Key Elements
- Digital Tachograph Security
This page provides you with an overview of the Digital Tachograph Security Principles.
System Mechanisms
In order to allow a full compatibility between any VU and any tachograph card on one hand, and allow any controller to inspect data downloaded from any VU on the other, some security mechanisms have to be common and fulfil the following security requirements:
- Mutual authentication between VU and cards,
-
Integrity and authentication of data transferred between VU and cards,
-
Integrity and authentication of data downloaded to external storage media.
Security mechanisms are closely related with security elements (e.g. cryptographic keys) and distribution methods. Both security mechanisms and security elements had to be defined together.
Field Constraints
Main constraints encountered by digital tachograph component manufacturers are the following:
-
Tachograph components are distributed in the field and are not connected on-line to any central register for checks,
-
Different manufacturers and different issuing authorities are involved,
-
The introduction of digital tachograph will occur step by step both in new member States and from new manufacturers,
-
Security parameters rely on leading edge but currently available and proven Information Technology,
-
Security parameters must allow to periodically up-grade security elements.
Security Targets
Security targets are defined by so-called Security Enforcing Functions (SEF). SEF are required for the digital tachograph components (motion sensor, Vehicle Unit (VU) and tachograph smart cards). An independent laboratory approved for ITSEC (Information Technology Security Evaluation Criteria) evaluations declared SEF used for digital tachograph as suitable, complete and appropriate for ITSEC E3 evaluation.
Cryptographic system
Cryptographic information technology provides security mechanisms able to fulfil authentication and data integrity requirements. Authentication requirement implies that any element of the system (VU, card) must be able to prove to any other element of the system that it belongs to the system. Data integrity guarantees that only authorised persons can access data.
Keys and Certificates
For the digital tachograph application, keys are distributed at three levels:
· European level,
· Member State level,
· Equipment Manufacturer or Card Personalisation level.
Certificates
Beside cryptographic keys, the security system is based on certificates distributed at three levels afore-mentioned.
Menu
