|
Work item:
|
X.1388 (ex X.fod-sec)
|
|
Subject/title:
|
Security requirements and guidelines for a feature on demand (FoD) service in a connected vehicle environment
|
|
Status:
|
Determined on 2026-06-10 [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2026-06 (Medium priority)
|
|
Liaison:
|
ISO/TC 22, ITU-T SG16 and CITS
|
|
Supporting members:
|
Korea (Republic of), Hyundai Motors, Soonchunhyang University, ETRI
|
|
Summary:
|
A feature on demand (FoD) service refers to subscription-based services that allow users to selectively download and install the features they need into their connected vehicles online or offline. For instance, users can purchase specific features from the manufacturer, such as lane support system (LSS) or adaptive cruise control (ACC) and then download/install them in their vehicles remotely, without time and location constraints.
However, this FoD service expands the potential attack surface in connected vehicles during the feature download and installation process. For example, an attacker could potentially sniff and steal the feature installation data of a vehicle and then the attacker can use the feature in his own vehicle without paying for the subscription.
To address these security risks, this Recommendation provides a security threat analysis and specifies security requirements. Furthermore, it provides information on how to implement these mitigations to fulfil the security requirements.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-10-05 11:09:03
|
|
Last update:
2026-06-26 12:01:35
|