1、 ETSI TS 103 096-2 V1.3.1 (2017-03) Intelligent Transport Systems (ITS); Testing; Conformance test specifications for ITS Security; Part 2: Test Suite Structure and Test Purposes (TSS Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from th
2、e ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or t
3、he updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport Systems (ITS). The present document is part 2 of a multi-part deliverable covering
4、 Conformance test specification for ITS Security, as identified below: Part 1: “Protocol Implementation Conformance Statement (PICS)“; Part 2: “Test Suite Structure and Test Purposes (TSS Part 3: “Abstract Test Suite (ATS) and Protocol Implementation eXtra Information for Testing (PIXIT)“. Modal ver
5、bs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT al
6、lowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 103 096-2 V1.3.1 (2017-03)7 1 Scope The present document provides the Test Suite Structure and Test Purposes (TSS Security; Security header and certificate formats“. 2 ETSI TS 103 096-1 (V1.3.1): “Intelligent Transport Syst
7、ems (ITS); Testing; Conformance test specifications for ITS Security; Part 1: Protocol Implementation Conformance Statement (PICS)“. 3 ETSI TS 102 871-1 (V1.3.1): “Intelligent Transport Systems (ITS); Testing; Conformance test specifications for GeoNetworking ITS-G5; Part 1: Test requirements and Pr
8、otocol Implementation Conformance Statement (PICS) pro forma“. 4 ISO 3166-1: “Codes for the representation of names of countries and their subdivisions - Part 1: Country codes“. 5 United Nations, Statistics Division (1996): “Standard Country or Area Codes for Statistical Use (Rev. 3), Series M: Misc
9、ellaneous Statistical Papers, No. 49“, New York: United Nations. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references
10、, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of th
11、e present document but they assist the user with regard to a particular subject area. i.1 ETSI EG 202 798 (V1.1.1): “Intelligent Transport Systems (ITS); Testing; Framework for conformance and interoperability testing“. i.2 ETSI TS 102 965 (V1.3.1): “Intelligent Transport Systems (ITS); Application
12、Object Identifier (ITS-AID); Registration“. i.3 ISO/IEC 9646-1 (1994): “Information technology - Open Systems Interconnection - Conformance testing methodology and framework - Part 1: General concepts“. ETSI ETSI TS 103 096-2 V1.3.1 (2017-03)8 i.4 ISO/IEC 9646-2 (1994): “Information technology - Ope
13、n Systems Interconnection - Conformance testing methodology and framework - Part 2: Abstract Test Suite specification“. i.5 ISO/IEC 9646-6 (1994): “Information technology - Open Systems Interconnection - Conformance testing methodology and framework - Part 6: Protocol profile test specification“. i.
14、6 ISO/IEC 9646-7 (1995): “Information technology - Open Systems Interconnection - Conformance testing methodology and framework - Part 7: Implementation Conformance Statements“. i.7 ETSI ETS 300 406 (1995): “Methods for testing and Specification (MTS); Protocol and profile conformance testing specif
15、ications; Standardization methodology“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TS 103 097 1, ETSI TS 102 965 i.2, ISO/IEC 9646-6 i.5 and ISO/IEC 9646-7 i.6 apply. 3.2 Abbreviations For the purposes of the pres
16、ent document, the following abbreviations apply: AA Authorization Authority AID Application IdentifierAID_CAM ITS Application Identifier for CAM AID_DENM Application Identifier for DENM AID_GN Application Identifier for general GeoNetworking messages AT Authorization Ticket ATS Abstract Test Suite B
17、O Exceptional BehaviourBV Valid BehaviourCAM Co-operative Awareness Messages CAN Controller Area Network CERT Certificate DE Data ElementDENM Decentralized Environmental Notification Message EA Enrolment Authority ECC Elliptic Curve Cryptography GN GeoNetworking ITS Intelligent Transportation System
18、s ITS-S Intelligent Transport System - Station IUT Implementation under Test MSG Message PICS Protocol Implementation Conformance Statement SSP Service Specific Permissions TP Test Purposes TSS Test Suite Structure ETSI ETSI TS 103 096-2 V1.3.1 (2017-03)9 4 Test Suite Structure (TSS) 4.1 Structure f
19、or Security tests Table 1 shows the Security Test Suite Structure (TSS) defined for conformance testing. Table 1: TSS for Security Root Group Category Security ITS-S data transfer Valid ITS-S - AA authorization Valid ITS-S - EA enrolment Valid Sending behaviour ValidReceiving behaviour Valid and Inv
