Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIA Protection Against Mileage Fraud by Common Criteria UNECE 2015-05-05 Informal document GRSG-108-37 (108th GRSG, 4-8 May 2015, agenda item 3)

Published byLiliana Carter Modified over 9 years ago

Similar presentations

Presentation on theme: "FIA Protection Against Mileage Fraud by Common Criteria UNECE 2015-05-05 Informal document GRSG-108-37 (108th GRSG, 4-8 May 2015, agenda item 3)"— Presentation transcript:

1 FIA Protection Against Mileage Fraud by Common Criteria UNECE 2015-05-05 Informal document GRSG-108-37 (108th GRSG, 4-8 May 2015, agenda item 3)

2 FIA Protection against Mileage Fraud by Common Criteria Why does the FIA propose a protection against mileage fraud Summary Common Criteria Target of Evaluation (Annex 5,2) Protection Profile / Security Target (§2.6, §5.5.2, Annex 5) Next Steps

3 Why does the FIA propose a protection against mileage fraud FIA Protection against Mileage Fraud by Common Criteria ● Mileage Fraud is a safety risk, it causes unexpected faults and leads to breakdowns ● Mileage Fraud undermines legal requirements on the durability of environmental relevant components ● Mileage Fraud leads to an annual loss of €5.6 - €9.6 billion for consumers ● Mileage Fraud affects 8% – 12% of used car sales, rising to 30% - 50% for cross border transactions ● Mileage Fraud can be done for many vehicles in about one minute via the OBD port. The frauding tools are available from 150,-€

4 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Summary ● The FIA proposes to develop and verify the protection against mileage fraud with the methodology of common criteria according to ISO/IEC 15408 and ISO/IEC 18045. ● Protection level: Manipulations must be so time effort and cost intensive that they are no longer cost-efficient compared to the higher sales price, risk of mortal danger or environmental perils that can be achieved during the complete lifetime of the vehicle. ● While the Protection Profile is unique and the method of common criteria is standardized, the Vehicle Manufacturer can still individually decide, what measures he takes to meet his specific Security Tag. It will be stated in the VM-specific Security Target. ● The type approval authority must only check the successful evaluation result for VM specific solution.

5 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Common Criteria ● FIA proposes the standardized methodology of „Common Criteria“ to ease the development for vehicle manufacturers and the approval for authorities of the protected mileage data. ● The approach is technology neutral, as it defines a single Protection Profile, but leaves it up the manufacturer how to realize the solution by his individual Security Target. ● The methodology of Common Criteria is an approved IT process, accepted in 27 countries around the world and under constant development to stay state of the art. ● The base for ISO/IEC 15408 and ISO/IEC 18045 is given publically under http://www.commoncriteriaportal.org/cc/ (CC and CEM). http://www.commoncriteriaportal.org/cc/

6 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Common Criteria used for protection against Mileage Fraud ● A Protection Profile (PP) document for the mileage data must be deployed. It state the assets to be protected, the required protection level and can be understood as a kind of “catalogue” for threats and protection mechanisms. This single document will be used as general base for all VMs ● A Security Target (ST) document will map the Protection Profile to the individual realization in a system. Thereby, items from the “catalogue” PP will be selected and it will be described, how they act to reach the protection level. This allows a VM- specific implementation ● An Evaluation will be performed by independent, accredited labs on the Target of Evaluation (TOE = implementation at the VM) under consideration of PP and ST in order to verify that the required Protection Level is met ● The Evaluation Test Report (ETR) of the lab will reveal areas of improvements to VM and deliver a successful confirmation for usage towards the type approval authority

7 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Common Criteria used for protection against Mileage Fraud Framework Common Criteria (ISO/IEC 15408 and ISO/IEC 18045) Protection Profile for Mileage Fraud Protection Security Target for VM individual realization Evaluation Test Report for Target of Evaluation

8 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Target of Evaluation (TOE, Annex 5, 2) 2.4 The ABS Sensor counts the tours of the wheel. It is the initial data of the mileage Manipulating the sensor leads to wrong mileage data Most manipulations done via „OBD port“ in about 1 minute

9 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Target of Evaluation (TOE, Annex 5, 2) 2.4 The communication channel system transfers data „Man in the Middle attacks like resitors falsify the transferred data Most manipulations done via „OBD port“ in about 1 minute

