1、 IEEE Standard for Wireless Access in Vehicular Environments Security Services for Applications and Management Messages Amendment 1 Sponsored by the Intelligent Transportation Systems Committee IEEE 3 Park Avenue New York, NY 10016-5997 USA IEEE Vehicular Technology Society IEEE Std 1609.2a-2017 (Am
2、endment to IEEE Std 1609.2-2016) IEEE Std 1609.2a-2017 (Amendment to IEEE Std 1609.2-2016) IEEE Standard for Wireless Access in Vehicular Environments Security Services for Applications and Management Messages Amendment 1 Sponsor Intelligent Transportation Systems Committee of the IEEE Vehicular Tec
3、hnology Society Approved 28 September 2017 IEEE-SA Standards Board Abstract: Secure message formats and processing for use by Wireless Access in Vehicular Environments (WAVE) devices, including methods to secure WAVE management messages and methods to secure application messages are defined. Adminis
4、trative functions necessary to support the core security functions are described. Keywords: cryptography, IEEE 1609.2, security, wireless access in vehicular environments (WAVE) AcknowledgmentThe IEEE P1609 Working Group would like to acknowledge significant contributions made to this standard by Dr
5、ew van Duren.The Institute of Electrical and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-5997, USA Copyright 2017 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 13 October 2017. Printed in the United States of America. IEEE is a regist
6、ered trademark in the U.S. Patent fitness for a particular purpose; non-infringement; and quality, accuracy, effectiveness, currency, or completeness of material. In addition, IEEE disclaims any and all conditions relating to: results; and workmanlike effort. IEEE standards documents are supplied “A
7、S IS” and “WITH ALL FAULTS.” Use of an IEEE standard is wholly voluntary. The existence of an IEEE standard does not imply that there are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of the IEEE standard. Furthermore, the viewpoi
8、nt expressed at the time a standard is approved and issued is subject to change brought about through developments in the state of the art and comments received from users of the standard. In publishing and making its standards available, IEEE is not suggesting or rendering professional or other ser
9、vices for, or on behalf of, any person or entity nor is IEEE undertaking to perform any duty owed by any other person or entity to another. Any person utilizing any IEEE Standards document, should rely upon his or her own independent judgment in the exercise of reasonable care in any given circumsta
10、nces or, as appropriate, seek the advice of a competent professional in determining the appropriateness of a given IEEE standard. IN NO EVENT SHALL IEEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO: PROCUREMENT OF SUBSTIT
11、UTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE PUBLICATION, USE OF, OR RELIANCE UPON ANY STANDARD, EVEN IF
12、ADVISED OF THE POSSIBILITY OF SUCH DAMAGE AND REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE. Translations The IEEE consensus development process involves the review of documents in English only. In the event that an IEEE standard is translated, only the English version published by IEEE should b
13、e considered the approved IEEE standard. Official statements A statement, written or oral, that is not processed in accordance with the IEEE-SA Standards Board Operations Manual shall not be considered or inferred to be the official position of IEEE or any of its committees and shall not be consider
14、ed to be, or be relied upon as, a formal position of IEEE. At lectures, symposia, seminars, or educational courses, an individual presenting information on IEEE standards shall make it clear that his or her views should be considered the personal views of that individual rather than the formal posit
15、ion of IEEE. Comments on standards Comments for revision of IEEE Standards documents are welcome from any interested party, regardless of membership affiliation with IEEE. However, IEEE does not provide consulting information or advice pertaining to IEEE Standards documents. Suggestions for changes
16、in documents should be in the form of a proposed change of text, together with appropriate supporting comments. Since IEEE standards represent a consensus of concerned interests, it is important that any responses to comments and questions also receive the concurrence of a balance of interests. For
