1、 Reference number ISO 15764:2004(E) ISO 2004INTERNATIONAL STANDARD ISO 15764 First edition 2004-08-15 Road vehicles Extended data link security Vhicules routiers Scurit tendue de liaison de donnes ISO 15764:2004(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobe
2、s licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy.
3、The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care
4、has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO 2004 All rights reserved. Unless otherwise specified, no part of this publication may b
5、e reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. +
6、41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2004 All rights reservedISO 15764:2004(E) ISO 2004 All rights reserved iiiContents Page Foreword iv Introduction v 1 Scope 1 2 Normative references . 1 3 Terms and definitions. 2 4 Symbols a
7、nd abbreviated terms 5 4.1 General. 5 4.2 Notation used in the message sequence specified in Clause 6 5 5 Secured data link configuration 6 5.1 General. 6 5.2 Architecture . 6 5.3 Protection 7 5.4 Audit trail . 10 6 Message content. 10 6.1 General. 10 6.2 Message sequence . 11 6.3 Security parameter
8、s 16 6.4 Exception detection and exception response . 17 7 Element description 21 7.1 General. 21 7.2 Security sub-layer service request parameters. 21 7.3 Security sub-layer service indication parameters. 25 7.4 Security sub-layer service response parameters 25 7.5 Security sub-layer service confir
9、mation parameters 26 7.6 Secured Data Transmission Parameters 26 8 Examples . 32 8.1 Vehicle to remote database . 32 8.2 Tachograph example 35 8.3 Closed systems. 37 Bibliography . 39 ISO 15764:2004(E) iv ISO 2004 All rights reservedForeword ISO (the International Organization for Standardization) i
10、s a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represe
11、nted on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are d
12、rafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International
13、Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 15764 was prepar
14、ed by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 3, Electrical and electronic equipment. ISO 15764:2004(E) ISO 2004 All rights reserved vIntroduction This International Standard is intended initially to supplement ISO 15031-7 in extending the security provisions of, and facilitati
15、ng access to, remote sources of sensitive data. PC-based external test equipment based on ISO 15031-4, modified to incorporate the facilities described herein, could then access the vehicle using the challenge-response provisions of ISO 15031-7, and the remote source using the extended security offe
16、red by the present document. While this would fully protect the transmission of data from the remote source to the external test equipment, it would leave the data between the external test equipment and the vehicle unprotected, which might be acceptable in a controlled environment. Where the electr
17、onic control unit (ECU) is capable of supporting the encryption/decryption burden of full PKI infrastructure, this International Standard offers end-to-end security in an open system in which the participants are not previously known to each other. It also includes provisions for end-to-end security
18、 in a closed system where the symmetrical key is established with both participants prior to use and the computing burden is reduced. It is anticipated that this International Standard will be used, for example, by a vehicle manufacturer to send data to a franchised dealer to enable the programming
19、of an unprogrammed stock ECU or to release immobiliser re-setting codes to approved users. Ultimately, it would protect over-air messages sent directly to a vehicle for software corrections, service interrogation or other remote services. In the vehicle manufacturers case, the present document exten
20、ds the provisions of ISO 15031-7 in respect of data link security to cover the access to data remote from the vehicle, such as that contained in a manufacturers database extensions which allow for control and monitoring of such access and thus enhance the security of the data itself. No matter wheth
21、er the amount of data is small, as in gaining entry to the vehicle, or large, as in a complete code download for powertrain control, it establishes uniform practice for protecting vehicle modules from unauthorized intrusion through a vehicle data link. The security system described represents a reco
22、mmendation for motor vehicle manufacturers while providing the flexibility for them to tailor their systems to their specific needs. The vehicle modules addressed are those able to of have solid state memory contents accessed through a data communication link. Improper memory content alteration coul
23、d potentially damage the electronics or other vehicle components; or risk the vehicle compliance to government legislated requirements or the vehicle manufacturers security interests. Improper access to secure information could compromise security and privacy of the vehicle or operator. Other applic
24、ations are envisaged. In many cases there will be a need for secured data transmission on internal vehicle communication networks such as CAN (controller area network), and between after-market equipment on the one hand, and components of the initial vehicle electronics or other-after market equipme
25、nt on the other. In particular, this document can be used to enable a tachograph reader to authenticate the data sent by the on-vehicle recorder of the tachograph, for example, in tolling applications. It defines the procedures to establish and use a secured data link and the specific security relat
26、ed data elements. It is communication protocol independent. Another possible implementation is given by the SecuredDataTransmission (84 hex) service defined in ISO 14229-1 on diagnostic services, with whose defined properties its specification of data elements is in line. INTERNATIONAL STANDARD ISO
27、15764:2004(E) ISO 2004 All rights reserved 1Road vehicles Extended data link security 1 Scope This International Standard describes an extension of data link protocols for enhancing the security of data transfers between electronic control units (ECUs) connected by a communication network used in ro
