Role Based Access Controls Applied to Electronic Toll ...Role Based Access Controls Applied to...

Role Based Access Controls

Applied to Electronic Toll

Collection

November 2016

01/ Presentation main goals

02/ Toll Collection Systems

03/ Transactions and data access

04/ External requests for information

05/ Next Steps

Index

Presentation

main goals

01/ Presentation main goals

A/ The Tolling Systems and its security

framework

B/ Management of accesses to the toll

information

C/ Assurance of the principle of the least

privilege in information access

Role Based Access Controls Applied to Electronic

Toll Collection in Ascendi

01/ Presentation Main Goals


Toll Collection Systems

Significant experience and know-how

in toll collection

AET (MLFF)

Toll collection systems enabling

traffic free flow

Traditional

Toll Collection

Open or closed systems,

manual and electronic


6 contracts under operation

(130 tolling points)

Operation under independent contracts

between Ascendi O&M and Infraestruturas

de Portugal (Portuguese Road Agency)

Costa de Prata, Grande Porto, Beiras

Litoral e Alta, Interior Norte, Pinhal Interior,

Tunel do Marão

AET | All Electronic Tolling


Norte and Grande Lisboa Concessions

21 Toll plazas (closed system)

3 Toll plazas (open system)

134 Manual lanes

83 Electronic single lanes free flow

Traditional Toll Collection



https://www.youtube.com/watch?v=6Kiwrdyy_ts

Toll Collection - Ascendi Group.mp4

Systems - Architecture


OPERATIONAL BACK-OFFICE (OBO)

COMMERCIAL BACK-OFFICE (CBO)

ROAD SIDE EQUIPMENT (RSE)

Integrates all tolling operations

• Account Management

• Contact and Walk-in centre

• CRM

• Billing and notice issuing

• Dunning management

• Payment processing

• External Interface (links)

Integrates all tolling operations

• Prepared for technologies from

different vendors (DSRC, RFID)

• Transaction validation

• Second level OCR

• Image review

• Trip aggregation engine

• Price calculation

• Mobile enforcement BO


Systems - Architecture

•Detection of the passage of thevehicle

•Classification of vehicle usingits volumetry figures (height, width, lenght, trail)

•Read of OBU

•Capture of front, rear andcontext images

•Automatic License PlateRecognision

•Data correlation of the varioussubsystems

NATIONAL VEHICLESDirect Collection (without

surcharges):

• Fully electronic payment through

OBU issuer (debit card)

• Pre-payment with client

identification

• Anonymous pre-payment supported

Post Payment Collection (with

surcharges):

• Anonymous post-payment using

license plate - available for payment at

postal offices, Payshop network and

internet.

FOREIGNVEHICLES• Interoperability with Spain

(vehicles equipped with OBU)

• “Easy-Toll” system (automatic

registration at the borders,

using credit card account)

• TollService (pre-paid title for

light vehicles for 3 days or pre-

-determined trips)

• TollCard (“on the shelf” pre paid

card, activated by SMS)

• Temporary Via Verde tag

(rent-a-tag)

ENFORCED COLLECTION• Enforced Collection for non

payment

• Mobile enforcement

• Tax authority (with fines

treated as fiscal offense)

• Internet

AET | Payment Methods (Portugal)


European

Standards

• EN 15509 – Electronic Free

Collection – Interoperability

Application profile for DSCR

• Security features and mechanisms

based on the general security

framework defined in 7.1.4 in EN

ISO 14906:2004.

• Image Security: attribute

adaptations according to CEN/TS

16439 (EFC - Security Framework).

• Monitored datacenters

(heat, fire, power, air

conditioning, cctv)

• Restricted physical

Access

• Network segmentation

• Public Key

Infrastructure (PKI),

FTPS, HTTPS for

webmail, SSL VPN,

Ipsec Tunnel Private-to-

private Network

Network Security

Protocols

Systems - Security Features

Datacenters


Business Continuity

Systems - Security Features

• Secure Infraestruture - Virtualization and

High Availability for Core Systems

• Centralized enterprise backup and

recovery, disaster recovery and endpoint

data protection

• Disaster Recovery Site for OBO

and CBO;

• Business Continuity Plan;

Organization

• Security policies and procedures

• Skilled Technical resources

• Non-disclosure agreement concerning

personal, proprietary information and

good practices using IT systems


DIMENSION

• Largest Europeanprivate operator of amulti-vehicle categoryAET (MLFF);

• High speedmotorways - DSRC

Technology;

• More than 99,99%

system availability;

• 99,80% of vehicles

detection (no speed

restriction);

