cen:proj:35725

Electronic fee collection - Secure monitoring for autonomous toll systems - Trusted recorder cen:proj:35725

Scope

The widespread use of tolling also requires provisions for users of vehicles that are roaming through many different toll domains. Users should be offered a single contract for driving a vehicle through various toll domains and those vehicles require onboard equipment (OBE) that is interoperable with the toll system in the various toll domains. There is a commercial and economic justification both in respect of the OBE and the toll systems for enabling interoperability. In Europe, for example, this need has been officially recognised and legislation on interoperability has been adopted (see directive 2004/52/EC)

In autonomous toll systems a toll service provider sends the toll charger toll declarations, i.e. statements that a vehicle was circulating within a toll domain. This technical specification specifies the requirements for secure monitoring, a concept that allows checking the trustworthiness of the toll declarations from a toll service provider while respecting the privacy of the user.

The forthcoming standard on EFC Security Framework aims at analysing the general requirements of the stakeholders and provides a comprehensive threat analysis of the assets in the scope of an interoperable EFC scheme. A number of identified threats may result into less revenue of the toll charger, undercharging and not meeting required service levels between toll service provider and toll charger.

Threats assigned to "User" agent are, among others:
- Manipulating the system to not register road usage
- Manipulating the system to register the wrong (lower) road usage
- Manipulating the system to lose road usage data"

Threats assigned to "Toll Service Provider" agent are, among others:
- Modifying usage data reported from the OBE
- Suppressing reporting of road use
- Faulty interpretation of usage data

[...]