20、alid Generic messages Valid CAM testing ValidDENM testing Valid Certificate testing Valid5 Test Purposes (TP) 5.1 Introduction 5.1.1 TP definition conventions The TP definition is built according to ETSI EG 202 798 i.1. 5.1.2 TP Identifier naming conventions The identifier of the TP is built accordi
21、ng to table 2. Table 2: TP naming convention Identifier TP_ = root SEC = target ITSS ITS-S data transfer AA ITS-S - AA authorization EA ITS-S - EA enrolment = group SND Sending behaviour RCV Receiving behaviour =sub- group MSG Generic messages CAM CAM testing DENM DENM testing CERT Certificate testi
22、ng = requirement sequential number 01 to 99 = test purpose sequential number 01 to 99 = category BV Valid Behaviour tests BO Invalid Behaviour Tests 5.1.3 Rules for the behaviour description The description of the TP is built according to ETSI EG 202 798 i.1. ETSI ETSI TS 103 096-2 V1.3.1 (2017-03)1
23、0 ETSI TS 103 097 1 does not use the finite state machine concept. As consequence, the test purposes use a generic “Initial State“ that corresponds to a state where the IUT is ready for starting the test execution. Furthermore, the IUT shall be left in this “Initial State“, when the test is complete
24、d. Being in the “Initial State“ refers to the starting point of the initial device configuration. There are no pending actions, no instantiated buffers or variables, which could disturb the execution of a test. 5.1.4 Sources of TP definitions All TPs have been specified according to ETSI TS 103 097
25、1. 5.1.5 Mnemonics for PICS reference To avoid an update of all TPs when the PICS document is changed, table 3 introduces mnemonics name and the correspondence with the real PICS item number. The PICS item column refers to tables and items of ETSI TS 103 096-1 2 if not stated otherwise. The PICS ite
26、m as defined in ETSI TS 103 096-1 2 and ETSI TS 102 871-1 3 shall be used to determine the test applicability. Table 3: Mnemonics for PICS reference Mnemonic PICS item 1 PICS_GN_SECURITY A.2/1 ETSI TS 102 871-1 3 2 PICS_CERTIFICATE_SELECTION A.2/1 3 PICS_USE_CIRCULAR_REGION A.3/2 4 PICS_USE_RECTANGU
27、LAR_REGION A.3/3 5 PICS_USE_POLYGONAL_REGION A.3/46 PICS_USE_IDENTIFIED_REGION A.3/57 PICS_ITS_AID_OTHER_PROFILE A.5/1 8 PICS_USE_ISO31661_REGION_DICTIONARY A.4/1 9 PICS_USE_UN_STATS_REGION_DICTIONARY A.4/2 5 ITS-S Security 5.1 Overview Void. 5.2 Sending behaviour 5.2.1 Check the message protocol ve
28、rsion TP Id TP_SEC_ITSS_SND_MSG_01_01_BV Summary Check that ITS-S sends a SecuredMessage containing protocol version set to 2 Reference ETSI TS 103 097 1, clause 5.1 PICS Selection PICS_GN_SECURITY Expected behaviour with the IUT being in the authorized state ensure that when the IUT is requested to
29、 send a SecuredMessage then the IUT sends a SecuredMessage containing protocol_version indicating value 2 ETSI ETSI TS 103 096-2 V1.3.1 (2017-03)11 5.2.2 Check that AT certificate is used to sign communication messages of ITS-S TP Id TP_SEC_ITSS_SND_MSG_04_01_BV Summary Check that when IUT sends the
30、 message signed with the digest, then this digest points to the AT certificate Reference ETSI TS 103 097 1, clause 6.3 PICS Selection PICS_GN_SECURITY Expected behaviour with the IUT being in the authorized state and the IUT is configured to send more than one CAM per second and the IUT having sent
31、last CAM containing header_fieldssigner_info.signer.type indicating certificate ensure that when the IUT is requested to send next CAM then the IUT sends a SecuredMessage containing header_fields signer_info containing signer containing type indicating certificate_digest_with_sha256 and containing d
32、igest referencing the certificate containing subject_info.subject_type indicating authorization_ticket TP Id TP_SEC_ITSS_SND_MSG_04_02_BV Summary Check that IUT uses the AT certificate to sign messages Reference ETSI TS 103 097 1, clause 6.3 PICS Selection PICS_GN_SECURITY Expected behaviour with th
33、e IUT being in the authorized state the IUT being requested to include certificate in the next CAM ensure that when the IUT is requested to send a next CAM then the IUT sends a SecuredMessage containing header_fields signer_info containing signer containing type indicating certificate and containing
34、 certificate containing subject_info.subject_type indicating authorization_ticket ETSI ETSI TS 103 096-2 V1.3.1 (2017-03)12 5.2.3 Check Signature ECC point type TP Id TP_SEC_ITSS_SND_MSG_05_01_BV Summary Check that the SecuredMessage signature contains the ECC point of type set to either compressed_
