and security measures.

c) The threats on the EFC system model and its assets are analysed by two different methods: an

attack-based analysis and an asset-based analysis. The first approach considers several threat

scenarios from the perspective of various attackers. The second approach looks in depth on threats

against the various identified assets (tangible and intangible). This approach, although producing

some redundancy, ensures completeness and coverage of a broad range of risks (see Annex D).

d) The requirements specification (see Clause 6) is based on the threats identified in Annex D.

Each requirement is at least motivated by one threat and each threat is covered by at least one

requirement.

e) The definition of security measures (see Clause 7) provides a high-level description of recommended

possible methods to cover the developed requirements.

f) The security specifications for interoperable interface implementation (Clause 8) provide detailed

definitions, such as for message authenticators. These specifications represent an add-on for

security to the corresponding relevant interface standards.

g) Basic key management requirements that support the implementation of the interoperable

interfaces are described in Clause 9. The toll charging environment uses cryptographic elements

(e.g. keys, certificates, certificate revocation lists) to support security services like confidentiality,

integrity, authenticity, and non-repudiation. This section of the document covers the (initial) setup

of key exchange between stakeholders and several operational procedures, such as key renewal,

certificate revocation.

h) A general trust model (see Clause 5) is defined to form the basis for the implementation of

cryptographic procedures to ensure confidentiality, integrity, and authenticity of exchanged

data. In this context, the security framework references approved international standards for the

implementation of cryptographic procedures enhanced by EFC specific details where needed.

A stakeholder of an EFC scheme who wants to use this security framework should to do the following:

— define a security policy for the EFC scheme (may involve more than one stakeholder in an interoperable

EFC scheme). Some examples for a security policy and its elements are provided (in Annex E and

Annex F) as an aid to build up a secure system for a concrete interoperability framework (including

the European electronic toll service).
© ISO 2020 – All rights reserved vii
---------------------- Page: 13 ----------------------
SIST EN ISO 19299:2020
ISO 19299:2020(E)

— identify the relevant processes, systems and interfaces, and match them to the EFC security

framework;

— select the corresponding security requirements according to the security policy;

— implement the security measures associated to the selected requirements;

— provide evidence of compliance of its systems, processes, and interfaces with the requirements

of this document. Evidence can be provided by a self-declaration, an internal or external audit, or

other certifications.
EFC role model

This document complies with the role model defined in ISO 17573-1. According to this role model, the

toll charger (TC) manages the tolled
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.