1、 ETSI TS 102 940 V1.1.1 (2012-06) Intelligent Transport Systems (ITS); Security; ITS communications security architecture and security management Technical Specification ETSI ETSI TS 102 940 V1.1.1 (2012-06)2Reference DTS/ITS-0050014 Keywords interoperability, ITS, management, security ETSI 650 Rout
2、e des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded
3、from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall
4、 be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is availab
5、le at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The cop
6、yright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2012. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI
7、registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 940 V1.1.1 (2012-06)3Contents Intellectual Property Rights 4g3Foreword . 4g31 Scope 5g32 References 5g32.1 Normative r
8、eferences . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 ITS reference architecture 6g34.1 ITS applications groups 8g34.1.1 Summary of ITS applications . 9g34.1.1.1 Cooperative awareness 12g34.1.1.2 Static local hazard warning . 12
9、g34.1.1.3 Interactive local hazard warning . 13g34.1.1.4 Area hazard warning . 13g34.1.1.5 Advertised services . 14g34.1.1.6 Local high-speed unicast service . 14g34.1.1.7 Local multicast service 15g34.1.1.8 Low-speed unicast service 15g34.1.1.9 Distributed (networked) service 16g34.1.1.10 Multiple
10、Applications 16g34.1.2 Security requirements of ITS application groups 16g34.1.2.1 Security requirements of cooperative awareness 16g34.1.2.1.1 Authentication and Authorization 16g34.1.2.1.2 Confidentiality . 17g34.1.2.1.3 Privacy . 17g34.1.2.2 Security requirements of static local hazard warnings 1
11、7g34.1.2.2.1 Authentication and Authorization 17g34.1.2.2.2 Confidentiality and Privacy . 17g34.1.2.3 Security requirements of dynamic local hazard warnings . 17g34.1.2.3.1 Authentication and Authorization 17g34.1.2.3.2 Confidentiality and Privacy . 17g34.1.2.4 Security requirements of area hazard w
12、arnings . 18g34.1.2.4.1 Authentication and Authorization 18g34.1.2.4.2 Confidentiality and Privacy . 18g34.1.2.5 Security requirements of other services 18g34.1.2.6 Security requirements of multiple applications . 18g34.1.2.6.1 Authentication and Authorization 18g34.1.2.6.2 Confidentiality and Priva
13、cy . 18g35 ITS Security architecture 18g35.1 ITS station security architecture . 18g35.2 Security services . 19g35.3 ITS communications security architecture . 20g35.4 ITS security reference model 20g35.4.1 Security functional elements . 22g35.4.2 Security reference points 23g36 ITS station security
14、 management . 24g36.1 Basic principles 24g36.1.1 Guidelines for establishing enrolment trust requirements. 25g36.2 Trust and privacy management 26g36.3 Access control 27g36.4 Confidentiality 28g3History 29 ETSI ETSI TS 102 940 V1.1.1 (2012-06)4Intellectual Property Rights IPRs essential or potential
15、ly essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPR
16、s notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given
17、 as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport System (
18、ITS). ETSI ETSI TS 102 940 V1.1.1 (2012-06)51 Scope The present document specifies a security architecture for Intelligent Transport System (ITS) communications. Based upon the security services defined in TS 102 731 4, it identifies the functional entities required to support security in an ITS env
19、ironment and the relationships that exist between the entities themselves and the elements of the ITS reference architecture defined in EN 302 665 1. The present document also identifies the roles and locations of a range of security services for the protection of transmitted information and the man
20、agement of essential security parameters. These include identifier and certificate management, PKI processes and interfaces as well as basic policies and guidelines for trust establishment. 2 References References are either specific (identified by date of publication and/or edition number or versio
21、n number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found
22、 at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of the present document. 1 ETSI
23、EN 302 665: “Intelligent Transport Systems (ITS); Communications Architecture“. 2 ETSI TS 102 637-2: “Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 2: Specification of Cooperative Awareness Basic Service“. 3 ETSI TS 102 637-3: “Intelligent Transport S
24、ystems (ITS); Vehicular Communications; Basic Set of Applications; Part 3: Specifications of Decentralized Environmental Notification Basic Service“. 4 ETSI TS 102 731: “Intelligent Transport Systems (ITS); Security; Security Services and Architecture“. 5 ETSI TS 102 941: “Intelligent Transport Syst
25、ems (ITS); Security; Trust and Privacy Management“. 6 ETSI TS 102 942: “Intelligent Transport Systems (ITS); Security; Access Control“. 7 ETSI TS 102 943: “Intelligent Transport Systems (ITS); Security; Confidentiality services“. 2.2 Informative references The following referenced documents are not
26、necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 102 638: “Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Definitions“. i.2 ETSI TR 102 863: “Intelligent Transport Systems (
27、ITS); Vehicular Communications; Basic Set of Applications; Local Dynamic Map (LDM); Rationale for and guidance on standardization“. i.3 IEEE 1609.3 2010: “Wireless Access in Vehicular Environments (WAVE) - Networking Services“. ETSI ETSI TS 102 940 V1.1.1 (2012-06)6i.4 CEN FprCEN/TS 16439: “Electron
28、ic fee collection - Security framework“. i.5 ETSI TS 102 890-2: “Intelligent Transport Systems (ITS); Facilities layer function; Services announcement specification“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply:
29、authorization authority: authority that provides an ITS-S with permission to invoke ITS applications and services canonical identifier: structured identifier that is globally unique enrolment authority: authority that validates that an ITS-S can be trusted to function correctly 3.2 Abbreviations For