10 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Target of Evaluation (TOE, Annex 5, 2) 2.4 The communication channel system transfers data „Man in the Middle attacks like resitors falsify the transferred data Most manipulations done via „OBD port“ in about 1 minute

11 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Target of Evaluation (TOE, Annex 5, 2) 2.4 The communication channel system transfers data „Man in the Middle attacks like resitors falsify the transferred data Most manipulations done via „OBD port“ in about 1 minute

12 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Target of Evaluation (TOE, Annex 5, 2) 2.1/2.2 The computation and storage subsystem computes the data from the ABS sensor to mileage numbers and stores it Unprotected data in ECUs can be overwritten via the OBD port Most manipulations done via „OBD port“ in about 1 minute

13 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Target of Evaluation (TOE, Annex 5, 2) 2.1/2.2 The computation and storage subsystem computes the data from the ABS sensor to mileage numbers and stores it Unprotected data in ECUs can be overwritten via the OBD port Most manipulations done via „OBD port“ in about 1 minute

14 C-ITS Forum Structure FIA Protection against Mileage Fraud by Common Criteria Target of Evaluation (TOE, Annex 5, 2) Most manipulations done via „OBD port“ in about 1 minute 2.3 The mileage display subsystem transfers computed data to readable numbers and displays them Manipulations via resistors or OBD port lead to false displayed data

15 Protection Profile / Security Target (§2.6, & 5.5.2, Annex 5) FIA Protection against Mileage Fraud by Common Criteria Security Target: 1000€ (higher sales price for tampered vehicle) Target of Evaluation: Gateway ECU Solution: Secured Data Storage behind a Firewall in the Gateway ECU Most manipulations done via „OBD port“ in about 1 minute

16 Protection Profile / Security Target (§2.6, & 5.5.2, Annex 5) FIA Protection against Mileage Fraud by Common Criteria Security Target 6000€ (higher sales price for tampered vehicle) Target of Evaluation: Whole Odometer System Solution: Encrypted Data Transfer and Storage of Data behind Firewall Most manipulations done via „OBD port“ in about 1 minute

17 Next steps FIA Protection against Mileage Fraud by Common Criteria ● Find support in UNECE WP 29 for the FIA proposal ● Setup an informal working group with all stakeholders to work out the protection profile

18 Thank You For Your Attention FIA Protection against Mileage Fraud by Common Criteria

Download ppt "FIA Protection Against Mileage Fraud by Common Criteria UNECE 2015-05-05 Informal document GRSG-108-37 (108th GRSG, 4-8 May 2015, agenda item 3)"

Similar presentations

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.

© Crown Copyright (2000) Module 2.6 Vulnerability Analysis.
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
CIRAS PROJECT OVERVIEW

CIRAS PROJECT OVERVIEW
26 May 2005UNECE Trade Facilitation in the WTO context 1 GATT Article V Broader aspects and implementation tools available Guus Jacobs Chairperson Working.

26 May 2005UNECE Trade Facilitation in the WTO context 1 GATT Article V Broader aspects and implementation tools available Guus Jacobs Chairperson Working.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
IHRA-ITS UN-ECE WP.29 ITS Informal Group Geneva, March, 2013 Overview of International Activities to Limit Distraction Document No. ITS-21-06 (21st ITS,

IHRA-ITS UN-ECE WP.29 ITS Informal Group Geneva, March, 2013 Overview of International Activities to Limit Distraction Document No. ITS (21st ITS,
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
ITIL: Service Transition

ITIL: Service Transition
Auditing Computer Systems

Auditing Computer Systems
Working group L-EPPR 03 June 2014 International environmental and propulsion performance requirements for L-category vehicles – OBD expert group On-board.

Working group L-EPPR 03 June 2014 International environmental and propulsion performance requirements for L-category vehicles – OBD expert group On-board.
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.
Community Wireless Services Gabriel Vizzard, Marketing Director how to solve the business and economic challenges in a multi-network environment WiFi Business.

Community Wireless Services Gabriel Vizzard, Marketing Director how to solve the business and economic challenges in a multi-network environment WiFi Business.
Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)

Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)
E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, email, or other pathways on the Internet.

E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.
E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, email, or other pathways on the.

E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the.
ISSSC 2015, 8.9.2015 09.00 – 12.00 Functional Safety and IT Security Example Dr Richard Messnarz Dr Christian Kreiner.

ISSSC 2015, – Functional Safety and IT Security Example Dr Richard Messnarz Dr Christian Kreiner.

Similar presentations

Ads by Google