ISO INTERNATIONAL STANDARD 19299 First edition 2020-08 Electronic fee collection Security framework Perception de télépéage - Cadre de sécurité Reference number IS0 19299:2020(E) ISO @ISO2020 IS0 19299:2020(E) COPYRIGHTPROTECTEDDOCUMENT IS02020 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting below or Iso's member body in the country of the requester. IsO copyrightoffice CP 401 : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +41 22 749 01 11 Email: [email protected] Website: www.iso.org Published in Switzerland ii @ IS0 2020 - All rights reserved IS0 19299:2020(E) Contents Page Foreword .V Introduction. ..vi 1 Scope. .1 2 Normative references. .1 3 Terms and definitions .2 4 Abbreviated terms .3 5 Trust model. .4 5.1 Overview 4 5.2 Stakeholders trust relations. .5 5.3 Technical trust model. 6 5.3.1 General. .6 5.3.2 Trust model for TC and TSP relations. 6 5.3.3 Trust model for TSP and service user relations. 7 5.3.4 Trust model for interoperability management relations. 7 5.4 Implementation. 7 5.4.1 Setup of trust relations. 7 5.4.2 Trust relation renewal and revocation 8 5.4.3 Issuing and revocation of sub CA and end-entity certificates 8 5.4.4 Certificate and certificate revocation list profile and format. 9 5.4.5 Certificate extensions. .9 Security requirements. .10 6.1 General 10 6.2 Information security management system 11 6.3 Communication interfaces. .12 6.4 Data storage. .12 6.5 Toll charger 12 6.6 Toll service provider .14 6.7 Interoperability management. .16 6.8 Limitation of requirements.. .17 7 Security measures - Countermeasures ..17 7.1 Overview .17 7.2 General security measures . 18 7.3 Communication interfaces security measures 18 7.3.1 General. 18 7.3.2 DSRC-EFC interface. 19 7.3.3 CCC interface 20 7.3.4 LAC interface 21 7.3.5 Front End to TSP back end interface 21 7.3.6 TC to TSP interface 22 7.3.7 ICCinterface.. 23 7.4 End-to-end security measures 24 7.5 Toll service provider security measures 25 7.5.1 Front end security measures. 25 7.5.2 Back end security measures. 26 7.6 Toll charger security measures. 27 7.6.1 RSE security measures. 27 7.6.2 Back end security measures. .28 7.6.3 Other TC security measures 28 8 Security specifications for interoperable interface implementation. 29 8.1 General. 29 8.1.1 Subject. 29 @ IS0 2020 - All rights reserved ii IS0 19299:2020(E) 8.1.2 Signature and hash algorithms. 29 8.2 Security specifications for DSRC-EFC 29 8.2.1 Subject. 29 8.2.2 OBE .29 8.2.3 RSE .29 9 Key management. .30 9.1 Overview .30 9.2 Asymmetric keys 30 9.2.1 Key exchange between stakeholders 30 9.2.2 Key generation and certification. .30 9.2.3 Protection of keys .30 9.2.4 Application 31 9.3 Symmetric keys. 31 9.3.1 General. 31 9.3.2 Key exchange between stakeholders .31 9.3.3 Keylifecycle .32 9.3.4 Key storage and protection .33 9.3.5 Session keys .34 Annex A (normative) Security profiles. .35 Annex B (informative) Implementation conformance statement (Ics) proforma ..39 Annex C (informative) Stakeholder objectives and generic requirements ..57 Annex D (informative) Threat analysis ..61 Annex E (informative) Security policies .118 Annex F (informative) Example for an EETS security policy .124 Annex G (informative) Recommendations for privacy-focused implementation ..126 Bibliography 128 iv @ IS0 2020 - All rights reserved IS0 19299:2020(E) Foreword Iso (the International Organization for Standardization) is a worldwide federation of national standards bodies (IsO member bodies). The work of preparing International Standards is normally carried out through IsO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in