30、 the purposes of the present document, the following abbreviations apply: BSA Basic Set of Applications CA Co-operative AwarenessCAM Co-operative Awareness Message CN Co-operative Navigation CS Communities Services CSM Co-operative Speed Management DENM Decentralized Environment Notification Message
31、 EA Enrolment Authority IP Internet ProtocolIPv6 Internet Protocol version 6 ITS Intelligent Transport System ITS-S ITS Station LBS Location Based Services LCM Life Cycle Management OSI Open System Interconnect PDA Personal Data Appliance PKI Public Key Infrastructure RHW Road Hazard Warning RSU Roa
32、d Side Unit TTP Trusted Third PartyWAVE Wireless Access in Vehicular Environments WSA WAVE Service Announcement 4 ITS reference architecture EN 302 665 1 describes an ITS station architecture based upon 4 processing layers identified as follows: Access Layer; Networking Facilities Layer; and Applica
33、tions Layer. These horizontal layers are bounded on each side by a vertical Management layer and a Security layer (Figure 1). ETSI ETSI TS 102 940 V1.1.1 (2012-06)7Figure 1: ITS station architecture (from EN 302 665 1) The layers in this architecture do not represent directly the Open System Interco
34、nnect (OSI) protocol modelling layers but the functionality expected in each can be mapped to OSI model quite simply (Figure 2). Figure 2: Mapping of OSI modelling layers to the ITS architectural layers Having mapped the OSI protocol layers to the ITS station architecture, this can be extended into
35、an ITS communications architecture in which the protocol layers communicate on a peer-to-peer basis as shown in Figure 3. ETSI ETSI TS 102 940 V1.1.1 (2012-06)8Figure 3: ITS communications architecture 4.1 ITS applications groups TR 102 638 i.1 defines the basic set of ITS applications which it divi
36、des into groups according to the functionality provided. Based on this a further analysis in TR 102 863 i.2 takes into account some additional sources. The resulting list of functional groupings from this analysis is shown in Table 1. A more detailed description can be found in TR 102 863 i.2, claus
37、e A.1. ETSI ETSI TS 102 940 V1.1.1 (2012-06)9Table 1: ITS application classes Applications Class Application Use case Active road safety Driving assistance - Co-operative awareness (CA) Emergency vehicle warning Slow vehicle indication Across traffic turn collision risk warning Merging Traffic Turn
38、Collision Risk Warning Co-operative merging assistance Intersection collision warning Co-operative forward collision warning Lane Change Manoeuvre Driving assistance - Road Hazard Warning (RHW) Emergency electronic brake lights Wrong way driving warning (infrastructure based) Stationary vehicle - ac
39、cident Stationary vehicle - vehicle problem Traffic condition warning Signal violation warning Roadwork warning Decentralized floating car data - Hazardous location Decentralized floating car data - Precipitations Decentralized floating car data - Road adhesion Decentralized floating car data - Visi
40、bility Decentralized floating car data - Wind Vulnerable road user Warning Pre-crash sensing warning Co-operative glare reduction Cooperative traffic efficiency Co-operative speed management (CSM) Regulatory / contextual speed limits notification Curve Warning Traffic light optimal speed advisory Co
41、-operative navigation (CN) Traffic information and recommended itinerary Public transport information In-vehicle signage Co-operative local services Location based services (LBS) Point of Interest notification Automatic access control and parking management ITS local electronic commerce Media downlo
42、ading Global internet services Communities services (CS) Insurance and financial services Fleet management Loading zone management Theft related services/After theft vehicle recovery ITS station life cycle management (LCM) Vehicle software / data provisioning and update Vehicle and RSU data calibrat
43、ion Transport related electronic financial transactions i.4 4.1.1 Summary of ITS applications In order to define security classes the communication patterns of the different applications also need to be considered. Table 2 summarizes the communication behaviour of each application. ETSI ETSI TS 102
44、940 V1.1.1 (2012-06)10Table 2: ITS applications communication behaviour Use case Addressing Hops Frequency Direction Session Emergency vehicle warning Broadcast Single High V2V/V2I No Slow vehicle indication Broadcast Single High V2V No Across traffic turn collision risk warning Broadcast Single Hig
45、h V2V No Merging Traffic Turn Collision Risk Warning Broadcast Single High V2V/I2V No Co-operative merging assistance Broadcast Single High V2V/I2V No Intersection collision warning Broadcast Single High V2V/I2V No Co-operative forward collision warning Broadcast Single High V2V No Lane Change Manoe
46、uvre Broadcast Single High V2V No Emergency electronic brake lights Broadcast Multi Low V2V No Wrong way driving warning (infrastructure based) Broadcast Single Low I2V No Stationary vehicle - accident Broadcast Multi Low V2V/V2I No Stationary vehicle - vehicle problem Broadcast Multi Low V2V/V2I No
47、 Traffic condition warning Broadcast Multi Low V2V/I2V No Signal violation warning Broadcast Single High I2V No Roadwork warning Broadcast Multi Low I2V No Decentralized floating car data - Hazardous location Broadcast Multi Low V2V/I2V No Decentralized floating car data - Precipitations Broadcast M
48、ulti Low V2V No Decentralized floating car data - Road adhesion Broadcast Multi Low V2V No Decentralized floating car data - Visibility Broadcast Multi Low V2V No Decentralized floating car data - Wind Broadcast Multi Low V2V No Vulnerable road user Warning Broadcast Single Low V2V/I2V No Pre-crash
49、sensing warning Indication Broadcast Single High V2V No Data exchange Unicast Single High V2V Yes Co-operative glare reduction Broadcast Single Low V2V/I2V No Regulatory/contextual speed limits notification Broadcast Single Low I2V No Curve Warning Broadcast Single Medium I2V No Traffic light optimal speed advisory Broadcast Multi Medium I2V No Traffic information and recommended itinerary Advertisement Broadcast Single Low I2V Yes Service Unicast/Multicast Multi Medium I2V NoPublic transport information Advertisement Broadcast
