1、 ETSI TS 102 731 V1.1.1 (2010-09)Technical Specification Intelligent Transport Systems (ITS);Security;Security Services and ArchitectureETSI ETSI TS 102 731 V1.1.1 (2010-09)2Reference DTS/ITS-0050001 Keywords ITS, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33
2、 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made availa
3、ble in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a s
4、pecific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find err
5、ors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in a
6、ll media. European Telecommunications Standards Institute 2010. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members an
7、d of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 731 V1.1.1 (2010-09)3Contents Intel
8、lectual Property Rights 6g3Foreword . 6g31 Scope 7g32 References 7g32.1 Normative references . 7g32.2 Informative references 7g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 9g34 Purpose of the Present Document 9g35 Refinement of Countermeasures 10g36 ITS Communications
9、 Security Architecture 14g36.1 Overview 14g36.2 ITS Authoritative Hierarchy . 16g36.2.1 Overview 16g36.2.2 Manufacturer . 16g36.2.3 Enrolment Authority . 16g36.2.4 Authorization Authority 17g36.2.5 Trust Assumptions 18g36.2.5.1 Trust Assumptions in normal operation 18g36.2.5.2 Compromised ITS-S 19g3
10、6.2.5.3 Compromised Authorities . 19g36.3 ITS Security Parameter Management . 19g36.3.1 Identities and Identifiers in ITS 19g36.3.1.1 Authorization and privacy with authorization tickets . 20g36.3.1.1.1 Personal user vehicles 20g36.3.1.1.2 Official role vehicles and infrastructure 20g36.3.1.2 Author
11、ization tickets and cryptography for personal user vehicles and official role users . 20g36.4 ITS Message Communication Models . 21g36.4.1 Overview 21g36.4.2 Individual public messages . 21g36.4.3 Individual private messages 21g36.4.4 Security Associations 21g37 ITS Security Services . 22g37.1 Enrol
12、ment Credentials 22g37.1.1 Obtain Enrolment Credentials. 22g37.1.1.1 Functional model . 22g37.1.1.1.1 Functional model description 22g37.1.1.1.2 Description of functional entities 23g37.1.1.2 Information flows 23g37.1.1.2.1 Definition of information flows . 23g37.1.2 Update Enrolment Credentials 26g
13、37.1.2.1 Functional model . 26g37.1.2.1.1 Functional model description 26g37.1.2.1.2 Description of functional entities 27g37.1.2.2 Information flows 27g37.1.2.2.1 Definition of information flows . 27g37.1.2.2.2 Examples of information flow sequences 28g37.1.3 Remove Enrolment Credentials 29g37.1.3.
14、1 Functional model . 29g37.1.3.1.1 Functional model description 29g37.1.3.1.2 Description of functional entities 30g3ETSI ETSI TS 102 731 V1.1.1 (2010-09)47.1.3.2 Information flows 30g37.1.3.2.1 Definition of information flows . 30g37.1.3.2.2 Examples of information flow sequences 31g37.2 Authorizat
15、ion Tickets . 32g37.2.1 Functional model 32g37.2.1.1 Functional model description 32g37.2.1.2 Description of functional entities 33g37.2.1.2.1 ITS Station Agent 33g37.2.1.2.2 A-Ticket Distributor 33g37.2.1.2.3 Enrolment Credentials Verifier . 33g37.2.1.2.4 ITS Network Agent . 33g37.2.1.2.5 ITS Autho
16、rization Status Manager 34g37.2.2 Obtain Authorization Tickets service . 34g37.2.2.1 Information flows 34g37.2.2.1.1 Definition of information flows . 34g37.2.3 Update Authorization Tickets . 36g37.2.3.1 Functional model . 36g37.2.3.1.1 Functional model description 36g37.2.3.2 Information flows 36g3
17、7.2.3.2.1 Definition of information flows . 36g37.2.4 Publish Authorization Status. 38g37.2.4.1 Information flows 38g37.2.4.1.1 Definition of information flows . 38g37.2.5 Update Local Authorization Status Repository. 40g37.2.5.1 Information flows 40g37.2.5.1.1 Definition of information flows . 40g3
18、7.3 Security Associations . 42g37.3.1 Model 42g37.3.1.1 Functional model . 43g37.3.1.1.1 Functional model description 43g37.3.1.1.2 Description of functional entities 43g37.3.2 Establish Security Association 44g37.3.2.1 Information flows 44g37.3.2.1.1 Definition of information flows . 44g37.3.3 Upda
19、te security association. 50g37.3.3.1 Information flows 50g37.3.3.1.1 Definition of information flows . 50g37.3.4 Send Secured Message 54g37.3.5 Receive Secured Message . 54g37.3.6 Remove security association . 54g37.3.6.1 Information flows 54g37.3.6.1.1 Definition of information flows . 54g37.4 Sing
20、le message services . 56g37.4.1 Authorize Single Message 56g37.4.2 Validate Authorization on Single Message . 56g37.4.3 Encrypt Single Message 56g37.4.3.1 Overview . 56g37.4.4 Decrypt Single Message . 56g37.4.4.1 Overview . 56g37.5 Integrity services 56g37.5.1 Calculate Check Value 56g37.5.2 Validat
21、e Check Value . 56g37.5.3 Insert Check Value 57g37.6 Replay Protection services . 57g37.6.1 Replay Protection Based on Timestamp . 57g37.6.2 Replay Protection Based on Sequence Number 57g37.7 Accountability services 57g37.7.1 Record Incoming Message in Audit Log 57g37.7.2 Record outgoing message in
22、Audit Log 57g37.8 Plausibility validation . 57g37.8.1 Validate Data Plausibility . 57g37.9 Remote management 58g3ETSI ETSI TS 102 731 V1.1.1 (2010-09)57.9.1 Functional model 58g37.9.1.1 Functional model description 58g37.9.1.1.1 Description of functional entities 58g37.9.2 Activate ITS transmission
23、. 59g37.9.2.1 Information flows 59g37.9.2.1.1 Remote Activate Transmission 59g37.9.2.1.2 Activate Transmission . 59g37.9.2.1.3 Transmission Activation 60g37.9.2.1.4 Examples of information flow sequences 60g37.9.3 Deactivate ITS transmission . 61g37.9.3.1 Information flows 61g37.9.3.1.1 Definition o
24、f information flows . 61g37.10 Report Misbehaving ITS-S . 63g37.10.1 Report misbehaviour . 63g37.10.1.1 Functional model. 63g37.10.1.1.1 Functional model description 63g37.10.1.1.2 Description of functional entities 64g37.10.1.2 Information flows 64g37.10.1.2.1 Definition of information flows . 64g3
25、Annex A (informative): Bibliography . 67g3History 68g3ETSI ETSI TS 102 731 V1.1.1 (2010-09)6Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available f