• more than 96% of

ALPR (multiple

libraries);

FEASIBILITY

• Electronic Tollingusing OBU

identification; or

• Video Tolling, using

ALPR in association

with 2º level OCR

engines;

OPERATIONALFLEXIBILITY

• Unitary transactions ofa journey aggregated

into a single

transaction, where:

o Customer able to

check travelled journey;

o Optimized transaction

costs;

TRANSACTIONAGGREGATION

AET | Main Features (Portugal)


TransactionsandData

Access


700K Transactions

processed daily

Transaction mode: 80%

ETC, 11% VTC, 9%

Manual

Facts and Figures

1.7M customer

accounts managed

5.2M km (aggregate

distance travelled by all

users) charged per day

Invoices/notices:

42.5k processed per

week

More than 160 users

of the systems


> 500K images

per day

Customer Care Organization

Technical team

• 6 Supervision areas

• 10 Operational teams

Macro-areas


Coordination &

Technical Support

Invoice-Manual

Validation

& QC

Document

Management

& Receivables

Customer

Care (walk-in

+ call center)

Customer

Care (written +

online)

Litigation &

Corporate

• Invoicing

• Clients and Operations

Manual photo

validationDocument

Management

Call-Center

OperatorWalk-in Center

Operator

CRM

Operator

Quality

Control

Receivables Litigation Corporate

Clients

Operator

Applications accesses per type of functional user

ERP

Call-M

CRM

ECM

OBO


http://www.google.pt/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=cxGwcQWjWOSfJM&tbnid=NEPZBdSk-PLAEM:&ved=0CAUQjRw&url=http://www.octavia.de/kompetenzen/loesungen.html&ei=4T1eU-CXKMio0QWmh4GACQ&bvm=bv.65397613,d.d2k&psig=AFQjCNHPIU6CDAvTxLv7o9zaYX6WhxA5Tg&ust=1398771544149189

http://www.google.pt/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=HvECmLEyCJ2kxM&tbnid=ltbd2iNUfzQWbM:&ved=0CAUQjRw&url=http://www.aufbewahrung.ch/deutsch/pages_sp/mainsponsor_ixos.htm&ei=Sj5eU5j4Mc3a0QXD-4GQDA&psig=AFQjCNFbe9Bp7ydub4hYKPDqKaPcA0Lqug&ust=1398771624188071

Access Profiles are defined per application module

Permission Matrix

• By system

• Read Only / Read & Write


Segregation by function

• Overall containment of information access

• Rigid boundaries

• Team defined access

• Different degrees of access inside the boundaries

• Almost atomic granularity of permissions

Segregated by Area of responsibility

Access Profiles are defined per application module


All requests for change refer to

this matrix AND ALL PREVIOUS

VERSIONS ARE AUDITABLE

Versioning


Internet Access

• Access controlled

through the use of white-

lists

• Internet access only

allowed via proxy

• Active Directory user

groups determine the

Internet access

Email

• Email is only allowed

internally for Manual

Toll-Operator team

• All Client interaction

teams use an unified

account (mono account

per channel)

• All email sent to Clients

by the unified accounts

is duplicated to a read-

only mailbox

(traceability)

Workstations \ Mobile Devices

• Predefined software image for

workstations

• Standard GPO enforced restrictions

on USB drives and other media

• Locked down baseline according to

Center for Internet Security

benchmarks

(https://www.cisecurity.org/)

• Firewall rules restrict access to local

addresses only (http proxy is local)

• Software update via SCCM (security,

critical, antivirus and malware )

Workstation | Restrictions and controls

Data Loss Prevention


https://www.cisecurity.org/

Requestsfor

Information

04/ External requests for Information

Available information

• Client must show personal identification andvehicles documentation

• Data is verified with historic ownership data

Client requests

By Clients

• Non paid transactions

• Travel information

• Photographic evidence – license plate ONLY

Requests for Information


By Public Authorities

Request for Information

• Requires criminal proceeding (not civil)

• Requires an associated court order

• Non paid transactions

• Travel information

• Photographic evidence – license plate ONLY


Request by legal enforcement Entities

Available information

Next Steps

05/ Next Steps

05/ Next Steps

Next Steps and Challenges

Security Audits

New data protection rules

Perimeter reinforcement

Revise polices, procedures

and rules

Evaluate CERT Team

Thank You!

Questions ?www.ascendi.pt

Role Based Access Controls Applied to Electronic Toll ...Role Based Access Controls Applied to...

Documents

Transcript of Role Based Access Controls Applied to Electronic Toll ...Role Based Access Controls Applied to...