35、lsb_y_0, compressed_lsb_y_1 or x_coordinate_only Reference ETSI TS 103 097 1, clause 4.2.9 PICS Selection PICS_GN_SECURITY Expected behaviour with the IUT being in the authorized state ensure that when the IUT is requested to send a CAM then the IUT sends a SecuredMessage containing header_fields it
36、s_aid containing its_aid indicating AID_CAM and containing trailer_fieldssignature containing signature.ecdsa_signature containing R.type indicating compressed_lsb_y_0 or indicating compressed_lsb_y_1 or indicating x_coordinate_only 5.2.4 CAM profile 5.2.4.1 Check secured CAM its_aid value TP Id TP_
37、SEC_ITSS_SND_CAM_01_01_BV Summary Check that the sent Secured CAM contains a HeaderField its_aid that is set to AID_CAM Reference ETSI TS 103 097 1, clauses 5.4 and 7.1 PICS Selection PICS_GN_SECURITY Expected behaviour with the IUT being in the authorized state ensure that when the IUT is requested
38、 to send CAM then the IUT sends a SecuredMessage containing header_fields its_aid containing its_aid indicating AID_CAM ETSI ETSI TS 103 096-2 V1.3.1 (2017-03)13 5.2.4.2 Check header fields TP Id TP_SEC_ITSS_SND_CAM_02_01_BV Summary Check that the secured CAM contains exactly one element of these he
39、ader fields: signer_info, generation_time, its_aid; Check that the header fields are in the ascending order according to the numbering of the enumeration except of the signer_info, which is encoded first; Check that generation_time_standard_deviation, expiration, encryption_parameters, recipient_inf
40、o are not used Reference ETSI TS 103 097 1, clause 7.1 PICS Selection PICS_GN_SECURITY Expected behaviour with the IUT being in the authorized state ensure that when the IUT is requested to send a CAM then the IUT sends a SecuredMessage containing header_fields0 containing type indicating signer_inf
41、o and containing header_fields 1N indicating header_fields n.type = TIME_LAST + 1sec) ETSI ETSI TS 103 096-2 V1.3.1 (2017-03)14 TP Id TP_SEC_ITSS_SND_CAM_05_02_BV Summary Check that the secured CAM contains the signer_info field of certificate when the timeout of one second has been expired after th
42、e previous CAM containing the certificate Reference ETSI TS 103 097 1, clause 7.1 PICS Selection PICS_GN_SECURITY Expected behaviour with the IUT being in the authorized state and the IUT is configured to send more than one CAM per second and the IUT having sent a CAM containing header_fieldssigner_
43、info.signer.type indicating certificate at TIME_LAST ensure that when the IUT is sending a CAM containing header_fieldsgeneration_time indicating TIME = TIME_LAST + 1sec then this message is containing header_fields signer_info containing signer containing type indicating certificate and containing
44、certificate 5.2.4.4 Check that IUT sends cert to unknown ITS-S TP Id TP_SEC_ITSS_SND_CAM_06_01_BV Summary Check that ITS-S sends a Secured CAM containing the signer_info of type certificate when the ITS-S received a CAM from an unknown ITS-S Reference ETSI TS 103 097 1, clause 7.1 PICS Selection PIC
45、S_GN_SECURITY Expected behaviour with the IUT being in the authorized state and the IUT is configured to send more than one CAM per second and the IUT having already sent CAM at TIME_1 containing header_fieldssigner_info.signer.type indicating certificate and the IUT having received a SecuredMessage
46、 at TIME_2 (TIME_1 TIME_2) containing header_fieldssigner_info.signer.type indicating certificate ensure that when the IUT is sending the next CAM at TIME_4 containing header_fieldssigner_info.signer.type indicating certificate then the difference between TIME_4 and TIME_3 is about 1sec 5.2.4.6 Chec
47、k that IUT sends certificate when requested TP Id TP_SEC_ITSS_SND_CAM_08_01_BV Summary Check that the IUT sends the Secured CAM containing the signer_info of type certificate when it received a CAM containing a request of unrecognized certificate that matches with the currently used AT certificate I
48、D of the IUT Reference ETSI TS 103 097 1, clause 7.1 PICS Selection PICS_GN_SECURITY Expected behaviour with the IUT being in the authorized state and the IUT is configured to send more than one CAM per second and the IUT having already sent CAM at TIME_1 containing header_fieldssigner_info.signer.t
49、ype indicating certificate and the IUT having received a SecuredMessage at TIME_2 (TIME_1 GEN_TIME or containing validity_restrictionstime_start_and_end containing start_validity indicating value GEN_TIME or containing validity_restrictionstime_start_and_duration containing start_validity (X_START_VALIDITY) indicating value GEN_TIME - X_START_VALIDITY ETSI ETSI TS 103 096-2 V1.3.1 (2017
