1、 ETSI TS 102 940 V1.2.1 (2016-11) Intelligent Transport Systems (ITS); Security; ITS communications security architecture and security management TECHNICAL SPECIFICATION ETSI ETSI TS 102 940 V1.2.1 (2016-11)2 Reference RTS/ITS-00532 Keywords interoperability, ITS, management, security ETSI 650 Route
2、 des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.o
3、rg/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in
4、 contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of s
5、tatus. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.asp
6、x Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETS
7、I. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Mark
8、s of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 940 V1.2.1 (2016-11)3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Sc
9、ope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 7g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 ITS reference architecture 8g34.1 Background 8g34.2 ITS applications groups 10g34.2.1 ITS applications groups and their communication ch
10、aracteristics 10g34.2.2 Cooperative awareness . 13g34.2.3 Static local hazard warning . 13g34.2.4 Interactive local hazard warning . 14g34.2.5 Area hazard warning . 14g34.2.6 Advertised services . 15g34.2.7 Local high-speed unicast service 15g34.2.8 Local multicast service . 16g34.2.9 Low-speed unic
11、ast service 16g34.2.10 Distributed (networked) service 17g34.2.11 Multiple Applications . 17g34.3 Security requirements of ITS application groups . 17g34.3.1 Security requirements of cooperative awareness 17g34.3.1.1 Authentication and Authorization . 17g34.3.1.2 Confidentiality 18g34.3.1.3 Privacy
12、18g34.3.2 Security requirements of static local hazard warnings 18g34.3.2.1 Authentication and Authorization . 18g34.3.2.2 Confidentiality and Privacy . 18g34.3.3 Security requirements of interactive local hazard warnings . 18g34.3.3.1 Authentication and Authorization . 18g34.3.3.2 Confidentiality a
13、nd Privacy . 18g34.3.4 Security requirements of area hazard warnings 19g34.3.4.1 Authentication and Authorization . 19g34.3.4.2 Confidentiality and Privacy . 19g34.3.5 Security requirements of advertised services 19g34.3.5.1 Authentication and Authorization . 19g34.3.5.2 Confidentiality and Privacy
14、. 19g34.3.6 Security requirements of other services 19g34.3.7 Security requirements of multiple applications. 19g34.3.7.1 Authentication and Authorization . 19g34.3.7.2 Confidentiality and Privacy . 19g35 ITS communications security architecture . 20g35.1 ITS station communications security architec
15、ture 20g35.2 Security services . 21g35.3 ITS security functional model 23g36 ITS station security management . 27g36.1 Basic principles 27g36.2 Guidelines for establishing enrolment trust requirements 28g36.3 Trust and privacy management 29g3ETSI ETSI TS 102 940 V1.2.1 (2016-11)4 6.4 Access control
16、30g36.5 Identity management 30g36.6 Confidentiality 31g3Annex A (informative): Security Management System Functional Overview 32g3A.1 Objective of this annex . 32g3A.2 Security Management system architecture . 32g3A.3 Security functional elements 33g3A.4 Security reference points 34g3History 38g3ETS
17、I ETSI TS 102 940 V1.2.1 (2016-11)5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETS
18、I SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no
19、investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical S
20、pecification (TS) has been produced by ETSI Technical Committee Intelligent Transport Systems (ITS). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.
21、2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 102 940 V1.2.1 (2016-11)6 1 Scope The present document specifies a security architecture for Intelligent Transpor
22、t System (ITS) communications. Based upon the security services defined in ETSI TS 102 731 4, it identifies the functional entities required to support security in an ITS environment and the relationships that exist between the entities themselves and the elements of the ITS reference architecture d
23、efined in ETSI EN 302 665 1. The present document also identifies the roles and locations of a range of security services for the protection of transmitted information and the management of essential security parameters. These include identifier and certificate management, PKI processes and interfac
24、es as well as basic policies and guidelines for trust establishment. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-spec
25、ific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were v
26、alid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI EN 302 665: “Intelligent Transport Systems (ITS); Communications Architecture“. 2 ETSI EN 302 637-2: “Intelligent Tran
27、sport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 2: Specification of Cooperative Awareness Basic Service“. 3 ETSI EN 302 637-3: “Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 3: Specifications of Decentralized Environment
28、al Notification Basic Service“. 4 ETSI TS 102 731: “Intelligent Transport Systems (ITS); Security; Security Services and Architecture“. 5 ETSI TS 102 941: “Intelligent Transport Systems (ITS); Security; Trust and Privacy Management“. 6 ETSI TS 102 942: “Intelligent Transport Systems (ITS); Security;
29、 Access Control“. 7 ETSI TS 102 943: “Intelligent Transport Systems (ITS); Security; Confidentiality services“. 8 ETSI TS 103 097: “Intelligent Transport Systems (ITS); Security; Security header and certificate formats“. 9 ETSI TS 103 301: “Intelligent Transport Systems (ITS); Vehicular Communicatio