26、or ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (htt
27、p:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or ma
28、y become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport System (ITS). ETSI ETSI TS 102 731 V1.1.1 (2010-09)71 Scope The present document specifies mechanisms at the stage 2 level defined by ETS 300 38
29、7 i.2 for secure and privacy-preserving communication in ITS environments. It describes facilities for credential and identity management, privacy and anonymity, integrity protection, authentication and authorization. The mechanisms are specified as stage 2 security services according to the 3 stage
30、 method described in ETS 300 387 i.2, and identify the functional entities and the information flow between them. The stage 2 security services will be refined into a number of security protocols as part of the stage 3 specifications. There may be several security protocols able to fulfil the requir
31、ements of a security services. The present document describes the stage 2 security architecture of the ETSI Intelligent Transport System (ITS). The stage 2 security architecture and security services shall be used as the basis for further developing the ITS security architecture by mapping the secur
32、ity services and its functional components to the ITS architecture i.7. This mapping is part of stage 3 specifications. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited ver
33、sion applies. For non-specific references, the latest version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks include
34、d in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references The following referenced documents
35、are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 102 893: “Intelligent Transport Systems (ITS); Security; Threat, Vulnerability and Risk Analysis (TVRA)“. i.2 ETSI ETS 300 387: “Private Telecommunication Netw
36、ork (PTN); Method for the specification of basic and supplementary services“. i.3 United Nations General Assembly resolution 217 A (III) 10 December 1948: “Universal Declaration of Human Rights“. i.4 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the pr
37、ocessing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). i.5 COM 96/C 329/01: “European Union Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications“. i.6 Directive 95/46/EC o
38、f the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. ETSI ETSI TS 102 731 V1.1.1 (2010-09)8i.7 ETSI EN 302 665: “Intelligent Transport Systems (ITS); Communications Archi
39、tecture“. i.8 ITU-T Recommendation I.130: “Method for the characterization of telecommunication services supported by an ISDN and network capabilities of an ISDN“. i.9 ISO/IEC 15408: “Information technology - Security techniques - Evaluation criteria for IT security“. 3 Definitions and abbreviations
40、 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: authorization authority: security management entity responsible for issuing, monitoring the use of and withdrawing authorization tickets authorization ticket: data object that demonstrates that the
41、valid holder is entitled to take specific actions NOTE: In the present document, “authorization ticket“ is reserved for data objects used in message exchanges between ITS Stations and does not refer to data objects used in message exchanges between an ITS Station and a security management entity. ca
42、nonical identity: identifier unique to a particular ITS-S that persists throughout the lifetime of the ITS-S and can be presented to an enrolment authority when the ITS-S requests enrolment credentials enrolment authority: security management entity responsible for the life cycle management of enrol
43、ment credentials enrolment credential: data object that is used in message exchanges between an ITS Station and a security management entity and demonstrates that the valid holder is entitled to apply for authorization tickets enrolment domain: scope of authority of an enrolment authority; the condi
44、tions under which an enrolment authoritys enrolment credentials are valid EXAMPLE: A domain might be a country, a region within that country, multiple countries; or another grouping, such as all vehicles made by a particular OEM. identity: See canonical identity. official role vehicle: vehicle whose
45、 ITS-S is claiming privileges due to its having a particular role EXAMPLE: Emergency response vehicles, public transit vehicles, or maintenance vehicles. personal user vehicle: vehicle that is not an official role vehicle pseudonym: alias identity within the context of the Pseudonymity service defin
46、ed in ISO/IEC 15408 i.9 security management entity: entity within the ITS system that is responsible for issuing, supervising the use of and if necessary, withdrawing security material NOTE: In the present document, the security management entities are enrolment authorities and authorization authori
47、ties. security material: data objects such as authorization tickets, enrolment credentials, and keys, that are used by an ITS-S to ensure the correct operation of security services security mechanism: process (or a device incorporating such a process) that can be used in a system to implement a secu
48、rity service that is provided by or within the system security policy: set of rules and practices that specify or regulate how a system or organization provides security services to protect resources ETSI ETSI TS 102 731 V1.1.1 (2010-09)9security service: processing or communication capability that
49、is provided by a system to give a specific kind of protection to resources where these resources may reside within the system or any other system 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: BSA Basic Set of Applications CAM Cooperative Awareness Message DEN Decentralized Environmental Notification IAAA Identification, Authentication, Authorization, Accountability ITS Intelligent Transport System ITS-S ITS Station OEM Original Equipment Manufacturer O-UAT Official role user Universal Authorization Ti
