|
Work item:
|
X.fod-sec
|
|
Subject/title:
|
Security guidelines for a feature on demand (FoD) service in a connected vehicle environment
|
|
Status:
|
Under study [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2026-06 (Medium priority)
|
|
Liaison:
|
ISO/TC 22, ITU-T SG16 and CITS
|
|
Supporting members:
|
Korea (Republic of), Hyundai Motors, Soonchunhyang University, ETRI
|
|
Summary:
|
FoD (Feature on Demand) service refers to subscription-based services that allow vehicle users to selectively download and install the features they need into their connected vehicles online or offline. For instance, vehicle users can purchase specific features from the manufacturer, such as Lane Support System (LSS) or Adaptive Cruise Control (ACC), and then download/install them in their vehicles remotely, without time and location constraints.
However, this FoD service expands the potential attack surface in connected vehicles during the feature download and installation process. For example, an attacker could potentially sniff and steal the feature installation data of a vehicle, and then the attacker can use the feature in his own vehicle without paying for the subscription.
To address these security problems, this Recommendation provides a security threat analysis and specifies security requirements including mitigation methods such as authentication of a subscriber. Furthermore, this Recommendation provides how to implement the mitigation methods to fulfil the security requirements.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-10-05 11:09:03
|
|
Last update:
2025-12-10 14:34:46
|