17、this reason, IEEE and the members of its societies and Standards Coordinating Committees are not able to provide an instant response to comments or questions except in those cases where the matter has previously been addressed. For the same reason, IEEE does not respond to interpretation requests. A
18、ny person who would like to participate in revisions to an IEEE standard is welcome to join the relevant IEEE working group. Comments on standards should be submitted to the following address: Secretary, IEEE-SA Standards Board 445 Hoes Lane Piscataway, NJ 08854 USA Laws and regulations Users of IEE
19、E Standards documents should consult all applicable laws and regulations. Compliance with the provisions of any IEEE Standards document does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regul
20、atory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights IEEE draft and approved standards are copyrighted by IEEE under U.S. and international copyri
21、ght laws. They are made available by IEEE and are adopted for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making these do
22、cuments available for use and adoption by public authorities and private users, IEEE does not waive any rights in copyright to the documents. Photocopies Subject to payment of the appropriate fee, IEEE will grant users a limited, non-exclusive license to photocopy portions of any individual standard
23、 for company or organizational internal use or individual, non-commercial use only. To arrange for payment of licensing fees, please contact Copyright Clearance Center, Customer Service, 222 Rosewood Drive, Danvers, MA 01923 USA; +1 978 750 8400. Permission to photocopy portions of any individual st
24、andard for educational classroom use can also be obtained through the Copyright Clearance Center. Updating of IEEE Standards documents Users of IEEE Standards documents should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to t
25、ime through the issuance of amendments, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. Every IEEE standard is subjected to review at least every ten years. When
26、a document is more than ten years old and has not undergone a revision process, it is reasonable to conclude that its contents, although still of some value, do not wholly reflect the present state of the art. Users are cautioned to check to determine that they have the latest edition of any IEEE st
27、andard. In order to determine whether a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE-SA Website at http:/ieeexplore.ieee.org/ or contact IEEE at the address listed previously. For more information abou
28、t the IEEE SA or IEEEs standards development process, visit the IEEE-SA Website at http:/standards.ieee.org. Errata Errata, if any, for all IEEE standards can be accessed on the IEEE-SA Website at the following URL: http:/standards.ieee.org/findstds/errata/index.html. Users are encouraged to check t
29、his URL for errata periodically. Patents Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken by the IEEE with respect to the existence or validity of any patent r
30、ights in connection therewith. If a patent holder or patent applicant has filed a statement of assurance via an Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Website at http:/standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may indicate whether the
31、Submitter is willing or unwilling to grant licenses under patent rights without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses. Essential Patent Claims may exist for w
32、hich a Letter of Assurance has not been received. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms or conditions provided in
33、 connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own
34、responsibility. Further information may be obtained from the IEEE Standards Association. Copyright 2017 IEEE. All rights reserved. 6 Participants At the time this IEEE standard was completed, the Dedicated Short Range Communications Working Group had the following membership: Thomas M. Kurihara, Cha
35、ir Justin McNew, Kevin Smith, William Whyte, Vice Chair Mike Brown Hanbyeog Cho Hans-Joachim Fischer Ramez Gerges Aleksandar Gogic Shubha Gopalakrishna Gloria Gwynne Ronald Hochnadel Carl Kain John Kenney Bill Lattin Jules Madey Sean Maschue Jim Misener Frank Perry Randy Roebuck Richard Roy Kevin Sm