30、ns; Basic Set of Applications; Facilities layer protocols and communication requirements for infrastructure services“. ETSI ETSI TS 102 940 V1.2.1 (2016-11)7 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-s
31、pecific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long
32、term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 102 638: “Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Definitio
33、ns“. i.2 ETSI TR 102 863: “Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Local Dynamic Map (LDM); Rationale for and guidance on standardization“. i.3 IEEE 1609.3 2010: “Wireless Access in Vehicular Environments (WAVE) - Networking Services“. i.4 CEN CEN/TS
34、 16439: “Electronic fee collection - Security framework“. i.5 ETSI TS 102 890-2: “Intelligent Transport System (ITS); Facilities layer function; Part 2: Position and time facility specification“. i.6 IETF RFC 4949: Internet Security Glossary, Version 2, August 2007. i.7 ETSI TS 102 723-8: “Intellige
35、nt Transport Systems (ITS); OSI cross-layer topics; Part 8: Interface between security entity and network and transport layer“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TS 102 731 4, IETF RFC 4949 i.6 and the fo
36、llowing apply: identifier: attribute or a set of attributes of an entity which uniquely identifies the entity within a certain context security management: operations that support acquiring or establishing the validity of certificates for cooperative ITS communications 3.2 Abbreviations For the purp
37、oses of the present document, the abbreviations given in ETSI EN 302 665 1, ETSI TS 103 301 9 and the following apply: AA Authorization Authority CA Co-operative AwarenessCAM Co-operative Awareness Message CN Co-operative Navigation CRL Certificate Revocation List CS Communities ServicesCSM Co-opera
38、tive Speed Management CSMS Cooperative-ITS Security Management System DENM Decentralized Environment Notification Message EA Enrolment Authority GN GeoNetworking HSM Hardware Security Module ETSI ETSI TS 102 940 V1.2.1 (2016-11)8 IP Internet Protocol IPv6 Internet Protocol version 6 ITS Intelligent
39、Transport System ITS-S ITS Station LBS Location Based Services LCM Life Cycle Management MAC Medium Access Control OSI Open System Interconnect PDA Personal Data Appliance PKI Public Key Infrastructure RHW Road Hazard Warning RSU Road Side Unit SAP Service Access Point UML Unified Modeling Language
40、WAVE Wireless Access in Vehicular Environments WSA WAVE Service Announcement 4 ITS reference architecture 4.1 Background ETSI EN 302 665 1 describes an ITS station architecture based upon four processing layers identified as follows: Access Layer; Networking Facilities Layer; and Applications Layer.
41、 These horizontal layers are bounded on each side by a vertical Management layer and a Security layer (figure 1). Figure 1: ITS station architecture (from ETSI EN 302 665 1) ETSI ETSI TS 102 940 V1.2.1 (2016-11)9 The layers in this architecture do not represent directly the Open System Interconnect
42、(OSI) protocol modelling layers but the functionality expected in each can be mapped to OSI model quite simply (figure 2). Figure 2: Mapping of OSI modelling layers to the ITS architectural layers Having mapped the OSI protocol layers to the ITS station architecture, this can be extended into an ITS
43、 communications architecture in which the protocol layers communicate on a peer-to-peer basis as shown in figure 3. Figure 3: ITS communications architecture ITS StationITS ApplicationsFacilitiesNetworking static local hazard warnings; interactive local hazard warnings; area hazard warnings; adverti
44、sed services; local high-speed unicast services; local multicast services; low-speed unicast services; and distributed (networked) services. These ITS application categories are further defined in clause 4.2.2 to clause 4.2.11. 4.2.2 Cooperative awareness The purpose of cooperative awareness message
45、s is to allow ITS users to provide other users with information regarding their status and environment in order to improve road safety. They can be categorized as follows: broadcast; single-hop; time-critical; having low data content; transmitted frequently; vehicle-to-vehicle; requiring no establis
46、hed communications session; and single message with no explicit coordination. EXAMPLES: Emergency vehicle warning, Slow vehicle indication, Across traffic turn collision risk warning, Merging traffic turn collision risk warning, Co-operative merging assistance, Intersection collision warning, Co-ope
47、rative forward collision warning, Lane change manoeuvre. 4.2.3 Static local hazard warning Static local hazard warning messages are broadcast by fixed roadside ITS stations usually to provide continuous information regarding a specific static condition which is relevant to road users. They can be ca
48、tegorized as follows: broadcast only from a roadside ITS-S; single-hop; time-critical; having low data content; ETSI ETSI TS 102 940 V1.2.1 (2016-11)14 transmitted frequently; requiring no established communications session; and single message with no explicit coordination. EXAMPLES: Merging traffic
49、 turn collision risk warning (if infrastructure-based), Merging assistance (if infrastructure-based), Intersection collision warning (if infrastructure-based), Wrong way driving warning, Signal violation warning. Static local hazard warnings differ from cooperative awareness messages only in that they are transmitted by roadside ITS stations rather than vehicle-based stations. Consequently, they have different requirements for privacy preservation although all other security