28、ad vehicles. It is based on cryptographic methods that include encryption, digital signatures and message authentication codes (MACs). It provides a description of services to establish ECUs as trusted parties in respect of one another and to protect against specific threats. It is applicable to all
29、 data links between pairs of ECUs capable of storing and processing secret data so that unauthorized third parties are denied access to it. Parameters are provided to enable the level of security in the data link to be selected. 2 Normative references The following referenced documents are indispens
30、able for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 3779:1983, Road Vehicles Vehicle identification number (VIN) Content and structure ISO 3780:1
31、983, Road vehicles World manufacturer identifier (WMI) code ISO/IEC 8824-1, Information technology Abstract Syntax Notation One (ASN.1) Specification of basic notation Part 1 ISO/IEC 8825-1, Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding
32、Rules (CER) and Distinguished Encoding Rules (DER) Part 1 ISO/IEC 9594-8, Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks Part 8 ISO/IEC 9797-2:2002, Information technology Security techniques Message Authentication Codes (MACs) Part
33、 2: Mechanisms using a dedicated hash-function ISO/IEC 10116, Information technology Security techniques Modes of operation for an n-bit block cipher ISO/IEC 10118-3, Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions ISO 11898 (all parts), Road vehicles Contr
34、oller area network (CAN) ISO 14229-1, Road vehicles Unified diagnostic services (UDS) Part 1: Specification and requirements 1)ISO 14230-4, Road vehicles Diagnostic systems Keyword Protocol 2000 Part 4: Requirements for emission-related systems 1) Under preparation. ISO 15764:2004(E) 2 ISO 2004 All
35、rights reservedISO 14816, Road transport and traffic telematics Automatic vehicle and equipment identification Numbering and data structure 2)ISO 15031-3, Road vehicles Communication between vehicle and external equipment for emissions-related diagnostics Part 3: Diagnostic connector and related ele
36、ctrical circuits, specification and use ISO 15031-4, Road vehicles Communication between vehicle and external equipment for emissions-related diagnostics Part 4: External test equipment 3)ISO 15031-7, Road vehicles Communication between vehicle and external equipment for emissions-related diagnostic
37、s Part 7: Data link security ISO 16844-1 (all parts), Road vehicles Tachograph systems 3)ISO/IEC 18033-3, Information technology Security techniques Encryption algorithms Part 3: Block ciphers 1)IETF RFC 2437, PKCS #1: RSA Cryptography Specifications, Version 2.0, October, 1998 IETF RFC 2459, X.509
38、Internet Public Key Infrastructure Certificate and CRL Profile SAE J1939 (all parts), Recommended Practice for a Serial Control and Communications Vehicle Network 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 certification authority CA cent
39、re trusted to create and assign public key certificates or, optionally, which may create and assign keys to the entities ISO/IEC 11770-1:1996, definition 3.2 3.2 client entity initiating the message exchange by sending some request to the other entity 3.3 confidentiality property that information is
40、 not made available or disclosed to unauthorized individuals, entities or processes ISO 7498-2:1989, definition 3.3.16 3.4 data integrity property that data has not been altered or destroyed in an unauthorized manner ISO 7498-2:1989, definition 3.3.21 2) To be published. (Revision of ISO/TS 14816:20
41、00) 3) To be published. ISO 15764:2004(E) ISO 2004 All rights reserved 33.5 delay time DT time period inserted between access attempts 3.6 data origin authentication corroboration that the source of data received is as claimed NOTE Adapted from ISO 7498-2:1989. 3.7 digital signature data appended to
42、, or a cryptographic transformation of, a data unit that allows the recipient of the data unit to prove the origin and integrity of the data unit and protect against forgery, e.g. by the recipient ISO/IEC 9798-1:1997, definition 3.1.3 3.8 eavesdropping activity leading to loss of confidentiality, in
43、 which a third party obtains data sent between the trusted electronic units, knowledge of which it is not entitled to possess 3.9 entity authentication corroboration that an entity is the one claimed ISO/IEC 11770-2:1996, definition 3.1.2 3.10 false access attempt FAA error in the received signature
44、, message authentication code or previously unused number 3.11 hash-code string of bits which is the output of a hash-function ISO/IEC 14888-1:1998, definition 4.7 3.12 hash-function function which maps strings of bits to fixed-length strings of bits, such that it is computationally infeasible to fi
45、nd an input which maps to this output or a second input which maps to the same output NOTE Adapted from ISO/IEC 9797-2:2002. 3.13 key sequence of symbols that controls the operation of a cryptographic transformation EXAMPLE Encipherment, decipherment, cryptographic check function computation, signat
46、ure generation or signature verification ISO/IEC 11770-1:1996, definition 3.5 3.14 manipulation changing by a third party of data transferred between trusted electronic control units ISO 15764:2004(E) 4 ISO 2004 All rights reserved3.15 masquerade sending of data by a third party under the pretence t
47、hat it originates from a trusted electronic control unit 3.16 message authentication code MAC string of bits which is the output of a MAC algorithm ISO/IEC 9797-1:1999, definition 3.2.5 3.17 MAC algorithm algorithm for computing a function which maps strings of bits and a private key to fixed-length
48、 strings of bits, such that for any key and any input string the function can be computed efficiently, and that for any fixed key, and given no prior knowledge of the key, it is computationally infeasible to compute the function value on any new input string, even given knowledge of the set of input
49、 strings and corresponding function values, where the value of the ith input string may have been chosen after observing the value of the first i-1 function values NOTE Adapted from ISO/IEC 9797-1:1999, 3.2.6. 3.18 private key key of an entitys asymmetric key pair intended to be used only by that entity NOTE Adapted from ISO/IEC 11770-1:1996, 3.13. 3.19 public key key of an entitys asymmetric key pair which can be made public ISO/IEC 11770-1:1996