36、ith Jasja Tijink Michaela Vanderveen George Vlantis Jason Wang Aaron Weinfield The following members of the individual balloting committee voted on this standard. Balloters may have voted for approval, disapproval, or abstention. Mohammad Battah Aleksander Gogic Gloria Gwynne Ron Hochnadel Carl Kain
37、 John Kenney Soyoung Kim Jules Madey Sean Maschue Jim Misener Randy Roebuck Richard Roy Kevin Smith Jasja Tijink Michaela Vanderveen George Vlantis Jason Wang Ken Vaughn When the IEEE-SA Standards Board approved this standard on 28 September 2017, it had the following membership: Jean-Philippe Faure
38、, Chair Gary Hoffman, Vice Chair John Kulick, Past Chair Konstantinos Karachalios, Secretary Chuck Adams Masayuki Ariyoshi Ted Burse Stephen Dukes Doug Edwards J. Travis Griffith Michael Janezic Thomas Koshy Joseph L. Koepfinger* Kevin Lu Daleep Mohla Damir Novosel Ronald C. Petersen Annette D. Reil
39、ly Robby Robson Dorothy Stanley Adrian Stephens Mehmet Ulema Phil Wennblom Howard Wolfman Yu Yuan *Member Emeritus Copyright 2017 IEEE. All rights reserved. 7 Introduction This introduction is not part of IEEE Std 1609.2a-2017, IEEE Standard for Wireless Access in Vehicular EnvironmentsSecurity Serv
40、ices for Applications and Management Messages Amendment 1.This amendment addresses multiple needs to enhance and extend IEEE Std 1609.2-2016: Since the publication of IEEE Std 1609.2-2016, a number of errors, omissions, and ambiguities have been discovered, which this amendment corrects. Industry st
41、akeholders have requested additional functionality, in particular better support for compact expressions of ranges of Service Specific Permissions (SSPs). Test vectors are provided to enable implementers to gain confidence in correctness of their implementation before running interoperability tests.
42、 Additional informative material is provided to assist implementers of the standard and users of the security services in understanding the intended implementation and use. Copyright 2017 IEEE. All rights reserved. 8 Contents 3. Definitions, abbreviations, and acronyms 93.1 Definitions . 9 4. Genera
43、l description 104.2 Secure data service (SDS) 10 4.3 Security services management entity (SSME) 11 5. Cryptographic operations and validity.115.1 Certificate validity 11 5.2 Signed SPDU validity .18 5.3 Cryptographic operations 29 6. Data structures .326.1 Presentation and encoding 32 6.2 Integer Ba
44、sic types 33 6.3 Secured protocol data units (SPDUs) .33 6.4 Certificates and other security management data structures .43 7. Certificate revocation lists (CRLs) and the CRL Verification Entity 547.3 Data structures 54 7.4 CRL: 1609.2 Security envelope 55 8. Peer-to-peer certificate distribution (P
45、2PCD)588.1 General 58 8.2 P2PCD operations .58 8.4 Data structures 64 9. Service primitives and functions .659.1 General comments and conventions .65 9.4 SSME SAP .71 9.5 SSME-Sec SAP 73 Annex A (informative) Protocol Implementation Conformance Statement (PICS) proforma 74 A.2 PICS proformaIEEE Std
46、1609.2 74 Annex B (normative) ASN.1 modules79 B.0a General .79 B.1 1609.2 security services .79 B.2 Certificate revocation list (CRL) 81 B.3 Peer-to-peer certificate distribution (P2PCD) 83 Annex C (informative) Specifying the use of IEEE Std 1609.2 by SDEEs 84 C.2 IEEE 1609.2 security profiles 84 C
47、.3 IEEE 1609.2 security profile proforma 88 C.4 Service Specific Permissions (SSP) .90 C.7 Source of encryption keys 91 Annex D (informative) Examples and use cases 93 D.5 Example data structures .93 D.6 Cryptographic test vectors .96 Copyright 2017 IEEE. All rights reserved. 9 IEEE Standard for Wir
48、eless Access in Vehicular Environments Security Services for Applications and Management Messages Amendment 1 NOTEThe editing instructions contained in this amendment define how to merge the material contained therein into the existing base standard and its amendments to form the comprehensive stand
49、ard.1The editing instructions are shown in bold italic. Four editing instructions are used: change, delete, insert, and replace. Change is used to make corrections in existing text or tables. The editing instruction specifies the location of the change and describes what is being changed by using strikethrough (to remove old material) and underscore (to add new material). Delete removes existing material. Insert adds new material without disturbing the existing material. Insertions may require renumbering. If so, renumbering instructions are given in the edit