|
Work item:
|
X.fod-sec
|
|
Subject/title:
|
Security guidelines for a feature on demand (FoD) service in a connected vehicle environment
|
|
Status:
|
Under study
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2026-09 (Medium priority)
|
|
Liaison:
|
ISO/TC 22, ITU-T SG16 and CITS
|
|
Supporting members:
|
Korea (Republic of), Hyundai Motors, Soonchunhyang University, ETRI
|
|
Summary:
|
A FoD service means subscription-based services that users can selectively download and install the features they need into their connected vehicles online. For instance, users can download and install lane support system (LSS) and adaptive cruise control (ACC) features in their vehicles online without temporal and spatial constraints.
However, this FoD service causes expansion of the attack surfaces in connected vehicles during the procedure of downloading and installing the features to the vehicle. For example, an attacker can sniff and steal the installation data of a vehicle, and then the attacker can use the feature in his vehicle without the payment for the subscription.
To address these security problems, this Recommendation provides a security threat analysis and specifies security requirements including mitigation methods such as authentication of a subscriber. Furthermore, this Recommendation provides how to implement the mitigation methods to fulfill the security requirements.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-10-05 11:09:03
|
|
Last update:
2024-03-12 09:47:30
|
